Allow wildcard with searching parameters (#1976) & Improve unit tests

2021-01-05 21:55:16 +01:00 · 2021-01-05 21:55:16 +01:00 · 846d6a3655
commit 846d6a3655
parent 554daba5fe
23 changed files with 166 additions and 27 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@ -83,6 +83,8 @@ sub defaultValues {
        'facebookExportedVars' => {},
        'facebookUserField'    => 'id',
        'failedLoginNumber'    => 5,
+        'findUserControl'      => '^[\\w]+$',
+        'findUserWildcard'     => '',
        'formTimeout'          => 120,
        'githubAuthnLevel'     => 1,
        'githubScope'          => 'user:email',
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -1364,6 +1364,10 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
            'default' => 0,
            'type'    => 'bool'
        },
+        'findUserControl' => {
+            'default' => '^[\\w]+$',
+            'type'    => 'pcre'
+        },
        'findUserExcludingAttributes' => {
            'keyTest' => qr/^\S+$/,
            'type'    => 'keyTextContainer'
@ -1372,6 +1376,10 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
            'keyTest' => qr/^\S+$/,
            'type'    => 'keyTextContainer'
        },
+        'findUserWildcard' => {
+            'default' => '',
+            'type'    => 'text'
+        },
        'forceGlobalStorageIssuerOTT' => {
            'type' => 'bool'
        },
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -544,6 +544,16 @@ sub attributes {
            keyTest       => qr/^\S+$/,
            documentation => 'Attributes used for excluding accounts',
        },
+        findUserWildcard => {
+            type          => 'text',
+            default       => '',
+            documentation => 'Character used as wildcard',
+        },
+        findUserControl => {
+            type          => 'pcre',
+            default       => '^[\w]+$',
+            documentation => 'Regular expression to validate parameters',
+        },
        globalLogoutRule => {
            type          => 'boolOrExpr',
            default       => 0,
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@ -789,6 +789,8 @@ sub tree {
                            help  => 'finduser.html',
                            nodes => [
                                'findUser',
+                                'findUserWildcard',
+                                'findUserControl',
                                'findUserSearchingAttributes',
                                'findUserExcludingAttributes'
                            ]
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -331,8 +331,10 @@
 "fileToUpload":"الملف الذي ستحمله",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"لست مخولا بعرض هذه الصفحة",
 "forceSave":"فرض الحفظ",
 "format":"الصيغة",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@ -331,8 +331,10 @@
 "fileToUpload":"File to upload",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"You're not authorized to show this page",
 "forceSave":"Force save",
 "format":"Format",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -331,8 +331,10 @@
 "fileToUpload":"File to upload",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"You're not authorized to show this page",
 "forceSave":"Force save",
 "format":"Format",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json
@ -331,8 +331,10 @@
 "fileToUpload":"Fichero a cargar",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"No está autorizado a mostrar esta página",
 "forceSave":"Forzar salvaguarda",
 "format":"Formato",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -331,8 +331,10 @@
 "fileToUpload":"Fichier à télécharger",
 "findUser":"Activation",
 "findUsers":"Recherche de compte",
-"findUserSearchingAttributes":"Attributs de recherche",
+"findUserControl":"Contrôle des paramètres",
 "findUserExcludingAttributes":"Attributs d'exclusion",
+"findUserSearchingAttributes":"Attributs de recherche",
+"findUserWildcard":"Caractère utilisé comme joker",
 "forbidden":"Vous n'êtes pas autorisé à visualiser cette page",
 "forceSave":"Forcer la sauvegarde",
 "format":"Format",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -331,8 +331,10 @@
 "fileToUpload":"File da caricare",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"Non sei autorizzato a mostrare questa pagina",
 "forceSave":"Forza salvataggio",
 "format":"Formato",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
@ -331,8 +331,10 @@
 "fileToUpload":"Plik do przesłania",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"Nie masz uprawnień do wyświetlania tej strony",
 "forceSave":"Wymuś zapis",
 "format":"Format",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
@ -331,8 +331,10 @@
 "fileToUpload":"Yüklenecek dosya",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"Bu sayfayı görüntülemek için yetkili değilsiniz",
 "forceSave":"Kaydetmeye zorla",
 "format":"Biçim",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -331,8 +331,10 @@
 "fileToUpload":"Tập tin để tải lên",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"Bạn không được ủy quyền để hiển thị trang này",
 "forceSave":"Bắt buộc lưu",
 "format":"Định dạng",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@ -331,8 +331,10 @@
 "fileToUpload":"上传的文件",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"You're not authorized to show this page",
 "forceSave":"强制保存",
 "format":"格式",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
@ -331,8 +331,10 @@
 "fileToUpload":"上傳失敗",
 "findUser":"Activation",
 "findUsers":"Search for user account",
-"findUserSearchingAttributes":"Searching attributes",
+"findUserControl":"Parameters control",
 "findUserExcludingAttributes":"Excluding attributes",
+"findUserSearchingAttributes":"Searching attributes",
+"findUserWildcard":"Character used as wildcard",
 "forbidden":"您無權顯示此頁面",
 "forceSave":"強制儲存",
 "format":"格式",
--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
@ -180,8 +180,18 @@ sub findUser {
    return PE_LDAPCONNECTFAILED unless $self->ldap;

