Append contextSwitching prefix parameter (#1783)
This commit is contained in:
parent
e11c189141
commit
30f6a889de
|
@ -41,6 +41,7 @@ sub defaultValues {
|
||||||
'checkXSS' => 1,
|
'checkXSS' => 1,
|
||||||
'confirmFormMethod' => 'post',
|
'confirmFormMethod' => 'post',
|
||||||
'contextSwitchingIdRule' => 1,
|
'contextSwitchingIdRule' => 1,
|
||||||
|
'contextSwitchingPrefix' => 'switching',
|
||||||
'contextSwitchingRule' => 0,
|
'contextSwitchingRule' => 0,
|
||||||
'contextSwitchingStopWithLogout' => 1,
|
'contextSwitchingStopWithLogout' => 1,
|
||||||
'cookieName' => 'lemonldap',
|
'cookieName' => 'lemonldap',
|
||||||
|
|
|
@ -1004,6 +1004,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
},
|
},
|
||||||
'type' => 'text'
|
'type' => 'text'
|
||||||
},
|
},
|
||||||
|
'contextSwitchingPrefix' => {
|
||||||
|
'default' => 'switching',
|
||||||
|
'type' => 'text'
|
||||||
|
},
|
||||||
'contextSwitchingRule' => {
|
'contextSwitchingRule' => {
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'type' => 'boolOrExpr'
|
'type' => 'boolOrExpr'
|
||||||
|
|
|
@ -550,6 +550,12 @@ sub attributes {
|
||||||
documentation => 'Stop context switching by logout',
|
documentation => 'Stop context switching by logout',
|
||||||
flags => 'p',
|
flags => 'p',
|
||||||
},
|
},
|
||||||
|
contextSwitchingPrefix => {
|
||||||
|
type => 'text',
|
||||||
|
default => 'switching',
|
||||||
|
documentation => 'Prefix to store real session Id',
|
||||||
|
flags => 'p',
|
||||||
|
},
|
||||||
decryptValueRule => {
|
decryptValueRule => {
|
||||||
type => 'boolOrExpr',
|
type => 'boolOrExpr',
|
||||||
default => 0,
|
default => 0,
|
||||||
|
|
|
@ -66,7 +66,7 @@ my @notManagedAttributes = (
|
||||||
# Other ini-only prms
|
# Other ini-only prms
|
||||||
'checkTime', 'status', 'soapProxyUrn',
|
'checkTime', 'status', 'soapProxyUrn',
|
||||||
'impersonationPrefix', 'pdataDomain',
|
'impersonationPrefix', 'pdataDomain',
|
||||||
'mySessionAuthorizedRWKeys',
|
'mySessionAuthorizedRWKeys', 'contextSwitchingPrefix'
|
||||||
);
|
);
|
||||||
|
|
||||||
# Words used either as attribute name and node title
|
# Words used either as attribute name and node title
|
||||||
|
|
|
@ -75,7 +75,7 @@ sub init {
|
||||||
sub display {
|
sub display {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $realSessionId =
|
my $realSessionId =
|
||||||
$req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
$req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"};
|
||||||
my $realSession;
|
my $realSession;
|
||||||
unless ( $realSession = $self->p->getApacheSession($realSessionId) ) {
|
unless ( $realSession = $self->p->getApacheSession($realSessionId) ) {
|
||||||
$self->userLogger->info(
|
$self->userLogger->info(
|
||||||
|
@ -85,14 +85,14 @@ sub display {
|
||||||
|
|
||||||
# Check access rules
|
# Check access rules
|
||||||
unless ( $self->rule->( $req, $req->userData )
|
unless ( $self->rule->( $req, $req->userData )
|
||||||
|| $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"} )
|
|| $req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"} )
|
||||||
{
|
{
|
||||||
$self->userLogger->warn('ContextSwitching service NOT authorized');
|
$self->userLogger->warn('ContextSwitching service NOT authorized');
|
||||||
return $self->p->do( $req,
|
return $self->p->do( $req,
|
||||||
[ sub { PE_IMPERSONATION_SERVICE_NOT_ALLOWED } ] );
|
[ sub { PE_IMPERSONATION_SERVICE_NOT_ALLOWED } ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"} ) {
|
if ( $req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"} ) {
|
||||||
$self->logger->debug('Request to stop ContextSwitching');
|
$self->logger->debug('Request to stop ContextSwitching');
|
||||||
if ( $self->conf->{contextSwitchingStopWithLogout} ) {
|
if ( $self->conf->{contextSwitchingStopWithLogout} ) {
|
||||||
$self->userLogger->notice("Stop ContextSwitching for $req->{user}");
|
