Remove userData if authentication fails (#1666)

2019-03-18 21:29:15 +01:00 · 2019-03-18 21:29:15 +01:00 · 9798c78068
commit 9798c78068
parent 4366488fb6
2 changed files with 53 additions and 2 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@ -210,6 +210,12 @@ sub do {
    if ( $err == PE_SENDRESPONSE ) {
        return $req->response;
    }
+
+    # Remove userData if authentication fails
+    if ( $err == PE_BADCREDENTIALS ) {
+        $req->userData( {} );
+    }
+
    if ( !$self->conf->{noAjaxHook} and $req->wantJSON ) {
        $self->logger->debug('Processing to JSON response');
        if ( ( $err > 0 and !$req->id ) or $err eq PE_SESSIONNOTGRANTED ) {
--- a/lemonldap-ng-portal/t/01-AuthDemo.t
+++ b/lemonldap-ng-portal/t/01-AuthDemo.t
@ -29,8 +29,53 @@ ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
  or print STDERR Dumper( $res->[2]->[0] );
 count(2);

-# Try to authenticate
-# -------------------
+# Try to authenticate with unknown user
+# -------------------------------------
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=jdoe&password=jdoe'),
+        accept => 'text/html',
+        length => 23
+    ),
+    'Auth query'
+);
+count(1);
+ok(
+    $res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
+    'jdoe rejected with PE_BADCREDENTIALS'
+) or print STDERR Dumper( $res->[2]->[0] );
+count(1);
+ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
+    'Found connect button' )
+  or print STDERR Dumper( $res->[2]->[0] );
+count(1);
+
+# Try to authenticate with bad password
+# -------------------------------------
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=jdoe'),
+        accept => 'text/html',
+        length => 23
+    ),
+    'Auth query'
+);
+count(1);
+ok(
+    $res->[2]->[0] =~ /<span trmsg="5"><\/span><\/div>/,
+    'dwho rejected with PE_BADCREDENTIALS'
+) or print STDERR Dumper( $res->[2]->[0] );
+count(1);
+ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
+    'Found connect button' )
+  or print STDERR Dumper( $res->[2]->[0] );
+count(1);
+
+
+# Try to authenticate with good password
+# --------------------------------------
 ok(
    $res = $client->_post(
        '/',