Add new inGroup function to test group membership (#2036)
This commit is contained in:
parent
f8b93f8c35
commit
779df229e4
|
@ -595,6 +595,9 @@ sub substitute {
|
|||
$expr =~ s/\$env->\{/\$r->{env}->\{/g;
|
||||
$expr =~ s/\bskip\b/q\{999_SKIP\}/g;
|
||||
|
||||
# handle inGroup
|
||||
$expr =~ s/\binGroup\(([^)]*)\)/listMatch(\$s->{'hGroups'},\1,1),/g;
|
||||
|
||||
return $expr;
|
||||
}
|
||||
|
||||
|
|
|
@ -81,6 +81,23 @@ ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
|
|||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
|
||||
count(2);
|
||||
|
||||
# Required "timelords" group
|
||||
ok(
|
||||
$res =
|
||||
$client->_get( '/fortimelords', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Require Timelords group'
|
||||
);
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
# Required "dalek" group
|
||||
ok(
|
||||
$res = $client->_get( '/fordaleks', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Require Dalek group'
|
||||
);
|
||||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res, 403 );
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 1
|
||||
ok( $res = $client->_get( '/AuthWeak', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Weak Authentified query' );
|
||||
|
|
|
@ -47,6 +47,8 @@
|
|||
"^/test-uri2": "varIsInUri($ENV{REQUEST_URI}, '/test-uri2/', $uid)",
|
||||
"^/test-restricted_uri": "varIsInUri($ENV{REQUEST_URI}, '/test-restricted_uri/', \"$uid/\", 1)",
|
||||
"^/skipif": "$ENV{REQUEST_URI} =~ /zz/ ? skip : 1",
|
||||
"^/fortimelords": "inGroup('timelords')",
|
||||
"^/fordaleks": "inGroup('daleks')",
|
||||
"^/logout": "logout_sso",
|
||||
"^/deny": "deny",
|
||||
"default": "accept"
|
||||
|
|
|
@ -46,17 +46,42 @@ sub init {
|
|||
my $now = time;
|
||||
my $ts = strftime "%Y%m%d%H%M%S", localtime;
|
||||
|
||||
print F '{"_updateTime":"'
|
||||
. $ts
|
||||
. '","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","_startTime":"'
|
||||
. $ts
|
||||
. '","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":'
|
||||
. $now
|
||||
. ',"uid":"dwho","_issuerDB":"Null","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":'
|
||||
. $now
|
||||
. ',"_loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":'
|
||||
. $now
|
||||
. '}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}';
|
||||
print F <<EOF;
|
||||
{
|
||||
"_startTime" : "$ts",
|
||||
"_session_kind" : "SSO",
|
||||
"UA" : "Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1",
|
||||
"cn" : "Doctor Who",
|
||||
"_utime" : $now,
|
||||
"_whatToTrace" : "dwho",
|
||||
"mail" : "dwho\@badwolf.org",
|
||||
"_passwordDB" : "Demo",
|
||||
"_lastAuthnUTime" : $now,
|
||||
"uid" : "dwho",
|
||||
"_issuerDB" : "Null",
|
||||
"_userDB" : "Demo",
|
||||
"_user" : "dwho",
|
||||
"_session_id" : "f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545",
|
||||
"authenticationLevel" : 1,
|
||||
"_auth" : "Demo",
|
||||
"_updateTime" : "$ts",
|
||||
"_loginHistory" : {
|
||||
"successLogin" : [
|
||||
{
|
||||
"ipAddr" : "127.0.0.1",
|
||||
"_utime" : $now
|
||||
}
|
||||
]
|
||||
},
|
||||
"ipAddr" : "127.0.0.1",
|
||||
"_timezone" : "1",
|
||||
"groups" : "users; timelords",
|
||||
"hGroups" : {
|
||||
"users" : {},
|
||||
"timelords" : {}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
close F;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user