dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Backport #1036

Browse Source
This commit is contained in:
Xavier Guimard 2016-06-09 11:45:10 +00:00
parent b18e3b8803
commit bf1fd28aff
9 changed files with 88 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session.pm
View File

@ -193,10 +193,7 @@ sub _dbiGKFAS {
my ( $class, $type, $args, $data ) = @_;
my $next;
if ( $type !~ /(?:MySQL)/ ) {
$next = sub {
require MIME::Base64;
return thaw( MIME::Base64::decode_base64( $_[0] ) );
};
$next = \&decodeThaw64;
if ( $args->{useStorable} ) {
$args->{unserialize} = $next;
}
@ -349,7 +346,7 @@ sub _LDAPGKFAS {
$entry->get_value('cn'),
$entry->get_value( $args->{ldapAttributeContent} )
);
eval { $v = decodeThaw64($v); };
eval { $v = $args->{unserialize}->( $v, \&decodeThaw64 ); };
next if ($@);
if ( ref($data) eq 'CODE' ) {
$res{$k} = &$data( $v, $k );
@ -375,7 +372,8 @@ sub _NoSQLGKFAS {
my %res;
foreach my $k (@keys) {
my $v = eval { decodeThaw64( $redis->get($k) ); };
my $v =
eval { $args->{unserialize}->( $redis->get($k), \&decodeThaw64 ); };
next if ($@);
if ( ref($data) eq 'CODE' ) {
$res{$k} = &$data( $v, $k );

8
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
View File

@ -184,10 +184,10 @@ sub defaultValuesInit {
$class->tsv->{$_} = $conf->{$_} foreach (
qw(
cda cookieExpiration cookieName
customFunctions httpOnly securedCookie
timeoutActivity useRedirectOnError useRedirectOnForbidden
useSafeJail whatToTrace
cda cookieExpiration cookieName
customFunctions httpOnly securedCookie
timeout timeoutActivity useRedirectOnError
useRedirectOnForbidden useSafeJail whatToTrace
)
);

12
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
View File

@ -410,6 +410,18 @@ sub retrieveSession {
$class->lmLog( "Get session $id", 'debug' );
# Verify that session is valid
if (
$now - $class->datas->{_utime} > $class->tsv->{timeout}
or ( $class->tsv->{timeoutActivity}
and $class->datas->{_lastSeen}
and $now - $class->datas->{_lastSeen} > $class->tsv->{timeoutActivity} )
)
{
$class->lmLog( "Session expired", 'info' );
return 0;
}
# Update the session to notify activity, if necessary
if ( $class->tsv->{timeoutActivity}
and ( $now - $class->datas->{_lastSeen} > 60 ) )

26
lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t
View File

@ -33,29 +33,15 @@ count(4);
# --------------------
# Authorizated query
ok(
$res = $client->_get(
'/',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Authentified query'
);
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
'Authentified query' );
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
count(2);
# Denied query
ok(
$res = $client->_get(
'/deny',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Denied query'
);
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
'Denied query' );
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
@ -79,6 +65,8 @@ count(2);
done_testing( count() );
clean();
sub Lemonldap::NG::Handler::PSGI::handler {
my ( $self, $req ) = @_;
ok( $req->{HTTP_AUTH_USER} eq 'dwho', 'Header is given to app' )

23
lemonldap-ng-handler/t/61-Lemonldap-NG-Handler-PSGI-Server.t
View File

@ -33,15 +33,8 @@ count(4);
# --------------------
# Authorizated query
ok(
$res = $client->_get(
'/',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Authentified query'
);
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
'Authentified query' );
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
count(2);
@ -53,15 +46,8 @@ ok( $h{'Auth-User'} eq 'dwho', 'Header Auth-User is set to "dwho"' )
count(1);
# Denied query
ok(
$res = $client->_get(
'/deny',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Denied query'
);
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
'Denied query' );
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
@ -85,3 +71,4 @@ count(2);
done_testing( count() );
clean();

23
lemonldap-ng-handler/t/62-Lemonldap-NG-Handler-Nginx.t
View File

@ -33,15 +33,8 @@ count(4);
# --------------------
# Authorizated query
ok(
$res = $client->_get(
'/',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Authentified query'
);
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
'Authentified query' );
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
count(2);
@ -55,15 +48,8 @@ ok( $h{'Headervalue1'} eq 'dwho', 'Headervalue1 is set to "dwho"' )
count(2);
# Denied query
ok(
$res = $client->_get(
'/deny',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Denied query'
);
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
'Denied query' );
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
@ -87,3 +73,4 @@ count(2);
done_testing( count() );
clean();

1
lemonldap-ng-handler/t/sessions/f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545
View File

@ -1 +0,0 @@
{"updateTime":"20160201202726","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","startTime":"20160201202726","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":1454354846,"uid":"dwho","_issuerDB":"Null","_url":"http://manager.example.com:19876/%5Bobject%20Object%5DaHR0cDovL21hbmFnZXIuZXhhbXBsZS5jb206MTk4NzYvIy9jb25mcy9sYXRlc3Q=","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":1454354846,"loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":1454354846}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}

24
lemonldap-ng-handler/t/test-psgi-lib.pm
View File

@ -3,6 +3,7 @@
use strict;
use Data::Dumper;
use 5.10.0;
use POSIX 'strftime';
use_ok('Lemonldap::NG::Common::PSGI::Cli::Lib');
our $client;
@ -10,6 +11,8 @@ our $count = 1;
$Data::Dumper::Deparse = 1;
my $module;
our $sessionId = 'f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545';
our $file = "t/sessions/$sessionId";
sub init {
my $arg = shift;
@ -20,6 +23,23 @@ sub init {
ok( $client = Lemonldap::NG::Handler::PSGI::Cli::Lib->new(),
'Client object' );
count(2);
open F, ">$file"
or die $!;
my $now = time;
my $ts = strftime "%Y%m%d%H%M%S", localtime;
print F '{"updateTime":"'
. $ts
. '","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","startTime":"'
. $ts
. '","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":'
. $now
. ',"uid":"dwho","_issuerDB":"Null","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":'
. $now
. ',"loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":'
. $now
. '}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}';
close F;
}
sub client {
@ -45,6 +65,10 @@ sub explain {
print STDERR "Expect $ref, get $get\n";
}
sub clean {
unlink $file;
}
package Lemonldap::NG::Handler::PSGI::Cli::Lib;
use Mouse;

28
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -212,6 +212,13 @@ sub autoRedirect {
sub getApacheSession {
my ( $self, $id, $noInfo, $force ) = @_;
if ($id) {
$self->lmLog( "Try to get session $id", 'debug' );
}
else {
$self->lmLog( "Try to get a new session", 'debug' );
}
my $as = Lemonldap::NG::Common::Session->new(
{
storageModule => $self->conf->{globalStorage},
@ -225,7 +232,7 @@ sub getApacheSession {
);
if ( $as->error ) {
$self->lmLog( $as->error, 'debug' );
$self->lmLog( $as->error, 'error' );
return;
}
@ -234,9 +241,28 @@ sub getApacheSession {
return;
}
my $now = time;
if (
$id
and (
$now - $as->data->{_utime} > $self->conf->{timeout}
or ( $self->conf->{timeoutActivity}
and $as->data->{_lastSeen}
and $now - $as->data->{_lastSeen} >
$self->conf->{timeoutActivity} )
)
)
{
$self->lmLog( "Session $id expired", 'debug' );
return;
}
unless ($noInfo) {
$self->{id} = $as->id;
}
$self->lmLog( "Return session " . $as->id, 'debug' );
return $as;
}