Retrieve session from DB if exists & Improve unit test (#1774)
This commit is contained in:
parent
8fd3f6be90
commit
a89f83294b
|
@ -11,8 +11,8 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
||||||
|
|
||||||
our $VERSION = '2.0.5';
|
our $VERSION = '2.0.5';
|
||||||
|
|
||||||
extends qw(Lemonldap::NG::Portal::Main::Plugin
|
extends
|
||||||
Lemonldap::NG::Portal::Lib::_tokenRule);
|
qw(Lemonldap::NG::Portal::Main::Plugin Lemonldap::NG::Portal::Lib::_tokenRule Lemonldap::NG::Portal::Lib::OtherSessions);
|
||||||
|
|
||||||
# INITIALIZATION
|
# INITIALIZATION
|
||||||
|
|
||||||
|
@ -121,17 +121,39 @@ sub check {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $user eq $req->{user} or !$user ) {
|
if ( $user eq $req->{user} or !$user ) {
|
||||||
$self->userLogger->notice("Retrieve session from Sessions database");
|
$self->logger->debug("checkUser requested for myself");
|
||||||
|
$self->userLogger->notice("Return userData...");
|
||||||
$self->userLogger->warn("Using spoofed SSO groups if exist!!!")
|
$self->userLogger->warn("Using spoofed SSO groups if exist!!!")
|
||||||
if ( $self->conf->{impersonationRule} );
|
if ( $self->conf->{impersonationRule} );
|
||||||
$attrs = $req->userData;
|
$attrs = $req->userData;
|
||||||
|
$user = $req->{user};
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->debug("checkUser requested for $req->{user}");
|
$self->logger->debug("checkUser requested for $user");
|
||||||
$req->{user} = $user;
|
|
||||||
$self->userLogger->notice(
|
# Try to retrieve session from sessions DB
|
||||||
"Retrieve session from userDB and compute Groups & Macros");
|
$self->userLogger->notice('Try to retrieve session from DB...');
|
||||||
$attrs = $self->_userDatas($req);
|
my $moduleOptions = $self->conf->{globalStorageOptions} || {};
|
||||||
|
$moduleOptions->{backend} = $self->conf->{globalStorage};
|
||||||
|
my $sessions =
|
||||||
|
$self->module->searchOn( $moduleOptions, $self->conf->{whatToTrace},
|
||||||
|
$user );
|
||||||
|
my $age = '1';
|
||||||
|
foreach my $id ( keys %$sessions ) {
|
||||||
|
my $session = $self->p->getApacheSession($id) or next;
|
||||||
|
|
||||||
|
if ( $session->{data}->{_utime} gt $age ) {
|
||||||
|
|
||||||
|
$attrs = $session->{data};
|
||||||
|
$age = $session->{data}->{_utime};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
unless ( defined $attrs->{_session_id} ) {
|
||||||
|
$req->{user} = $user;
|
||||||
|
$self->userLogger->notice(
|
||||||
|
"NO session found in DB. Compute userData...");
|
||||||
|
$attrs = $self->_userData($req);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $req->error ) {
|
if ( $req->error ) {
|
||||||
|
@ -206,11 +228,8 @@ sub check {
|
||||||
LANGS => $self->conf->{showLanguages},
|
LANGS => $self->conf->{showLanguages},
|
||||||
MSG => $msg,
|
MSG => $msg,
|
||||||
ALERTE => ( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
|
ALERTE => ( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
|
||||||
LOGIN => (
|
LOGIN => $user,
|
||||||
$self->p->checkXSSAttack( 'LOGIN', $req->{userData}->{uid} ) ? ""
|
URL => (
|
||||||
: $req->{userData}->{uid}
|
|
||||||
),
|
|
||||||
URL => (
|
|
||||||
$self->p->checkXSSAttack( 'URL', $url ) ? ""
|
$self->p->checkXSSAttack( 'URL', $url ) ? ""
|
||||||
: $url
|
: $url
|
||||||
),
|
),
|
||||||
|
@ -302,10 +321,10 @@ sub _urlFormat {
|
||||||
return lc("$proto$vhost$port") . "$appuri";
|
return lc("$proto$vhost$port") . "$appuri";
|
||||||
}
|
}
|
||||||
|
|
||||||
sub _userDatas {
|
sub _userData {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
# Search user in database
|
# Compute session
|
||||||
