Merge branch '2618' into 'v2.0'
Fix 2618 - Take into account RULES_URL param with DevOps handler See merge request lemonldap-ng/lemonldap-ng!223
This commit is contained in:
commit
8235248771
|
@ -27,7 +27,7 @@ use Config::IniFiles;
|
||||||
#inherits Lemonldap::NG::Common::Conf::Backends::SOAP
|
#inherits Lemonldap::NG::Common::Conf::Backends::SOAP
|
||||||
#inherits Lemonldap::NG::Common::Conf::Backends::LDAP
|
#inherits Lemonldap::NG::Common::Conf::Backends::LDAP
|
||||||
|
|
||||||
our $VERSION = '2.0.12';
|
our $VERSION = '2.0.14';
|
||||||
our $msg = '';
|
our $msg = '';
|
||||||
our $iniObj;
|
our $iniObj;
|
||||||
|
|
||||||
|
@ -107,6 +107,7 @@ sub new {
|
||||||
$self->{localStorage}->new( $self->{localStorageOptions} );
|
$self->{localStorage}->new( $self->{localStorageOptions} );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $self;
|
return $self;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -189,6 +190,7 @@ sub getConf {
|
||||||
eval { $r = $self->{refLocalStorage}->get('conf') }
|
eval { $r = $self->{refLocalStorage}->get('conf') }
|
||||||
if ( $> and not $args->{noCache} );
|
if ( $> and not $args->{noCache} );
|
||||||
$msg .= "Warn: $@" if ($@);
|
$msg .= "Warn: $@" if ($@);
|
||||||
|
|
||||||
if ( ref($r)
|
if ( ref($r)
|
||||||
and $r->{cfgNum}
|
and $r->{cfgNum}
|
||||||
and $args->{cfgNum}
|
and $args->{cfgNum}
|
||||||
|
@ -240,7 +242,11 @@ sub getConf {
|
||||||
return $res;
|
return $res;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set default values
|
## @method hashRef setDefault(hashRef conf, hashRef localPrm)
|
||||||
|
# Set default params
|
||||||
|
# @param $conf Lemonldap::NG configuration hashRef
|
||||||
|
# @param $localPrm Local parameters
|
||||||
|
# @return conf
|
||||||
sub setDefault {
|
sub setDefault {
|
||||||
my ( $self, $conf, $localPrm ) = @_;
|
my ( $self, $conf, $localPrm ) = @_;
|
||||||
if ( defined $localPrm ) {
|
if ( defined $localPrm ) {
|
||||||
|
|
|
@ -4,10 +4,9 @@ use strict;
|
||||||
use Lemonldap::NG::Common::UserAgent;
|
use Lemonldap::NG::Common::UserAgent;
|
||||||
use JSON qw(from_json);
|
use JSON qw(from_json);
|
||||||
|
|
||||||
our $VERSION = '2.0.12';
|
our $VERSION = '2.0.14';
|
||||||
our $_ua;
|
our $_ua;
|
||||||
|
|
||||||
|
|
||||||
sub ua {
|
sub ua {
|
||||||
return $_ua if ($_ua);
|
return $_ua if ($_ua);
|
||||||
return $_ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->localConfig );
|
return $_ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->localConfig );
|
||||||
|
@ -30,42 +29,50 @@ sub checkMaintenanceMode {
|
||||||
|
|
||||||
sub _loadVhostConfig {
|
sub _loadVhostConfig {
|
||||||
my ( $class, $req, $vhost ) = @_;
|
my ( $class, $req, $vhost ) = @_;
|
||||||
my $json;
|
my ( $json, $rUrl, $rVhost );
|
||||||
if ( $class->tsv->{useSafeJail} ) {
|
if ( $class->tsv->{useSafeJail} ) {
|
||||||
my $rUrl = $req->{env}->{RULES_URL}
|
if ( $req->env->{RULES_URL} ) {
|
||||||
|| ( (
|
$rUrl = $req->{env}->{RULES_URL};
|
||||||
$class->localConfig->{loopBackUrl}
|
$rVhost = ( $req->env->{RULES_URL} =~ m#^https?://([^/]*).*# )[0];
|
||||||
|| "http://127.0.0.1:" . $req->{env}->{SERVER_PORT}
|
$rVhost =~ s/:\d+$//;
|
||||||
)
|
}
|
||||||
. '/rules.json'
|
else {
|
||||||
);
|
$rUrl =
|
||||||
|
( $class->localConfig->{loopBackUrl}
|
||||||
|
|| "http://127.0.0.1:" . $req->{env}->{SERVER_PORT} )
|
||||||
|
. '/rules.json';
|
||||||
|
$rVhost = $vhost;
|
||||||
|
}
|
||||||
|
|
||||||
|
$class->logger->debug("Try to retrieve 'rules.json' from $rUrl");
|
||||||
my $get = HTTP::Request->new( GET => $rUrl );
|
my $get = HTTP::Request->new( GET => $rUrl );
|
||||||
$get->header( Host => $vhost );
|
$class->logger->debug("Set Host header with $rVhost");
|
||||||
|
$get->header( Host => $rVhost );
|
||||||
my $resp = $class->ua->request($get);
|
my $resp = $class->ua->request($get);
|
||||||
if ( $resp->is_success ) {
|
if ( $resp->is_success ) {
|
||||||
eval {
|
eval {
|
||||||
$json = from_json( $resp->content, { allow_nonref => 1 } ); };
|
$json = from_json( $resp->content, { allow_nonref => 1 } ); };
|
||||||
if ($@) {
|
if ($@) {
|
||||||
$class->logger->error(
|
$class->logger->error(
|
||||||
"Bad rules.json for $vhost, skipping ($@)");
|
"Bad 'rules.json' retrieved from $rVhost for $vhost, skipping ($@)"
|
||||||
|
);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$class->logger->info("Compiling rules.json for $vhost");
|
$class->logger->info(
|
||||||
|
"Compiling 'rules.json' retrieved from $rVhost for $vhost");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$class->logger->error(
|
$class->logger->error(
|
||||||
q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I'm a coward..."
