dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Append contextSwitching prefix parameter (#1783)

Browse Source
This commit is contained in:
Christophe Maudoux 2020-04-03 23:09:55 +02:00
parent e11c189141
commit 30f6a889de
6 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
View File

@ -41,6 +41,7 @@ sub defaultValues {
'checkXSS' => 1, 'checkXSS' => 1,
'confirmFormMethod' => 'post', 'confirmFormMethod' => 'post',
'contextSwitchingIdRule' => 1, 'contextSwitchingIdRule' => 1,
'contextSwitchingPrefix' => 'switching',
'contextSwitchingRule' => 0, 'contextSwitchingRule' => 0,
'contextSwitchingStopWithLogout' => 1, 'contextSwitchingStopWithLogout' => 1,
'cookieName' => 'lemonldap', 'cookieName' => 'lemonldap',

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -1004,6 +1004,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
}, },
'type' => 'text' 'type' => 'text'
}, },
'contextSwitchingPrefix' => {
'default' => 'switching',
'type' => 'text'
},
'contextSwitchingRule' => { 'contextSwitchingRule' => {
'default' => 0, 'default' => 0,
'type' => 'boolOrExpr' 'type' => 'boolOrExpr'

6
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -550,6 +550,12 @@ sub attributes {
documentation => 'Stop context switching by logout', documentation => 'Stop context switching by logout',
flags => 'p', flags => 'p',
}, },
contextSwitchingPrefix => {
type => 'text',
default => 'switching',
documentation => 'Prefix to store real session Id',
flags => 'p',
},
decryptValueRule => { decryptValueRule => {
type => 'boolOrExpr', type => 'boolOrExpr',
default => 0, default => 0,

2
lemonldap-ng-manager/t/80-attributes.t
View File

@ -66,7 +66,7 @@ my @notManagedAttributes = (
# Other ini-only prms # Other ini-only prms
'checkTime', 'status', 'soapProxyUrn', 'checkTime', 'status', 'soapProxyUrn',
'impersonationPrefix', 'pdataDomain', 'impersonationPrefix', 'pdataDomain',
'mySessionAuthorizedRWKeys', 'mySessionAuthorizedRWKeys', 'contextSwitchingPrefix'
); );
# Words used either as attribute name and node title # Words used either as attribute name and node title

14
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ContextSwitching.pm
View File

