Refresh plugin (#2006)
This commit is contained in:
parent
d01cfe94df
commit
5bb6f2fd3b
|
@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
|
|||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||
use constant APPLYSECTION => "apply";
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|AllowOffline|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|(?:(?:globalLogout|active)Tim|wsdlServ)er|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|AllowOffline|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Session|Config)Server|ExportSecretKeys)|freshSessions)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|br(?:owsersDontStorePassword|uteForceProtection)|(?:(?:globalLogout|active)Tim|wsdlServ)er|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs))$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
@ -2593,6 +2593,9 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
],
|
||||
'type' => 'select'
|
||||
},
|
||||
'refreshSessions' => {
|
||||
'type' => 'bool'
|
||||
},
|
||||
'registerConfirmSubject' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
|
@ -554,6 +554,10 @@ sub attributes {
|
|||
documentation =>
|
||||
'Avoid asking confirmation when an Issuer asks to renew auth',
|
||||
},
|
||||
refreshSessions => {
|
||||
type => 'bool',
|
||||
documentation => 'Refresh sessions plugin',
|
||||
},
|
||||
forceGlobalStorageIssuerOTT => {
|
||||
type => 'bool',
|
||||
documentation =>
|
||||
|
|
|
@ -732,6 +732,7 @@ sub tree {
|
|||
help => 'plugincustom.html',
|
||||
nodes => [ 'customPlugins', 'customPluginsParams' ]
|
||||
},
|
||||
'refreshSessions',
|
||||
]
|
||||
},
|
||||
{
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -729,6 +729,7 @@
|
|||
"redirectFormMethod":"طريقة إعادة توجيه الإستمارة",
|
||||
"redirection":"معالج إعادة التوجيه",
|
||||
"reference":"مرجع",
|
||||
"refreshSessions":"Refresh sessions API",
|
||||
"regexp":"التعبير النمطي",
|
||||
"regexps":"التعبير النمطي",
|
||||
"register":"تسجيل حساب جديد",
|
||||
|
|
|
@ -729,6 +729,7 @@
|
|||
"redirectFormMethod":"Method for redirect form",
|
||||
"redirection":"Handler redirections",
|
||||
"reference":"Reference",
|
||||
"refreshSessions":"Refresh sessions API",
|
||||
"regexp":"Regular expression",
|
||||
"regexps":"Regular expressions",
|
||||
"register":"Register new account",
|
||||
|
|
|
@ -729,6 +729,7 @@
|
|||
"redirectFormMethod":"Method for redirect form",
|
||||
"redirection":"Handler redirections",
|
||||
"reference":"Reference",
|
||||
"refreshSessions":"Refresh sessions API",
|
||||
"regexp":"Regular expression",
|
||||
"regexps":"Regular expressions",
|
||||
"register":"Register new account",
|
||||
|
|
|
@ -729,6 +729,7 @@
|
|||
"redirectFormMethod":"Méthode du formulaire de redirection",
|
||||
"redirection":"Redirections du Handler",
|
||||
"reference":"Référence",
|
||||
"refreshSessions":"API de rafraîchissement des sessions",
|
||||
"regexp":"Expression régulière",
|
||||
"regexps":"Expressions régulières",
|
||||
"register":"Créer un nouveau compte",
|
||||
|
|
|
@ -729,6 +729,7 @@
|
|||
"redirectFormMethod":"Metodo per il modulo di reindirizzamento",
|
||||
"redirection":"Redirezioni del gestore",
|
||||
"reference":"Riferimento",
|
||||
"refreshSessions":"Refresh sessions API",
|
||||
"regexp":"Espressione regolare",
|
||||
"regexps":"Espressioni regolari",
|
||||
"register":"Registra nuovo account",
|
||||
|
|
|
@ -729,6 +729,7 @@
|
|||
"redirectFormMethod":"Phương pháp chuyển hướng mẫu",
|
||||
"redirection":"chuyển hướng trình điều khiển",
|
||||
"reference":"Tham khảo",
|
||||
"refreshSessions":"Refresh sessions API",
|
||||
"regexp":"Biểu thức chính quy",
|
||||
"regexps":"Biểu thức thông thường",
|
||||
"register":"Đăng ký tài khoản mới",
|
||||
|
|
|
@ -729,6 +729,7 @@
|
|||
