dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Retrieve session from DB if exists & Improve unit test (#1774)

Browse Source
This commit is contained in:
Christophe Maudoux 2019-05-28 23:55:54 +02:00
parent 8fd3f6be90
commit a89f83294b
2 changed files with 83 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
View File

@ -11,8 +11,8 @@ use Lemonldap::NG::Portal::Main::Constants qw(
our $VERSION = '2.0.5';
extends qw(Lemonldap::NG::Portal::Main::Plugin
Lemonldap::NG::Portal::Lib::_tokenRule);
extends
qw(Lemonldap::NG::Portal::Main::Plugin Lemonldap::NG::Portal::Lib::_tokenRule Lemonldap::NG::Portal::Lib::OtherSessions);
# INITIALIZATION
@ -121,17 +121,39 @@ sub check {
}
if ( $user eq $req->{user} or !$user ) {
$self->userLogger->notice("Retrieve session from Sessions database");
$self->logger->debug("checkUser requested for myself");
$self->userLogger->notice("Return userData...");
$self->userLogger->warn("Using spoofed SSO groups if exist!!!")
if ( $self->conf->{impersonationRule} );
$attrs = $req->userData;
$user = $req->{user};
}
else {
$self->logger->debug("checkUser requested for $req->{user}");
$req->{user} = $user;
$self->userLogger->notice(
"Retrieve session from userDB and compute Groups & Macros");
$attrs = $self->_userDatas($req);
$self->logger->debug("checkUser requested for $user");
# Try to retrieve session from sessions DB
$self->userLogger->notice('Try to retrieve session from DB...');
my $moduleOptions = $self->conf->{globalStorageOptions} || {};
$moduleOptions->{backend} = $self->conf->{globalStorage};
my $sessions =
$self->module->searchOn( $moduleOptions, $self->conf->{whatToTrace},
$user );
my $age = '1';
foreach my $id ( keys %$sessions ) {
my $session = $self->p->getApacheSession($id) or next;
if ( $session->{data}->{_utime} gt $age ) {
$attrs = $session->{data};
$age = $session->{data}->{_utime};
}
}
unless ( defined $attrs->{_session_id} ) {
$req->{user} = $user;
$self->userLogger->notice(
"NO session found in DB. Compute userData...");
$attrs = $self->_userData($req);
}
}
if ( $req->error ) {
@ -206,11 +228,8 @@ sub check {
LANGS => $self->conf->{showLanguages},
MSG => $msg,
ALERTE => ( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
LOGIN => (
$self->p->checkXSSAttack( 'LOGIN', $req->{userData}->{uid} ) ? ""
: $req->{userData}->{uid}
),
URL => (
LOGIN => $user,
URL => (
$self->p->checkXSSAttack( 'URL', $url ) ? ""
: $url
),
@ -302,10 +321,10 @@ sub _urlFormat {
return lc("$proto$vhost$port") . "$appuri";
}
sub _userDatas {
sub _userData {
my ( $self, $req ) = @_;
# Search user in database
# Compute session
my $steps = [ 'getUser', 'setSessionInfo', 'setMacros', 'setGroups' ];
$self->conf->{checkUserDisplayPersistentInfo}
? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups'

52
lemonldap-ng-portal/t/67-CheckUser.t
View File

@ -57,6 +57,21 @@ ok( $res->[2]->[0] =~ m%An error occurs, you're going to be redirected to%,
count(1);
$client->logout($id);
## Try to authenticate
ok(
$res = $client->_post(
'/',
IO::String->new('user=rtyler&password=rtyler'),
length => 27,
accept => 'text/html',
),
'Auth query'
);
count(1);
$id = expectCookie($res);
expectRedirection( $res, 'http://auth.example.com/' );
## Try to authenticate
ok(
$res = $client->_post(
@ -85,7 +100,6 @@ ok(
);
count(1);
# Request with bad VH
my ( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
@ -99,8 +113,7 @@ ok( $res->[2]->[0] =~ m%<td class="text-left">dwho</td>%, 'Found value dwho' )
or explain( $res->[2]->[0], 'Value dwho' );
count(2);
$query =~ s/user=dwho/user=rtyler/;
$query =~ s/url=/url=http%3A%2F%2Ftry.example.com/;
$query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/;
ok(
$res = $client->_post(
'/checkuser',
@ -113,6 +126,39 @@ ok(
);
count(1);
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
count(2);
ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
'Found Auth-User' )
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
or explain( $res->[2]->[0], 'Header Value: dwho' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
'Found _whatToTrace' )
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
or explain( $res->[2]->[0], 'Macro Value dwho' );
count(3);
$query =~ s/user=dwho/user=rtyler/;
$query =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Ftry.example.com/;
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST checkuser'
);
count(1);
# Request with bad VH
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url' );
ok( $res->[2]->[0] =~ m%<span trspan="VHnotFound">%,