Backport #1036
This commit is contained in:
parent
b18e3b8803
commit
bf1fd28aff
|
@ -193,10 +193,7 @@ sub _dbiGKFAS {
|
|||
my ( $class, $type, $args, $data ) = @_;
|
||||
my $next;
|
||||
if ( $type !~ /(?:MySQL)/ ) {
|
||||
$next = sub {
|
||||
require MIME::Base64;
|
||||
return thaw( MIME::Base64::decode_base64( $_[0] ) );
|
||||
};
|
||||
$next = \&decodeThaw64;
|
||||
if ( $args->{useStorable} ) {
|
||||
$args->{unserialize} = $next;
|
||||
}
|
||||
|
@ -349,7 +346,7 @@ sub _LDAPGKFAS {
|
|||
$entry->get_value('cn'),
|
||||
$entry->get_value( $args->{ldapAttributeContent} )
|
||||
);
|
||||
eval { $v = decodeThaw64($v); };
|
||||
eval { $v = $args->{unserialize}->( $v, \&decodeThaw64 ); };
|
||||
next if ($@);
|
||||
if ( ref($data) eq 'CODE' ) {
|
||||
$res{$k} = &$data( $v, $k );
|
||||
|
@ -375,7 +372,8 @@ sub _NoSQLGKFAS {
|
|||
my %res;
|
||||
|
||||
foreach my $k (@keys) {
|
||||
my $v = eval { decodeThaw64( $redis->get($k) ); };
|
||||
my $v =
|
||||
eval { $args->{unserialize}->( $redis->get($k), \&decodeThaw64 ); };
|
||||
next if ($@);
|
||||
if ( ref($data) eq 'CODE' ) {
|
||||
$res{$k} = &$data( $v, $k );
|
||||
|
|
|
@ -184,10 +184,10 @@ sub defaultValuesInit {
|
|||
|
||||
$class->tsv->{$_} = $conf->{$_} foreach (
|
||||
qw(
|
||||
cda cookieExpiration cookieName
|
||||
customFunctions httpOnly securedCookie
|
||||
timeoutActivity useRedirectOnError useRedirectOnForbidden
|
||||
useSafeJail whatToTrace
|
||||
cda cookieExpiration cookieName
|
||||
customFunctions httpOnly securedCookie
|
||||
timeout timeoutActivity useRedirectOnError
|
||||
useRedirectOnForbidden useSafeJail whatToTrace
|
||||
)
|
||||
);
|
||||
|
||||
|
|
|
@ -410,6 +410,18 @@ sub retrieveSession {
|
|||
|
||||
$class->lmLog( "Get session $id", 'debug' );
|
||||
|
||||
# Verify that session is valid
|
||||
if (
|
||||
$now - $class->datas->{_utime} > $class->tsv->{timeout}
|
||||
or ( $class->tsv->{timeoutActivity}
|
||||
and $class->datas->{_lastSeen}
|
||||
and $now - $class->datas->{_lastSeen} > $class->tsv->{timeoutActivity} )
|
||||
)
|
||||
{
|
||||
$class->lmLog( "Session expired", 'info' );
|
||||
return 0;
|
||||
}
|
||||
|
||||
# Update the session to notify activity, if necessary
|
||||
if ( $class->tsv->{timeoutActivity}
|
||||
and ( $now - $class->datas->{_lastSeen} > 60 ) )
|
||||
|
|
|
@ -33,29 +33,15 @@ count(4);
|
|||
# --------------------
|
||||
|
||||
# Authorizated query
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
undef,
|
||||
undef,
|
||||
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
|
||||
),
|
||||
'Authentified query'
|
||||
);
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
|
||||
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Authentified query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
|
||||
count(2);
|
||||
|
||||
# Denied query
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/deny',
|
||||
undef,
|
||||
undef,
|
||||
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
|
||||
),
|
||||
'Denied query'
|
||||
);
|
||||
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query' );
|
||||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
|
||||
|
||||
count(2);
|
||||
|
@ -79,6 +65,8 @@ count(2);
|
|||
|
||||
done_testing( count() );
|
||||
|
||||
clean();
|
||||
|
||||
sub Lemonldap::NG::Handler::PSGI::handler {
|
||||
my ( $self, $req ) = @_;
|
||||
ok( $req->{HTTP_AUTH_USER} eq 'dwho', 'Header is given to app' )
|
||||
|
|
|
@ -33,15 +33,8 @@ count(4);
|
|||
# --------------------
|
||||
|
||||
# Authorizated query
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
undef,
|
||||
undef,
|
||||
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
|
||||
),
|
||||
'Authentified query'
|
||||
);
|
||||
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Authentified query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
|
||||
|
||||
count(2);
|
||||
|
@ -53,15 +46,8 @@ ok( $h{'Auth-User'} eq 'dwho', 'Header Auth-User is set to "dwho"' )
|
|||
count(1);
|
||||
|
||||
# Denied query
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/deny',
|
||||
undef,
|
||||
undef,
|
||||
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
|
||||
),
|
||||
'Denied query'
|
||||
);
|
||||
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query' );
|
||||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
|
||||
|
||||
count(2);
|
||||
|
@ -85,3 +71,4 @@ count(2);
|
|||
|
||||
done_testing( count() );
|
||||
|
||||
clean();
|
||||
|
