Merge branch '2618' into 'v2.0'
Fix 2618 - Take into account RULES_URL param with DevOps handler See merge request lemonldap-ng/lemonldap-ng!223
This commit is contained in:
Christophe Maudoux
commit
8235248771
|
|
@ -27,7 +27,7 @@ use Config::IniFiles;
|
|||
#inherits Lemonldap::NG::Common::Conf::Backends::SOAP
|
||||
#inherits Lemonldap::NG::Common::Conf::Backends::LDAP
|
||||
|
||||
our $VERSION = '2.0.12';
|
||||
our $VERSION = '2.0.14';
|
||||
our $msg = '';
|
||||
our $iniObj;
|
||||
|
||||
|
|
@ -107,6 +107,7 @@ sub new {
|
|||
$self->{localStorage}->new( $self->{localStorageOptions} );
|
||||
}
|
||||
}
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
|
|
@ -189,6 +190,7 @@ sub getConf {
|
|||
eval { $r = $self->{refLocalStorage}->get('conf') }
|
||||
if ( $> and not $args->{noCache} );
|
||||
$msg .= "Warn: $@" if ($@);
|
||||
|
||||
if ( ref($r)
|
||||
and $r->{cfgNum}
|
||||
and $args->{cfgNum}
|
||||
|
|
@ -240,7 +242,11 @@ sub getConf {
|
|||
return $res;
|
||||
}
|
||||
|
||||
# Set default values
|
||||
## @method hashRef setDefault(hashRef conf, hashRef localPrm)
|
||||
# Set default params
|
||||
# @param $conf Lemonldap::NG configuration hashRef
|
||||
# @param $localPrm Local parameters
|
||||
# @return conf
|
||||
sub setDefault {
|
||||
my ( $self, $conf, $localPrm ) = @_;
|
||||
if ( defined $localPrm ) {
|
||||
|
|
@ -414,7 +420,7 @@ sub _launch {
|
|||
alarm 0;
|
||||
die $@ if $@;
|
||||
};
|
||||
if($@) {
|
||||
if ($@) {
|
||||
$msg .= $@;
|
||||
print STDERR "MSG $msg\n";
|
||||
return undef;
|
||||
|
|
|
|||
|
|
@ -4,10 +4,9 @@ use strict;
|
|||
use Lemonldap::NG::Common::UserAgent;
|
||||
use JSON qw(from_json);
|
||||
|
||||
our $VERSION = '2.0.12';
|
||||
our $VERSION = '2.0.14';
|
||||
our $_ua;
|
||||
|
||||
|
||||
sub ua {
|
||||
return $_ua if ($_ua);
|
||||
return $_ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->localConfig );
|
||||
|
|
@ -30,42 +29,50 @@ sub checkMaintenanceMode {
|
|||
|
||||
sub _loadVhostConfig {
|
||||
my ( $class, $req, $vhost ) = @_;
|
||||
my $json;
|
||||
my ( $json, $rUrl, $rVhost );
|
||||
if ( $class->tsv->{useSafeJail} ) {
|
||||
my $rUrl = $req->{env}->{RULES_URL}
|
||||
|| ( (
|
||||
$class->localConfig->{loopBackUrl}
|
||||
|| "http://127.0.0.1:" . $req->{env}->{SERVER_PORT}
|
||||
)
|
||||
. '/rules.json'
|
||||
);
|
||||
if ( $req->env->{RULES_URL} ) {
|
||||
$rUrl = $req->{env}->{RULES_URL};
|
||||
$rVhost = ( $req->env->{RULES_URL} =~ m#^https?://([^/]*).*# )[0];
|
||||
$rVhost =~ s/:\d+$//;
|
||||
}
|
||||
else {
|
||||
$rUrl =
|
||||
( $class->localConfig->{loopBackUrl}
|
||||
|| "http://127.0.0.1:" . $req->{env}->{SERVER_PORT} )
|
||||
. '/rules.json';
|
||||
$rVhost = $vhost;
|
||||
}
|
||||
|
||||
$class->logger->debug("Try to retrieve 'rules.json' from $rUrl");
|
||||
my $get = HTTP::Request->new( GET => $rUrl );
|
||||
$get->header( Host => $vhost );
|
||||
$class->logger->debug("Set Host header with $rVhost");
|
||||
$get->header( Host => $rVhost );
|
||||
my $resp = $class->ua->request($get);
|
||||
if ( $resp->is_success ) {
|
||||
eval {
|
||||
$json = from_json( $resp->content, { allow_nonref => 1 } ); };
|
||||
if ($@) {
|
||||
$class->logger->error(
|
||||
"Bad rules.json for $vhost, skipping ($@)");
|
||||
$class->logger->error(
|
||||
"Bad 'rules.json' retrieved from $rVhost for $vhost, skipping ($@)"
|
||||
);
|
||||
}
|
||||
else {
|
||||
$class->logger->info("Compiling rules.json for $vhost");
|
||||
$class->logger->info(
|
||||
"Compiling 'rules.json' retrieved from $rVhost for $vhost");
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$class->logger->error(
|
||||
q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I'm a coward..."
