Append Impersonation unrestrictedUsers rule & Update langs (#2207)
This commit is contained in:
Christophe Maudoux
parent
9d7e5c61cc
commit
eb65264d5d
|
|
@ -875,6 +875,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'checkUserSearchAttributes' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'checkUserUnrestrictedUsersRule' => {
|
||||
'test' => sub {
|
||||
return perlExpr(@_);
|
||||
},
|
||||
'type' => 'text'
|
||||
},
|
||||
'checkXSS' => {
|
||||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
|
|
@ -1029,6 +1035,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'contextSwitchingUnrestrictedUsersRule' => {
|
||||
'test' => sub {
|
||||
return perlExpr(@_);
|
||||
},
|
||||
'type' => 'text'
|
||||
},
|
||||
'cookieExpiration' => {
|
||||
'type' => 'int'
|
||||
},
|
||||
|
|
@ -1428,6 +1440,12 @@ qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-
|
|||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'impersonationUnrestrictedUsersRule' => {
|
||||
'test' => sub {
|
||||
return perlExpr(@_);
|
||||
},
|
||||
'type' => 'text'
|
||||
},
|
||||
'infoFormMethod' => {
|
||||
'default' => 'get',
|
||||
'select' => [ {
|
||||
|
|
|
|||
|
|
@ -454,6 +454,12 @@ sub attributes {
|
|||
default => 1,
|
||||
documentation => 'checkUser identities rule',
|
||||
},
|
||||
checkUserUnrestrictedUsersRule => {
|
||||
type => 'text',
|
||||
test => sub { return perlExpr(@_) },
|
||||
documentation => 'checkUser unrestricted users rule',
|
||||
flags => 'p',
|
||||
},
|
||||
checkUserHiddenAttributes => {
|
||||
type => 'text',
|
||||
default => '_loginHistory _session_id hGroups',
|
||||
|
|
@ -526,6 +532,12 @@ sub attributes {
|
|||
documentation => 'Impersonation identities rule',
|
||||
flags => 'p',
|
||||
},
|
||||
impersonationUnrestrictedUsersRule => {
|
||||
type => 'text',
|
||||
test => sub { return perlExpr(@_) },
|
||||
documentation => 'Impersonation unrestricted users rule',
|
||||
flags => 'p',
|
||||
},
|
||||
impersonationHiddenAttributes => {
|
||||
type => 'text',
|
||||
default => '_2fDevices _loginHistory',
|
||||
|
|
@ -551,6 +563,12 @@ sub attributes {
|
|||
documentation => 'Context switching identities rule',
|
||||
flags => 'p',
|
||||
},
|
||||
contextSwitchingUnrestrictedUsersRule => {
|
||||
type => 'text',
|
||||
test => sub { return perlExpr(@_) },
|
||||
documentation => 'Context switching unrestricted users rule',
|
||||
flags => 'p',
|
||||
},
|
||||
contextSwitchingStopWithLogout => {
|
||||
type => 'bool',
|
||||
default => 1,
|
||||
|
|
|
|||
|
|
@ -739,6 +739,7 @@ sub tree {
|
|||
nodes => [
|
||||
'checkUser',
|
||||
'checkUserIdRule',
|
||||
'checkUserUnrestrictedUsersRule',
|
||||
'checkUserHiddenAttributes',
|
||||
'checkUserSearchAttributes',
|
||||
'checkUserDisplayEmptyHeaders',
|
||||
|
|
@ -753,6 +754,7 @@ sub tree {
|
|||
nodes => [
|
||||
'impersonationRule',
|
||||
'impersonationIdRule',
|
||||
'impersonationUnrestrictedUsersRule',
|
||||
'impersonationHiddenAttributes',
|
||||
'impersonationSkipEmptyValues',
|
||||
'impersonationMergeSSOgroups',
|
||||
|
|
@ -765,6 +767,7 @@ sub tree {
|
|||
nodes => [
|
||||
'contextSwitchingRule',
|
||||
'contextSwitchingIdRule',
|
||||
'contextSwitchingUnrestrictedUsersRule',
|
||||
'contextSwitchingStopWithLogout',
|
||||
]
|
||||
},
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
"contextSwitchingIdRule":"Identities use rule",
|
||||
"contextSwitchingRule":"استخدام القاعدة",
|
||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"cspConnect":"وجهات أجاكس",
|
||||
"cspDefault":"القيمة الاعتيادية ",
|
||||
"cspFont":" مصدر نوع الخط",
|
||||
|
|
@ -186,6 +187,7 @@
|
|||
"checkUsers":"SSO profile Check",
|
||||
"checkUser":"تفعيل",
|
||||
"checkUserIdRule":"Identities use rule",
|
||||
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"checkUserHiddenAttributes":"السمات المخفية",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
|
|
@ -351,6 +353,7 @@
|
|||
"impersonationHiddenAttributes":"السمات المخفية",
