dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0'

Browse Source
This commit is contained in:
Christophe Maudoux 2019-02-04 19:24:48 +01:00
commit 72fc200631
7 changed files with 90 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemonldap-ng-manager/site/htdocs/static/forms/grant.html
View File

@ -9,11 +9,11 @@
</tr>
<tr>
<th><span trspan="rule"></span></th>
<td><input id="rule" class="form-control" ng-model="currentNode.re" ng-change="changeRuleTitle(currentNode)"/></td>
<td><input id="rule" class="form-control" ng-model="currentNode.data" ng-change="changeRuleTitle(currentNode)"/></td>
</tr>
<tr>
<th><span trspan="message"></span></th>
<td><textarea rows="3" id="rulemessage" class="form-control" ng-model="currentNode.data"/></td>
<td><textarea rows="3" id="rulemessage" class="form-control" ng-model="currentNode.re"/></td>
</tr>
</table>
</div>

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Choice.pm
View File

@ -3,7 +3,6 @@ package Lemonldap::NG::Portal::Auth::Choice;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_FIRSTACCESS PE_ERROR);
use Data::Dumper;
our $VERSION = '2.0.2';
@ -46,8 +45,6 @@ sub extractFormInfo {
}
}
$self->logger->debug("@@@@ Req -> " . Dumper($req) );
foreach my $mod ( values %{ $self->modules } ) {
if ( $mod->can('setSecurity') ) {
$mod->setSecurity($req);

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
View File

@ -351,7 +351,8 @@ sub display {
# * Bad URL error
elsif ($req->{error} == PE_LOGOUT_OK
or $req->{error} == PE_WAIT
or $req->{error} == PE_BADURL )
or $req->{error} == PE_BADURL
or $req->{error} == PE_BADCREDENTIALS )
{
%templateParams = (
%templateParams,

30
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm
View File

@ -3,8 +3,9 @@ package Lemonldap::NG::Portal::Plugins::GrantSession;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_OK
PE_SESSIONNOTGRANTED
PE_OK
PE_SESSIONNOTGRANTED
PE_BADCREDENTIALS
);
our $VERSION = '2.0.0';
@ -22,11 +23,11 @@ sub init {
$self->logger->debug("GrantRule key -> $_");
$self->logger->debug(
"GrantRule value -> " . $self->conf->{grantSessionRules}->{$_} );
my $rule =
$hd->buildSub(
my $rule = $hd->buildSub(
$hd->substitute( $self->conf->{grantSessionRules}->{$_} ) );
unless ($rule) {
$self->error( "Bad grantSession rule " . $hd->tsv->{jail}->error );
$self->error(
"Bad grantSession rule " . $hd->tsv->{jail}->error );
return 0;
}
$self->rules->{$_} = $rule;
@ -43,9 +44,12 @@ sub run {
return !$A ? 1 : !$B ? -1 : $A cmp $B;
}
# Avoid display notification if AuthResult is not null
return PE_BADCREDENTIALS if $req->authResult > 0;
foreach ( sort sortByComment keys %{ $self->rules } ) {
$self->logger->debug( "Grant session condition -> "
. $self->conf->{grantSessionRules}->{$_} );
. $self->conf->{grantSessionRules}->{$_} );
unless ( $self->rules->{$_}->( $req, $req->sessionInfo ) ) {
$req->userData( {} );
@ -54,7 +58,7 @@ sub run {
if ($1) {
$self->logger->debug("Message -> $1");
# Message can contain session data as user attributes or macros
# Message can contain session data as user attributes or macros
my $hd = $self->p->HANDLER;
my $msg = $hd->substitute($1);
unless ( $msg = $hd->buildSub($msg) ) {
@ -68,17 +72,17 @@ sub run {
)
);
$self->userLogger->error( 'User '
. $req->sessionInfo->{uid}
. " was not granted to open session (rule -> $msg)" );
. $req->sessionInfo->{uid}
. " was not granted to open session (rule -> $msg)" );
$req->urldc( $self->conf->{portal} );
return $req->authResult(PE_SESSIONNOTGRANTED);
}
else {
$self->userLogger->error( 'User '
. $req->sessionInfo->{uid}
. " was not granted to open session (rule -> "
. $self->conf->{grantSessionRules}->{$_}
. ")" );
. $req->sessionInfo->{uid}
. " was not granted to open session (rule -> "
. $self->conf->{grantSessionRules}->{$_}
. ")" );
$req->urldc( $self->conf->{portal} );
return $req->authResult(PE_SESSIONNOTGRANTED);
}