@ -75,7 +75,7 @@ sub init {
sub display { sub display {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
my $realSessionId = my $realSessionId =
$req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"}; $req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"};
my $realSession; my $realSession;
unless ( $realSession = $self->p->getApacheSession($realSessionId) ) { unless ( $realSession = $self->p->getApacheSession($realSessionId) ) {
$self->userLogger->info( $self->userLogger->info(
@ -85,14 +85,14 @@ sub display {
# Check access rules # Check access rules
unless ( $self->rule->( $req, $req->userData ) unless ( $self->rule->( $req, $req->userData )
|| $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"} ) || $req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"} )
{ {
$self->userLogger->warn('ContextSwitching service NOT authorized'); $self->userLogger->warn('ContextSwitching service NOT authorized');
return $self->p->do( $req, return $self->p->do( $req,
[ sub { PE_IMPERSONATION_SERVICE_NOT_ALLOWED } ] ); [ sub { PE_IMPERSONATION_SERVICE_NOT_ALLOWED } ] );
} }
if ( $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"} ) { if ( $req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"} ) {
$self->logger->debug('Request to stop ContextSwitching'); $self->logger->debug('Request to stop ContextSwitching');
if ( $self->conf->{contextSwitchingStopWithLogout} ) { if ( $self->conf->{contextSwitchingStopWithLogout} ) {
$self->userLogger->notice("Stop ContextSwitching for $req->{user}"); $self->userLogger->notice("Stop ContextSwitching for $req->{user}");
@ -233,7 +233,7 @@ sub _switchContext {
$raz = 1; $raz = 1;
} }
$req->sessionInfo->{"$self->{conf}->{impersonationPrefix}_session_id"} = $req->sessionInfo->{"$self->{conf}->{contextSwitchingPrefix}_session_id"} =
$realSessionId; $realSessionId;
if ($raz) { if ($raz) {
@ -263,7 +263,7 @@ sub _abortImpersonation {
my ( $self, $req, $spoofId, $realId, $abort ) = @_; my ( $self, $req, $spoofId, $realId, $abort ) = @_;
my $type = $abort ? 'sessionInfo' : 'userData'; my $type = $abort ? 'sessionInfo' : 'userData';
my $realSessionId = my $realSessionId =
$req->{$type}->{"$self->{conf}->{impersonationPrefix}_session_id"}; $req->{$type}->{"$self->{conf}->{contextSwitchingPrefix}_session_id"};
my $session; my $session;
unless ( $session = $self->p->getApacheSession($realSessionId) ) { unless ( $session = $self->p->getApacheSession($realSessionId) ) {
$self->userLogger->info("Session $session expired"); $self->userLogger->info("Session $session expired");
@ -293,7 +293,7 @@ sub _abortImpersonation {
$req->urldc( $self->conf->{portal} ); $req->urldc( $self->conf->{portal} );
$req->id($realSessionId); $req->id($realSessionId);
$self->p->buildCookie($req); $self->p->buildCookie($req);
delete $req->{$type}->{"$self->{conf}->{impersonationPrefix}_session_id"}; delete $req->{$type}->{"$self->{conf}->{contextSwitchingPrefix}_session_id"};
return $req; return $req;
} }
@ -301,7 +301,7 @@ sub _abortImpersonation {
sub displayLink { sub displayLink {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
return 'OFF' return 'OFF'
if $req->userData->{"$self->{conf}->{impersonationPrefix}_session_id"}; if $req->userData->{"$self->{conf}->{contextSwitchingPrefix}_session_id"};
return 'ON' if $self->rule->( $req, $req->userData ); return 'ON' if $self->rule->( $req, $req->userData );
} }

6
lemonldap-ng-portal/t/68-ContextSwitching-with-Logout.t
View File

@ -13,19 +13,19 @@ my $client = LLNG::Manager::Test->new( {
logLevel => 'error', logLevel => 'error',
authentication => 'Demo', authentication => 'Demo',
userDB => 'Same', userDB => 'Same',
https => 0,
loginHistoryEnabled => 0, loginHistoryEnabled => 0,
brutForceProtection => 0, brutForceProtection => 0,
portalMainLogo => 'common/logos/logo_llng_old.png', portalMainLogo => 'common/logos/logo_llng_old.png',
requireToken => 1, requireToken => 1,
checkUser => 1, checkUser => 1,
impersonationPrefix => 'testPrefix_',
securedCookie => 0, securedCookie => 0,
https => 0,
checkUserDisplayPersistentInfo => 0, checkUserDisplayPersistentInfo => 0,
checkUserDisplayEmptyValues => 0, checkUserDisplayEmptyValues => 0,
contextSwitchingRule => 1, contextSwitchingRule => 1,
contextSwitchingIdRule => 1, contextSwitchingIdRule => 1,
contextSwitchingStopWithLogout => 1, contextSwitchingStopWithLogout => 1,
contextSwitchingPrefix => 'testPrefix_',
} }
} }
); );
@ -109,7 +109,7 @@ ok(
); );
ok( ok(
$res->[2]->[0] =~ $res->[2]->[0] =~
m%<div class="message message-negative alert"><span trmsg="82"></span>%, m%<div class="message message-negative alert"><span trmsg="82"></span>%,
'Found "<span trmsg="82">"' 'Found "<span trmsg="82">"'
) or explain( $res->[2]->[0], '<span trmsg="82">' ); ) or explain( $res->[2]->[0], '<span trmsg="82">' );
count(3); count(3);