my $steps = [ 'getUser', 'setSessionInfo', 'setMacros', 'setGroups' ];
|
my $steps = [ 'getUser', 'setSessionInfo', 'setMacros', 'setGroups' ];
|
||||||
$self->conf->{checkUserDisplayPersistentInfo}
|
$self->conf->{checkUserDisplayPersistentInfo}
|
||||||
? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups'
|
? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups'
|
||||||
|
|
|
@ -57,6 +57,21 @@ ok( $res->[2]->[0] =~ m%An error occurs, you're going to be redirected to%,
|
||||||
count(1);
|
count(1);
|
||||||
$client->logout($id);
|
$client->logout($id);
|
||||||
|
|
||||||
|
## Try to authenticate
|
||||||
|
ok(
|
||||||
|
$res = $client->_post(
|
||||||
|
'/',
|
||||||
|
IO::String->new('user=rtyler&password=rtyler'),
|
||||||
|
length => 27,
|
||||||
|
accept => 'text/html',
|
||||||
|
),
|
||||||
|
'Auth query'
|
||||||
|
);
|
||||||
|
count(1);
|
||||||
|
|
||||||
|
$id = expectCookie($res);
|
||||||
|
expectRedirection( $res, 'http://auth.example.com/' );
|
||||||
|
|
||||||
## Try to authenticate
|
## Try to authenticate
|
||||||
ok(
|
ok(
|
||||||
$res = $client->_post(
|
$res = $client->_post(
|
||||||
|
@ -85,7 +100,6 @@ ok(
|
||||||
);
|
);
|
||||||
count(1);
|
count(1);
|
||||||
|
|
||||||
# Request with bad VH
|
|
||||||
my ( $host, $url, $query ) =
|
my ( $host, $url, $query ) =
|
||||||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||||
|
@ -99,8 +113,7 @@ ok( $res->[2]->[0] =~ m%<td class="text-left">dwho</td>%, 'Found value dwho' )
|
||||||
or explain( $res->[2]->[0], 'Value dwho' );
|
or explain( $res->[2]->[0], 'Value dwho' );
|
||||||
count(2);
|
count(2);
|
||||||
|
|
||||||
$query =~ s/user=dwho/user=rtyler/;
|
$query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/;
|
||||||
$query =~ s/url=/url=http%3A%2F%2Ftry.example.com/;
|
|
||||||
ok(
|
ok(
|
||||||
$res = $client->_post(
|
$res = $client->_post(
|
||||||
'/checkuser',
|
'/checkuser',
|
||||||
|
@ -113,6 +126,39 @@ ok(
|
||||||
);
|
);
|
||||||
count(1);
|
count(1);
|
||||||
|
|
||||||
|
( $host, $url, $query ) =
|
||||||
|
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||||
|
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||||
|
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||||
|
|
||||||
|
count(2);
|
||||||
|
ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
|
||||||
|
'Found Auth-User' )
|
||||||
|
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
|
||||||
|
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
|
||||||
|
or explain( $res->[2]->[0], 'Header Value: dwho' );
|
||||||
|
ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
|
||||||
|
'Found _whatToTrace' )
|
||||||
|
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
|
||||||
|
ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
|
||||||
|
or explain( $res->[2]->[0], 'Macro Value dwho' );
|
||||||
|
count(3);
|
||||||
|
|
||||||
|
$query =~ s/user=dwho/user=rtyler/;
|
||||||
|
$query =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Ftry.example.com/;
|
||||||
|
ok(
|
||||||
|
$res = $client->_post(
|
||||||
|
'/checkuser',
|
||||||
|
IO::String->new($query),
|
||||||
|
cookie => "lemonldap=$id",
|
||||||
|
length => length($query),
|
||||||
|
accept => 'text/html',
|
||||||
|
),
|
||||||
|
'POST checkuser'
|
||||||
|
);
|
||||||
|
count(1);
|
||||||
|
|
||||||
|
# Request with bad VH
|
||||||
( $host, $url, $query ) =
|
( $host, $url, $query ) =
|
||||||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||||
ok( $res->[2]->[0] =~ m%<span trspan="VHnotFound">%,
|
ok( $res->[2]->[0] =~ m%<span trspan="VHnotFound">%,
|
||||||
|
|
Loading…
Reference in New Issue
Block a user