From a89f83294b58b8f4e62842ca54cd2e0c0c78369a Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 28 May 2019 23:55:54 +0200 Subject: [PATCH] Retrieve session from DB if exists & Improve unit test (#1774) --- .../Lemonldap/NG/Portal/Plugins/CheckUser.pm | 49 +++++++++++------ lemonldap-ng-portal/t/67-CheckUser.t | 52 +++++++++++++++++-- 2 files changed, 83 insertions(+), 18 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm index 6bbb8938d..e16964990 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm @@ -11,8 +11,8 @@ use Lemonldap::NG::Portal::Main::Constants qw( our $VERSION = '2.0.5'; -extends qw(Lemonldap::NG::Portal::Main::Plugin - Lemonldap::NG::Portal::Lib::_tokenRule); +extends + qw(Lemonldap::NG::Portal::Main::Plugin Lemonldap::NG::Portal::Lib::_tokenRule Lemonldap::NG::Portal::Lib::OtherSessions); # INITIALIZATION @@ -121,17 +121,39 @@ sub check { } if ( $user eq $req->{user} or !$user ) { - $self->userLogger->notice("Retrieve session from Sessions database"); + $self->logger->debug("checkUser requested for myself"); + $self->userLogger->notice("Return userData..."); $self->userLogger->warn("Using spoofed SSO groups if exist!!!") if ( $self->conf->{impersonationRule} ); $attrs = $req->userData; + $user = $req->{user}; } else { - $self->logger->debug("checkUser requested for $req->{user}"); - $req->{user} = $user; - $self->userLogger->notice( - "Retrieve session from userDB and compute Groups & Macros"); - $attrs = $self->_userDatas($req); + $self->logger->debug("checkUser requested for $user"); + + # Try to retrieve session from sessions DB + $self->userLogger->notice('Try to retrieve session from DB...'); + my $moduleOptions = $self->conf->{globalStorageOptions} || {}; + $moduleOptions->{backend} = $self->conf->{globalStorage}; + my $sessions = + $self->module->searchOn( $moduleOptions, $self->conf->{whatToTrace}, + $user ); + my $age = '1'; + foreach my $id ( keys %$sessions ) { + my $session = $self->p->getApacheSession($id) or next; + + if ( $session->{data}->{_utime} gt $age ) { + + $attrs = $session->{data}; + $age = $session->{data}->{_utime}; + } + } + unless ( defined $attrs->{_session_id} ) { + $req->{user} = $user; + $self->userLogger->notice( + "NO session found in DB. Compute userData..."); + $attrs = $self->_userData($req); + } } if ( $req->error ) { @@ -206,11 +228,8 @@ sub check { LANGS => $self->conf->{showLanguages}, MSG => $msg, ALERTE => ( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ), - LOGIN => ( - $self->p->checkXSSAttack( 'LOGIN', $req->{userData}->{uid} ) ? "" - : $req->{userData}->{uid} - ), - URL => ( + LOGIN => $user, + URL => ( $self->p->checkXSSAttack( 'URL', $url ) ? "" : $url ), @@ -302,10 +321,10 @@ sub _urlFormat { return lc("$proto$vhost$port") . "$appuri"; } -sub _userDatas { +sub _userData { my ( $self, $req ) = @_; - # Search user in database + # Compute session my $steps = [ 'getUser', 'setSessionInfo', 'setMacros', 'setGroups' ]; $self->conf->{checkUserDisplayPersistentInfo} ? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups' diff --git a/lemonldap-ng-portal/t/67-CheckUser.t b/lemonldap-ng-portal/t/67-CheckUser.t index 019d2e241..7c159ae12 100644 --- a/lemonldap-ng-portal/t/67-CheckUser.t +++ b/lemonldap-ng-portal/t/67-CheckUser.t @@ -57,6 +57,21 @@ ok( $res->[2]->[0] =~ m%An error occurs, you're going to be redirected to%, count(1); $client->logout($id); +## Try to authenticate +ok( + $res = $client->_post( + '/', + IO::String->new('user=rtyler&password=rtyler'), + length => 27, + accept => 'text/html', + ), + 'Auth query' +); +count(1); + +$id = expectCookie($res); +expectRedirection( $res, 'http://auth.example.com/' ); + ## Try to authenticate ok( $res = $client->_post( @@ -85,7 +100,6 @@ ok( ); count(1); -# Request with bad VH my ( $host, $url, $query ) = expectForm( $res, undef, '/checkuser', 'user', 'url' ); ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) @@ -99,8 +113,7 @@ ok( $res->[2]->[0] =~ m%dwho%, 'Found value dwho' ) or explain( $res->[2]->[0], 'Value dwho' ); count(2); -$query =~ s/user=dwho/user=rtyler/; -$query =~ s/url=/url=http%3A%2F%2Ftry.example.com/; +$query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/; ok( $res = $client->_post( '/checkuser', @@ -113,6 +126,39 @@ ok( ); count(1); +( $host, $url, $query ) = + expectForm( $res, undef, '/checkuser', 'user', 'url' ); +ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) + or explain( $res->[2]->[0], 'trspan="checkUser"' ); + +count(2); +ok( $res->[2]->[0] =~ m%Auth-User%, + 'Found Auth-User' ) + or explain( $res->[2]->[0], 'Header Key: Auth-User' ); +ok( $res->[2]->[0] =~ m%dwho%, 'Found dwho' ) + or explain( $res->[2]->[0], 'Header Value: dwho' ); +ok( $res->[2]->[0] =~ m%_whatToTrace%, + 'Found _whatToTrace' ) + or explain( $res->[2]->[0], 'Macro Key _whatToTrace' ); +ok( $res->[2]->[0] =~ m%dwho%, 'Found dwho' ) + or explain( $res->[2]->[0], 'Macro Value dwho' ); +count(3); + +$query =~ s/user=dwho/user=rtyler/; +$query =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Ftry.example.com/; +ok( + $res = $client->_post( + '/checkuser', + IO::String->new($query), + cookie => "lemonldap=$id", + length => length($query), + accept => 'text/html', + ), + 'POST checkuser' +); +count(1); + +# Request with bad VH ( $host, $url, $query ) = expectForm( $res, undef, '/checkuser', 'user', 'url' ); ok( $res->[2]->[0] =~ m%%,