|
||||
q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know, I'm a coward..."
|
||||
);
|
||||
}
|
||||
$json->{rules} ||= { default => 1 };
|
||||
$json->{headers} //= { 'Auth-User' => '$uid' };
|
||||
|
||||
# Removed forbidden session attributes
|
||||
foreach
|
||||
my $v ( split /\s+/, $class->tsv->{hiddenAttributes} )
|
||||
{
|
||||
foreach my $v ( split /\s+/, $class->tsv->{hiddenAttributes} ) {
|
||||
foreach ( keys %{ $json->{headers} } ) {
|
||||
delete $json->{headers}->{$_}
|
||||
if $json->{headers}->{$_} eq '$' . $v;
|
||||
|
|
|
|||
|
|
@ -17,7 +17,8 @@ ok(
|
|||
$res = $client->_get(
|
||||
'/', undef,
|
||||
'test3.example.com', "lemonldap=$sessionId",
|
||||
VHOSTTYPE => 'DevOps'
|
||||
VHOSTTYPE => 'DevOps',
|
||||
RULES_URL => 'http://devops.example.com'
|
||||
),
|
||||
'Authorized query'
|
||||
);
|
||||
|
|
@ -35,7 +36,8 @@ ok(
|
|||
$res = $client->_get(
|
||||
'/testyes', undef,
|
||||
'test3.example.com', "lemonldap=$sessionId",
|
||||
VHOSTTYPE => 'DevOps'
|
||||
VHOSTTYPE => 'DevOps',
|
||||
RULES_URL => 'http://devops.example.com'
|
||||
),
|
||||
'Authorized query'
|
||||
);
|
||||
|
|
@ -47,7 +49,8 @@ ok(
|
|||
$res = $client->_get(
|
||||
'/deny', undef,
|
||||
'test3.example.com', "lemonldap=$sessionId",
|
||||
VHOSTTYPE => 'DevOps'
|
||||
VHOSTTYPE => 'DevOps',
|
||||
RULES_URL => 'http://devops.example.com'
|
||||
),
|
||||
'Denied query'
|
||||
);
|
||||
|
|
@ -58,7 +61,8 @@ ok(
|
|||
$res = $client->_get(
|
||||
'/testno', undef,
|
||||
'test3.example.com', "lemonldap=$sessionId",
|
||||
VHOSTTYPE => 'DevOps'
|
||||
VHOSTTYPE => 'DevOps',
|
||||
RULES_URL => 'http://devops.example.com'
|
||||
),
|
||||
'Denied query'
|
||||
);
|
||||
|
|
@ -74,6 +78,10 @@ no warnings 'redefine';
|
|||
|
||||
sub LWP::UserAgent::request {
|
||||
my ( $self, $req ) = @_;
|
||||
ok( $req->header('host') eq 'devops.example.com',
|
||||
'Host header found' )
|
||||
or explain( $req->headers(), 'Header' );
|
||||
count(1);
|
||||
my $httpResp;
|
||||
my $s = '{
|
||||
"rules": {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user