|
|
@ -33,15 +33,8 @@ count(4);
|
|||
# --------------------
|
||||
|
||||
# Authorizated query
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
undef,
|
||||
undef,
|
||||
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
|
||||
),
|
||||
'Authentified query'
|
||||
);
|
||||
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Authentified query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
|
||||
|
||||
count(2);
|
||||
|
@ -55,15 +48,8 @@ ok( $h{'Headervalue1'} eq 'dwho', 'Headervalue1 is set to "dwho"' )
|
|||
count(2);
|
||||
|
||||
# Denied query
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/deny',
|
||||
undef,
|
||||
undef,
|
||||
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
|
||||
),
|
||||
'Denied query'
|
||||
);
|
||||
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query' );
|
||||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
|
||||
|
||||
count(2);
|
||||
|
@ -87,3 +73,4 @@ count(2);
|
|||
|
||||
done_testing( count() );
|
||||
|
||||
clean();
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
{"updateTime":"20160201202726","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","startTime":"20160201202726","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":1454354846,"uid":"dwho","_issuerDB":"Null","_url":"http://manager.example.com:19876/%5Bobject%20Object%5DaHR0cDovL21hbmFnZXIuZXhhbXBsZS5jb206MTk4NzYvIy9jb25mcy9sYXRlc3Q=","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":1454354846,"loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":1454354846}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}
|
|
@ -3,6 +3,7 @@
|
|||
use strict;
|
||||
use Data::Dumper;
|
||||
use 5.10.0;
|
||||
use POSIX 'strftime';
|
||||
use_ok('Lemonldap::NG::Common::PSGI::Cli::Lib');
|
||||
|
||||
our $client;
|
||||
|
@ -10,6 +11,8 @@ our $count = 1;
|
|||
$Data::Dumper::Deparse = 1;
|
||||
|
||||
my $module;
|
||||
our $sessionId = 'f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545';
|
||||
our $file = "t/sessions/$sessionId";
|
||||
|
||||
sub init {
|
||||
my $arg = shift;
|
||||
|
@ -20,6 +23,23 @@ sub init {
|
|||
ok( $client = Lemonldap::NG::Handler::PSGI::Cli::Lib->new(),
|
||||
'Client object' );
|
||||
count(2);
|
||||
open F, ">$file"
|
||||
or die $!;
|
||||
my $now = time;
|
||||
my $ts = strftime "%Y%m%d%H%M%S", localtime;
|
||||
|
||||
print F '{"updateTime":"'
|
||||
. $ts
|
||||
. '","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","startTime":"'
|
||||
. $ts
|
||||
. '","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":'
|
||||
. $now
|
||||
. ',"uid":"dwho","_issuerDB":"Null","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":'
|
||||
. $now
|
||||
. ',"loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":'
|
||||
. $now
|
||||
. '}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}';
|
||||
close F;
|
||||
}
|
||||
|
||||
sub client {
|
||||
|
@ -45,6 +65,10 @@ sub explain {
|
|||
print STDERR "Expect $ref, get $get\n";
|
||||
}
|
||||
|
||||
sub clean {
|
||||
unlink $file;
|
||||
}
|
||||
|
||||
package Lemonldap::NG::Handler::PSGI::Cli::Lib;
|
||||
|
||||
use Mouse;
|
||||
|
|
|
@ -212,6 +212,13 @@ sub autoRedirect {
|
|||
sub getApacheSession {
|
||||
my ( $self, $id, $noInfo, $force ) = @_;
|
||||
|
||||
if ($id) {
|
||||
$self->lmLog( "Try to get session $id", 'debug' );
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Try to get a new session", 'debug' );
|
||||
}
|
||||
|
||||
my $as = Lemonldap::NG::Common::Session->new(
|
||||
{
|
||||
storageModule => $self->conf->{globalStorage},
|
||||
|
@ -225,7 +232,7 @@ sub getApacheSession {
|
|||
);
|
||||
|
||||
if ( $as->error ) {
|
||||
$self->lmLog( $as->error, 'debug' );
|
||||
$self->lmLog( $as->error, 'error' );
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -234,9 +241,28 @@ sub getApacheSession {
|
|||
return;
|
||||
}
|
||||
|
||||
my $now = time;
|
||||
if (
|
||||
$id
|
||||
and (
|
||||
$now - $as->data->{_utime} > $self->conf->{timeout}
|
||||
or ( $self->conf->{timeoutActivity}
|
||||
and $as->data->{_lastSeen}
|
||||
and $now - $as->data->{_lastSeen} >
|
||||
$self->conf->{timeoutActivity} )
|
||||
)
|
||||
)
|
||||
{
|
||||
$self->lmLog( "Session $id expired", 'debug' );
|
||||
return;
|
||||
}
|
||||
|
||||
unless ($noInfo) {
|
||||
$self->{id} = $as->id;
|
||||
}
|
||||
|
||||
$self->lmLog( "Return session " . $as->id, 'debug' );
|
||||
|
||||
return $as;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user