New skip() function in rules
This commit is contained in:
Xavier Guimard
parent
00420c9a0b
commit
85728c8870
|
|
@ -13,6 +13,7 @@ use Scalar::Util qw(weaken);
|
|||
|
||||
use constant UNPROTECT => 1;
|
||||
use constant SKIP => 2;
|
||||
use constant MAYSKIP => 3;
|
||||
|
||||
our @_onReload;
|
||||
|
||||
|
|
@ -546,6 +547,9 @@ sub conditionSub {
|
|||
);
|
||||
}
|
||||
|
||||
my $mayskip = 0;
|
||||
$mayskip = MAYSKIP if $cond =~ /\bskip\b/;
|
||||
|
||||
# Replace some strings in condition
|
||||
$cond = $class->substitute($cond);
|
||||
my $sub;
|
||||
|
|
@ -555,7 +559,7 @@ sub conditionSub {
|
|||
}
|
||||
|
||||
# Return sub and protected flag
|
||||
return ( $sub, 0 );
|
||||
return ( $sub, $mayskip );
|
||||
}
|
||||
|
||||
## @method arrayref aliasInit
|
||||
|
|
@ -589,6 +593,7 @@ sub substitute {
|
|||
$expr =~ s/\$(?!(?:ENV|env)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg;
|
||||
$expr =~ s/\$ENV\{/\$r->{env}->\{/g;
|
||||
$expr =~ s/\$env->\{/\$r->{env}->\{/g;
|
||||
$expr =~ s/\bskip\b/q\{999_SKIP\}/g;
|
||||
|
||||
return $expr;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -192,6 +192,11 @@ sub run {
|
|||
$class->cleanHeaders($req);
|
||||
return $class->OK;
|
||||
}
|
||||
elsif ( $protection == $class->MAYSKIP
|
||||
and $class->grant( $req, $session, $uri, $cond ) eq '999_SKIP' )
|
||||
{
|
||||
return $class->OK;
|
||||
}
|
||||
|
||||
else {
|
||||
|
||||
|
|
@ -440,7 +445,7 @@ sub fetchId {
|
|||
my $value =
|
||||
$lookForHttpCookie
|
||||
? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 )
|
||||
: ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
|
||||
: ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
|
||||
|
||||
if ( $value && $lookForHttpCookie && $class->tsv->{securedCookie} == 3 ) {
|
||||
$value = $class->tsv->{cipher}->decryptHex( $value, "http" );
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ require 't/test-psgi-lib.pm';
|
|||
init('Lemonldap::NG::Handler::PSGI');
|
||||
|
||||
my $res;
|
||||
my $SKIPUSER = 0;
|
||||
|
||||
# Unauthentified query
|
||||
# --------------------
|
||||
|
|
@ -36,27 +37,42 @@ ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
|||
count(2);
|
||||
|
||||
# Request an URI protected by custom function -> allowed
|
||||
ok( $res = $client->_get( '/test-uri1/dwho', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Authentified query' );
|
||||
ok(
|
||||
$res =
|
||||
$client->_get( '/test-uri1/dwho', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 200, '/test-uri1 -> Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
# Request an URI protected by custom function -> allowed
|
||||
ok( $res = $client->_get( '/test-uri2/dwho/dummy', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Authentified query' );
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/test-uri2/dwho/dummy', undef, undef, "lemonldap=$sessionId"
|
||||
),
|
||||
'Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 200, '/test-uri2 -> Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
# Request an URI protected by custom function -> denied
|
||||
ok( $res = $client->_get( '/test-uri1/dwho/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query' );
|
||||
ok( $res->[0] == 403, '/test-uri1 -> Code is 403' ) or explain( $res->[0], 403 );
|
||||
ok(
|
||||
$res =
|
||||
$client->_get( '/test-uri1/dwho/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query'
|
||||
);
|
||||
ok( $res->[0] == 403, '/test-uri1 -> Code is 403' )
|
||||
or explain( $res->[0], 403 );
|
||||
count(2);
|
||||
|
||||
# Request an URI protected by custom function -> denied
|
||||
ok( $res = $client->_get( '/test-uri1/dwh', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query' );
|
||||
ok( $res->[0] == 403, '/test-uri1 -> Code is 403' ) or explain( $res->[0], 403 );
|
||||
ok(
|
||||
$res =
|
||||
$client->_get( '/test-uri1/dwh', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query'
|
||||
);
|
||||
ok( $res->[0] == 403, '/test-uri1 -> Code is 403' )
|
||||
or explain( $res->[0], 403 );
|
||||
count(2);
|
||||
|
||||
# Denied query
|
||||
|
|
@ -136,14 +152,25 @@ ok(
|
|||
);
|
||||
count(3);
|
||||
|
||||
ok( $res = $client->_get( '/skipif/za', undef, 'test1.example.com' ),
|
||||
'Test skip() rule 1' );
|
||||
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res, 302 );
|
||||
$SKIPUSER = 1;
|
||||
ok( $res = $client->_get( '/skipif/zz', undef, 'test1.example.com' ),
|
||||
'Test skip() rule 2' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
count(4);
|
||||
|
||||
done_testing( count() );
|
||||
|
||||
clean();
|
||||
|
||||
sub Lemonldap::NG::Handler::PSGI::handler {
|
||||
my ( $self, $req ) = @_;
|
||||
ok( $req->env->{HTTP_AUTH_USER} eq 'dwho', 'Header is given to app' )
|
||||
or explain( $req->env->{HTTP_AUTH_USER}, 'dwho' );
|
||||
count(1);
|
||||
unless ($SKIPUSER) {
|
||||
ok( $req->env->{HTTP_AUTH_USER} eq 'dwho', 'Header is given to app' )
|
||||
or explain( $req->env->{HTTP_AUTH_USER}, 'dwho' );
|
||||
count(1);
|
||||
}
|
||||
return [ 200, [ 'Content-Type', 'text/plain' ], ['Hello'] ];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@
|
|||
"^/test-uri1": "varIsInUri($ENV{REQUEST_URI}, '/test-uri1/', $uid, 1)",
|
||||
"^/test-uri2": "varIsInUri($ENV{REQUEST_URI}, '/test-uri2/', $uid)",
|
||||
"^/test-restricted_uri": "varIsInUri($ENV{REQUEST_URI}, '/test-restricted_uri/', \"$uid/\", 1)",
|
||||
"^/skipif": "$ENV{REQUEST_URI} =~ /zz/ ? skip : 1",
|
||||
"^/logout": "logout_sso",
|
||||
"^/deny": "deny",
|
||||
"default": "accept"
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user