From 6990a4a0c08a26df653be47d3cc1d9f4eb55752f Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Sun, 1 Nov 2020 08:15:03 +0100 Subject: [PATCH 1/5] Set "secure" to StayConnected cookie --- .../lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm index cd17b72c3..4d356f55f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm @@ -116,6 +116,7 @@ sub storeBrowser { name => 'llngconnexion', value => $ps->id, max_age => 2592000, + secure => $self->conf->{securedCookie}, ) ); $req->sessionInfo->{_loginHistory} = $tmp->{history} if exists $tmp->{history}; @@ -213,7 +214,8 @@ sub logout { $self->p->cookie( name => 'llngconnexion', value => 0, - expires => 'Wed, 21 Oct 2015 00:00:00 GMT' + expires => 'Wed, 21 Oct 2015 00:00:00 GMT', + secure => $self->conf->{securedCookie}, ) ); return PE_OK; From fb02515d3e97203eb9dbb4df5278661d905c20f5 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 1 Nov 2020 12:40:07 +0100 Subject: [PATCH 2/5] Append unit test & update manifest (#2366) --- lemonldap-ng-portal/MANIFEST | 3 +- .../t/64-StayConnected-with-2F-and-History.t | 561 ++++++++++++++++++ ...cted.t => 64-StayConnected-with-History.t} | 18 +- 3 files changed, 578 insertions(+), 4 deletions(-) create mode 100644 lemonldap-ng-portal/t/64-StayConnected-with-2F-and-History.t rename lemonldap-ng-portal/t/{64-StayConnected.t => 64-StayConnected-with-History.t} (90%) diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST index 48f227bf8..531113348 100644 --- a/lemonldap-ng-portal/MANIFEST +++ b/lemonldap-ng-portal/MANIFEST @@ -642,7 +642,8 @@ t/62-SingleSession-with-Rules.t t/62-SingleSession.t t/62-UpgradeSession.t t/63-History.t -t/64-StayConnected.t +t/64-StayConnected-with-2F-and-History.t +t/64-StayConnected-with-History.t t/65-AutoSignin.t t/66-CDA-already-auth.t t/66-CDA-PSGI-Try.t diff --git a/lemonldap-ng-portal/t/64-StayConnected-with-2F-and-History.t b/lemonldap-ng-portal/t/64-StayConnected-with-2F-and-History.t new file mode 100644 index 000000000..5c0792194 --- /dev/null +++ b/lemonldap-ng-portal/t/64-StayConnected-with-2F-and-History.t @@ -0,0 +1,561 @@ +use Test::More; +use strict; +use IO::String; + +require 't/test-lib.pm'; +my $res; +my $maintests = 63; + +SKIP: { + eval { + require Convert::Base32; + require Crypt::U2F::Server::Simple; + require Authen::U2F::Tester; + }; + if ($@) { + skip 'Missing libraries', $maintests; + } + + #use_ok('Lemonldap::NG::Common::FormEncode'); + require Lemonldap::NG::Common::TOTP; + + my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + useSafeJail => 1, + stayConnected => 1, + loginHistoryEnabled => 1, + u2fSelfRegistration => 1, + u2fActivation => 1, + totp2fSelfRegistration => 1, + totp2fActivation => 1, + portalMainLogo => 'common/logos/logo_llng_old.png' + } + } + ); + + # Try to authenticate + # ------------------- + ok( + $res = $client->_post( + '/', + IO::String->new('user=dwho&password=dwho'), + length => 23 + ), + 'Auth query' + ); + my $id = expectCookie($res); + + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu' + ); + + # U2F form + ok( + $res = $client->_get( + '/2fregisters/u', + cookie => "lemonldap=$id", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /u2fregistration\.(?:min\.)?js/, 'Found U2F js' ); + + # Ajax registration request + ok( + $res = $client->_post( + '/2fregisters/u/register', IO::String->new(''), + accept => 'application/json', + cookie => "lemonldap=$id", + length => 0, + ), + 'Get registration challenge' + ); + expectOK($res); + my $data; + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( ( $data->{challenge} and $data->{appId} ), ' Get challenge and appId' ) + or explain( $data, 'challenge and appId' ); + + # Build U2F tester + my $tester = Authen::U2F::Tester->new( + certificate => Crypt::OpenSSL::X509->new_from_string( + '-----BEGIN CERTIFICATE----- +MIIB6DCCAY6gAwIBAgIJAJKuutkN2sAfMAoGCCqGSM49BAMCME8xCzAJBgNVBAYT +AlVTMQ4wDAYDVQQIDAVUZXhhczEaMBgGA1UECgwRVW50cnVzdGVkIFUyRiBPcmcx +FDASBgNVBAMMC3ZpcnR1YWwtdTJmMB4XDTE4MDMyODIwMTc1OVoXDTI3MTIyNjIw +MTc1OVowTzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRowGAYDVQQKDBFV +bnRydXN0ZWQgVTJGIE9yZzEUMBIGA1UEAwwLdmlydHVhbC11MmYwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQTij+9mI1FJdvKNHLeSQcOW4ob3prvIXuEGJMrQeJF +6OYcgwxrVqsmNMl5w45L7zx8ryovVOti/mtqkh2pQjtpo1MwUTAdBgNVHQ4EFgQU +QXKKf+rrZwA4WXDCU/Vebe4gYXEwHwYDVR0jBBgwFoAUQXKKf+rrZwA4WXDCU/Ve +be4gYXEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEAiCdOEmw5 +hknzHR1FoyFZKRrcJu17a1PGcqTFMJHTC70CIHeCZ8KVuuMIPjoofQd1l1E221rv +RJY1Oz1fUNbrIPsL +-----END CERTIFICATE-----', Crypt::OpenSSL::X509::FORMAT_PEM() + ), + key => Crypt::PK::ECC->new( + \'-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIOdbZw1swQIL+RZoDQ9zwjWY5UjA1NO81WWjwbmznUbgoAoGCCqGSM49 +AwEHoUQDQgAEE4o/vZiNRSXbyjRy3kkHDluKG96a7yF7hBiTK0HiRejmHIMMa1ar +JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ== +-----END EC PRIVATE KEY-----' + ), + ); + my $r = $tester->register( $data->{appId}, $data->{challenge} ); + ok( $r->is_success, ' Good challenge value' ) + or diag( $r->error_message ); + + my $registrationData = JSON::to_json( { + clientData => $r->client_data, + errorCode => 0, + registrationData => $r->registration_data, + version => "U2F_V2" + } + ); + my ( $host, $url, $query ); + $query = Lemonldap::NG::Common::FormEncode::build_urlencoded( + registration => $registrationData, + challenge => $res->[2]->[0], + ); + + ok( + $res = $client->_post( + '/2fregisters/u/registration', IO::String->new($query), + length => length($query), + accept => 'application/json', + cookie => "lemonldap=$id", + ), + 'Push registration data' + ); + expectOK($res); + eval { $data = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $res->[2] ], 'JSON content' ); + ok( $data->{result} == 1, 'Key is registered' ) + or explain( $data, '"result":1' ); + + # TOTP form + ok( + $res = $client->_get( + '/2fregisters/totp', + cookie => "lemonldap=$id", + accept => 'text/html', + ), + 'Form registration' + ); + ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' ); + + # JS query + ok( + $res = $client->_post( + '/2fregisters/totp/getkey', IO::String->new(''), + cookie => "lemonldap=$id", + length => 0, + ), + 'Get new key' + ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + my ( $key, $token ); + ok( $key = $res->{secret}, 'Found secret' ) or print STDERR Dumper($res); + ok( $token = $res->{token}, 'Found token' ) or print STDERR Dumper($res); + ok( $res->{user} eq 'dwho', 'Found user' ) + or print STDERR Dumper($res); + $key = Convert::Base32::decode_base32($key); + + # Post code + my $code; + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + 'Code' ); + ok( $code =~ /^\d{6}$/, 'Code contains 6 digits' ); + my $s = "code=$code&token=$token&TOTPName=myTOTP"; + ok( + $res = $client->_post( + '/2fregisters/totp/verify', + IO::String->new($s), + length => length($s), + cookie => "lemonldap=$id", + ), + 'Post code' + ); + eval { $res = JSON::from_json( $res->[2]->[0] ) }; + ok( not($@), 'Content is JSON' ) + or explain( $res->[2]->[0], 'JSON content' ); + ok( $res->{result} == 1, 'TOTP is registered' ); + $client->logout($id); + + # Try to authenticate with TOTP + # ----------------------------- + ok( + $res = $client->_post( + '/', + IO::String->new('user=dwho&password=dwho&stayconnected=1&checkLogins=1'), + length => 53 + ), + 'Auth query' + ); + ( $host, $url, $query ) = expectForm( $res, undef, '/2fchoice', 'token' ); + $query .