Fix Impersonation with 2FA (#1781)
This commit is contained in:
parent
fca77bbc7a
commit
491c54a3ee
|
@ -139,6 +139,7 @@ sub run {
|
|||
my ( $self, $req ) = @_;
|
||||
|
||||
my $checkLogins = $req->param('checkLogins');
|
||||
my $spoofId = $req->param('spoofId') || '';
|
||||
$self->logger->debug("2F checkLogins set") if ($checkLogins);
|
||||
|
||||
# Skip 2F unless a module has been registered
|
||||
|
@ -186,6 +187,8 @@ sub run {
|
|||
$req->sessionInfo->{_2fRealSession} = $req->id;
|
||||
$req->sessionInfo->{_2fUrldc} = $req->urldc;
|
||||
$req->sessionInfo->{_2fUtime} = $req->{sessionInfo}->{_utime};
|
||||
$req->sessionInfo->{_impSpoofId} = $spoofId;
|
||||
$req->sessionInfo->{_impUser} = $req->user;
|
||||
my $token = $self->ott->createToken( $req->sessionInfo );
|
||||
delete $req->{authResult};
|
||||
|
||||
|
|
|
@ -55,7 +55,11 @@ sub init {
|
|||
|
||||
sub run {
|
||||
my ( $self, $req ) = @_;
|
||||
my $spoofId = $req->param('spoofId') || $req->{user};
|
||||
my $spoofId =
|
||||
$req->param('spoofId')
|
||||
|| $req->{sessionInfo}->{_impSpoofId}
|
||||
|| $req->{user}
|
||||
|| $req->{sessionInfo}->{_impUser};
|
||||
$self->logger->debug("No impersonation required")
|
||||
if ( $spoofId eq $req->{user} );
|
||||
my $statut = PE_OK;
|
||||
|
@ -86,7 +90,9 @@ sub run {
|
|||
next unless defined $req->{sessionInfo}->{$k};
|
||||
}
|
||||
$spk = "$self->{conf}->{impersonationPrefix}$k";
|
||||
unless ( $self->hAttr =~ /\b$k\b/ ) {
|
||||
unless ( $self->hAttr =~ /\b$k\b/
|
||||
|| $k =~ /^(?:_imp|token|_type)\w*\b/ )
|
||||
{
|
||||
$realSession->{$spk} = $req->{sessionInfo}->{$k};
|
||||
$self->logger->debug("-> Store $k in realSession key: $spk");
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user