    $self->findUserFilter =~ /\bobjectClass=(\w+)\b/;
-    my $filter = "(&(objectClass=$1)";
-    $filter .= "($_->{key}=$_->{value})"    foreach (@$searching);
+    my $filter   = "(&(objectClass=$1)";
+    my $wildcard = $self->conf->{findUserWildcard};
+    $self->logger->info("LDAP UserDB with wildcard ($wildcard)") if $wildcard;
+    foreach (@$searching) {
+        if ($wildcard) {
+            $_->{value} =~ s/\Q$wildcard\E+/*/;
+        }
+        else {
+            $_->{value} =~ s/\Q*\E+//;
+        }
+        $filter .= "($_->{key}=$_->{value})";
+    }
    $filter .= "(!($_->{key}=$_->{value}))" foreach (@$excluding);
    $filter .= ')';
    $self->logger->debug("LDAP UserDB built filter: $filter");
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm
@ -60,13 +60,16 @@ sub findUser {
    eval { $self->p->_authentication->setSecurity($req) };
    return PE_OK unless scalar @$searching;

-    my $table   = $self->table;
-    my $pivot   = $args{useMail} ? $self->mailField : $self->pivot;
-    my $request = "SELECT $pivot FROM $table WHERE ";
+    my $table = $self->table;
+    my $pivot = $args{useMail} ? $self->mailField : $self->pivot;
    my @args;
-    my $sth;
+    my $request = "SELECT $pivot FROM $table WHERE ";
+    my ( $iswc, $sth );
+    my $wildcard = $self->conf->{findUserWildcard};
+    $self->logger->info("DBI UserDB with wildcard ($wildcard)") if $wildcard;
    foreach (@$searching) {
-        $request .= "$_->{key} = ? AND ";
+        $iswc = $_->{value} =~ s/\Q$wildcard\E+/%/ if $wildcard;
+        $request .= $iswc ? "$_->{key} LIKE ? AND " : "$_->{key} = ? AND ";
        push @args, $_->{value};
    }
    foreach (@$excluding) {
@ -114,12 +117,12 @@ sub setSessionInfo {
        $req->{sessionInfo}->{$var} = $req->data->{dbientry}->{$attr}
          if ( defined $req->data->{dbientry}->{$attr} );
    }
-    
+
    return PE_OK;
 }

 sub setGroups {
-    
+
    return PE_OK;
 }

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
@ -85,8 +85,23 @@ sub findUser {
    eval { $self->p->_authentication->setSecurity($req) };
    return PE_OK unless scalar @$searching;

-    my $cond = '';
-    $cond .= '$' . $_->{key} . " eq '$_->{value}' && " foreach (@$searching);
+    my $iswc;
+    my $cond     = '';
+    my $wildcard = $self->conf->{findUserWildcard};
+    $self->logger->info("Demo UserDB with wildcard ($wildcard)") if $wildcard;
+    foreach (@$searching) {
+        if ($wildcard) {
+            $iswc = $_->{value} =~ s/\Q$wildcard\E+//;
+            my $val = $_->{value};
+            $cond .=
+              $iswc
+              ? '( $' . $_->{key} . " =~ /$val/ ) && "
+              : '$' . $_->{key} . " eq '$_->{value}' && ";
+        }
+        else {
+            $cond .= '$' . $_->{key} . " eq '$_->{value}' && ";
+        }
+    }
    $cond .= '$' . $_->{key} . " ne '$_->{value}' && " foreach (@$excluding);
    $cond =~ s/&&\s$//;
    $self->logger->debug("Demo UserDB built condition: $cond");
--- a/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
+++ b/lemonldap-ng-portal/t/68-FindUser-with-DBI.t
@ -5,7 +5,7 @@ use IO::String;

 require 't/test-lib.pm';

