Fix session update (#1664)

2019-03-06 21:29:03 +01:00 · 2019-03-06 21:29:03 +01:00 · 6e50f41687
commit 6e50f41687
parent e32e5adf59
4 changed files with 41 additions and 30 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
@ -67,9 +67,12 @@ sub run {
            $realSession->{$spk} = $req->{sessionInfo}->{$k};
            $self->logger->debug("-> Store $k in realSession key: $spk");
        }
+        $self->logger->debug("Delete $k");
+        delete $req->{sessionInfo}->{$k};
    }
    $req->{user} = $spoofId;
    $spoofSession = $self->_userDatas($req);
+    $spoofSession->{groups} ||= '';

    # Merging SSO groups and hGroups & Dedup
    if ( $self->{conf}->{impersonationMergeSSOgroups} ) {
@ -77,25 +80,22 @@ sub run {
        my $spg       = "$self->{conf}->{impersonationPrefix}groups";
        my $sphg      = "$self->{conf}->{impersonationPrefix}hGroups";
        my $separator = $self->{conf}->{multiValuesSeparator};
-        if (   $spoofSession->{groups}
-            or $realSession->{$spg} )
-        {
-            $self->logger->debug("Processing groups...");
-            my @spoofGrps = my @realGrps = ();
-            @spoofGrps = split /\Q$separator/, $spoofSession->{groups}
-                if $spoofSession->{groups};
-            @realGrps = split /\Q$separator/, $realSession->{$spg}
-                if $realSession->{$spg};
-            @spoofGrps = ( @spoofGrps, @realGrps );
-            my %hash = map { $_, 1 } @spoofGrps;
-            $spoofSession->{groups} = join $separator, sort keys %hash;
+        $spoofSession->{groups} ||= '';
+        $realSession->{$spg} ||= '';
+        
+        $self->logger->debug("Processing groups...");
+        my @spoofGrps = my @realGrps = ();
+        @spoofGrps = split /\Q$separator/, $spoofSession->{groups};
+        @realGrps = split /\Q$separator/, $realSession->{$spg};
+        @spoofGrps = ( @spoofGrps, @realGrps );
+        my %hash = map { $_, 1 } @spoofGrps;
+        $spoofSession->{groups} = join $separator, sort keys %hash;

-            $self->logger->debug("Processing hGroups...");
-            $spoofSession->{hGroups} ||= {};
-            $realSession->{$sphg} ||= {};
-            $spoofSession->{hGroups} = { %{ $spoofSession->{hGroups} },
-                %{ $realSession->{$sphg} } };
-        }
+        $self->logger->debug("Processing hGroups...");
+        $spoofSession->{hGroups} ||= {};
+        $realSession->{$sphg} ||= {};
+        $spoofSession->{hGroups} = { %{ $spoofSession->{hGroups} },
+            %{ $realSession->{$sphg} } };
    }

    # Create spoofed session
--- a/lemonldap-ng-portal/t/67-CheckUser.t
+++ b/lemonldap-ng-portal/t/67-CheckUser.t
@ -28,7 +28,7 @@ my $client = LLNG::Manager::Test->new( {
 ok(
    $res = $client->_post(
        '/',
-        IO::String->new('user=rtyler&password=rtyler'),
+        IO::String->new('user=msmith&password=msmith'),
        length => 27,
        accept => 'text/html',
    ),
--- a/lemonldap-ng-portal/t/68-Impersonation.t
+++ b/lemonldap-ng-portal/t/68-Impersonation.t
@ -10,7 +10,7 @@ my $res;

 my $client = LLNG::Manager::Test->new(
    {   ini => {
-            logLevel            => 'debug',
+            logLevel            => 'error',
            authentication      => 'Demo',
            userDB              => 'Same',
            loginHistoryEnabled => 0,
@ -21,7 +21,7 @@ my $client = LLNG::Manager::Test->new(
            impersonationRule   => 1,
            checkUserDisplayPersistentInfo => 0,
            checkUserDisplayEmptyValues    => 0,
-            impersonationMergeSSOgroups    => 1,
+            impersonationMergeSSOgroups    => 0,
        }
    }
 );
@ -91,9 +91,11 @@ ok( $res->[2]->[0]
 ) or explain( $res->[2]->[0], 'trspan="allowed"' );
 ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
    or explain( $res->[2]->[0], 'trspan="headers"' );
-ok( $res->[2]->[0] =~ m%<span trspan="groups_sso">%,
-    'Found trspan="groups_sso"' )
+
+ok( $res->[2]->[0] !~ m%<span trspan="groups_sso">%,
+    'trspan="groups_sso" NOT found' )
    or explain( $res->[2]->[0], 'trspan="groups_sso"' );
+
 ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
    or explain( $res->[2]->[0], 'trspan="macros"' );
 ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
@ -106,16 +108,25 @@ ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
    'Found Auth-User' )
    or explain( $res->[2]->[0], 'Header Key: Auth-User' );
 ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%,
-    'Found rtyler' )
+    'Found dwho' )
    or explain( $res->[2]->[0], 'Header Value: dwho' );
-ok( $res->[2]->[0] =~ m%<td class="align-middle">su</td>%, 'Found su' )
-    or explain( $res->[2]->[0], 'SSO Groups: su' );
+
 ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
    'Found _whatToTrace' )
    or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
-ok( $res->[2]->[0] =~ m%<td class="text-left">uid</td>%, 'Found uid' )
-    or explain( $res->[2]->[0], 'Attribute Value uid' );
-count(12);
+ok( $res->[2]->[0] =~ m%<td class="text-left">real_groups</td>%,
+    'Found real_groups' )
+    or explain( $res->[2]->[0], 'real_groups' );
+ok( $res->[2]->[0] =~ m%<td class="text-left">su</td>%,
+    'Found su' )
+    or explain( $res->[2]->[0], 'su' );
+ok( $res->[2]->[0] =~ m%<td class="text-left">real_uid</td>%,
+    'Found real_uid' )
+    or explain( $res->[2]->[0], 'real_groups' );
+ok( $res->[2]->[0] =~ m%<td class="text-left">rtyler</td>%,
+    'Found rtyler' )
+    or explain( $res->[2]->[0], 'su' );
+count(14);


 $client->logout($id);
--- a/lemonldap-ng-portal/t/lmConf-1.json
+++ b/lemonldap-ng-portal/t/lmConf-1.json
@ -35,7 +35,7 @@
  "key": "qwertyui",
  "locationRules": {
    "auth.example.com" : {
-       "(?#checkUser)^/checkuser" : "$uid eq \"dwho\"",
+       "(?#checkUser)^/checkuser" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
       "(?#errors)^/lmerror/": "accept",
       "default" : "accept"
    },