Preserve real_hGroups (#2229)
This commit is contained in:
parent
62715d4bd2
commit
b04b2076de
|
@ -23,13 +23,6 @@ use constant HANDLERSECTION => "handler";
|
|||
use constant MANAGERSECTION => "manager";
|
||||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||
use constant APPLYSECTION => "apply";
|
||||
|
||||
# Default configuration backend
|
||||
use constant DEFAULTCONFBACKEND => "File";
|
||||
use constant DEFAULTCONFBACKENDOPTIONS => (
|
||||
dirName => '/usr/local/lemonldap-ng/data/conf',
|
||||
);
|
||||
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
|
||||
|
||||
|
@ -54,8 +47,6 @@ our %EXPORT_TAGS = (
|
|||
MANAGERSECTION
|
||||
SESSIONSEXPLORERSECTION
|
||||
APPLYSECTION
|
||||
DEFAULTCONFBACKEND
|
||||
DEFAULTCONFBACKENDOPTIONS
|
||||
NO
|
||||
$hashParameters
|
||||
@sessionTypes
|
||||
|
|
|
@ -11,7 +11,7 @@ use IO::Socket::INET;
|
|||
|
||||
use Lemonldap::NG::Handler::Lib::StatusConstants qw(portalConsts);
|
||||
|
||||
our $VERSION = '2.0.2';
|
||||
our $VERSION = '2.0.9';
|
||||
|
||||
our $status = {};
|
||||
our $activity = [];
|
||||
|
@ -260,7 +260,7 @@ sub run {
|
|||
}
|
||||
}
|
||||
else {
|
||||
print STDERR "Status: Unknown command line : $_";
|
||||
print STDERR "Status: Unknown command line -> $_";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -61,7 +61,7 @@ function templates(tpl,key) {
|
|||
{
|
||||
"cnodes" : tpl+"s/"+key+"/"+"casAppMetaDataMacros",
|
||||
"default" : [],
|
||||
"help" : "exportedvars.html#extend_variables_using_macros_and_groups",
|
||||
"help" : "exportedvars.html#extend-variables-using-macros-and-groups",
|
||||
"id" : tpl+"s/"+key+"/"+"casAppMetaDataMacros",
|
||||
"title" : "casAppMetaDataMacros",
|
||||
"type" : "keyTextContainer"
|
||||
|
@ -621,7 +621,7 @@ function templates(tpl,key) {
|
|||
{
|
||||
"cnodes" : tpl+"s/"+key+"/"+"oidcRPMetaDataMacros",
|
||||
"default" : [],
|
||||
"help" : "exportedvars.html#extend_variables_using_macros_and_groups",
|
||||
"help" : "exportedvars.html#extend-variables-using-macros-and-groups",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataMacros",
|
||||
"title" : "oidcRPMetaDataMacros",
|
||||
"type" : "keyTextContainer"
|
||||
|
@ -656,7 +656,7 @@ function templates(tpl,key) {
|
|||
{
|
||||
"cnodes" : tpl+"s/"+key+"/"+"samlIDPMetaDataExportedAttributes",
|
||||
"default" : [],
|
||||
"help" : "authsaml.html#exported_attributes",
|
||||
"help" : "authsaml.html#exported-attributes",
|
||||
"id" : tpl+"s/"+key+"/"+"samlIDPMetaDataExportedAttributes",
|
||||
"title" : "samlIDPMetaDataExportedAttributes",
|
||||
"type" : "samlAttributeContainer"
|
||||
|
@ -992,7 +992,7 @@ function templates(tpl,key) {
|
|||
{
|
||||
"cnodes" : tpl+"s/"+key+"/"+"samlSPMetaDataExportedAttributes",
|
||||
"default" : [],
|
||||
"help" : "idpsaml.html#exported_attributes",
|
||||
"help" : "idpsaml.html#exported-attributes",
|
||||
"id" : tpl+"s/"+key+"/"+"samlSPMetaDataExportedAttributes",
|
||||
"title" : "samlSPMetaDataExportedAttributes",
|
||||
"type" : "samlAttributeContainer"
|
||||
|
@ -1171,7 +1171,7 @@ function templates(tpl,key) {
|
|||
{
|
||||
"cnodes" : tpl+"s/"+key+"/"+"samlSPMetaDataMacros",
