From 795348f6688bf6615db70468c50a191926f09fc1 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 20 Sep 2021 13:43:56 +0200 Subject: [PATCH 1/5] Append comment --- lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm index 92f555508..bf7346525 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm @@ -27,7 +27,7 @@ use Config::IniFiles; #inherits Lemonldap::NG::Common::Conf::Backends::SOAP #inherits Lemonldap::NG::Common::Conf::Backends::LDAP -our $VERSION = '2.0.12'; +our $VERSION = '2.0.14'; our $msg = ''; our $iniObj; @@ -107,6 +107,7 @@ sub new { $self->{localStorage}->new( $self->{localStorageOptions} ); } } + return $self; } @@ -189,6 +190,7 @@ sub getConf { eval { $r = $self->{refLocalStorage}->get('conf') } if ( $> and not $args->{noCache} ); $msg .= "Warn: $@" if ($@); + if ( ref($r) and $r->{cfgNum} and $args->{cfgNum} @@ -240,7 +242,11 @@ sub getConf { return $res; } -# Set default values +## @method hashRef setDefault(hashRef conf, hashRef localPrm) +# Set default params +# @param $conf Lemonldap::NG configuration hashRef +# @param $localPrm Local parameters +# @return conf sub setDefault { my ( $self, $conf, $localPrm ) = @_; if ( defined $localPrm ) { @@ -414,7 +420,7 @@ sub _launch { alarm 0; die $@ if $@; }; - if($@) { + if ($@) { $msg .= $@; print STDERR "MSG $msg\n"; return undef; From fd1557ed37582b17a33db06d13a9585398281ffa Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 20 Sep 2021 16:00:52 +0200 Subject: [PATCH 2/5] Build vhost header depending on RULES_URL if defined --- .../lib/Lemonldap/NG/Handler/Lib/DevOps.pm | 36 ++++++++++--------- .../t/64-Lemonldap-NG-Handler-PSGI-DevOps.t | 12 ++++--- 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm index 9612067cd..91334f573 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm @@ -4,10 +4,9 @@ use strict; use Lemonldap::NG::Common::UserAgent; use JSON qw(from_json); -our $VERSION = '2.0.12'; +our $VERSION = '2.0.14'; our $_ua; - sub ua { return $_ua if ($_ua); return $_ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->localConfig ); @@ -30,27 +29,34 @@ sub checkMaintenanceMode { sub _loadVhostConfig { my ( $class, $req, $vhost ) = @_; - my $json; + my ( $json, $rUrl, $proto, $rVhost, $appuri ); if ( $class->tsv->{useSafeJail} ) { - my $rUrl = $req->{env}->{RULES_URL} - || ( ( - $class->localConfig->{loopBackUrl} - || "http://127.0.0.1:" . $req->{env}->{SERVER_PORT} - ) - . '/rules.json' - ); + if ( $req->env->{RULES_URL} ) { + $rUrl = $req->{env}->{RULES_URL}; + $rVhost = ( $req->env->{RULES_URL} =~ m#^https?://([^/]*).*# )[0]; + $rVhost =~ s/:\d+$//; + } + else { + $rUrl = + ( $class->localConfig->{loopBackUrl} + || "http://127.0.0.1:" . $req->{env}->{SERVER_PORT} ) + . '/rules.json'; + $rVhost = $vhost; + } + $class->logger->debug("Try to retrieve 'rules.json' from $rUrl"); my $get = HTTP::Request->new( GET => $rUrl ); - $get->header( Host => $vhost ); + $class->logger->debug("Set Host header: $rVhost"); + $get->header( Host => $rVhost ); my $resp = $class->ua->request($get); if ( $resp->is_success ) { eval { $json = from_json( $resp->content, { allow_nonref => 1 } ); }; if ($@) { $class->logger->error( - "Bad rules.json for $vhost, skipping ($@)"); + "Bad rules.json for $rVhost, skipping ($@)"); } else { - $class->logger->info("Compiling rules.json for $vhost"); + $class->logger->info("Compiling rules.json for $rVhost"); } } } @@ -63,9 +69,7 @@ q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I $json->{headers} //= { 'Auth-User' => '$uid' }; # Removed forbidden session attributes - foreach - my $v ( split /\s+/, $class->tsv->{hiddenAttributes} ) - { + foreach my $v ( split /\s+/, $class->tsv->{hiddenAttributes} ) { foreach ( keys %{ $json->{headers} } ) { delete $json->{headers}->{$_} if $json->{headers}->{$_} eq '$' . $v; diff --git a/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t b/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t index 3ff038cfb..e3d25a705 100644 --- a/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t +++ b/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t @@ -17,7 +17,8 @@ ok( $res = $client->_get( '/', undef, 'test3.example.com', "lemonldap=$sessionId", - VHOSTTYPE => 'DevOps' + VHOSTTYPE => 'DevOps', + RULES_URL => 'http://devops.example.com' ), 'Authorized query' ); @@ -35,7 +36,8 @@ ok( $res = $client->_get( '/testyes', undef, 'test3.example.com', "lemonldap=$sessionId", - VHOSTTYPE => 'DevOps' + VHOSTTYPE => 'DevOps', + RULES_URL => 'http://devops.example.com' ), 'Authorized query' ); @@ -47,7 +49,8 @@ ok( $res = $client->_get( '/deny', undef, 'test3.example.com', "lemonldap=$sessionId", - VHOSTTYPE => 'DevOps' + VHOSTTYPE => 'DevOps', + RULES_URL => 'http://devops.example.com' ), 'Denied query' ); @@ -58,7 +61,8 @@ ok( $res = $client->_get( '/testno', undef, 'test3.example.com', "lemonldap=$sessionId", - VHOSTTYPE => 'DevOps' + VHOSTTYPE => 'DevOps', + RULES_URL => 'http://devops.example.com' ), 'Denied query' ); From 7385a7d0335da7c317d4e1f10568c4f13c4c5543 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 20 Sep 2021 21:27:31 +0200 Subject: [PATCH 3/5] Code cleaning (#2618) --- .../lib/Lemonldap/NG/Handler/Lib/DevOps.pm | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm index 91334f573..e91fd2a15 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm @@ -29,7 +29,7 @@ sub checkMaintenanceMode { sub _loadVhostConfig { my ( $class, $req, $vhost ) = @_; - my ( $json, $rUrl, $proto, $rVhost, $appuri ); + my ( $json, $rUrl, $rVhost ); if ( $class->tsv->{useSafeJail} ) { if ( $req->env->{RULES_URL} ) { $rUrl = $req->{env}->{RULES_URL}; @@ -43,9 +43,10 @@ sub _loadVhostConfig { . '/rules.json'; $rVhost = $vhost; } + $class->logger->debug("Try to retrieve 'rules.json' from $rUrl"); my $get = HTTP::Request->new( GET => $rUrl ); - $class->logger->debug("Set Host header: $rVhost"); + $class->logger->debug("Set Host header with $rVhost"); $get->header( Host => $rVhost ); my $resp = $class->ua->request($get); if ( $resp->is_success ) { @@ -53,16 +54,16 @@ sub _loadVhostConfig { $json = from_json( $resp->content, { allow_nonref => 1 } ); }; if ($@) { $class->logger->error( - "Bad rules.json for $rVhost, skipping ($@)"); + "Bad 'rules.json' for $rVhost, skipping ($@)"); } else { - $class->logger->info("Compiling rules.json for $rVhost"); + $class->logger->info("Compiling 'rules.json' for $rVhost"); } } } else { $class->logger->error( -q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I'm a coward..." +q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know, I'm a coward..." ); } $json->{rules} ||= { default => 1 }; From c5c1c76415e13b336b157c22478a2f32c896eb10 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Mon, 20 Sep 2021 22:00:14 +0200 Subject: [PATCH 4/5] Improve unit test (#2618) --- lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t b/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t index e3d25a705..a40b99ddb 100644 --- a/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t +++ b/lemonldap-ng-handler/t/64-Lemonldap-NG-Handler-PSGI-DevOps.t @@ -78,6 +78,10 @@ no warnings 'redefine'; sub LWP::UserAgent::request { my ( $self, $req ) = @_; + ok( $req->header('host') eq 'devops.example.com', + 'Host header found' ) + or explain( $req->headers(), 'Header' ); + count(1); my $httpResp; my $s = '{ "rules": { From 51ee0fe1a90fa17c534d51396e651d299b4fe58d Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Thu, 23 Sep 2021 22:26:28 +0200 Subject: [PATCH 5/5] Improve debug message (#2618) --- .../lib/Lemonldap/NG/Handler/Lib/DevOps.pm | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm index e91fd2a15..c540eb08b 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm @@ -53,11 +53,13 @@ sub _loadVhostConfig { eval { $json = from_json( $resp->content, { allow_nonref => 1 } ); }; if ($@) { - $class->logger->error( - "Bad 'rules.json' for $rVhost, skipping ($@)"); + $class->logger->error( +"Bad 'rules.json' retrieved from $rVhost for $vhost, skipping ($@)" + ); } else { - $class->logger->info("Compiling 'rules.json' for $rVhost"); + $class->logger->info( + "Compiling 'rules.json' retrieved from $rVhost for $vhost"); } } }