Append CheckUser normalized headers option & Improve unit test (#2436)
This commit is contained in:
Christophe Maudoux
parent
bd1a0bf6da
commit
e4444c907f
|
|
@ -5,7 +5,7 @@ use strict;
|
|||
use Exporter 'import';
|
||||
use base qw(Exporter);
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.11';
|
||||
|
||||
# CONSTANTS
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
|
||||
package Lemonldap::NG::Common::Conf::DefaultValues;
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.11';
|
||||
|
||||
sub defaultValues {
|
||||
return {
|
||||
|
|
@ -39,6 +39,7 @@ sub defaultValues {
|
|||
'checkUserDisplayComputedSession' => 1,
|
||||
'checkUserDisplayEmptyHeaders' => 0,
|
||||
'checkUserDisplayEmptyValues' => 0,
|
||||
'checkUserDisplayNormalizedHeaders' => 0,
|
||||
'checkUserDisplayPersistentInfo' => 0,
|
||||
'checkUserHiddenAttributes' => '_loginHistory _session_id hGroups',
|
||||
'checkUserIdRule' => 1,
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ use strict;
|
|||
use Exporter 'import';
|
||||
use base qw(Exporter);
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.11';
|
||||
|
||||
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)] );
|
||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ package Lemonldap::NG::Handler::Lib::StatusConstants;
|
|||
use strict;
|
||||
use Exporter 'import';
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.11';
|
||||
|
||||
sub portalConsts {
|
||||
return {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
|
||||
package Lemonldap::NG::Manager::Attributes;
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.11';
|
||||
|
||||
sub perlExpr {
|
||||
my ( $val, $conf ) = @_;
|
||||
|
|
@ -889,6 +889,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 0,
|
||||
'type' => 'boolOrExpr'
|
||||
},
|
||||
'checkUserDisplayNormalizedHeaders' => {
|
||||
'default' => 0,
|
||||
'type' => 'boolOrExpr'
|
||||
},
|
||||
'checkUserDisplayPersistentInfo' => {
|
||||
'default' => 0,
|
||||
'type' => 'boolOrExpr'
|
||||
|
|
|
|||
|
|
@ -511,6 +511,12 @@ sub attributes {
|
|||
documentation => 'Display empty headers rule',
|
||||
flags => 'p',
|
||||
},
|
||||
checkUserDisplayNormalizedHeaders => {
|
||||
default => 0,
|
||||
type => 'boolOrExpr',
|
||||
documentation => 'Display normalized headers rule',
|
||||
flags => 'p',
|
||||
},
|
||||
checkUserDisplayComputedSession => {
|
||||
default => 1,
|
||||
type => 'boolOrExpr',
|
||||
|
|
|
|||
|
|
@ -766,6 +766,7 @@ sub tree {
|
|||
'checkUserSearchAttributes',
|
||||
'checkUserDisplayComputedSession',
|
||||
'checkUserDisplayEmptyHeaders',
|
||||
'checkUserDisplayNormalizedHeaders',
|
||||
'checkUserDisplayEmptyValues',
|
||||
'checkUserDisplayPersistentInfo',
|
||||
'checkUserHiddenHeaders'
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Display persistent session data",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Display empty values",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"Attributes used for searching sessions",
|
||||
"choiceParams":"اختيارالإعدادات",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Display persistent session data",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Display empty values",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"Attributes used for searching sessions",
|
||||
"choiceParams":"Choice parameters",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Display persistent session data",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Display empty values",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"Attributes used for searching sessions",
|
||||
"choiceParams":"Choice parameters",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Display persistent session data",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Mostrar valores vacíos",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"Atributos usados en la búsqueda de sesiones",
|
||||
"choiceParams":"Choice parameters",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
|
||||
"checkUserDisplayEmptyHeaders":"Afficher les entêtes nuls",
|
||||
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
|
||||
"checkUserDisplayNormalizedHeaders":"Display les entêtes normalisés",
|
||||
"checkUserHiddenHeaders":"Entêtes masqués",
|
||||
"checkUserSearchAttributes":"Attributs utilisés pour rechercher les sessions",
|
||||
