Allow findUser with UpgradeSession (#1976)
This commit is contained in:
parent
a24ed7bc41
commit
cf55716825
|
@ -92,7 +92,7 @@ run for example each week:
|
|||
Session management
|
||||
------------------
|
||||
|
||||
LL::NG implements the `OpenID Connect Chance Notification specification <http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification>`__
|
||||
LL::NG implements the `OpenID Connect Change Notification specification <http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification>`__
|
||||
|
||||
A ``changed`` state will be sent if the user is disconnected from LL::NG
|
||||
portal (or has destroyed its SSO cookie). Else the ``unchanged`` state
|
||||
|
|
|
@ -32,6 +32,8 @@ sub init {
|
|||
my ($self) = @_;
|
||||
( my $imp = grep /::Plugins::Impersonation$/, $self->p->enabledPlugins )
|
||||
? $self->addUnauthRoute( finduser => 'provideUser', ['POST'] )
|
||||
->addAuthRoute( finduser => 'provideUser',
|
||||
['POST'] ) # Allow findUser with reAuth
|
||||
: $self->logger->warn('FindUser plugin enabled without Impersonation');
|
||||
$self->logger->warn('FindUser plugin enabled without searching attribute')
|
||||
unless keys %{ $self->conf->{findUserSearchingAttributes} };
|
||||
|
|
|
@ -7,7 +7,6 @@ require 't/test-lib.pm';
|
|||
|
||||
my $res;
|
||||
my $json;
|
||||
my $request;
|
||||
my $maintests = 24;
|
||||
|
||||
SKIP: {
|
||||
|
@ -43,7 +42,7 @@ SKIP: {
|
|||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
|
||||
$request = '';
|
||||
my $request = '';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser', IO::String->new($request),
|
||||
|
|
|
@ -15,7 +15,6 @@ SKIP: {
|
|||
}
|
||||
my $res;
|
||||
my $json;
|
||||
my $request;
|
||||
my $dbh = DBI->connect("dbi:SQLite:dbname=$userdb");
|
||||
$dbh->do(
|
||||
'CREATE TABLE users (uid text,password text,cn text,type text,guy text, room text)'
|
||||
|
@ -77,7 +76,7 @@ SKIP: {
|
|||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'uid', 'guy', 'cn', 'room' );
|
||||
$request = '';
|
||||
my $request = '';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser', IO::String->new($request),
|
||||
|
|
|
@ -9,7 +9,6 @@ my $maintests = 25;
|
|||
|
||||
my $res;
|
||||
my $json;
|
||||
my $request;
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
|
@ -39,7 +38,7 @@ ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
|
|||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
|
||||
$request = '';
|
||||
my $request = '';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser', IO::String->new($request),
|
||||
|
|
183
lemonldap-ng-portal/t/68-FindUser-with-UpgradeSession.t
Normal file
183
lemonldap-ng-portal/t/68-FindUser-with-UpgradeSession.t
Normal file
|
@ -0,0 +1,183 @@
|
|||
use Test::More;
|
||||
use strict;
|
||||
use JSON;
|
||||
use IO::String;
|
||||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
my $maintests = 14;
|
||||
|
||||
my $res;
|
||||
my $json;
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Choice',
|
||||
userDB => 'Same',
|
||||
apacheAuthnLevel => 5,
|
||||
upgradeSession => 1,
|
||||
useSafeJail => 1,
|
||||
requireToken => 0,
|
||||
findUser => 1,
|
||||
impersonationRule => 1,
|
||||
findUserControl => '^[\w*\s]+$',
|
||||
findUserWildcard => '*',
|
||||
findUserSearchingAttributes => {
|
||||
uid => 'User',
|
||||
},
|
||||
authChoiceModules => {
|
||||
strong => 'Apache;Demo;Null;;;{}',
|
||||
weak => 'Demo;Demo;Null;;;{}'
|
||||
},
|
||||
vhostOptions => {
|
||||
'test1.example.com' => {
|
||||
vhostAuthnLevel => 3
|
||||
},
|
||||
locationRules => {
|
||||
'test1.example.com' => {
|
||||
default => 'accept',
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
);
|
||||
use Lemonldap::NG::Portal::Main::Constants 'PE_USERNOTFOUND';
|
||||
|
||||
## Simple access
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
|
||||
my $request = '';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser', IO::String->new($request),
|
||||
accept => 'text/html',
|
||||
length => length($request)
|
||||
),
|
||||
'Post empty FindUser request'
|
||||
);
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
( $host, $url, $query ) = expectForm( $res, '#', undef, 'uid' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input id="spoofIdfield" name="spoofId" type="text" class="form-control" value="" autocomplete="off"%,
