WIP - Create session (#1664)
This commit is contained in:
parent
285b1f8131
commit
3bb7f6e664
|
@ -70,6 +70,7 @@ sub defaultValues {
|
|||
'hiddenAttributes' => '_password',
|
||||
'httpOnly' => 1,
|
||||
'https' => -1,
|
||||
'idSpoofing' => 1,
|
||||
'infoFormMethod' => 'get',
|
||||
'issuerDBCASPath' => '^/cas/',
|
||||
'issuerDBCASRule' => 1,
|
||||
|
|
|
@ -1195,6 +1195,10 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
'default' => -1,
|
||||
'type' => 'trool'
|
||||
},
|
||||
'idSpoofing' => {
|
||||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'infoFormMethod' => {
|
||||
'default' => 'get',
|
||||
'select' => [ {
|
||||
|
|
|
@ -416,6 +416,37 @@ sub attributes {
|
|||
type => 'text',
|
||||
documentation => 'Secret token for CheckState plugin',
|
||||
},
|
||||
checkUser => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Enable check user',
|
||||
flags => 'p',
|
||||
},
|
||||
checkUserHiddenAttributes => {
|
||||
type => 'text',
|
||||
default => '_2fDevices _loginHistory hGroups',
|
||||
documentation => 'Attributes to hide in CheckUser plugin',
|
||||
flags => 'p',
|
||||
},
|
||||
checkUserDisplayPersistentInfo => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Display persistent session info',
|
||||
flags => 'p',
|
||||
},
|
||||
checkUserDisplayEmptyValues => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Display session empty values',
|
||||
flags => 'p',
|
||||
},
|
||||
idSpoofing => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
documentation => 'Enable Id Spoofing plugin',
|
||||
flags => 'p',
|
||||
},
|
||||
|
||||
skipRenewConfirmation => {
|
||||
type => 'bool',
|
||||
default => 0,
|
||||
|
@ -578,30 +609,6 @@ sub attributes {
|
|||
documentation => 'Enable Cross Domain Authentication',
|
||||
flags => 'hp',
|
||||
},
|
||||
checkUser => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Enable check user',
|
||||
flags => 'p',
|
||||
},
|
||||
checkUserHiddenAttributes => {
|
||||
type => 'text',
|
||||
default => '_2fDevices _loginHistory hGroups',
|
||||
documentation => 'Attributes to hide in CheckUser plugin',
|
||||
flags => 'p',
|
||||
},
|
||||
checkUserDisplayPersistentInfo => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Display persistent session info',
|
||||
flags => 'p',
|
||||
},
|
||||
checkUserDisplayEmptyValues => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Display session empty values',
|
||||
flags => 'p',
|
||||
},
|
||||
checkXSS => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
|
|
|
@ -26,6 +26,7 @@ our @pList = (
|
|||
checkState => '::Plugins::CheckState',
|
||||
portalForceAuthn => '::Plugins::ForceAuthn',
|
||||
checkUser => '::Plugins::CheckUser',
|
||||
idSpoofing => '::Plugins::IdSpoofing',
|
||||
);
|
||||
|
||||
##@method list enabledPlugins
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
package Lemonldap::NG::Portal::Plugins::IdSpoofing;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw( PE_OK PE_BADCREDENTIALS );
|
||||
|
||||
our $VERSION = '2.0.3';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
use constant endAuth => 'run';
|
||||
|
||||
sub init {1}
|
||||
|
||||
# RUNNING METHOD
|
||||
|
||||
sub run {
|
||||
my ( $self, $req ) = @_;
|
||||
my $spoofId = $req->param('spoofId') || 'rtyler';
|
||||
|
||||
# Fill spoof session
|
||||
my ( $realSession, $spoofSession ) = ( {}, {} );
|
||||
my $spk = '';
|
||||
foreach my $k ( keys %{ $req->{sessionInfo} } ) {
|
||||
|
||||
# next unless defined $req->{sessionInfo}->{$k};
|
||||
$spk = "real_$k";
|
||||
$realSession->{$spk} = $req->{sessionInfo}->{$k};
|
||||
$self->logger->debug("-> Store $k in realSession key: $spk");
|
||||
}
|
||||
$self->logger->debug( "**** req before " . Data::Dumper::Dumper($req) );
|
||||
$self->logger->debug( "+++++ realSession " . Data::Dumper::Dumper($realSession) );
|
||||
$req->{user} = $spoofId;
|
||||
$spoofSession = $self->_userDatas($req);
|
||||
|
||||
$self->logger->debug( "+++++ spoofSession " . Data::Dumper::Dumper($spoofSession) );
|
||||
$self->logger->debug( "**** req after " . Data::Dumper::Dumper($req) );
|
||||
|
||||
|
||||
$spoofSession = { %$spoofSession, %$realSession };
|
||||
|
||||
$self->logger->debug( "!!!!!!!!!!!!!!!!!! spoofSession " . Data::Dumper::Dumper($spoofSession) );
|
||||
|
||||
$self->p->updateSession( $req, $spoofSession );
|
||||
|
||||
return PE_OK;
|
||||
|
||||
# Main session
|
||||
#$self->p->updateSession( $req, $spoofSession );
|
||||
}
|
||||
|
||||
sub _userDatas {
|
||||
my ( $self, $req ) = @_;
|
||||
$req->{sessionInfo} = {};
|
||||
|
||||
# Search user in database
|
||||
$req->steps(
|
||||
[ 'getUser', 'setSessionInfo',
|
||||
'setMacros', 'setGroups',
|
||||
'setPersistentSessionInfo', 'setLocalGroups'
|
||||
]
|
||||
);
|
||||
if ( my $error = $self->p->process($req) ) {
|
||||
if ( $error == PE_BADCREDENTIALS ) {
|
||||
$self->userLogger->warn(
|
||||
'IdSpoofing requested for an unvalid user ('
|
||||
. $req->{user}
|
||||
. ")" );
|
||||
}
|
||||
$self->logger->debug("Process returned error: $error");
|
||||
return $req->error($error);
|
||||
}
|
||||
return $req->{sessionInfo};
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in New Issue
Block a user