$self->userLogger->notice("Stop ContextSwitching for $req->{user}");
|
||||||
|
@ -233,7 +233,7 @@ sub _switchContext {
|
||||||
$raz = 1;
|
$raz = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
$req->sessionInfo->{"$self->{conf}->{impersonationPrefix}_session_id"} =
|
$req->sessionInfo->{"$self->{conf}->{contextSwitchingPrefix}_session_id"} =
|
||||||
$realSessionId;
|
$realSessionId;
|
||||||
|
|
||||||
if ($raz) {
|
if ($raz) {
|
||||||
|
@ -263,7 +263,7 @@ sub _abortImpersonation {
|
||||||
my ( $self, $req, $spoofId, $realId, $abort ) = @_;
|
my ( $self, $req, $spoofId, $realId, $abort ) = @_;
|
||||||
my $type = $abort ? 'sessionInfo' : 'userData';
|
my $type = $abort ? 'sessionInfo' : 'userData';
|
||||||
my $realSessionId =
|
my $realSessionId =
|
||||||
$req->{$type}->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
$req->{$type}->{"$self->{conf}->{contextSwitchingPrefix}_session_id"};
|
||||||
my $session;
|
my $session;
|
||||||
unless ( $session = $self->p->getApacheSession($realSessionId) ) {
|
unless ( $session = $self->p->getApacheSession($realSessionId) ) {
|
||||||
$self->userLogger->info("Session $session expired");
|
$self->userLogger->info("Session $session expired");
|
||||||
|
@ -293,7 +293,7 @@ sub _abortImpersonation {
|
||||||
$req->urldc( $self->conf->{portal} );
|
$req->urldc( $self->conf->{portal} );
|
||||||
$req->id($realSessionId);
|
$req->id($realSessionId);
|
||||||
$self->p->buildCookie($req);
|
$self->p->buildCookie($req);
|
||||||
delete $req->{$type}->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
delete $req->{$type}->{"$self->{conf}->{contextSwitchingPrefix}_session_id"};
|
||||||
|
|
||||||
return $req;
|
return $req;
|
||||||
}
|
}
|
||||||
|
@ -301,7 +301,7 @@ sub _abortImpersonation {
|
||||||
sub displayLink {
|
sub displayLink {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return 'OFF'
|
return 'OFF'
|
||||||
if $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"};
|
if $req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"};
|
||||||
return 'ON' if $self->rule->( $req, $req->userData );
|
return 'ON' if $self->rule->( $req, $req->userData );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,19 +13,19 @@ my $client = LLNG::Manager::Test->new( {
|
||||||
logLevel => 'error',
|
logLevel => 'error',
|
||||||
authentication => 'Demo',
|
authentication => 'Demo',
|
||||||
userDB => 'Same',
|
userDB => 'Same',
|
||||||
|
https => 0,
|
||||||
loginHistoryEnabled => 0,
|
loginHistoryEnabled => 0,
|
||||||
brutForceProtection => 0,
|
brutForceProtection => 0,
|
||||||
portalMainLogo => 'common/logos/logo_llng_old.png',
|
portalMainLogo => 'common/logos/logo_llng_old.png',
|
||||||
requireToken => 1,
|
requireToken => 1,
|
||||||
checkUser => 1,
|
checkUser => 1,
|
||||||
impersonationPrefix => 'testPrefix_',
|
|
||||||
securedCookie => 0,
|
securedCookie => 0,
|
||||||
https => 0,
|
|
||||||
checkUserDisplayPersistentInfo => 0,
|
checkUserDisplayPersistentInfo => 0,
|
||||||
checkUserDisplayEmptyValues => 0,
|
checkUserDisplayEmptyValues => 0,
|
||||||
contextSwitchingRule => 1,
|
contextSwitchingRule => 1,
|
||||||
contextSwitchingIdRule => 1,
|
contextSwitchingIdRule => 1,
|
||||||
contextSwitchingStopWithLogout => 1,
|
contextSwitchingStopWithLogout => 1,
|
||||||
|
contextSwitchingPrefix => 'testPrefix_',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
@ -109,7 +109,7 @@ ok(
|
||||||
);
|
);
|
||||||
ok(
|
ok(
|
||||||
$res->[2]->[0] =~
|
$res->[2]->[0] =~
|
||||||
m%<div class="message message-negative alert"><span trmsg="82"></span>%,
|
m%<div class="message message-negative alert"><span trmsg="82"></span>%,
|
||||||
'Found "<span trmsg="82">"'
|
'Found "<span trmsg="82">"'
|
||||||
) or explain( $res->[2]->[0], '<span trmsg="82">' );
|
) or explain( $res->[2]->[0], '<span trmsg="82">' );
|
||||||
count(3);
|
count(3);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user