= '&sf=totp'; + ok( + $res = $client->_post( + '/2fchoice', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post TOTP choice' + ); + ( $host, $url, $query ) = + expectForm( $res, undef, '/totp2fcheck', 'token' ); + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + 'Code' ); + $query =~ s/code=/code=$code/; + ok( + $res = $client->_post( + '/totp2fcheck', IO::String->new($query), + length => length($query), + ), + 'Post code' + ); + $id = expectCookie($res); + ( $host, $url, $query ) = + expectForm( $res, undef, '/registerbrowser', 'fg', 'token' ); + + # Push fingerprint + $query =~ s/fg=/fg=aaa/; + ok( + $res = $client->_post( + '/registerbrowser', + IO::String->new($query), + length => length($query), + cookie => "lemonldap=$id", + accept => 'text/html', + ), + 'Post fingerprint' + ); + my $cid = expectCookie( $res, 'llngconnexion' ); + + # History is displayed + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' ) + or explain( $res->[2]->[0], 'trspan="lastLogins"' ); + my @c = ( $res->[2]->[0] =~ /127.0.0.1/gs ); + + # History with 2 successLogins + ok( @c == 2, " -> Two entries found" ) + or explain( $res->[2]->[0], 'Two entries found' ); + ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), + 'Verify connection' ); + expectAuthenticatedAs( $res, 'dwho' ); + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu' + ); + ok( $res->[2]->[0] =~ m%Your applications%, + ' Apps menu found' ) + or print STDERR Dumper( $res->[2]->[0] ); + + $client->logout($id); + + # Try to authenticate with U2F + # ---------------------------- + ok( + $res = $client->_post( + '/', + IO::String->new( + 'user=dwho&password=dwho&stayconnected=1&checkLogins=1'), + length => 53 + ), + 'Auth query' + ); + ( $host, $url, $query ) = expectForm( $res, undef, '/2fchoice', 'token' ); + $query .= '&sf=u'; + ok( + $res = $client->_post( + '/2fchoice', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post U2F choice' + ); + ( $host, $url, $query ) = expectForm( $res, undef, '/u2fcheck', 'token' ); + + # Get challenge + ok( $res->[2]->[0] =~ /^.*"keyHandle".*$/m, ' get keyHandle' ); + $data = $&; + eval { $data = JSON::from_json($data) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $data ], 'JSON content' ); + + # Build U2F signature + $r = + $tester->sign( $data->{appId}, $data->{challenge}, + $data->{registeredKeys}->[0]->{keyHandle} ); + ok( $r->is_success, ' Good challenge value' ) + or diag( $r->error_message ); + my $sign = JSON::to_json( { + errorCode => 0, + signatureData => $r->signature_data, + clientData => $r->client_data, + keyHandle => $data->{registeredKeys}->[0]->{keyHandle}, + } + ); + $sign = + Lemonldap::NG::Common::FormEncode::build_urlencoded( signature => $sign ); + $query =~ s/signature=/$sign/e; + $query =~ s/challenge=/challenge=$data->{challenge}/; + + # POST result + ok( + $res = $client->_post( + '/u2fcheck', + IO::String->new($query), + length => length($query), + ), + 'Push U2F signature' + ); + + # See https://github.com/mschout/perl-authen-u2f-tester/issues/2 + if ( $Authen::U2F::Tester::VERSION >= 0.03 ) { + $id = expectCookie($res); + } + else { + count(1); + pass( +'Authen::2F::Tester-0.02 signatures are not recognized by Yubico library' + ); + } + + ( $host, $url, $query ) = + expectForm( $res, undef, '/registerbrowser', 'fg', 'token' ); + + # Push fingerprint + $query =~ s/fg=/fg=aaa/; + ok( + $res = $client->_post( + '/registerbrowser', + IO::String->new($query), + length => length($query), + cookie => "lemonldap=$id", + accept => 'text/html', + ), + 'Post fingerprint' + ); + $cid = expectCookie( $res, 'llngconnexion' ); + + # History is displayed + ok( + $res->[2]->[0] =~ qr%[2]->[0] ); + ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' ) + or explain( $res->[2]->[0], 'trspan="lastLogins"' ); + my @c = ( $res->[2]->[0] =~ /127.0.0.1/gs ); + + # History with 3 successLogins + ok( @c == 3, " -> Three entries found" ) + or explain( $res->[2]->[0], 'Three entries found' ); + ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), + 'Verify connection' ); + expectAuthenticatedAs( $res, 'dwho' ); + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu' + ); + ok( $res->[2]->[0] =~ m%Your applications%, + ' Apps menu found' ) + or print STDERR Dumper( $res->[2]->[0] ); + + $client->logout($id); + + # Try to connect with persistent connection cookie + ok( + $res = $client->_get( + '/', + cookie => "llngconnexion=$cid", + accept => 'text/html', + ), + 'Try to auth with persistent cookie' + ); + expectOK($res); + ( $host, $url, $query ) = expectForm( $res, '#', undef, 'fg', 'token' ); + + # Push fingerprint + $query =~ s/fg=/fg=aaa/; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + cookie => "llngconnexion=$cid", + length => length($query), + accept => 'text/html', + ), + 'Post fingerprint' + ); + + # Try to authenticate with TOTP + # ----------------------------- + ( $host, $url, $query ) = expectForm( $res, undef, '/2fchoice', 'token' ); + $query .