diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm index 92f555508..bf7346525 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm @@ -27,7 +27,7 @@ use Config::IniFiles; #inherits Lemonldap::NG::Common::Conf::Backends::SOAP #inherits Lemonldap::NG::Common::Conf::Backends::LDAP -our $VERSION = '2.0.12'; +our $VERSION = '2.0.14'; our $msg = ''; our $iniObj; @@ -107,6 +107,7 @@ sub new { $self->{localStorage}->new( $self->{localStorageOptions} ); } } + return $self; } @@ -189,6 +190,7 @@ sub getConf { eval { $r = $self->{refLocalStorage}->get('conf') } if ( $> and not $args->{noCache} ); $msg .= "Warn: $@" if ($@); + if ( ref($r) and $r->{cfgNum} and $args->{cfgNum} @@ -240,7 +242,11 @@ sub getConf { return $res; } -# Set default values +## @method hashRef setDefault(hashRef conf, hashRef localPrm) +# Set default params +# @param $conf Lemonldap::NG configuration hashRef +# @param $localPrm Local parameters +# @return conf sub setDefault { my ( $self, $conf, $localPrm ) = @_; if ( defined $localPrm ) { @@ -414,7 +420,7 @@ sub _launch { alarm 0; die $@ if $@; }; - if($@) { + if ($@) { $msg .= $@; print STDERR "MSG $msg\n"; return undef; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm index 9612067cd..c540eb08b 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm @@ -4,10 +4,9 @@ use strict; use Lemonldap::NG::Common::UserAgent; use JSON qw(from_json); -our $VERSION = '2.0.12'; +our $VERSION = '2.0.14'; our $_ua; - sub ua { return $_ua if ($_ua); return $_ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->localConfig ); @@ -30,42 +29,50 @@ sub checkMaintenanceMode { sub _loadVhostConfig { my ( $class, $req, $vhost ) = @_; - my $json; + my ( $json, $rUrl, $rVhost ); if ( $class->tsv->{useSafeJail} ) { - my $rUrl = $req->{env}->{RULES_URL} - || ( ( - $class->localConfig->{loopBackUrl} - || "http://127.0.0.1:" . $req->{env}->{SERVER_PORT} - ) - . '/rules.json' - ); + if ( $req->env->{RULES_URL} ) { + $rUrl = $req->{env}->{RULES_URL}; + $rVhost = ( $req->env->{RULES_URL} =~ m#^https?://([^/]*).*# )[0]; + $rVhost =~ s/:\d+$//; + } + else { + $rUrl = + ( $class->localConfig->{loopBackUrl} + || "http://127.0.0.1:" . $req->{env}->{SERVER_PORT} ) + . '/rules.json'; + $rVhost = $vhost; + } + + $class->logger->debug("Try to retrieve 'rules.json' from $rUrl"); my $get = HTTP::Request->new( GET => $rUrl ); - $get->header( Host => $vhost ); + $class->logger->debug("Set Host header with $rVhost"); + $get->header( Host => $rVhost ); my $resp = $class->ua->request($get); if ( $resp->is_success ) { eval { $json = from_json( $resp->content, { allow_nonref => 1 } ); }; if ($@) { - $class->logger->error( - "Bad rules.json for $vhost, skipping ($@)"); + $class->logger->error( +"Bad 'rules.json' retrieved from $rVhost for $vhost, skipping ($@)" + ); } else { - $class->logger->info("Compiling rules.json for $vhost"); + $class->logger->info( + "Compiling 'rules.json' retrieved from $rVhost for $vhost"); } } } else { $class->logger->error( -q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I'm a coward..." +q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know, I'm a coward..." ); } $json->{rules} ||= { default => 1 }; $json->{headers} //= { 'Auth-User' => '$uid' }; # Removed forbidden session attributes - foreach - my $v ( split /\s+/, $class->tsv->{hiddenAttributes} ) - { + foreach my $v ( split /\s+/, $class->tsv->{hiddenAttributes} ) { foreach ( keys %{ $json->{headers} } ) { delete $json->{headers}->{$_} if $json->{headers}->{$_} eq '$' . $v; diff --git a/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t b/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t index 3ff038cfb..a40b99ddb 100644 --- a/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t +++ b/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t @@ -17,7 +17,8 @@ ok( $res = $client->_get( '/', undef, 'test3.example.com', "lemonldap=$sessionId", - VHOSTTYPE => 'DevOps' + VHOSTTYPE => 'DevOps', + RULES_URL => 'http://devops.example.com' ), 'Authorized query' ); @@ -35,7 +36,8 @@ ok( $res = $client->_get( '/testyes', undef, 'test3.example.com', "lemonldap=$sessionId", - VHOSTTYPE => 'DevOps' + VHOSTTYPE => 'DevOps', + RULES_URL => 'http://devops.example.com' ), 'Authorized query' ); @@ -47,7 +49,8 @@ ok( $res = $client->_get( '/deny', undef, 'test3.example.com', "lemonldap=$sessionId", - VHOSTTYPE => 'DevOps' + VHOSTTYPE => 'DevOps', + RULES_URL => 'http://devops.example.com' ), 'Denied query' ); @@ -58,7 +61,8 @@ ok( $res = $client->_get( '/testno', undef, 'test3.example.com', "lemonldap=$sessionId", - VHOSTTYPE => 'DevOps' + VHOSTTYPE => 'DevOps', + RULES_URL => 'http://devops.example.com' ), 'Denied query' ); @@ -74,6 +78,10 @@ no warnings 'redefine'; sub LWP::UserAgent::request { my ( $self, $req ) = @_; + ok( $req->header('host') eq 'devops.example.com', + 'Host header found' ) + or explain( $req->headers(), 'Header' ); + count(1); my $httpResp; my $s = '{ "rules": {