Preserve real_hGroups (#2229)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm

@@ -23,13 +23,6 @@ use constant HANDLERSECTION  => "handler";
 use constant MANAGERSECTION  => "manager";
 use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
 use constant APPLYSECTION            => "apply";
-
-# Default configuration backend
-use constant DEFAULTCONFBACKEND => "File";
-use constant DEFAULTCONFBACKENDOPTIONS => (
-    dirName => '/usr/local/lemonldap-ng/data/conf',
-);
-
 our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
 our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
 
@@ -54,8 +47,6 @@ our %EXPORT_TAGS = (
           MANAGERSECTION
           SESSIONSEXPLORERSECTION
           APPLYSECTION
-          DEFAULTCONFBACKEND
-          DEFAULTCONFBACKENDOPTIONS
           NO
           $hashParameters
           @sessionTypes

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/Status.pm

@@ -11,7 +11,7 @@ use IO::Socket::INET;
 
 use Lemonldap::NG::Handler::Lib::StatusConstants qw(portalConsts);
 
-our $VERSION = '2.0.2';
+our $VERSION = '2.0.9';
 
 our $status   = {};
 our $activity = [];
@@ -260,7 +260,7 @@ sub run {
                 }
             }
             else {
-                print STDERR "Status: Unknown command line : $_";
+                print STDERR "Status: Unknown command line -> $_";
             }
         }
     }

lemonldap-ng-manager/site/htdocs/static/js/conftree.js

@@ -61,7 +61,7 @@ function templates(tpl,key) {
    {
       "cnodes" : tpl+"s/"+key+"/"+"casAppMetaDataMacros",
       "default" : [],
-      "help" : "exportedvars.html#extend_variables_using_macros_and_groups",
+      "help" : "exportedvars.html#extend-variables-using-macros-and-groups",
       "id" : tpl+"s/"+key+"/"+"casAppMetaDataMacros",
       "title" : "casAppMetaDataMacros",
       "type" : "keyTextContainer"
@@ -621,7 +621,7 @@ function templates(tpl,key) {
    {
       "cnodes" : tpl+"s/"+key+"/"+"oidcRPMetaDataMacros",
       "default" : [],
-      "help" : "exportedvars.html#extend_variables_using_macros_and_groups",
+      "help" : "exportedvars.html#extend-variables-using-macros-and-groups",
       "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataMacros",
       "title" : "oidcRPMetaDataMacros",
       "type" : "keyTextContainer"
@@ -656,7 +656,7 @@ function templates(tpl,key) {
    {
       "cnodes" : tpl+"s/"+key+"/"+"samlIDPMetaDataExportedAttributes",
       "default" : [],
-      "help" : "authsaml.html#exported_attributes",
+      "help" : "authsaml.html#exported-attributes",
       "id" : tpl+"s/"+key+"/"+"samlIDPMetaDataExportedAttributes",
       "title" : "samlIDPMetaDataExportedAttributes",
       "type" : "samlAttributeContainer"
@@ -992,7 +992,7 @@ function templates(tpl,key) {
    {
       "cnodes" : tpl+"s/"+key+"/"+"samlSPMetaDataExportedAttributes",
       "default" : [],
-      "help" : "idpsaml.html#exported_attributes",
+      "help" : "idpsaml.html#exported-attributes",
       "id" : tpl+"s/"+key+"/"+"samlSPMetaDataExportedAttributes",
       "title" : "samlSPMetaDataExportedAttributes",
       "type" : "samlAttributeContainer"
@@ -1171,7 +1171,7 @@ function templates(tpl,key) {
    {
       "cnodes" : tpl+"s/"+key+"/"+"samlSPMetaDataMacros",
       "default" : [],
-      "help" : "exportedvars.html#extend_variables_using_macros_and_groups",
+      "help" : "exportedvars.html#extend-variables-using-macros-and-groups",
       "id" : tpl+"s/"+key+"/"+"samlSPMetaDataMacros",
       "title" : "samlSPMetaDataMacros",
       "type" : "keyTextContainer"

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm

@@ -156,19 +156,20 @@ sub run {
         $realSession->{$sphg} ||= {};
 
         # Merge specified groups/hGroups only
+        my %intersct = %{ $realSession->{$sphg} };
         unless ( $self->{conf}->{impersonationMergeSSOgroups} eq 1 ) {
+            %intersct = {};
             my %SSOgroups = map { $_, 1 } split /\Q$separator/,
               $self->{conf}->{impersonationMergeSSOgroups};
 
             $self->logger->debug("Filtering specified groups/hGroups...");
             @realGrps = grep { exists $SSOgroups{$_} } @realGrps;
-            my %intersct =
+            %intersct =
               map {
                 $realSession->{$sphg}->{$_}
                   ? ( $_, $realSession->{$sphg}->{$_} )
                   : ()
               } keys %SSOgroups;
-            $realSession->{$sphg} = \%intersct;
         }
 
         $self->logger->debug("Processing groups...");
@@ -178,7 +179,7 @@ sub run {
 
         $self->logger->debug("Processing hGroups...");
         $spoofSession->{hGroups} =
-          { %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
+          { %{ $spoofSession->{hGroups} }, %intersct };
     }
 
     # Main session

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm

@@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADCREDENTIALS);
 
 extends 'Lemonldap::NG::Common::Module';
 
-our $VERSION = '2.0.8';
+our $VERSION = '2.0.9';
 
 # Sample accounts from Doctor Who characters
 our %demoAccounts = (
@@ -94,7 +94,7 @@ sub setGroups {
     my $hGroups = $req->sessionInfo->{hGroups} || {};
     for my $grp ( keys %demoGroups ) {
         if ( grep { $_ eq $user } @{ $demoGroups{$grp} } ) {
-            $hGroups->{$grp} = {};
+            $hGroups->{$grp} = { 'name' => $grp };
             $groups =
               ($groups)
               ? $groups . $self->conf->{multiValuesSeparator} . $grp

lemonldap-ng-portal/t/68-Impersonation-with-filtered-merge.t

@@ -1,6 +1,7 @@
 use Test::More;
 use strict;
 use IO::String;
+use JSON;
 
 BEGIN {
     require 't/test-lib.pm';
@@ -140,6 +141,27 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_whatToTrace</td>%,
   or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
 count(15);
 
+
+ok(
+    $res = $client->_post(
+        '/checkuser',
+        IO::String->new($query),
+        cookie => "lemonldap=$id",
+        length => length($query),
+    ),
+    'POST checkuser'
+);
+count(1);
+
+my $json;
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+my @real_hGroups = map { $_->{key} eq 'real_hGroups' ? $_ : () }
+  @{ $json->{ATTRIBUTES} };
+ok( keys %{$real_hGroups[0]->{value}} == 5, 'Right number of groups found' )
+  or explain( $real_hGroups[0]->{value}, 'Wrong real_hGroups' );
+count(2);
+
 $client->logout($id);
 clean_sessions();