|
||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||
"impersonationSkipEmptyValues":"Skip empty values",
|
||||
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"incompleteForm":"الحقول المطلوبة مفقودة",
|
||||
"index":"فهرس",
|
||||
"infoFormMethod":"طريقة للحصول على معلومات الإستمارة",
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
"contextSwitchingIdRule":"Identities use rule",
|
||||
"contextSwitchingRule":"Use rule",
|
||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"cspConnect":"Ajax destinations",
|
||||
"cspDefault":"Default value",
|
||||
"cspFont":"Font source",
|
||||
|
|
@ -187,6 +188,7 @@
|
|||
"checkUser":"Activation",
|
||||
"checkUserIdRule":"Identities use rule",
|
||||
"checkUserHiddenAttributes":"Hidden attributes",
|
||||
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Display empty values",
|
||||
|
|
@ -351,6 +353,7 @@
|
|||
"impersonationHiddenAttributes":"Hidden attributes",
|
||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||
"impersonationSkipEmptyValues":"Skip empty values",
|
||||
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"incompleteForm":"Required fields are missing",
|
||||
"index":"Index",
|
||||
"infoFormMethod":"Method for info form",
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
"contextSwitchingIdRule":"Identities use rule",
|
||||
"contextSwitchingRule":"Use rule",
|
||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"cspConnect":"Ajax destinations",
|
||||
"cspDefault":"Default value",
|
||||
"cspFont":"Font source",
|
||||
|
|
@ -187,6 +188,7 @@
|
|||
"checkUser":"Activation",
|
||||
"checkUserIdRule":"Identities use rule",
|
||||
"checkUserHiddenAttributes":"Hidden attributes",
|
||||
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Display empty values",
|
||||
|
|
@ -351,6 +353,7 @@
|
|||
"impersonationHiddenAttributes":"Hidden attributes",
|
||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||
"impersonationSkipEmptyValues":"Skip empty values",
|
||||
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"incompleteForm":"Required fields are missing",
|
||||
"index":"Index",
|
||||
"infoFormMethod":"Method for info form",
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
"contextSwitchingIdRule":"Règle d'utilisation des identités",
|
||||
"contextSwitchingRule":"Règle d'utilisation",
|
||||
"contextSwitchingStopWithLogout":"Arrêt par déconnexion",
|
||||
"contextSwitchingUnrestrictedUsersRule":"Règle des utilisateurs non restreints",
|
||||
"cspConnect":"Destinations des requêtes AJAX",
|
||||
"cspDefault":"Valeur par défaut",
|
||||
"cspFont":"Sources des polices",
|
||||
|
|
@ -187,6 +188,7 @@
|
|||
"checkUser":"Activation",
|
||||
"checkUserIdRule":"Règle d'utilisation des identités",
|
||||
"checkUserHiddenAttributes":"Attributs masqués",
|
||||
"checkUserUnrestrictedUsersRule":"Règle des utilisateurs non restreints",
|
||||
"checkUserDisplayPersistentInfo":"Afficher les données de session persistante",
|
||||
"checkUserDisplayEmptyHeaders":"Afficher les entêtes nuls",
|
||||
"checkUserDisplayEmptyValues":"Afficher les valeurs nulles",
|
||||
|
|
@ -351,6 +353,7 @@
|
|||
"impersonationHiddenAttributes":"Attributs masqués",
|
||||
"impersonationMergeSSOgroups":"Fusionner les groupes SSO réels et usurpés",
|
||||
"impersonationSkipEmptyValues":"Ignorer les valeurs nulles",
|
||||
"impersonationUnrestrictedUsersRule":"Règle des utilisateurs non restreints",
|
||||
"incompleteForm":"Des champs requis manquent",
|
||||
"index":"Index",
|
||||
"infoFormMethod":"Méthode du formulaire d'information",
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
"contextSwitchingIdRule":"Le identità usano la regola",
|
||||
"contextSwitchingRule":"Utilizza la regola",
|
||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"cspConnect":"Destinazioni Ajax",
|
||||
"cspDefault":"Valore di default",
|
||||
"cspFont":"Origine carattere",
|
||||
|
|
@ -187,6 +188,7 @@
|
|||