|
||||
"default" : [],
|
||||
"help" : "exportedvars.html#extend_variables_using_macros_and_groups",
|
||||
"help" : "exportedvars.html#extend-variables-using-macros-and-groups",
|
||||
"id" : tpl+"s/"+key+"/"+"samlSPMetaDataMacros",
|
||||
"title" : "samlSPMetaDataMacros",
|
||||
"type" : "keyTextContainer"
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -156,19 +156,20 @@ sub run {
|
|||
$realSession->{$sphg} ||= {};
|
||||
|
||||
# Merge specified groups/hGroups only
|
||||
my %intersct = %{ $realSession->{$sphg} };
|
||||
unless ( $self->{conf}->{impersonationMergeSSOgroups} eq 1 ) {
|
||||
%intersct = {};
|
||||
my %SSOgroups = map { $_, 1 } split /\Q$separator/,
|
||||
$self->{conf}->{impersonationMergeSSOgroups};
|
||||
|
||||
$self->logger->debug("Filtering specified groups/hGroups...");
|
||||
@realGrps = grep { exists $SSOgroups{$_} } @realGrps;
|
||||
my %intersct =
|
||||
%intersct =
|
||||
map {
|
||||
$realSession->{$sphg}->{$_}
|
||||
? ( $_, $realSession->{$sphg}->{$_} )
|
||||
: ()
|
||||
} keys %SSOgroups;
|
||||
$realSession->{$sphg} = \%intersct;
|
||||
}
|
||||
|
||||
$self->logger->debug("Processing groups...");
|
||||
|
@ -178,7 +179,7 @@ sub run {
|
|||
|
||||
$self->logger->debug("Processing hGroups...");
|
||||
$spoofSession->{hGroups} =
|
||||
{ %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
|
||||
{ %{ $spoofSession->{hGroups} }, %intersct };
|
||||
}
|
||||
|
||||
# Main session
|
||||
|
|
|
@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADCREDENTIALS);
|
|||
|
||||
extends 'Lemonldap::NG::Common::Module';
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.9';
|
||||
|
||||
# Sample accounts from Doctor Who characters
|
||||
our %demoAccounts = (
|
||||
|
@ -94,7 +94,7 @@ sub setGroups {
|
|||
my $hGroups = $req->sessionInfo->{hGroups} || {};
|
||||
for my $grp ( keys %demoGroups ) {
|
||||
if ( grep { $_ eq $user } @{ $demoGroups{$grp} } ) {
|
||||
$hGroups->{$grp} = {};
|
||||
$hGroups->{$grp} = { 'name' => $grp };
|
||||
$groups =
|
||||
($groups)
|
||||
? $groups . $self->conf->{multiValuesSeparator} . $grp
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
use Test::More;
|
||||
use strict;
|
||||
use IO::String;
|
||||
use JSON;
|
||||
|
||||
BEGIN {
|
||||
require 't/test-lib.pm';
|
||||
|
@ -140,6 +141,27 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_whatToTrace</td>%,
|
|||
or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
|
||||
count(15);
|
||||
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkuser',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
length => length($query),
|
||||
),
|
||||
'POST checkuser'
|
||||
);
|
||||
count(1);
|
||||
|
||||
my $json;
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
my @real_hGroups = map { $_->{key} eq 'real_hGroups' ? $_ : () }
|
||||
@{ $json->{ATTRIBUTES} };
|
||||
ok( keys %{$real_hGroups[0]->{value}} == 5, 'Right number of groups found' )
|
||||
or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
|
||||
count(2);
|
||||
|
||||
$client->logout($id);
|
||||
clean_sessions();
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user