Restore GET activation global rule & Improve unit test (#1625)
This commit is contained in:
parent
094f205ecb
commit
b1048043e9
|
@ -4,17 +4,46 @@ use strict;
|
||||||
use Mouse;
|
use Mouse;
|
||||||
use URI::Escape;
|
use URI::Escape;
|
||||||
use Lemonldap::NG::Common::FormEncode;
|
use Lemonldap::NG::Common::FormEncode;
|
||||||
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADURL);
|
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADURL PE_GET_SERVICE_NOT_ALLOWED);
|
||||||
|
|
||||||
our $VERSION = '2.0.0';
|
our $VERSION = '2.0.0';
|
||||||
|
|
||||||
extends 'Lemonldap::NG::Portal::Main::Issuer';
|
extends 'Lemonldap::NG::Portal::Main::Issuer';
|
||||||
|
|
||||||
|
has rule => ( is => 'rw', default => sub { {} } );
|
||||||
|
|
||||||
|
# INITIALIZATION
|
||||||
|
|
||||||
|
sub init {
|
||||||
|
my ($self) = @_;
|
||||||
|
|
||||||
|
# Parse activation rule
|
||||||
|
my $hd = $self->p->HANDLER;
|
||||||
|
$self->logger->debug(
|
||||||
|
"GET rule -> " . $self->conf->{issuerDBGetRule} );
|
||||||
|
my $rule =
|
||||||
|
$hd->buildSub(
|
||||||
|
$hd->substitute( $self->conf->{issuerDBGetRule} ) );
|
||||||
|
unless ($rule) {
|
||||||
|
$self->error( "Bad GET rule -> " . $hd->tsv->{jail}->error );
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
$self->{rule} = $rule;
|
||||||
|
return 0 unless ( $self->SUPER::init() );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
# RUNNING METHODS
|
# RUNNING METHODS
|
||||||
|
|
||||||
sub run {
|
sub run {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
|
# Check activation rule
|
||||||
|
unless ( $self->rule->( $req, $req->sessionInfo ) ) {
|
||||||
|
$self->userLogger->error('GET service not authorized');
|
||||||
|
return PE_GET_SERVICE_NOT_ALLOWED;
|
||||||
|
}
|
||||||
|
|
||||||
# Session ID
|
# Session ID
|
||||||
my $session_id = $req->{sessionInfo}->{_session_id} || $self->{id};
|
my $session_id = $req->{sessionInfo}->{_session_id} || $self->{id};
|
||||||
|
|
||||||
|
|
|
@ -97,6 +97,7 @@ use constant {
|
||||||
PE_SAML_SERVICE_NOT_ALLOWED => 89,
|
PE_SAML_SERVICE_NOT_ALLOWED => 89,
|
||||||
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
|
PE_OIDC_SERVICE_NOT_ALLOWED => 90,
|
||||||
PE_OID_SERVICE_NOT_ALLOWED => 91,
|
PE_OID_SERVICE_NOT_ALLOWED => 91,
|
||||||
|
PE_GET_SERVICE_NOT_ALLOWED => 92,
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -125,7 +126,7 @@ our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
|
||||||
PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
|
PE_REGISTERALREADYEXISTS PE_NOTOKEN PE_TOKENEXPIRED HANDLER PE_U2FFAILED
|
||||||
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTAUTHN
|
PE_UNAUTHORIZEDPARTNER PE_RENEWSESSION PE_IDPCHOICE PE_WAIT PE_MUSTAUTHN
|
||||||
PE_MUSTHAVEMAIL PE_SAML_SERVICE_NOT_ALLOWED PE_OIDC_SERVICE_NOT_ALLOWED
|
PE_MUSTHAVEMAIL PE_SAML_SERVICE_NOT_ALLOWED PE_OIDC_SERVICE_NOT_ALLOWED
|
||||||
PE_OID_SERVICE_NOT_ALLOWED
|
PE_OID_SERVICE_NOT_ALLOWED PE_GET_SERVICE_NOT_ALLOWED
|
||||||
);
|
);
|
||||||
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
|
our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );
|
||||||
|
|
||||||
|
|
|
@ -8,9 +8,10 @@ my $res;
|
||||||
|
|
||||||
my $client = LLNG::Manager::Test->new( {
|
my $client = LLNG::Manager::Test->new( {
|
||||||
ini => {
|
ini => {
|
||||||
logLevel => 'error',
|
logLevel => 'debug',
|
||||||
useSafeJail => 1,
|
useSafeJail => 1,
|
||||||
issuerDBGetActivation => 1,
|
issuerDBGetActivation => 1,
|
||||||
|
issuerDBGetRule => '$uid eq "dwho"',
|
||||||
issuerDBGetPath => '^/test/',
|
issuerDBGetPath => '^/test/',
|
||||||
issuerDBGetParameters =>
|
issuerDBGetParameters =>
|
||||||
{ 'test1.example.com' => { ID => '_session_id' } }
|
{ 'test1.example.com' => { ID => '_session_id' } }
|
||||||
|
|
Loading…
Reference in New Issue
Block a user