dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Impersonation with 2FA (#1781)

Browse Source
This commit is contained in:
Christophe Maudoux 2019-06-01 19:13:45 +02:00
parent fca77bbc7a
commit 491c54a3ee
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Engines/Default.pm
View File

@ -139,6 +139,7 @@ sub run {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
my $checkLogins = $req->param('checkLogins'); my $checkLogins = $req->param('checkLogins');
my $spoofId = $req->param('spoofId') || '';
$self->logger->debug("2F checkLogins set") if ($checkLogins); $self->logger->debug("2F checkLogins set") if ($checkLogins);
# Skip 2F unless a module has been registered # Skip 2F unless a module has been registered
@ -186,6 +187,8 @@ sub run {
$req->sessionInfo->{_2fRealSession} = $req->id; $req->sessionInfo->{_2fRealSession} = $req->id;
$req->sessionInfo->{_2fUrldc} = $req->urldc; $req->sessionInfo->{_2fUrldc} = $req->urldc;
$req->sessionInfo->{_2fUtime} = $req->{sessionInfo}->{_utime}; $req->sessionInfo->{_2fUtime} = $req->{sessionInfo}->{_utime};
$req->sessionInfo->{_impSpoofId} = $spoofId;
$req->sessionInfo->{_impUser} = $req->user;
my $token = $self->ott->createToken( $req->sessionInfo ); my $token = $self->ott->createToken( $req->sessionInfo );
delete $req->{authResult}; delete $req->{authResult};

10
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View File

@ -55,7 +55,11 @@ sub init {
sub run { sub run {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
my $spoofId = $req->param('spoofId') || $req->{user}; my $spoofId =
$req->param('spoofId')
|| $req->{sessionInfo}->{_impSpoofId}
|| $req->{user}
|| $req->{sessionInfo}->{_impUser};
$self->logger->debug("No impersonation required") $self->logger->debug("No impersonation required")
if ( $spoofId eq $req->{user} ); if ( $spoofId eq $req->{user} );
my $statut = PE_OK; my $statut = PE_OK;
@ -86,7 +90,9 @@ sub run {
next unless defined $req->{sessionInfo}->{$k}; next unless defined $req->{sessionInfo}->{$k};
} }
$spk = "$self->{conf}->{impersonationPrefix}$k"; $spk = "$self->{conf}->{impersonationPrefix}$k";
unless ( $self->hAttr =~ /\b$k\b/ ) { unless ( $self->hAttr =~ /\b$k\b/
|| $k =~ /^(?:_imp|token|_type)\w*\b/ )
{
$realSession->{$spk} = $req->{sessionInfo}->{$k}; $realSession->{$spk} = $req->{sessionInfo}->{$k};
$self->logger->debug("-> Store $k in realSession key: $spk"); $self->logger->debug("-> Store $k in realSession key: $spk");
} }