Fix bad request (#2501)

2021-04-01 11:22:46 +02:00 · 2021-04-01 11:22:46 +02:00 · 654184dd66
commit 654184dd66
parent 4da7ca8d13
2 changed files with 106 additions and 2 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm
@ -8,7 +8,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
  PE_TOKENEXPIRED
 );

-our $VERSION = '2.0.10';
+our $VERSION = '2.0.12';

 extends 'Lemonldap::NG::Portal::Main::Plugin';

@ -125,7 +125,7 @@ sub confirm {
    my $res = $self->p->process($req);
    return $self->p->do( $req, [ sub { $res } ] ) if $res;

-    if ( $upg or $req->param('confirm') == 1 ) {
+    if ( $upg or $req->param('confirm') and $req->param('confirm') == 1 ) {
        $req->data->{noerror} = 1;

        if ($sfOnly) {
@ -152,7 +152,11 @@ sub confirm {
        }
    }
    else {
+
        # Go to portal
+        $self->logger->debug("Upgrade session failed -> Go to portal");
+        $req->mustRedirect(1);
+        return $self->p->do( $req, [ sub { PE_OK } ] );
    }
 }

--- a/lemonldap-ng-portal/t/78-2F-UpgradeOnly-without-2F.t
+++ b/lemonldap-ng-portal/t/78-2F-UpgradeOnly-without-2F.t
@ -0,0 +1,100 @@
+use Test::More;
+use strict;
+use IO::String;
+use Data::Dumper;
+
+require 't/test-lib.pm';
+require 't/smtp.pm';
+
+use_ok('Lemonldap::NG::Common::FormEncode');
+count(1);
+my $res;
+
+my $client = LLNG::Manager::Test->new( {
+        ini => {
+            logLevel         => 'debug',
+            sfOnlyUpgrade    => 1,
+            u2fActivation => 1,
+            u2fAuthnLevel => 5,
+            authentication   => 'Demo',
+            userDB           => 'Same',
+            'vhostOptions'   => {
+                'test1.example.com' => {
+                    'vhostAuthnLevel' => 3
+                },
+            },
+        }
+    }
+);
+
+# CASE 1: no 2F available
+# -----------------------
+my $query = 'user=rtyler&password=rtyler';
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new($query),
+        length => length($query),
+        accept => 'text/html',
+    ),
+    'Auth query'
+);
+count(1);
+
+my $id = expectCookie($res);
+
+# After attempting to access test1,
+# the handler sends up back to /upgradesession
+# --------------------------------------------
+
+ok(
+    $res = $client->_get(
+        '/upgradesession',
+        query  => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29t',
+        accept => 'text/html',
+        cookie => "lemonldap=$id",
+    ),
+    'Upgrade session query'
+);
+count(1);
+
+( my $host, my $url, $query ) =
+  expectForm( $res, undef, '/upgradesession', 'confirm', 'url' );
+
+# Accept session upgrade
+# ----------------------
+
+ok(
+    $res = $client->_post(
+        '/upgradesession',
+        IO::String->new($query),
+        length => length($query),
+        accept => 'text/html',
+        cookie => "lemonldap=$id",
+    ),
+    'Accept session upgrade query'
+);
+count(1);
+
+my $pdata = expectCookie( $res, 'lemonldappdata' );
+
+# A message warns the user that they do not have any 2FA available
+expectPortalError( $res, 83 );
+
+$query = 'user=rtyler&password=rtyler';
+ok(
+    $res = $client->_post(
+        '/upgradesession',
+        IO::String->new($query),
+        length => length($query),
+        accept => 'text/html',
+        cookie => "lemonldap=$id",
+    ),
+    'Accept session upgrade query'
+);
+count(1);
+expectRedirection( $res, 'http://auth.example.com/' );
+clean_sessions();
+
+done_testing( count() );
+