"choiceParams":"Paramètres des choix",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Display persistent session data",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Mostra valori vuoti",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"Attributes used for searching sessions",
|
||||
"choiceParams":"Scelta parametri",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Display persistent session data",
|
||||
"checkUserDisplayEmptyHeaders":"Wyświetl puste nagłówki",
|
||||
"checkUserDisplayEmptyValues":"Wyświetl puste wartości",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"Atrybuty używane do wyszukiwania sesji",
|
||||
"choiceParams":"Parametry wyboru",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Kalıcı oturum verisini görüntüle",
|
||||
"checkUserDisplayEmptyHeaders":"Boş başlıkları görüntüle",
|
||||
"checkUserDisplayEmptyValues":"Boş değerleri görüntüle",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"Arama oturumlarında kullanılan nitelikler",
|
||||
"choiceParams":"Tercih parametreleri",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Display persistent session data",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Display empty values",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"Attributes used for searching sessions",
|
||||
"choiceParams":"Các tham số lựa chọn",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"Display persistent session data",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Display empty values",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"Attributes used for searching sessions",
|
||||
"choiceParams":"Choice parameters",
|
||||
|
|
|
|||
|
|
@ -208,6 +208,7 @@
|
|||
"checkUserDisplayPersistentInfo":"顯示持久工作階段資料",
|
||||
"checkUserDisplayEmptyHeaders":"顯示空標頭",
|
||||
"checkUserDisplayEmptyValues":"顯示空值",
|
||||
"checkUserDisplayNormalizedHeaders":"Display normalized headers",
|
||||
"checkUserHiddenHeaders":"Hidden headers",
|
||||
"checkUserSearchAttributes":"用於搜尋工作階段的屬性",
|
||||
"choiceParams":"選擇參數",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -4,7 +4,7 @@ package Lemonldap::NG::Portal::Main::Constants;
|
|||
use strict;
|
||||
use Exporter 'import';
|
||||
|
||||
our $VERSION = '2.0.10';
|
||||
our $VERSION = '2.0.11';
|
||||
|
||||
use constant HANDLER => 'Lemonldap::NG::Handler::PSGI::Main';
|
||||
use constant {
|
||||
|
|
|
|||
|
|
@ -28,14 +28,15 @@ has ott => (
|
|||
return $ott;
|
||||
}
|
||||
);
|
||||
has unrestrictedUsersRule => ( is => 'rw', default => sub { 0 } );
|
||||
has displayEmptyValuesRule => ( is => 'rw', default => sub { 0 } );
|
||||
has displayEmptyHeadersRule => ( is => 'rw', default => sub { 0 } );
|
||||
has displayPersistentInfoRule => ( is => 'rw', default => sub { 0 } );
|
||||
has displayComputedSessionRule => ( is => 'rw', default => sub { 0 } );
|
||||
has idRule => ( is => 'rw', default => sub { 1 } );
|
||||
has sorted => ( is => 'rw', default => sub { 0 } );
|
||||
has merged => ( is => 'rw', default => '' );
|
||||
has unrestrictedUsersRule => ( is => 'rw', default => sub { 0 } );
|
||||
has displayEmptyValuesRule => ( is => 'rw', default => sub { 0 } );
|
||||
has displayEmptyHeadersRule => ( is => 'rw', default => sub { 0 } );
|
||||
has displayPersistentInfoRule => ( is => 'rw', default => sub { 0 } );
|
||||
has displayComputedSessionRule => ( is => 'rw', default => sub { 0 } );
|
||||
has displayNormalizedHeadersRule => ( is => 'rw', default => sub { 0 } );
|
||||
has idRule => ( is => 'rw', default => sub { 1 } );
|
||||
has sorted => ( is => 'rw', default => sub { 0 } );
|
||||
has merged => ( is => 'rw', default => '' );
|
||||
|
||||
sub hAttr {
|
||||
$_[0]->{conf}->{checkUserHiddenAttributes} . ' '
|
||||
|
|
@ -96,6 +97,13 @@ sub init {
|
|||
)
|
||||
);
|
||||
return 0 unless $self->displayComputedSessionRule;
|
||||
$self->displayNormalizedHeadersRule(
|
||||
$self->p->buildRule(
|
||||
$self->conf->{checkUserDisplayNormalizedHeaders},
|
||||
'checkUserDisplayNormalizedHeaders'
|
||||
)
|
||||
);
|
||||
return 0 unless $self->displayNormalizedHeadersRule;
|
||||
|
||||
# Init. other options
|
||||
$self->sorted( $self->conf->{impersonationRule}
|
||||
|
|
@ -495,7 +503,7 @@ sub _headers {
|
|||
if ( $keysToRemove
|
||||
&& $self->conf->{checkUserHiddenHeaders}->{$vhost} =~ /\w+/ );
|
||||
|
||||
if ( $keysToRemove eq '__all__' ) {
|
||||
if ( $keysToRemove && $keysToRemove eq '__all__' ) {
|
||||
$self->logger->debug(
|
||||
"Overwrite for VirtualHost: $vhost ALL valued header(s)...");