"checkUser":"Attivazione",
|
||||
"checkUserIdRule":"Uso della regola delle identità",
|
||||
"checkUserHiddenAttributes":"Attributi nascosti",
|
||||
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"checkUserDisplayPersistentInfo":"Mostra sessione persistente",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Mostra valori vuoti",
|
||||
|
|
@ -351,6 +353,7 @@
|
|||
"impersonationHiddenAttributes":"Attributi nascosti",
|
||||
"impersonationMergeSSOgroups":"Unisci gruppi SSO usurpati e reali",
|
||||
"impersonationSkipEmptyValues":"Salta valori vuoti",
|
||||
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"incompleteForm":"Mancano campi obbligatori",
|
||||
"index":"Indice",
|
||||
"infoFormMethod":"Metodo per il modulo informazioni",
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
"contextSwitchingIdRule":"Reguła korzystania z tożsamości",
|
||||
"contextSwitchingRule":"Użyj reguły",
|
||||
"contextSwitchingStopWithLogout":"Zatrzymaj przez wylogowanie",
|
||||
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"cspConnect":"Miejsca docelowe Ajax",
|
||||
"cspDefault":"Domyślna wartość",
|
||||
"cspFont":"Źródło czcionek",
|
||||
|
|
@ -187,6 +188,7 @@
|
|||
"checkUser":"Aktywacja",
|
||||
"checkUserIdRule":"Reguła korzystania z tożsamości",
|
||||
"checkUserHiddenAttributes":"Ukryte atrybuty",
|
||||
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"checkUserDisplayPersistentInfo":"Wyświetl trwałą sesję",
|
||||
"checkUserDisplayEmptyHeaders":"Wyświetl puste nagłówki",
|
||||
"checkUserDisplayEmptyValues":"Wyświetl puste wartości",
|
||||
|
|
@ -351,6 +353,7 @@
|
|||
"impersonationHiddenAttributes":"Ukryte atrybuty",
|
||||
"impersonationMergeSSOgroups":"Scal sfałszowane i prawdziwe grupy jednokrotnego logowania",
|
||||
"impersonationSkipEmptyValues":"Pomiń puste wartości",
|
||||
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"incompleteForm":"Brak wymaganych pól",
|
||||
"index":"Indeks",
|
||||
"infoFormMethod":"Metoda formularza informacyjnego",
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
"contextSwitchingIdRule":"Kimlik kullanım kuralı",
|
||||
"contextSwitchingRule":"Kuralı kullan",
|
||||
"contextSwitchingStopWithLogout":"Çıkış yapmayı durdur",
|
||||
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"cspConnect":"Ajax hedefleri",
|
||||
"cspDefault":"Varsayılan değer",
|
||||
"cspFont":"Font kaynağı",
|
||||
|
|
@ -187,6 +188,7 @@
|
|||
"checkUser":"Aktivasyon",
|
||||
"checkUserIdRule":"Kimlik kullanım kuralı",
|
||||
"checkUserHiddenAttributes":"Gizli nitelikler",
|
||||
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"checkUserDisplayPersistentInfo":"Kalıcı oturumu görüntüle",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Boş değerleri görüntüle",
|
||||
|
|
@ -351,6 +353,7 @@
|
|||
"impersonationHiddenAttributes":"Gizli nitelikler",
|
||||
"impersonationMergeSSOgroups":"Sahte ve gerçek TOA gruplarını birleştir",
|
||||
"impersonationSkipEmptyValues":"Boş değerleri geç",
|
||||
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"incompleteForm":"Gerekli alanlar eksik",
|
||||
"index":"Dizin",
|
||||
"infoFormMethod":"Bilgi formu için metot",
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
"contextSwitchingIdRule":"Identities use rule",
|
||||
"contextSwitchingRule":"Quy tắc sử dụng",
|
||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"cspConnect":"Đích cúa Ajax",
|
||||
"cspDefault":"Giá trị mặc định",
|
||||
"cspFont":"Nguồn phông chữ",
|
||||
|
|
@ -187,6 +188,7 @@
|
|||
"checkUser":"Kích hoạt",
|
||||
"checkUserIdRule":"Identities use rule",
|
||||
"checkUserHiddenAttributes":"Thuộc tính ẩn",
|
||||
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Display empty values",
|
||||
|
|
@ -351,6 +353,7 @@
|
|||
"impersonationHiddenAttributes":"Thuộc tính ẩn",
|
||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||
"impersonationSkipEmptyValues":"Skip empty values",
|
||||
