From 6e50f41687b8325558b9f00580ee885abc52a7a2 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Wed, 6 Mar 2019 21:29:03 +0100 Subject: [PATCH] Fix session update (#1664) --- .../NG/Portal/Plugins/Impersonation.pm | 36 +++++++++---------- lemonldap-ng-portal/t/67-CheckUser.t | 2 +- lemonldap-ng-portal/t/68-Impersonation.t | 31 ++++++++++------ lemonldap-ng-portal/t/lmConf-1.json | 2 +- 4 files changed, 41 insertions(+), 30 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm index dfc236e8f..e2a42300e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm @@ -67,9 +67,12 @@ sub run { $realSession->{$spk} = $req->{sessionInfo}->{$k}; $self->logger->debug("-> Store $k in realSession key: $spk"); } + $self->logger->debug("Delete $k"); + delete $req->{sessionInfo}->{$k}; } $req->{user} = $spoofId; $spoofSession = $self->_userDatas($req); + $spoofSession->{groups} ||= ''; # Merging SSO groups and hGroups & Dedup if ( $self->{conf}->{impersonationMergeSSOgroups} ) { @@ -77,25 +80,22 @@ sub run { my $spg = "$self->{conf}->{impersonationPrefix}groups"; my $sphg = "$self->{conf}->{impersonationPrefix}hGroups"; my $separator = $self->{conf}->{multiValuesSeparator}; - if ( $spoofSession->{groups} - or $realSession->{$spg} ) - { - $self->logger->debug("Processing groups..."); - my @spoofGrps = my @realGrps = (); - @spoofGrps = split /\Q$separator/, $spoofSession->{groups} - if $spoofSession->{groups}; - @realGrps = split /\Q$separator/, $realSession->{$spg} - if $realSession->{$spg}; - @spoofGrps = ( @spoofGrps, @realGrps ); - my %hash = map { $_, 1 } @spoofGrps; - $spoofSession->{groups} = join $separator, sort keys %hash; + $spoofSession->{groups} ||= ''; + $realSession->{$spg} ||= ''; + + $self->logger->debug("Processing groups..."); + my @spoofGrps = my @realGrps = (); + @spoofGrps = split /\Q$separator/, $spoofSession->{groups}; + @realGrps = split /\Q$separator/, $realSession->{$spg}; + @spoofGrps = ( @spoofGrps, @realGrps ); + my %hash = map { $_, 1 } @spoofGrps; + $spoofSession->{groups} = join $separator, sort keys %hash; - $self->logger->debug("Processing hGroups..."); - $spoofSession->{hGroups} ||= {}; - $realSession->{$sphg} ||= {}; - $spoofSession->{hGroups} = { %{ $spoofSession->{hGroups} }, - %{ $realSession->{$sphg} } }; - } + $self->logger->debug("Processing hGroups..."); + $spoofSession->{hGroups} ||= {}; + $realSession->{$sphg} ||= {}; + $spoofSession->{hGroups} = { %{ $spoofSession->{hGroups} }, + %{ $realSession->{$sphg} } }; } # Create spoofed session diff --git a/lemonldap-ng-portal/t/67-CheckUser.t b/lemonldap-ng-portal/t/67-CheckUser.t index fa98ba94f..9e76f55b6 100644 --- a/lemonldap-ng-portal/t/67-CheckUser.t +++ b/lemonldap-ng-portal/t/67-CheckUser.t @@ -28,7 +28,7 @@ my $client = LLNG::Manager::Test->new( { ok( $res = $client->_post( '/', - IO::String->new('user=rtyler&password=rtyler'), + IO::String->new('user=msmith&password=msmith'), length => 27, accept => 'text/html', ), diff --git a/lemonldap-ng-portal/t/68-Impersonation.t b/lemonldap-ng-portal/t/68-Impersonation.t index d2602fcaa..8df351a2a 100644 --- a/lemonldap-ng-portal/t/68-Impersonation.t +++ b/lemonldap-ng-portal/t/68-Impersonation.t @@ -10,7 +10,7 @@ my $res; my $client = LLNG::Manager::Test->new( { ini => { - logLevel => 'debug', + logLevel => 'error', authentication => 'Demo', userDB => 'Same', loginHistoryEnabled => 0, @@ -21,7 +21,7 @@ my $client = LLNG::Manager::Test->new( impersonationRule => 1, checkUserDisplayPersistentInfo => 0, checkUserDisplayEmptyValues => 0, - impersonationMergeSSOgroups => 1, + impersonationMergeSSOgroups => 0, } } ); @@ -91,9 +91,11 @@ ok( $res->[2]->[0] ) or explain( $res->[2]->[0], 'trspan="allowed"' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="headers"' ) or explain( $res->[2]->[0], 'trspan="headers"' ); -ok( $res->[2]->[0] =~ m%%, - 'Found trspan="groups_sso"' ) + +ok( $res->[2]->[0] !~ m%%, + 'trspan="groups_sso" NOT found' ) or explain( $res->[2]->[0], 'trspan="groups_sso"' ); + ok( $res->[2]->[0] =~ m%%, 'Found trspan="macros"' ) or explain( $res->[2]->[0], 'trspan="macros"' ); ok( $res->[2]->[0] =~ m%%, @@ -106,16 +108,25 @@ ok( $res->[2]->[0] =~ m%Auth-User%, 'Found Auth-User' ) or explain( $res->[2]->[0], 'Header Key: Auth-User' ); ok( $res->[2]->[0] =~ m%dwho%, - 'Found rtyler' ) + 'Found dwho' ) or explain( $res->[2]->[0], 'Header Value: dwho' ); -ok( $res->[2]->[0] =~ m%su%, 'Found su' ) - or explain( $res->[2]->[0], 'SSO Groups: su' ); + ok( $res->[2]->[0] =~ m%_whatToTrace%, 'Found _whatToTrace' ) or explain( $res->[2]->[0], 'Macro Key _whatToTrace' ); -ok( $res->[2]->[0] =~ m%uid%, 'Found uid' ) - or explain( $res->[2]->[0], 'Attribute Value uid' ); -count(12); +ok( $res->[2]->[0] =~ m%real_groups%, + 'Found real_groups' ) + or explain( $res->[2]->[0], 'real_groups' ); +ok( $res->[2]->[0] =~ m%su%, + 'Found su' ) + or explain( $res->[2]->[0], 'su' ); +ok( $res->[2]->[0] =~ m%real_uid%, + 'Found real_uid' ) + or explain( $res->[2]->[0], 'real_groups' ); +ok( $res->[2]->[0] =~ m%rtyler%, + 'Found rtyler' ) + or explain( $res->[2]->[0], 'su' ); +count(14); $client->logout($id); diff --git a/lemonldap-ng-portal/t/lmConf-1.json b/lemonldap-ng-portal/t/lmConf-1.json index b65f9a6f5..eaf2889c1 100644 --- a/lemonldap-ng-portal/t/lmConf-1.json +++ b/lemonldap-ng-portal/t/lmConf-1.json @@ -35,7 +35,7 @@ "key": "qwertyui", "locationRules": { "auth.example.com" : { - "(?#checkUser)^/checkuser" : "$uid eq \"dwho\"", + "(?#checkUser)^/checkuser" : "$uid eq \"dwho\" or $uid eq \"rtyler\"", "(?#errors)^/lmerror/": "accept", "default" : "accept" },