|
||||
@$headers = map {
|
||||
|
|
@ -504,7 +512,7 @@ sub _headers {
|
|||
: $_
|
||||
} @$headers;
|
||||
}
|
||||
else {
|
||||
elsif ($keysToRemove) {
|
||||
$self->logger->debug(
|
||||
"Mask hidden header(s) for VirtualHost: $vhost");
|
||||
my $hash = { map { $_->{key} => $_->{value} } @$headers };
|
||||
|
|
@ -522,6 +530,19 @@ sub _headers {
|
|||
$self->logger->debug("Remove empty headers...");
|
||||
@$headers = grep $_->{value} =~ /.+/, @$headers;
|
||||
}
|
||||
|
||||
# Normalize headers name if required
|
||||
if ( $self->displayNormalizedHeadersRule->( $req, $savedUserData ) ) {
|
||||
$self->logger->debug("Normalize headers...");
|
||||
@$headers = map {
|
||||
no strict 'refs';
|
||||
{
|
||||
key => &{ $self->p->HANDLER . '::cgiName' }( $_->{key} ),
|
||||
value => $_->{value}
|
||||
}
|
||||
} @$headers;
|
||||
}
|
||||
|
||||
$self->logger->debug(
|
||||
"Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" headers");
|
||||
|
||||
|
|
@ -533,7 +554,7 @@ sub _createArray {
|
|||
my $array_attrs = [];
|
||||
|
||||
if ( $self->displayEmptyValuesRule->( $req, $userData ) ) {
|
||||
$self->logger->debug("Delete hidden attributes");
|
||||
$self->logger->debug("Delete hidden attributes...");
|
||||
foreach my $k ( sort keys %$attrs ) {
|
||||
|
||||
# Ignore hidden attributes
|
||||
|
|
@ -542,7 +563,7 @@ sub _createArray {
|
|||
}
|
||||
}
|
||||
else {
|
||||
$self->logger->debug("Delete hidden and empty attributes");
|
||||
$self->logger->debug("Delete hidden and empty attributes...");
|
||||
foreach my $k ( sort keys %$attrs ) {
|
||||
|
||||
# Ignore hidden attributes and empty values
|
||||
|
|
@ -615,13 +636,13 @@ sub _removeKeys {
|
|||
|
||||
$self->logger->debug($msg);
|
||||
if ($mask) {
|
||||
$self->userLogger->info('Hide some headers');
|
||||
$self->userLogger->info('Hide some headers...');
|
||||
foreach (@keys) {
|
||||
$attrs->{$_} = '******' if $attrs->{$_} =~ /\w+/;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$self->userLogger->info('Remove some headers');
|
||||
$self->userLogger->info('Remove some headers...');
|
||||
delete @$attrs{@keys};
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -10,19 +10,20 @@ my $res;
|
|||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
checkUser => 1,
|
||||
requireToken => 1,
|
||||
tokenUseGlobalStorage => 0,
|
||||
formTimeout => 120,
|
||||
checkUserDisplayPersistentInfo => 1,
|
||||
checkUserDisplayEmptyValues => 1,
|
||||
impersonationMergeSSOgroups => 1,
|
||||
checkUserDisplayComputedSession => 1,
|
||||
logLevel => 'error',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
loginHistoryEnabled => 0,
|
||||
brutForceProtection => 0,
|
||||
checkUser => 1,
|
||||
requireToken => 1,
|
||||
tokenUseGlobalStorage => 0,
|
||||
formTimeout => 120,
|
||||
checkUserDisplayPersistentInfo => 1,
|
||||
checkUserDisplayEmptyValues => 1,
|
||||
impersonationMergeSSOgroups => 1,
|
||||
checkUserDisplayComputedSession => 1,
|
||||
checkUserDisplayNormalizedHeaders => '$uid eq "dwho"'
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
@ -157,12 +158,12 @@ ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
|
|||
or explain( $res->[2]->[0], 'trspan="attributes"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
|
||||
or explain( $res->[2]->[0], 'trspan="macros"' );
|
||||
ok( $res->[2]->[0] =~ m%Auth-User: %, 'Found Auth-User' )
|
||||
or explain( $res->[2]->[0], 'Header Key: Auth-User' );
|
||||
ok( $res->[2]->[0] =~ m%testHeader1: %, 'Found testHeader1' )
|
||||
or explain( $res->[2]->[0], 'Header Key: testHeader1' );
|
||||
ok( $res->[2]->[0] =~ m%testHeader2: %, 'Found testHeader2' )
|
||||
or explain( $res->[2]->[0], 'Header Key: testHeader2' );
|
||||
ok( $res->[2]->[0] =~ m%HTTP_AUTH_USER: %, 'Found HTTP_AUTH_USER' )
|
||||
or explain( $res->[2]->[0], 'Header Key: HTTP_AUTH_USER' );
|
||||
ok( $res->[2]->[0] =~ m%HTTP_TESTHEADER1: %, 'Found HTTP_TESTHEADER1' )
|
||||
or explain( $res->[2]->[0], 'Header Key: HTTP_TESTHEADER1' );
|
||||
ok( $res->[2]->[0] =~ m%HTTP_TESTHEADER2: %, 'Found HTTP_TESTHEADER2' )
|
||||
or explain( $res->[2]->[0], 'Header Key: HTTP_TESTHEADER2' );
|
||||
ok( $res->[2]->[0] !~ m%emptyHeader: %, 'emptyHeader not found' )
|
||||
or explain( $res->[2]->[0], 'Header Key: emptyHeader' );
|
||||
ok( $res->[2]->[0] =~ m%: rtyler%, 'Found rtyler' )
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user