|
q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know, I'm a coward..."
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
$json->{rules} ||= { default => 1 };
|
$json->{rules} ||= { default => 1 };
|
||||||
$json->{headers} //= { 'Auth-User' => '$uid' };
|
$json->{headers} //= { 'Auth-User' => '$uid' };
|
||||||
|
|
||||||
# Removed forbidden session attributes
|
# Removed forbidden session attributes
|
||||||
foreach
|
foreach my $v ( split /\s+/, $class->tsv->{hiddenAttributes} ) {
|
||||||
my $v ( split /\s+/, $class->tsv->{hiddenAttributes} )
|
|
||||||
{
|
|
||||||
foreach ( keys %{ $json->{headers} } ) {
|
foreach ( keys %{ $json->{headers} } ) {
|
||||||
delete $json->{headers}->{$_}
|
delete $json->{headers}->{$_}
|
||||||
if $json->{headers}->{$_} eq '$' . $v;
|
if $json->{headers}->{$_} eq '$' . $v;
|
||||||
|
|
|
@ -17,7 +17,8 @@ ok(
|
||||||
$res = $client->_get(
|
$res = $client->_get(
|
||||||
'/', undef,
|
'/', undef,
|
||||||
'test3.example.com', "lemonldap=$sessionId",
|
'test3.example.com', "lemonldap=$sessionId",
|
||||||
VHOSTTYPE => 'DevOps'
|
VHOSTTYPE => 'DevOps',
|
||||||
|
RULES_URL => 'http://devops.example.com'
|
||||||
),
|
),
|
||||||
'Authorized query'
|
'Authorized query'
|
||||||
);
|
);
|
||||||
|
@ -35,7 +36,8 @@ ok(
|
||||||
$res = $client->_get(
|
$res = $client->_get(
|
||||||
'/testyes', undef,
|
'/testyes', undef,
|
||||||
'test3.example.com', "lemonldap=$sessionId",
|
'test3.example.com', "lemonldap=$sessionId",
|
||||||
VHOSTTYPE => 'DevOps'
|
VHOSTTYPE => 'DevOps',
|
||||||
|
RULES_URL => 'http://devops.example.com'
|
||||||
),
|
),
|
||||||
'Authorized query'
|
'Authorized query'
|
||||||
);
|
);
|
||||||
|
@ -47,7 +49,8 @@ ok(
|
||||||
$res = $client->_get(
|
$res = $client->_get(
|
||||||
'/deny', undef,
|
'/deny', undef,
|
||||||
'test3.example.com', "lemonldap=$sessionId",
|
'test3.example.com', "lemonldap=$sessionId",
|
||||||
VHOSTTYPE => 'DevOps'
|
VHOSTTYPE => 'DevOps',
|
||||||
|
RULES_URL => 'http://devops.example.com'
|
||||||
),
|
),
|
||||||
'Denied query'
|
'Denied query'
|
||||||
);
|
);
|
||||||
|
@ -58,7 +61,8 @@ ok(
|
||||||
$res = $client->_get(
|
$res = $client->_get(
|
||||||
'/testno', undef,
|
'/testno', undef,
|
||||||
'test3.example.com', "lemonldap=$sessionId",
|
'test3.example.com', "lemonldap=$sessionId",
|
||||||
VHOSTTYPE => 'DevOps'
|
VHOSTTYPE => 'DevOps',
|
||||||
|
RULES_URL => 'http://devops.example.com'
|
||||||
),
|
),
|
||||||
'Denied query'
|
'Denied query'
|
||||||
);
|
);
|
||||||
|
@ -74,6 +78,10 @@ no warnings 'redefine';
|
||||||
|
|
||||||
sub LWP::UserAgent::request {
|
sub LWP::UserAgent::request {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
ok( $req->header('host') eq 'devops.example.com',
|
||||||
|
'Host header found' )
|
||||||
|
or explain( $req->headers(), 'Header' );
|
||||||
|
count(1);
|
||||||
my $httpResp;
|
my $httpResp;
|
||||||
my $s = '{
|
my $s = '{
|
||||||
"rules": {
|
"rules": {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user