From d53cddae394d8add4d54eca160eb7635c97afedf Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Mon, 6 Apr 2020 19:05:26 +0200
Subject: [PATCH] Better fix & De-duplicate groups (#2129)

---
 .../lib/Lemonldap/NG/Portal/Main/SecondFactor.pm          | 8 +++++++-
 .../lib/Lemonldap/NG/Portal/UserDB/Demo.pm                | 2 +-
 lemonldap-ng-portal/t/lmConf-1.json                       | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
index f32b432dc..6ae0f867e 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
@@ -127,7 +127,6 @@ sub _verify {
         $self->logger->debug(
             "Update sessionInfo with new authenticationLevel: $l");
         $req->sessionInfo->{authenticationLevel} = $l;
-        delete $req->sessionInfo->{groups};
 
         # Compute groups & macros again with new authenticationLevel
         $req->steps( [ 'setMacros', 'setLocalGroups' ] );
@@ -136,6 +135,13 @@ sub _verify {
             $req->error($error);
             return $self->p->do( $req, [ sub { $error } ] );
         }
+        $self->logger->debug("Deduplicate groups...");
+        $req->sessionInfo->{groups} = join $self->conf->{multiValuesSeparator},
+          keys %{ {
+                map { $_ => 1 } split $self->conf->{multiValuesSeparator},
+                $req->sessionInfo->{groups}
+            }
+          };
         $self->p->updateSession( $req, $req->sessionInfo );
     }
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
index 5f067bebe..c9b9b5959 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
@@ -89,7 +89,7 @@ sub setSessionInfo {
 # @return Lemonldap::NG::Portal constant
 sub setGroups {
     my ( $self, $req ) = @_;
-    my $user = $req->user || $req->sessionInfo->{ $self->conf->{whatToTrace} };
+    my $user = $req->user;
     my $groups  = $req->sessionInfo->{groups}  || '';
     my $hGroups = $req->sessionInfo->{hGroups} || {};
     for my $grp ( keys %demoGroups ) {
diff --git a/lemonldap-ng-portal/t/lmConf-1.json b/lemonldap-ng-portal/t/lmConf-1.json
index 83cdab64c..aa52a8659 100644
--- a/lemonldap-ng-portal/t/lmConf-1.json
+++ b/lemonldap-ng-portal/t/lmConf-1.json
@@ -34,7 +34,7 @@
     "LockDirectory": "t/sessions/lock",
     "generateModule": "Lemonldap::NG::Common::Apache::Session::Generate::SHA256"
   },
-  "groups": { "su":"$uid and $uid eq \"rtyler\"", "test_su": "$uid and $uid eq \"rtyler\"", "su_test": "$uid and $uid eq \"rtyler\"" },
+  "groups": { "su":"$uid and $uid =~ /(?:rtyler|dwho)/", "test_su": "$uid and $uid eq \"rtyler\"", "su_test": "$uid and $uid eq \"rtyler\"" },
   "key": "qwertyui",
   "locationRules": {
     "auth.example.com" : {