From 3bb7f6e664227c10ed8e60010fd8d94fcc2a37d3 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Sat, 2 Mar 2019 22:18:42 +0100
Subject: [PATCH] WIP - Create session (#1664)

---
 .../Lemonldap/NG/Common/Conf/DefaultValues.pm |  1 +
 .../lib/Lemonldap/NG/Manager/Attributes.pm    |  4 +
 .../Lemonldap/NG/Manager/Build/Attributes.pm  | 55 +++++++------
 .../lib/Lemonldap/NG/Portal/Main/Plugins.pm   |  1 +
 .../Lemonldap/NG/Portal/Plugins/IdSpoofing.pm | 78 +++++++++++++++++++
 5 files changed, 115 insertions(+), 24 deletions(-)
 create mode 100644 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/IdSpoofing.pm

diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
index c407de0b4..87f3ca4c1 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@@ -70,6 +70,7 @@ sub defaultValues {
         'hiddenAttributes'          => '_password',
         'httpOnly'                  => 1,
         'https'                     => -1,
+        'idSpoofing'                => 1,
         'infoFormMethod'            => 'get',
         'issuerDBCASPath'           => '^/cas/',
         'issuerDBCASRule'           => 1,
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
index 6e20ae0cb..a2c5337f9 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@@ -1195,6 +1195,10 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
             'default' => -1,
             'type'    => 'trool'
         },
+        'idSpoofing' => {
+            'default' => 1,
+            'type'    => 'bool'
+        },
         'infoFormMethod' => {
             'default' => 'get',
             'select'  => [ {
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
index 8ce7d155e..6d3bd3b0c 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -416,6 +416,37 @@ sub attributes {
             type          => 'text',
             documentation => 'Secret token for CheckState plugin',
         },
+        checkUser => {
+            default       => 0,
+            type          => 'bool',
+            documentation => 'Enable check user',
+            flags         => 'p',
+        },
+        checkUserHiddenAttributes => {
+            type          => 'text',
+            default       => '_2fDevices _loginHistory hGroups',
+            documentation => 'Attributes to hide in CheckUser plugin',
+            flags         => 'p',
+        },
+        checkUserDisplayPersistentInfo => {
+            default       => 0,
+            type          => 'bool',
+            documentation => 'Display persistent session info',
+            flags         => 'p',
+        },
+        checkUserDisplayEmptyValues => {
+            default       => 0,
+            type          => 'bool',
+            documentation => 'Display session empty values',
+            flags         => 'p',
+        },
+        idSpoofing => {
+            default       => 1,
+            type          => 'bool',
+            documentation => 'Enable Id Spoofing plugin',
+            flags         => 'p',
+        },
+
         skipRenewConfirmation => {
             type    => 'bool',
             default => 0,
@@ -578,30 +609,6 @@ sub attributes {
             documentation => 'Enable Cross Domain Authentication',
             flags         => 'hp',
         },
-        checkUser => {
-            default       => 0,
-            type          => 'bool',
-            documentation => 'Enable check user',
-            flags         => 'p',
-        },
-        checkUserHiddenAttributes => {
-            type          => 'text',
-            default       => '_2fDevices _loginHistory hGroups',
-            documentation => 'Attributes to hide in CheckUser plugin',
-            flags         => 'p',
-        },
-        checkUserDisplayPersistentInfo => {
-            default       => 0,
-            type          => 'bool',
-            documentation => 'Display persistent session info',
-            flags         => 'p',
-        },
-        checkUserDisplayEmptyValues => {
-            default       => 0,
-            type          => 'bool',
-            documentation => 'Display session empty values',
-            flags         => 'p',
-        },
         checkXSS => {
             default       => 1,
             type          => 'bool',
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
index 571ec9da5..93c329eae 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
@@ -26,6 +26,7 @@ our @pList = (
     checkState                 => '::Plugins::CheckState',
     portalForceAuthn           => '::Plugins::ForceAuthn',
     checkUser                  => '::Plugins::CheckUser',
+    idSpoofing                 => '::Plugins::IdSpoofing',
 );
 
 ##@method list enabledPlugins
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/IdSpoofing.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/IdSpoofing.pm
new file mode 100644
index 000000000..a6c3ccf97
--- /dev/null
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/IdSpoofing.pm
@@ -0,0 +1,78 @@
+package Lemonldap::NG::Portal::Plugins::IdSpoofing;
+
+use strict;
+use Mouse;
+use Lemonldap::NG::Portal::Main::Constants qw( PE_OK PE_BADCREDENTIALS );
+
+our $VERSION = '2.0.3';
+
+extends 'Lemonldap::NG::Portal::Main::Plugin';
+
+# INITIALIZATION
+
+use constant endAuth => 'run';
+
+sub init {1}
+
+# RUNNING METHOD
+
+sub run {
+    my ( $self, $req ) = @_;
+    my $spoofId = $req->param('spoofId') || 'rtyler';
+
+    # Fill spoof session
+    my ( $realSession, $spoofSession ) = ( {}, {} );
+    my $spk = '';
+    foreach my $k ( keys %{ $req->{sessionInfo} } ) {
+
+        # next unless defined $req->{sessionInfo}->{$k};
+        $spk = "real_$k";
+        $realSession->{$spk} = $req->{sessionInfo}->{$k};
+        $self->logger->debug("-> Store $k in realSession key: $spk");
+    }
+    $self->logger->debug( "**** req before " . Data::Dumper::Dumper($req) );
+$self->logger->debug( "+++++ realSession " . Data::Dumper::Dumper($realSession) );
+    $req->{user} = $spoofId;
+    $spoofSession = $self->_userDatas($req);
+
+$self->logger->debug( "+++++ spoofSession " . Data::Dumper::Dumper($spoofSession) );
+    $self->logger->debug( "**** req after " . Data::Dumper::Dumper($req) );
+
+
+ $spoofSession = { %$spoofSession, %$realSession };
+
+$self->logger->debug( "!!!!!!!!!!!!!!!!!! spoofSession " . Data::Dumper::Dumper($spoofSession) );
+
+    $self->p->updateSession( $req, $spoofSession );
+
+    return PE_OK;
+
+    # Main session
+    #$self->p->updateSession( $req, $spoofSession );
+}
+
+sub _userDatas {
+    my ( $self, $req ) = @_;
+    $req->{sessionInfo} = {};
+
+    # Search user in database
+    $req->steps(
+        [   'getUser',                  'setSessionInfo',
+            'setMacros',                'setGroups',
+            'setPersistentSessionInfo', 'setLocalGroups'
+        ]
+    );
+    if ( my $error = $self->p->process($req) ) {
+        if ( $error == PE_BADCREDENTIALS ) {
+            $self->userLogger->warn(
+                      'IdSpoofing requested for an unvalid user ('
+                    . $req->{user}
+                    . ")" );
+        }
+        $self->logger->debug("Process returned error: $error");
+        return $req->error($error);
+    }
+    return $req->{sessionInfo};
+}
+
+1;