From 7ac2a0da809d27ab6006261cbe3672b93abe295d Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sat, 31 Oct 2020 22:10:14 +0100 Subject: [PATCH] Allow to check last logins with stayConnected plugin & improve unit test (#2365) --- .../lib/Lemonldap/NG/Portal/Main/Display.pm | 13 ++-- .../lib/Lemonldap/NG/Portal/Main/Plugins.pm | 2 +- .../NG/Portal/Plugins/StayConnected.pm | 22 +++++-- .../site/templates/bootstrap/checklogins.tpl | 2 +- .../site/templates/common/registerBrowser.tpl | 1 + lemonldap-ng-portal/t/63-History.t | 2 +- lemonldap-ng-portal/t/64-StayConnected.t | 60 +++++++++++++++++-- 7 files changed, 82 insertions(+), 20 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm index 50387a922..426a41bac 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm @@ -109,8 +109,9 @@ sub display { CHOICE_VALUE => $req->data->{_authChoice}, CHECK_LOGINS => $self->conf->{portalCheckLogins} && $req->data->{login}, - ASK_LOGINS => $req->param('checkLogins') || 0, - CONFIRMKEY => $self->stamp(), + ASK_LOGINS => $req->param('checkLogins') || 0, + ASK_STAYCONNECTED => $req->param('stayconnected') || 0, + CONFIRMKEY => $self->stamp(), ( $req->data->{customScript} ? ( CUSTOM_SCRIPT => $req->data->{customScript} ) @@ -137,9 +138,10 @@ sub display { CHOICE_VALUE => $req->data->{_authChoice}, CHECK_LOGINS => $self->conf->{portalCheckLogins} && $req->data->{login}, - ASK_LOGINS => $req->param('checkLogins') || 0, - CONFIRMKEY => $self->stamp(), - LIST => $req->data->{list} || [], + ASK_LOGINS => $req->param('checkLogins') || 0, + ASK_STAYCONNECTED => $req->param('stayconnected') || 0, + CONFIRMKEY => $self->stamp(), + LIST => $req->data->{list} || [], ( $req->data->{customScript} ? ( CUSTOM_SCRIPT => $req->data->{customScript} ) @@ -377,6 +379,7 @@ sub display { DONT_STORE_PASSWORD => $self->conf->{browsersDontStorePassword}, CHECK_LOGINS => $self->conf->{portalCheckLogins}, ASK_LOGINS => $req->param('checkLogins') || 0, + ASK_STAYCONNECTED => $req->param('stayconnected') || 0, DISPLAY_RESETPASSWORD => $self->conf->{portalDisplayResetPassword}, DISPLAY_REGISTER => $self->conf->{portalDisplayRegister}, DISPLAY_UPDATECERTIF => diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm index f9da5c2ee..82a7fd540 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm @@ -19,8 +19,8 @@ our @pList = ( portalStatus => '::Plugins::Status', cda => '::Plugins::CDA', notification => '::Plugins::Notifications', - portalCheckLogins => '::Plugins::History', stayConnected => '::Plugins::StayConnected', + portalCheckLogins => '::Plugins::History', bruteForceProtection => '::Plugins::BruteForceProtection', grantSessionRules => '::Plugins::GrantSession', upgradeSession => '::Plugins::Upgrade', diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm index f9abbf98c..cd17b72c3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm @@ -56,9 +56,17 @@ sub init { sub newDevice { my ( $self, $req ) = @_; + my $checkLogins = $req->param('checkLogins'); + $self->logger->debug("StayConnected: checkLogins set") if $checkLogins; + if ( $req->param('stayconnected') ) { my $token = $self->ott->createToken( { - name => $req->sessionInfo->{ $self->conf->{whatToTrace} } + name => $req->sessionInfo->{ $self->conf->{whatToTrace} }, + ( + $checkLogins + ? ( history => $req->sessionInfo->{_loginHistory} ) + : () + ) } ); $req->response( @@ -66,9 +74,10 @@ sub newDevice { $req, '../common/registerBrowser', params => { - URL => $req->urldc, - TOKEN => $token, - ACTION => '/registerbrowser', + URL => $req->urldc, + TOKEN => $token, + ACTION => '/registerbrowser', + CHECKLOGINS => $checkLogins } ) ); @@ -109,6 +118,7 @@ sub storeBrowser { max_age => 2592000, ) ); + $req->sessionInfo->{_loginHistory} = $tmp->{history} if exists $tmp->{history}; } else { $self->logger->warn("Browser hasn't return fingerprint"); @@ -128,8 +138,8 @@ sub storeBrowser { $self->userLogger->error('StayConnected called without token'); } - # Deliver cookie llngbrowser - return $self->p->do( $req, [ sub { PE_OK } ] ); + # Return cookie llngconnexion + return $self->p->do( $req, [ @{ $self->p->endAuth }, sub { PE_OK } ] ); } # Check for: diff --git a/lemonldap-ng-portal/site/templates/bootstrap/checklogins.tpl b/lemonldap-ng-portal/site/templates/bootstrap/checklogins.tpl index 462e42d4a..779dd01cf 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/checklogins.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/checklogins.tpl @@ -15,7 +15,7 @@
- + checked />

