Merge branch '2689' into 'v2.0'
Fix DELETE session(s)/my REST services (#2689) See merge request lemonldap-ng/lemonldap-ng!247
This commit is contained in:
commit
42f100d74b
|
@ -18,6 +18,7 @@ Sessions for connected users (used by :doc:`LLNG Proxy<authproxy>`):
|
|||
- GET /session/my/<type> : get session datas
|
||||
- GET /session/my/<type>/key : get session key
|
||||
- DELETE /session/my : ask for logout
|
||||
- DELETE /sessions/my : ask for global logout (if GlobalLogout plugin is on)
|
||||
|
||||
Services for connected users (always enabled):
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ use Mouse;
|
|||
use Lemonldap::NG::Common::Conf::Constants;
|
||||
use JSON qw(from_json to_json);
|
||||
|
||||
our $VERSION = '2.0.9';
|
||||
our $VERSION = '2.0.14';
|
||||
|
||||
has sessionTypes => ( is => 'rw' );
|
||||
|
||||
|
@ -293,4 +293,9 @@ sub getMod {
|
|||
return $m;
|
||||
}
|
||||
|
||||
sub getGlobal {
|
||||
my ( $self ) = @_;
|
||||
return $self->sessionTypes->{global};
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
# * GET /session/my/<type> : get session data
|
||||
# * GET /session/my/<type>/key : get session key
|
||||
# * DELETE /session/my : ask for logout
|
||||
# * DELETE /sessions/my : ask for global logout
|
||||
# * DELETE /sessions/my : ask for global logout (if GlobalLogout plugin is on)
|
||||
#
|
||||
# - Authentication
|
||||
# * GET /renewcaptcha : get token and captcha image
|
||||
|
@ -200,9 +200,16 @@ sub init {
|
|||
)
|
||||
|
||||
->addAuthRoute(
|
||||
sessions => { my => { ':sessionType' => 'removeSessions' } },
|
||||
session => { my => 'removeSession' },
|
||||
['DELETE']
|
||||
);
|
||||
|
||||
if ( $self->conf->{globalLogoutRule} ) {
|
||||
$self->addAuthRoute(
|
||||
sessions => { my => 'removeSessions' },
|
||||
['DELETE']
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if ( $self->conf->{restPasswordServer} ) {
|
||||
|
@ -603,6 +610,25 @@ sub getError {
|
|||
);
|
||||
}
|
||||
|
||||
sub removeSession {
|
||||
my ( $self, $req ) = @_;
|
||||
my $id = $req->userData->{_session_id};
|
||||
return $self->p->sendError( $req, 'ID is required', 400 ) unless ($id);
|
||||
my $mod = $self->getGlobal()
|
||||
or return $self->p->sendError( $req, undef, 400 );
|
||||
|
||||
# Get session
|
||||
my $session = $self->getApacheSession( $mod, $id )
|
||||
or return $self->p->sendError( $req, 'Session id does not exists', 400 );
|
||||
|
||||
# Delete it
|
||||
$self->logger->debug("REST request to delete global session $id");
|
||||
my $res = $self->p->_deleteSession( $req, $session );
|
||||
$self->logger->debug(" Result is $res");
|
||||
|
||||
return $self->p->sendJSONresponse( $req, { result => $res } );
|
||||
}
|
||||
|
||||
sub removeSessions {
|
||||
my ( $self, $req ) = @_;
|
||||
my $glPlugin =
|
||||
|
@ -783,7 +809,8 @@ sub myApplications {
|
|||
{ Category => $_->{catname}, Applications => \@apps },
|
||||
} @{ $self->p->menu->appslist($req) };
|
||||
|
||||
return $self->p->sendJSONresponse( $req, { result => 1, myapplications => \@appslist } );
|
||||
return $self->p->sendJSONresponse( $req,
|
||||
{ result => 1, myapplications => \@appslist } );
|
||||
}
|
||||
|
||||
sub _checkSecret {
|
||||
|
|
|
@ -236,12 +236,34 @@ ok( $nbr == 3, "Three sessions found" )
|
|||
or explain("Number of session(s) found = $nbr");
|
||||
count(4);
|
||||
|
||||
# Try to auth: forth request
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/', IO::String->new('user=dwho&password=dwho'),
|
||||
length => 23,
|
||||
accept => 'text/html'
|
||||
),
|
||||
'Post user/password 4'
|
||||
);
|
||||
my $id = expectCookie($res);
|
||||
ok(
|
||||
$res = $client->_delete(
|
||||
'/session/my', cookie => "lemonldap=$id",
|
||||
),
|
||||
'DELETE /session/my'
|
||||
);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
ok( $res->{result} == 1, 'Session removed' )
|
||||
or explain( $res, "result == $res->{result}" );
|
||||
count(4);
|
||||
|
||||
# GlobalLogout
|
||||
ok(
|
||||
$res = $client->_delete(
|
||||
'/sessions/my/global', cookie => "lemonldap=$idd",
|
||||
'/sessions/my', cookie => "lemonldap=$idd",
|
||||
),
|
||||
'DELETE /sessions/my/global'
|
||||
'DELETE /sessions/my'
|
||||
);
|
||||
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
|
||||
or print STDERR $@;
|
||||
|
|
Loading…
Reference in New Issue