-my $maintests = 46;
+my $maintests = 54;
 my $userdb    = tempdb();

 SKIP: {
@ -55,6 +55,7 @@ SKIP: {
                useSafeJail                 => 1,
                requireToken                => 0,
                findUser                    => 1,
+                findUserWildcard            => '#',
                impersonationRule           => 1,
                findUserSearchingAttributes => {
                    uid  => 'Login',
@ -282,6 +283,38 @@ m%<input id="findUser_room" name="room" type="text" autocomplete="off" class="fo
      or explain( $json, 'result => 1' );
    ok( $json->{user} =~ /^(dwho|msmith|davros)$/, " Good user ($1)" )
      or explain( $json, "user => ?" );
+
+    $request = 'uid=d%';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request with bad wildcard'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{result} == 0, ' Good result' )
+      or explain( $json, 'result => 0' );
+    ok( $json->{error} == PE_USERNOTFOUND, ' No user found' )
+      or explain( $json, 'error => 4' );
+
+    $request = 'uid=d#';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request with wildcard'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{result} == 1, ' Good result' )
+      or explain( $json, 'result => 1' );
+    ok( $json->{user} =~ /^(dwho|davros)$/, " Good user ($1)" )
+      or explain( $json, "user => ?" );
 }
 count($maintests);
 done_testing( count() );
--- a/lemonldap-ng-portal/t/68-FindUser-with-Demo.t
+++ b/lemonldap-ng-portal/t/68-FindUser-with-Demo.t
@ -5,7 +5,7 @@ use IO::String;

 require 't/test-lib.pm';

-my $maintests = 42;
+my $maintests = 46;

 my $res;
 my $json;
@ -19,6 +19,7 @@ my $client = LLNG::Manager::Test->new( {
            requireToken      => 0,
            findUser          => 1,
            impersonationRule => 1,
+            findUserWildcard  => '*',
            findUserSearchingAttributes =>
              { uid => 'Login', guy => 'Kind', cn => 'Name' },
            findUserExcludingAttributes =>
@ -221,5 +222,21 @@ ok( $json->{result} == 0, ' Good result' )
 ok( $json->{error} == PE_USERNOTFOUND, ' No user found' )
  or explain( $json, 'error => 4' );

+$request = 'uid=d*';
+ok(
+    $res = $client->_post(
+        '/finduser', IO::String->new($request),
+        accept => 'application/json',
+        length => length($request)
+    ),
+    'Post FindFuser request with wildcard'
+);
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{result} == 1, ' Good result' )
+  or explain( $json, 'result => 1' );
+ok( $json->{user} =~ /^(dwho|davros)$/, " Good user ($1)" )
+  or explain( $json, "user => ?" );
+
 count($maintests);
 done_testing( count() );
--- a/lemonldap-ng-portal/t/68-FindUser-with-LDAP.t
+++ b/lemonldap-ng-portal/t/68-FindUser-with-LDAP.t
@ -8,7 +8,7 @@ require 't/test-lib.pm';
 my $res;
 my $json;
 my $request;
-my $maintests = 42;
+my $maintests = 46;

 SKIP: {
    skip 'LLNGTESTLDAP is not set', $maintests unless ( $ENV{LLNGTESTLDAP} );
@ -35,6 +35,7 @@ SKIP: {
                requireToken      => 0,
                findUser          => 1,
                impersonationRule => 1,
+                findUserWildcard  => '#',
                findUserSearchingAttributes =>
                  { uid => 'Login', roomNumber => 'Room', cn => 'Name' },
                findUserExcludingAttributes =>
@ -238,6 +239,22 @@ m%<input id="findUser_cn" name="cn" type="text" autocomplete="off" class="form-c
    ok( $json->{error} == PE_USERNOTFOUND, ' No user found' )
      or explain( $json, 'error => 4' );

+    $request = 'uid=r#';
+    ok(
+        $res = $client->_post(
+            '/finduser', IO::String->new($request),
+            accept => 'application/json',
+            length => length($request)
+        ),
+        'Post FindFuser request with wildcard'
+    );
+    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+      or print STDERR "$@\n" . Dumper($res);
+    ok( $json->{result} == 1, ' Good result' )
+      or explain( $json, 'result => 1' );
+    ok( $json->{user} =~ /^(reset|rtyler)$/, " Good user ($1)" )
+      or explain( $json, "user => ?" );
+
    clean_sessions();
 }
 count($maintests);