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
View File

@ -7,7 +7,7 @@ package Lemonldap::NG::Portal::UserDB::Demo;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_USERNOTFOUND);
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADCREDENTIALS);
extends 'Lemonldap::NG::Common::Module';
@ -60,7 +60,7 @@ sub getUser {
}
eval { $self->p->_authentication->setSecurity($req) };
PE_USERNOTFOUND;
PE_BADCREDENTIALS;
}
## @apmethod int setSessionInfo()

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/REST.pm
View File

@ -5,7 +5,7 @@ use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_ERROR
PE_OK
PE_USERNOTFOUND
PE_BADCREDENTIALS
);
extends 'Lemonldap::NG::Common::Module', 'Lemonldap::NG::Portal::Lib::REST';
@ -46,7 +46,7 @@ sub getUser {
}
unless ( $res->{result} ) {
$self->userLogger->warn( 'User ' . $req->user . ' not found' );
return PE_USERNOTFOUND;
return PE_BADCREDENTIALS;
}
$req->data->{restUserDBInfo} = $res->{info} || {};
return PE_OK;

69
lemonldap-ng-portal/t/61-GrantSession.t
View File

@ -19,7 +19,8 @@ my $client = LLNG::Manager::Test->new(
grantSessionRules => {
'$uid . " not allowed"##rule1' => '$uid ne "dwho"',
'Rtyler_Allowed##rule3' => '$uid eq "rtyler"',
'##rule2' => '$uid ne "mrsmith"',
'##rule2' => '$uid ne "msmith"',
'##rule4' => '$uid ne "jdoe"',
}
}
}
@ -39,6 +40,44 @@ ok( $res->[2]->[0] =~ /<h3 trspan="dwho not allowed">dwho not allowed<\/h3>/,
'dwho rejected with custom message and session data' )
or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=ohwd'),
accept => 'text/html',
length => 23
),
'Auth query'
);
count(1);
ok(
$res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
'dwho rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok(
$res->[2]->[0] =~ m%<span trspan="goToPortal">Go to portal</span>%,
'Found goToPortal button'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho'),
accept => 'text/html',
length => 23
),
'Auth query'
);
count(1);
ok( $res->[2]->[0] =~ /<h3 trspan="dwho not allowed">dwho not allowed<\/h3>/,
'dwho rejected with custom message and session data' )
or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok( $res->[2]->[0] =~ qr%src="/static/common/js/info.(?:min\.)?js"></script>%,
'Found INFO js' )
or print STDERR Dumper( $res->[2]->[0] );
@ -62,18 +101,40 @@ expectCookie($res);
ok(
$res = $client->_post(
'/',
IO::String->new('user=mrsmith&password=mrsmith'),
IO::String->new('user=msmith&password=msmith'),
accept => 'text/html',
length => 29
length => 27
),
'Auth query'
);
count(1);
ok(
$res->[2]->[0] =~ /<span trmsg="4"><\/span><\/div>/,
$res->[2]->[0] =~ /<span trmsg="41"><\/span><\/div>/,
'rtyler rejected with PE_SESSIONNOTGRANTED'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok(
$res = $client->_post(
'/',
IO::String->new('user=jdoe&password=jdoe'),
accept => 'text/html',
length => 23
),
'Auth query'
);
count(1);
ok(
$res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
'rtyler rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok(
$res->[2]->[0] =~ m%<span trspan="goToPortal">Go to portal</span>%,
'Found goToPortal button'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok( $res->[2]->[0] =~ qr%<img src="/static/common/logos/logo_llng_old.png"%,
'Found custom Main Logo' )
or print STDERR Dumper( $res->[2]->[0] );