dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Impersonation with 2FA (#1781)

Browse Source
This commit is contained in:
Christophe Maudoux 2019-06-01 19:13:45 +02:00
parent fca77bbc7a
commit 491c54a3ee
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
View File

@ -139,6 +139,7 @@ sub run {
my ( $self, $req ) = @_;
my $checkLogins = $req->param('checkLogins');
my $spoofId = $req->param('spoofId') || '';
$self->logger->debug("2F checkLogins set") if ($checkLogins);
# Skip 2F unless a module has been registered
@ -186,6 +187,8 @@ sub run {
$req->sessionInfo->{_2fRealSession} = $req->id;
$req->sessionInfo->{_2fUrldc} = $req->urldc;
$req->sessionInfo->{_2fUtime} = $req->{sessionInfo}->{_utime};
$req->sessionInfo->{_impSpoofId} = $spoofId;
$req->sessionInfo->{_impUser} = $req->user;
my $token = $self->ott->createToken( $req->sessionInfo );
delete $req->{authResult};

10
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View File

@ -55,7 +55,11 @@ sub init {
sub run {
my ( $self, $req ) = @_;
my $spoofId = $req->param('spoofId') || $req->{user};
my $spoofId =
$req->param('spoofId')
|| $req->{sessionInfo}->{_impSpoofId}
|| $req->{user}
|| $req->{sessionInfo}->{_impUser};
$self->logger->debug("No impersonation required")
if ( $spoofId eq $req->{user} );
my $statut = PE_OK;
@ -86,7 +90,9 @@ sub run {
next unless defined $req->{sessionInfo}->{$k};
}
$spk = "$self->{conf}->{impersonationPrefix}$k";
unless ( $self->hAttr =~ /\b$k\b/ ) {
unless ( $self->hAttr =~ /\b$k\b/
|| $k =~ /^(?:_imp|token|_type)\w*\b/ )
{
$realSession->{$spk} = $req->{sessionInfo}->{$k};
$self->logger->debug("-> Store $k in realSession key: $spk");
}