From b18fd9c9fef487a1284dcdf851227f7de4a45ad8 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Sat, 2 Mar 2019 11:45:59 +0100
Subject: [PATCH] Fix OTT & minor improvements (#1658)

---
 .../lib/Lemonldap/NG/Portal/Main/Plugin.pm    |  2 +-
 .../Lemonldap/NG/Portal/Plugins/CheckUser.pm  | 27 ++++++++++++-------
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm
index e83ba81e1..ae556bab0 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm
@@ -60,7 +60,7 @@ sub loadTemplate {
 sub accessCtrl {
     my ( $self, $req, $uri ) = @_;
     my $url = $self->conf->{portal} . $uri;
-    $self->logger->debug("Plugin call setSecurity for URL: $url");
+    $self->logger->debug("Plugin calls accessCtrl for URL: $url");
 
     # Check access rule
     my ( $vhost, $appuri ) = $url =~ m#^https?://([^/]*)(.*)#;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
index 2232ae3df..a8d1fafd6 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
@@ -50,7 +50,8 @@ sub check {
             "user $req->{user} not allowed to access /checkuser");
         return $self->p->lmError( $req, 403 );
     }
-    $self->userLogger->notice("user $req->{user} is allowed to access /checkuser");
+    $self->userLogger->notice(
+        "user $req->{user} is allowed to access /checkuser");
 
     # Check token
     if ( $self->conf->{requireToken} ) {
@@ -61,7 +62,7 @@ sub check {
             $token = $self->ott->createToken( $req->sessionInfo );
         }
         unless ( $self->ott->getToken($token) ) {
-            $self->userLogger->warn('Ask try with expired/bad token');
+            $self->userLogger->warn('Checkuser try with expired/bad token');
             $msg   = PE_TOKENEXPIRED;
             $token = $self->ott->createToken( $req->sessionInfo );
         }
@@ -86,8 +87,8 @@ sub check {
     $self->logger->debug("Check requested for $req->{user}");
     $attrs = $self->_userDatas($req);
     if ( $req->error ) {
-        $msg   = 'PE' . $req->{error};
-        $array_attrs  = [ [], [], [] ];
+        $msg = 'PE' . $req->{error};
+        $array_attrs = [ [], [], [] ];
     }
     else {
         $msg = 'checkUser';
@@ -130,7 +131,6 @@ sub check {
         # Return VirtualHost headers
         $array_hdrs = $self->_headers( $req, $url );
     }
-    my $token = $self->ott->createToken( $req->sessionInfo );
 
     # Display form
     return $self->p->sendHtml(
@@ -158,7 +158,11 @@ sub check {
             ATTRIBUTES => $array_attrs->[2],
             MACROS     => $array_attrs->[1],
             GROUPS     => $array_attrs->[0],
-            TOKEN      => $token,
+            TOKEN      => (
+                  $self->conf->{requireToken}
+                ? $self->ott->createToken( $req->sessionInfo )
+                : ''
+            )
         }
     );
 }
@@ -172,8 +176,8 @@ sub display {
             "user $req->{user} not allowed to access /checkuser");
         return $self->p->lmError( $req, 403 );
     }
-    $self->userLogger->notice("user $req->{user} is allowed to access /checkuser");
-    my $token = $self->ott->createToken( $req->sessionInfo );
+    $self->userLogger->notice(
+        "user $req->{user} is allowed to access /checkuser");
 
     # Display form
     return $self->p->sendHtml(
@@ -190,7 +194,11 @@ sub display {
                 ? ""
                 : $req->{user}
             ),
-            TOKEN => $token,
+            TOKEN => (
+                  $self->conf->{requireToken}
+                ? $self->ott->createToken( $req->sessionInfo )
+                : ''
+            )
         }
     );
 }
@@ -243,6 +251,7 @@ sub _splitAttributes {
         my $element = shift @$attrs;
         my $ok      = 0;
         if ( $element->{key} eq 'groups' ) {
+            $self->logger->debug('Key "groups" found');
             my $separator = $self->{conf}->{multiValuesSeparator};
             my @tmp = split /\Q$separator/, $element->{value};
             $grps = [ map { { value => $_ } } sort @tmp ];