= '&sf=totp'; + ok( + $res = $client->_post( + '/2fchoice', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post TOTP choice' + ); + ( $host, $url, $query ) = + expectForm( $res, undef, '/totp2fcheck', 'token' ); + ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ), + 'Code' ); + $query =~ s/code=/code=$code/; + ok( + $res = $client->_post( + '/totp2fcheck', IO::String->new($query), + length => length($query), + ), + 'Post code' + ); + $id = expectCookie($res); + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu' + ); + expectAuthenticatedAs( $res, 'dwho' ); + ok( $res->[2]->[0] =~ m%Your applications%, + ' Apps menu found' ) + or print STDERR Dumper( $res->[2]->[0] ); + $client->logout($id); + + # Try to connect with persistent connection cookie + ok( + $res = $client->_get( + '/', + cookie => "llngconnexion=$cid", + accept => 'text/html', + ), + 'Try to auth with persistent cookie' + ); + expectOK($res); + ( $host, $url, $query ) = expectForm( $res, '#', undef, 'fg', 'token' ); + + # Push fingerprint + $query =~ s/fg=/fg=aaa/; + ok( + $res = $client->_post( + '/', + IO::String->new($query), + cookie => "llngconnexion=$cid", + length => length($query), + accept => 'text/html', + ), + 'Post fingerprint' + ); + + # Try to authenticate with U2F + # ----------------------------- + ( $host, $url, $query ) = expectForm( $res, undef, '/2fchoice', 'token' ); + $query .= '&sf=u'; + ok( + $res = $client->_post( + '/2fchoice', + IO::String->new($query), + length => length($query), + accept => 'text/html', + ), + 'Post U2F choice' + ); + ( $host, $url, $query ) = expectForm( $res, undef, '/u2fcheck', 'token' ); + + # Get challenge + ok( $res->[2]->[0] =~ /^.*"keyHandle".*$/m, ' get keyHandle' ); + $data = $&; + eval { $data = JSON::from_json($data) }; + ok( not($@), ' Content is JSON' ) + or explain( [ $@, $data ], 'JSON content' ); + + # Build U2F signature + $r = + $tester->sign( $data->{appId}, $data->{challenge}, + $data->{registeredKeys}->[0]->{keyHandle} ); + ok( $r->is_success, ' Good challenge value' ) + or diag( $r->error_message ); + $sign = JSON::to_json( { + errorCode => 0, + signatureData => $r->signature_data, + clientData => $r->client_data, + keyHandle => $data->{registeredKeys}->[0]->{keyHandle}, + } + ); + $sign = + Lemonldap::NG::Common::FormEncode::build_urlencoded( signature => $sign ); + $query =~ s/signature=/$sign/e; + $query =~ s/challenge=/challenge=$data->{challenge}/; + + # POST result + ok( + $res = $client->_post( + '/u2fcheck', + IO::String->new($query), + length => length($query), + ), + 'Push U2F signature' + ); + + # See https://github.com/mschout/perl-authen-u2f-tester/issues/2 + if ( $Authen::U2F::Tester::VERSION >= 0.03 ) { + $id = expectCookie($res); + } + else { + count(1); + pass( +'Authen::2F::Tester-0.02 signatures are not recognized by Yubico library' + ); + } + ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu' + ); + expectAuthenticatedAs( $res, 'dwho' ); + ok( $res->[2]->[0] =~ m%Your applications%, + ' Apps menu found' ) + or print STDERR Dumper( $res->[2]->[0] ); + + $client->logout($id); +} + +count($maintests); +clean_sessions(); +done_testing( count() ); + diff --git a/lemonldap-ng-portal/t/64-StayConnected.t b/lemonldap-ng-portal/t/64-StayConnected-with-History.t similarity index 90% rename from lemonldap-ng-portal/t/64-StayConnected.t rename to lemonldap-ng-portal/t/64-StayConnected-with-History.t index 36edaf657..1abac735e 100644 --- a/lemonldap-ng-portal/t/64-StayConnected.t +++ b/lemonldap-ng-portal/t/64-StayConnected-with-History.t @@ -152,12 +152,24 @@ my @c = ( $res->[2]->[0] =~ /127.0.0.1/gs ); # History with 2 successLogins ok( @c == 2, " -> Two entries found" ) or explain( $res->[2]->[0], 'Two entries found' ); -ok( $res = $client->_get( '/', cookie => "lemonldap=$cid" ), +ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), 'Verify connection' ); -count(4); +expectAuthenticatedAs( $res, 'dwho' ); +ok( + $res = $client->_get( + '/', + cookie => "lemonldap=$id", + accept => 'text/html' + ), + 'Get Menu' +); +ok( $res->[2]->[0] =~ m%Your applications%, + ' Apps menu found' ) + or print STDERR Dumper( $res->[2]->[0] ); +count(6); expectOK($res); -$client->logout($cid); +$client->logout($id); clean_sessions(); done_testing( count() ); From ca7107ec59446f29d696418ac560cdd965fdb7da Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Sun, 1 Nov 2020 19:47:10 +0100 Subject: [PATCH 3/5] Improve unit test (#2364) --- lemonldap-ng-portal/t/64-StayConnected-with-History.t | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/t/64-StayConnected-with-History.t b/lemonldap-ng-portal/t/64-StayConnected-with-History.t index 1abac735e..4c93de0e0 100644 --- a/lemonldap-ng-portal/t/64-StayConnected-with-History.t +++ b/lemonldap-ng-portal/t/64-StayConnected-with-History.t @@ -12,6 +12,7 @@ my $client = LLNG::Manager::Test->new( { useSafeJail => 1, stayConnected => 1, loginHistoryEnabled => 1, + securedCookie => 1, portalMainLogo => 'common/logos/logo_llng_old.png', accept => 'text/html', } @@ -45,10 +46,11 @@ ok( ), 'Post fingerprint' ); -count(1); expectRedirection( $res, 'http://auth.example.com/' ); my $cid = expectCookie( $res, 'llngconnexion' ); - +ok( $res->[1]->[5] =~ /\bsecure\b/, ' Secured cookie found' ) + or print STDERR Dumper( $res->[1]->[5] ); +count(2); $client->logout($id); # Try to connect with persistent connection cookie From bdccb42196fdfdefb6052d32047d6609bbb185c9 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Mon, 2 Nov 2020 12:29:25 +0100 Subject: [PATCH 4/5] Launch DevOps configuration check before fetching cookie (Fixes #2367) --- .../lib/Lemonldap/NG/Handler/Lib/DevOps.pm | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm index e3f3e9be8..84042334f 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm @@ -15,9 +15,9 @@ sub ua { return $_ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->localConfig ); } -sub grant { - my ( $class, $req, $session, $uri, $cond, $vhost ) = @_; - $vhost ||= $class->resolveAlias($req); +sub checkMaintenanceMode { + my ( $class, $req ) = @_; + my $vhost = $class->resolveAlias($req); $class->tsv->{lastVhostUpdate} //= {}; unless ( $class->tsv->{defaultCondition}->{$vhost} @@ -28,8 +28,7 @@ sub grant { { $class->loadVhostConfig( $req, $vhost ); } - return $class->Lemonldap::NG::Handler::Main::grant( $req, $session, $uri, - $cond, $vhost ); + return $class->Lemonldap::NG::Handler::Main::checkMaintenanceMode($req); } sub loadVhostConfig { @@ -37,7 +36,8 @@ sub loadVhostConfig { my $json; if ( $class->tsv->{useSafeJail} ) { my $rUrl = $req->{env}->{RULES_URL} - || ( ( + || ( + ( $class->localConfig->{loopBackUrl} || "http://127.0.0.1:" . $req->{env}->{SERVER_PORT} ) @@ -66,7 +66,7 @@ q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I $json->{rules} ||= { default => 1 }; $json->{headers} //= { 'Auth-User' => '$uid' }; $class->locationRulesInit( undef, { $vhost => $json->{rules} } ); - $class->headersInit( undef, { $vhost => $json->{headers} } ); + $class->headersInit( undef, { $vhost => $json->{headers} } ); $class->tsv->{lastVhostUpdate}->{$vhost} = time; return; } From 5fa54c45fb91273398430db18a38dec2cfad947e Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Mon, 2 Nov 2020 12:49:00 +0100 Subject: [PATCH 5/5] Update version --- lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm index 84042334f..bbde31d7a 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm @@ -4,7 +4,7 @@ use strict; use Lemonldap::NG::Common::UserAgent; use JSON qw(from_json); -our $VERSION = '2.0.0'; +our $VERSION = '2.0.10'; our $_ua;