Override OTT conf. for Upgrade tokens (#1884)

2019-08-15 22:01:44 +02:00 · 2019-08-15 22:01:44 +02:00 · 78a82dbee9
commit 78a82dbee9
parent 080f83eae0
4 changed files with 18 additions and 9 deletions
--- a/lemonldap-ng-common/lemonldap-ng.ini
+++ b/lemonldap-ng-common/lemonldap-ng.ini
@ -302,6 +302,10 @@ languages    = en, fr, vi, it, ar, de, fi
 ; Read Lemonldap::NG::Portal::Main::Plugin(3pm) man page.
 ;customPlugins = My::Package1, My::Package2

+; To avoid bad/expired OTT if authssl and auth are served by different Load Balancers
+; you can override OTT configuration to store Upgrade OTT into global storage
+;forceGlobalStorageUpgradeOTT = 1
+
 [handler]

 ; Handler cache configuration
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm
@ -5,7 +5,7 @@ use Mouse;
 use JSON qw(from_json to_json);
 use Crypt::URandom;

-our $VERSION = '2.0.5';
+our $VERSION = '2.0.6';

 extends 'Lemonldap::NG::Common::Module';

@ -34,7 +34,7 @@ has cache => (
            }
            else {
                $_[0]->{p}->logger->error(
-'Local storage not defined, token will be store in global storage'
+'Local storage not defined, token will be stored into global storage'
                );
                return undef;
            }
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Upgrade.pm
@ -8,7 +8,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
  PE_TOKENEXPIRED
 );

-our $VERSION = '2.0.3';
+our $VERSION = '2.0.6';

 extends 'Lemonldap::NG::Portal::Main::Plugin';

@ -27,6 +27,10 @@ has ott => (

 sub init {
    my ($self) = @_;
+    if ( $self->conf->{forceGlobalStorageUpgradeOTT} ) {
+        $self->logger->debug("Upgrade token will be stored into global storage");
+        $self->ott->cache(undef);
+    }
    $self->addAuthRoute( upgradesession => 'ask',     ['GET'] );
    $self->addAuthRoute( upgradesession => 'confirm', ['POST'] );
 }
--- a/lemonldap-ng-portal/t/62-UpgradeSession.t
+++ b/lemonldap-ng-portal/t/62-UpgradeSession.t
@ -11,12 +11,13 @@ count(1);

 my $client = LLNG::Manager::Test->new( {
        ini => {
-            logLevel            => 'error',
-            upgradeSession      => 1,
-            authentication      => 'Choice',
-            apacheAuthnLevel    => 5,
-            userDB              => 'Same',
-            'authChoiceModules' => {
+            logLevel                     => 'error',
+            upgradeSession               => 1,
+            authentication               => 'Choice',
+            apacheAuthnLevel             => 5,
+            forceGlobalStorageUpgradeOTT => 1,
+            userDB                       => 'Same',
+            'authChoiceModules'          => {
                'strong' => 'Apache;Demo;Null;;;{}',
                'weak'   => 'Demo;Demo;Null;;;{}'
            },