diff --git a/lemonldap-ng-portal/site/templates/common/registerBrowser.tpl b/lemonldap-ng-portal/site/templates/common/registerBrowser.tpl index cb847477c..3b5d444fe 100644 --- a/lemonldap-ng-portal/site/templates/common/registerBrowser.tpl +++ b/lemonldap-ng-portal/site/templates/common/registerBrowser.tpl @@ -7,6 +7,7 @@

Please wait...

" method="post"> " /> + "> " />
diff --git a/lemonldap-ng-portal/t/63-History.t b/lemonldap-ng-portal/t/63-History.t index de71acbde..d4d5364aa 100644 --- a/lemonldap-ng-portal/t/63-History.t +++ b/lemonldap-ng-portal/t/63-History.t @@ -40,7 +40,7 @@ ok( $res->[2]->[0] =~ qr%[2]->[0] ); count(1); ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' ) - or explain( $res->[2]->[0], 'trspan="noHistory"' ); + or explain( $res->[2]->[0], 'trspan="lastLogins"' ); my @c = ( $res->[2]->[0] =~ /127.0.0.1/gs ); # History with 1 successLogin diff --git a/lemonldap-ng-portal/t/64-StayConnected.t b/lemonldap-ng-portal/t/64-StayConnected.t index ef09a24c9..36edaf657 100644 --- a/lemonldap-ng-portal/t/64-StayConnected.t +++ b/lemonldap-ng-portal/t/64-StayConnected.t @@ -8,10 +8,12 @@ my $res; my $client = LLNG::Manager::Test->new( { ini => { - logLevel => 'error', - useSafeJail => 1, - stayConnected => 1, - accept => 'text/html', + logLevel => 'error', + useSafeJail => 1, + stayConnected => 1, + loginHistoryEnabled => 1, + portalMainLogo => 'common/logos/logo_llng_old.png', + accept => 'text/html', } } ); @@ -105,11 +107,57 @@ ok( ), 'Post bad fingerprint' ); -count(1); ( $host, $url, $query ) = expectForm($res); ok( $query =~ /user/, ' Get login form' ); -count(1); +count(2); +# Try to authenticate with history +# -------------------------------- +ok( + $res = $client->_post( + '/', + IO::String->new( + 'user=dwho&password=dwho&stayconnected=1&checkLogins=1'), + length => 53 + ), + 'Auth query' +); +count(1); +$id = expectCookie($res); +( $host, $url, $query ) = + expectForm( $res, undef, '/registerbrowser', 'fg', 'token' ); + +# Push fingerprint +$query =~ s/fg=/fg=aaa/; +ok( + $res = $client->_post( + '/registerbrowser', + IO::String->new($query), + length => length($query), + cookie => "lemonldap=$id", + accept => 'text/html', + ), + 'Post fingerprint' +); +count(1); +$cid = expectCookie( $res, 'llngconnexion' ); + +ok( $res->[2]->[0] =~ qr%[2]->[0] ); +ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' ) + or explain( $res->[2]->[0], 'trspan="lastLogins"' ); +my @c = ( $res->[2]->[0] =~ /127.0.0.1/gs ); + +# History with 2 successLogins +ok( @c == 2, " -> Two entries found" ) + or explain( $res->[2]->[0], 'Two entries found' ); +ok( $res = $client->_get( '/', cookie => "lemonldap=$cid" ), + 'Verify connection' ); +count(4); +expectOK($res); + +$client->logout($cid); clean_sessions(); done_testing( count() );