dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix session update (#1664)

Browse Source
This commit is contained in:
Christophe Maudoux 2019-03-06 21:29:03 +01:00
parent e32e5adf59
commit 6e50f41687
4 changed files with 41 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View File

@ -67,9 +67,12 @@ sub run {
$realSession->{$spk} = $req->{sessionInfo}->{$k}; $realSession->{$spk} = $req->{sessionInfo}->{$k};
$self->logger->debug("-> Store $k in realSession key: $spk"); $self->logger->debug("-> Store $k in realSession key: $spk");
} }
$self->logger->debug("Delete $k");
delete $req->{sessionInfo}->{$k};
} }
$req->{user} = $spoofId; $req->{user} = $spoofId;
$spoofSession = $self->_userDatas($req); $spoofSession = $self->_userDatas($req);
$spoofSession->{groups} ||= '';
# Merging SSO groups and hGroups & Dedup # Merging SSO groups and hGroups & Dedup
if ( $self->{conf}->{impersonationMergeSSOgroups} ) { if ( $self->{conf}->{impersonationMergeSSOgroups} ) {
@ -77,25 +80,22 @@ sub run {
my $spg = "$self->{conf}->{impersonationPrefix}groups"; my $spg = "$self->{conf}->{impersonationPrefix}groups";
my $sphg = "$self->{conf}->{impersonationPrefix}hGroups"; my $sphg = "$self->{conf}->{impersonationPrefix}hGroups";
my $separator = $self->{conf}->{multiValuesSeparator}; my $separator = $self->{conf}->{multiValuesSeparator};
if ( $spoofSession->{groups} $spoofSession->{groups} ||= '';
or $realSession->{$spg} ) $realSession->{$spg} ||= '';
{
$self->logger->debug("Processing groups..."); $self->logger->debug("Processing groups...");
my @spoofGrps = my @realGrps = (); my @spoofGrps = my @realGrps = ();
@spoofGrps = split /\Q$separator/, $spoofSession->{groups} @spoofGrps = split /\Q$separator/, $spoofSession->{groups};
if $spoofSession->{groups}; @realGrps = split /\Q$separator/, $realSession->{$spg};
@realGrps = split /\Q$separator/, $realSession->{$spg} @spoofGrps = ( @spoofGrps, @realGrps );
if $realSession->{$spg}; my %hash = map { $_, 1 } @spoofGrps;
@spoofGrps = ( @spoofGrps, @realGrps ); $spoofSession->{groups} = join $separator, sort keys %hash;
my %hash = map { $_, 1 } @spoofGrps;
$spoofSession->{groups} = join $separator, sort keys %hash;
$self->logger->debug("Processing hGroups..."); $self->logger->debug("Processing hGroups...");
$spoofSession->{hGroups} ||= {}; $spoofSession->{hGroups} ||= {};
$realSession->{$sphg} ||= {}; $realSession->{$sphg} ||= {};
$spoofSession->{hGroups} = { %{ $spoofSession->{hGroups} }, $spoofSession->{hGroups} = { %{ $spoofSession->{hGroups} },
%{ $realSession->{$sphg} } }; %{ $realSession->{$sphg} } };
}
} }
# Create spoofed session # Create spoofed session

2
lemonldap-ng-portal/t/67-CheckUser.t
View File

@ -28,7 +28,7 @@ my $client = LLNG::Manager::Test->new( {
ok( ok(
$res = $client->_post( $res = $client->_post(
'/', '/',
IO::String->new('user=rtyler&password=rtyler'), IO::String->new('user=msmith&password=msmith'),
length => 27, length => 27,
accept => 'text/html', accept => 'text/html',
), ),

31
lemonldap-ng-portal/t/68-Impersonation.t
View File

@ -10,7 +10,7 @@ my $res;
my $client = LLNG::Manager::Test->new( my $client = LLNG::Manager::Test->new(
{ ini => { { ini => {
logLevel => 'debug', logLevel => 'error',
authentication => 'Demo', authentication => 'Demo',
userDB => 'Same', userDB => 'Same',
loginHistoryEnabled => 0, loginHistoryEnabled => 0,
@ -21,7 +21,7 @@ my $client = LLNG::Manager::Test->new(
impersonationRule => 1, impersonationRule => 1,
checkUserDisplayPersistentInfo => 0, checkUserDisplayPersistentInfo => 0,
checkUserDisplayEmptyValues => 0, checkUserDisplayEmptyValues => 0,
impersonationMergeSSOgroups => 1, impersonationMergeSSOgroups => 0,
} }
} }
); );
@ -91,9 +91,11 @@ ok( $res->[2]->[0]
) or explain( $res->[2]->[0], 'trspan="allowed"' ); ) or explain( $res->[2]->[0], 'trspan="allowed"' );
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' ) ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
or explain( $res->[2]->[0], 'trspan="headers"' ); or explain( $res->[2]->[0], 'trspan="headers"' );
ok( $res->[2]->[0] =~ m%<span trspan="groups_sso">%,
'Found trspan="groups_sso"' ) ok( $res->[2]->[0] !~ m%<span trspan="groups_sso">%,
'trspan="groups_sso" NOT found' )
or explain( $res->[2]->[0], 'trspan="groups_sso"' ); or explain( $res->[2]->[0], 'trspan="groups_sso"' );
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' ) ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
or explain( $res->[2]->[0], 'trspan="macros"' ); or explain( $res->[2]->[0], 'trspan="macros"' );
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%, ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
@ -106,16 +108,25 @@ ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
'Found Auth-User' ) 'Found Auth-User' )
or explain( $res->[2]->[0], 'Header Key: Auth-User' ); or explain( $res->[2]->[0], 'Header Key: Auth-User' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%,
'Found rtyler' ) 'Found dwho' )
or explain( $res->[2]->[0], 'Header Value: dwho' ); or explain( $res->[2]->[0], 'Header Value: dwho' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">su</td>%, 'Found su' )
or explain( $res->[2]->[0], 'SSO Groups: su' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%, ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
'Found _whatToTrace' ) 'Found _whatToTrace' )
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' ); or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
ok( $res->[2]->[0] =~ m%<td class="text-left">uid</td>%, 'Found uid' ) ok( $res->[2]->[0] =~ m%<td class="text-left">real_groups</td>%,
or explain( $res->[2]->[0], 'Attribute Value uid' ); 'Found real_groups' )
count(12); or explain( $res->[2]->[0], 'real_groups' );
ok( $res->[2]->[0] =~ m%<td class="text-left">su</td>%,
'Found su' )
or explain( $res->[2]->[0], 'su' );
ok( $res->[2]->[0] =~ m%<td class="text-left">real_uid</td>%,
'Found real_uid' )
or explain( $res->[2]->[0], 'real_groups' );
ok( $res->[2]->[0] =~ m%<td class="text-left">rtyler</td>%,
'Found rtyler' )
or explain( $res->[2]->[0], 'su' );
count(14);
$client->logout($id); $client->logout($id);

2
lemonldap-ng-portal/t/lmConf-1.json
View File

@ -35,7 +35,7 @@
"key": "qwertyui", "key": "qwertyui",
"locationRules": { "locationRules": {
"auth.example.com" : { "auth.example.com" : {
"(?#checkUser)^/checkuser" : "$uid eq \"dwho\"", "(?#checkUser)^/checkuser" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
"(?#errors)^/lmerror/": "accept", "(?#errors)^/lmerror/": "accept",
"default" : "accept" "default" : "accept"
}, },