Merge branch '2689' into 'v2.0'

Fix DELETE session(s)/my REST services (#2689) See merge request lemonldap-ng/lemonldap-ng!247
2022-02-01 15:20:18 +00:00 · 2022-02-01 15:20:18 +00:00 · 42f100d74b
parent f2b8cd870e 8165d3f5bd
commit 42f100d74b
4 changed files with 61 additions and 6 deletions
--- a/doc/sources/admin/restsessionbackend.rst
+++ b/doc/sources/admin/restsessionbackend.rst
@ -18,6 +18,7 @@ Sessions for connected users (used by :doc:`LLNG Proxy<authproxy>`):
 -  GET /session/my/<type> : get session datas
 -  GET /session/my/<type>/key : get session key
 -  DELETE /session/my : ask for logout
+-  DELETE /sessions/my : ask for global logout (if GlobalLogout plugin is on)

 Services for connected users (always enabled):

--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
@ -5,7 +5,7 @@ use Mouse;
 use Lemonldap::NG::Common::Conf::Constants;
 use JSON qw(from_json to_json);

-our $VERSION = '2.0.9';
+our $VERSION = '2.0.14';

 has sessionTypes => ( is => 'rw' );

@ -293,4 +293,9 @@ sub getMod {
    return $m;
 }

+sub getGlobal {
+    my ( $self ) = @_;
+    return $self->sessionTypes->{global};
+}
+
 1;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
@ -15,7 +15,7 @@
 #   * GET /session/my/<type>                     : get session data
 #   * GET /session/my/<type>/key                 : get session key
 #   * DELETE /session/my                         : ask for logout
-#   * DELETE /sessions/my                        : ask for global logout
+#   * DELETE /sessions/my                        : ask for global logout (if GlobalLogout plugin is on)
 #
 # - Authentication
 #   * GET /renewcaptcha                          : get token and captcha image
@ -200,9 +200,16 @@ sub init {
          )

          ->addAuthRoute(
-            sessions => { my => { ':sessionType' => 'removeSessions' } },
+            session => { my => 'removeSession' },
            ['DELETE']
          );
+
+          if ( $self->conf->{globalLogoutRule} ) {
+            $self->addAuthRoute(
+                sessions => { my => 'removeSessions' },
+                ['DELETE']
+            );
+        }
    }

    if ( $self->conf->{restPasswordServer} ) {
@ -603,6 +610,25 @@ sub getError {
    );
 }

+sub removeSession {
+    my ( $self, $req ) = @_;
+    my $id = $req->userData->{_session_id};
+    return $self->p->sendError( $req, 'ID is required', 400 ) unless ($id);
+    my $mod = $self->getGlobal()
+      or return $self->p->sendError( $req, undef, 400 );
+
+    # Get session
+    my $session = $self->getApacheSession( $mod, $id )
+      or return $self->p->sendError( $req, 'Session id does not exists', 400 );
+
+    # Delete it
+    $self->logger->debug("REST request to delete global session $id");
+    my $res = $self->p->_deleteSession( $req, $session );
+    $self->logger->debug(" Result is $res");
+
+    return $self->p->sendJSONresponse( $req, { result => $res } );
+}
+
 sub removeSessions {
    my ( $self, $req ) = @_;
    my $glPlugin =
@ -783,7 +809,8 @@ sub myApplications {
        { Category => $_->{catname}, Applications => \@apps },
    } @{ $self->p->menu->appslist($req) };

-    return $self->p->sendJSONresponse( $req, { result => 1, myapplications => \@appslist } );
+    return $self->p->sendJSONresponse( $req,
+        { result => 1, myapplications => \@appslist } );
 }

 sub _checkSecret {
--- a/lemonldap-ng-portal/t/57-GlobalLogout.t
+++ b/lemonldap-ng-portal/t/57-GlobalLogout.t
@ -236,12 +236,34 @@ ok( $nbr == 3, "Three sessions found" )
  or explain("Number of session(s) found = $nbr");
 count(4);

+# Try to auth: forth request
+ok(
+    $res = $client->_post(
+        '/', IO::String->new('user=dwho&password=dwho'),
+        length => 23,
+        accept => 'text/html'
+    ),
+    'Post user/password 4'
+);
+my $id = expectCookie($res);
+ok(
+    $res = $client->_delete(
+        '/session/my', cookie => "lemonldap=$id",
+    ),
+    'DELETE /session/my'
+);
+ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
+  or print STDERR $@;
+ok( $res->{result} == 1, 'Session removed' )
+  or explain( $res, "result == $res->{result}" );
+count(4);
+
 # GlobalLogout
 ok(
    $res = $client->_delete(
-        '/sessions/my/global', cookie => "lemonldap=$idd",
+        '/sessions/my', cookie => "lemonldap=$idd",
    ),
-    'DELETE /sessions/my/global'
+    'DELETE /sessions/my'
 );
 ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
  or print STDERR $@;