|
||||
'value=""'
|
||||
) or explain( $res->[2]->[0], 'value=""' );
|
||||
ok(
|
||||
$res->[2]->[0] =~
|
||||
m%<input id="findUser_uid" name="uid" type="text" autocomplete="off" class="form-control" placeholder="User" />%,
|
||||
'id="findUser_uid"'
|
||||
) or explain( $res->[2]->[0], 'id="findUser_uid"' );
|
||||
|
||||
# Try to authenticate
|
||||
# -------------------
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=dwho&password=dwho&lmAuth=weak'),
|
||||
length => 35,
|
||||
accept => 'text/html',
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
my $id = expectCookie($res);
|
||||
|
||||
# Portal IS NOT a handler
|
||||
#########################
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id",
|
||||
host => 'test1.example.com',
|
||||
),
|
||||
'GET http://test1.example.com/'
|
||||
);
|
||||
expectOK($res);
|
||||
|
||||
# After attempting to access test1,
|
||||
# the handler sends up back to /upgradesession
|
||||
# --------------------------------------------
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/upgradesession',
|
||||
query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29t',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id",
|
||||
),
|
||||
'Upgrade session query'
|
||||
);
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/upgradesession', 'confirm', 'url' );
|
||||
|
||||
# Accept session upgrade
|
||||
# ----------------------
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/upgradesession',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id",
|
||||
),
|
||||
'Accept session upgrade query'
|
||||
);
|
||||
|
||||
my $pdata = expectCookie( $res, 'lemonldappdata' );
|
||||
( $host, $url, $query ) = expectForm( $res, '#', undef, 'upgrading', 'url' );
|
||||
|
||||
$request = 'uid=rt*';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser',
|
||||
IO::String->new($request),
|
||||
length => length($request),
|
||||
cookie => "lemonldap=$id;lemonldappdata=$pdata",
|
||||
custom => {
|
||||
REMOTE_USER => 'dwho',
|
||||
},
|
||||
),
|
||||
'Post FindUser request'
|
||||
);
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
ok( $json->{result} == 1, ' Good result' )
|
||||
or explain( $json, 'result => 1' );
|
||||
ok( $json->{user} eq 'rtyler', ' Good user' )
|
||||
or explain( $json, "user => 'rtyler'" );
|
||||
|
||||
# Attempt login
|
||||
$query = $query . "&spoofId=rtyler&lmAuth=strong";
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/upgradesession',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id;lemonldappdata=$pdata",
|
||||
custom => {
|
||||
REMOTE_USER => 'dwho',
|
||||
},
|
||||
),
|
||||
'Post login'
|
||||
);
|
||||
$pdata = expectCookie( $res, 'lemonldappdata' );
|
||||
$id = expectCookie($res);
|
||||
expectRedirection( $res, 'http://test1.example.com' );
|
||||
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/',
|
||||
accept => 'text/html',
|
||||
cookie => "lemonldap=$id;lemonldappdata=$pdata",
|
||||
),
|
||||
'Post login'
|
||||
);
|
||||
expectOK($res);
|
||||
expectAuthenticatedAs( $res, 'rtyler' );
|
||||
|
||||
count($maintests);
|
||||
done_testing( count() );
|
|
@ -9,7 +9,6 @@ my $maintests = 6;
|
|||
|
||||
my $res;
|
||||
my $json;
|
||||
my $request;
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
|
@ -35,7 +34,7 @@ ok(
|
|||
m%<span trspan="searchAccount">Search for an account</span>%,
|
||||
'Search an account not found'
|
||||
) or explain( $res->[2]->[0], 'Found search for an account' );
|
||||
$request = 'uid=dwho';
|
||||
my $request = 'uid=dwho';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser', IO::String->new($request),
|
||||
|
|
|
@ -9,7 +9,6 @@ my $maintests = 6;
|
|||
|
||||
my $res;
|
||||
my $json;
|
||||
my $request;
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
|
@ -34,7 +33,7 @@ ok(
|
|||
m%<span trspan="searchAccount">Search for an account</span>%,
|
||||
'Search an account not found'
|
||||
) or explain( $res->[2]->[0], 'Found search for an account' );
|
||||
$request = 'uid=dwho';
|
||||
my $request = 'uid=dwho';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser', IO::String->new($request),
|
||||
|
|
Loading…
Reference in New Issue
Block a user