"redirectFormMethod":"Method for redirect form",
|
||||
"redirection":"Handler redirections",
|
||||
"reference":"Reference",
|
||||
"refreshSessions":"Refresh sessions API",
|
||||
"regexp":"Regular expression",
|
||||
"regexps":"Regular expressions",
|
||||
"register":"Register new account",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -589,6 +589,7 @@ t/61-ForceAuthn.t
|
|||
t/61-GrantSession.t
|
||||
t/61-Session-ActivityTimeout.t
|
||||
t/61-Session-Timeout.t
|
||||
t/62-Refresh-plugin.t
|
||||
t/62-SingleSession.t
|
||||
t/62-UpgradeSession.t
|
||||
t/63-History.t
|
||||
|
|
|
@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Plugins::Refresh;
|
|||
use strict;
|
||||
use Mouse;
|
||||
|
||||
our $VERSION = '2.0.5';
|
||||
our $VERSION = '2.0.7';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||
'Lemonldap::NG::Portal::Lib::OtherSessions';
|
||||
|
@ -14,26 +14,31 @@ sub init {
|
|||
}
|
||||
|
||||
sub run {
|
||||
my ( $self, $req );
|
||||
return $self->p->sendError( $req, 'Bad request', 400 )
|
||||
my ( $self, $req ) = @_;
|
||||
return $self->p->sendError( $req, 'Not a JSON request', 400 )
|
||||
unless $req->wantJSON;
|
||||
my $info = $req->jsonBodyToObj;
|
||||
return $self->p->sendError( $req, 'Bad request', 400 ) unless $info->{uid};
|
||||
return $self->p->sendError( $req, 'Bad content', 400 ) unless $info->{uid};
|
||||
my $sessions =
|
||||
$self->module->searchOn( $self->moduleOpts, $self->conf->{whatToTrace},
|
||||
$uid );
|
||||
my $c = 0;
|
||||
$info->{uid} );
|
||||
my $c = 0;
|
||||
my $nb = scalar( keys %$sessions );
|
||||
|
||||
foreach my $id ( keys %$sessions ) {
|
||||
$c++;
|
||||
$req->userData(
|
||||
{ _session_id => $id, $self->conf->{whatToTrace} => $uid } );
|
||||
{ _session_id => $id, $self->conf->{whatToTrace} => $info->{uid} }
|
||||
);
|
||||
$req->id($id);
|
||||
$req->user($uid);
|
||||
$self->p->refresh($req);
|
||||
$req->user( $info->{uid} );
|
||||
eval { $self->p->refresh($req); };
|
||||
$self->logger->debug("Refresh: $@") if $@;
|
||||
$c++;
|
||||
}
|
||||
$req->userData( {} );
|
||||
$req->$_(undef) foreach (qw(user id));
|
||||
$self->userData( {} );
|
||||
return $self->sendJSONresponse( $req, { updated => $c } );
|
||||
return $self->sendJSONresponse( $req,
|
||||
{ updated => $c, errors => ( $nb - $c ) } );
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
59
lemonldap-ng-portal/t/62-Refresh-plugin.t
Normal file
59
lemonldap-ng-portal/t/62-Refresh-plugin.t
Normal file
|
@ -0,0 +1,59 @@
|
|||
use Test::More;
|
||||
use strict;
|
||||
use IO::String;
|
||||
|
||||
BEGIN {
|
||||
require 't/test-lib.pm';
|
||||
}
|
||||
|
||||
my $res;
|
||||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
refreshSessions => 1,
|
||||
restSessionServer => 1,
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
my @ids;
|
||||
foreach ( 1 .. 6 ) {
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=dwho&password=dwho'),
|
||||
length => 23,
|
||||
),
|
||||
"Auth query $_"
|
||||
);
|
||||
count(1);
|
||||
push @ids, expectCookie($res);
|
||||
}
|
||||
|
||||
$Lemonldap::NG::Portal::UserDB::Demo::demoAccounts{dwho}->{uid} = 'Dr Who';
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/refreshsessions', IO::String->new('{"uid":"dwho"}'),
|
||||
length => 14,
|
||||
type => 'application/json',
|
||||
),
|
||||
'Call refresh'
|
||||
);
|
||||
count(1);
|
||||
expectOK($res);
|
||||
my $c = @ids;
|
||||
ok( $res->[2]->[0] =~ /"updated":$c/, "Count is $c" );
|
||||
count(1);
|
||||
|
||||
foreach (@ids) {
|
||||
ok( $res = $client->_get("/sessions/global/$_"), 'Get session content' );
|
||||
ok( $res->[2]->[0] =~ /"uid":"Dr Who"/, ' Content is updated' );
|
||||
count(2);
|
||||
}
|
||||
|
||||
clean_sessions();
|
||||
done_testing( count() );
|
Loading…
Reference in New Issue
Block a user