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"incompleteForm":"Các trường bắt buộc bị thiếu",
|
||||
"index":"Chỉ mục",
|
||||
"infoFormMethod":"Phương pháp cho mẫu thông tin",
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
"contextSwitchingIdRule":"Identities use rule",
|
||||
"contextSwitchingRule":"Use rule",
|
||||
"contextSwitchingStopWithLogout":"Stop by logout",
|
||||
"contextSwitchingUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"cspConnect":"Ajax destinations",
|
||||
"cspDefault":"Default value",
|
||||
"cspFont":"字体源",
|
||||
|
|
@ -187,6 +188,7 @@
|
|||
"checkUser":"激活",
|
||||
"checkUserIdRule":"Identities use rule",
|
||||
"checkUserHiddenAttributes":"Hidden attributes",
|
||||
"checkUserUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"checkUserDisplayPersistentInfo":"Display persistent session",
|
||||
"checkUserDisplayEmptyHeaders":"Display empty headers",
|
||||
"checkUserDisplayEmptyValues":"Display empty values",
|
||||
|
|
@ -351,6 +353,7 @@
|
|||
"impersonationHiddenAttributes":"Hidden attributes",
|
||||
"impersonationMergeSSOgroups":"Merge spoofed and real SSO groups",
|
||||
"impersonationSkipEmptyValues":"Skip empty values",
|
||||
"impersonationUnrestrictedUsersRule":"Unrestricted users rule",
|
||||
"incompleteForm":"Required fields are missing",
|
||||
"index":"Index",
|
||||
"infoFormMethod":"Method for info form",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -5,16 +5,24 @@ use Mouse;
|
|||
use Lemonldap::NG::Portal::Main::Constants
|
||||
qw( PE_OK PE_BADCREDENTIALS PE_IMPERSONATION_SERVICE_NOT_ALLOWED PE_MALFORMEDUSER );
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.9';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||
'Lemonldap::NG::Portal::Lib::_tokenRule';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
use constant afterData => 'run';
|
||||
|
||||
has rule => ( is => 'rw', default => sub { 1 } );
|
||||
has idRule => ( is => 'rw', default => sub { 1 } );
|
||||
has rule => ( is => 'rw', default => sub { 1 } );
|
||||
has idRule => ( is => 'rw', default => sub { 1 } );
|
||||
has unrestrictedUsersRule => ( is => 'rw', default => sub { 0 } );
|
||||
|
||||
# Form timeout token generator (used if requireToken is set)
|
||||
has ott => ( is => 'rw' );
|
||||
|
||||
# Captcha generator
|
||||
has captcha => ( is => 'rw' );
|
||||
|
||||
sub hAttr {
|
||||
$_[0]->{conf}->{impersonationHiddenAttributes} . ' '
|
||||
|
|
@ -40,6 +48,25 @@ sub init {
|
|||
);
|
||||
return 0 unless $self->idRule;
|
||||
|
||||
$self->unrestrictedUsersRule(
|
||||
$self->p->buildRule(
|
||||
$self->conf->{impersonationUnrestrictedUsersRule},
|
||||
'impersonationUnrestrictedUsers'
|
||||
)
|
||||
);
|
||||
return 0 unless $self->unrestrictedUsersRule;
|
||||
|
||||
# Initialize Captcha if needed
|
||||
if ( $self->{conf}->{captcha_login_enabled} ) {
|
||||
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
|
||||
}
|
||||
|
||||
# Initialize form token if needed (captcha provides also a token)
|
||||
else {
|
||||
$self->ott( $self->p->loadModule('::Lib::OneTimeToken') ) or return 0;
|
||||
$self->ott->timeout( $self->conf->{formTimeout} );
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -53,6 +80,7 @@ sub run {
|
|||
PE_OK; # Skip Impersonation if error during Auth process
|
||||
|
||||
my $statut = PE_OK;
|
||||
my $unUser = 0;
|
||||
my $loginHistory =
|
||||
$req->{sessionInfo}->{_loginHistory}; # Store login history
|
||||
$req->{user} ||= $req->{sessionInfo}->{_impUser}; # If 2FA is enabled
|
||||
|
|
@ -70,7 +98,7 @@ sub run {
|
|||
$statut = PE_MALFORMEDUSER;
|
||||
}
|
||||
|
||||
# Check activation rule
|
||||
# Check activation & unrestrictedUsers rules
|
||||
if ( $spoofId ne $req->{user} ) {
|
||||
$self->logger->debug("Spoof Id: $spoofId / Real Id: $req->{user}");
|
||||
unless ( $self->rule->( $req, $req->sessionInfo ) ) {
|
||||
|
|
@ -78,6 +106,7 @@ sub run {
|
|||
$spoofId = $req->{user};
|
||||
$statut = PE_IMPERSONATION_SERVICE_NOT_ALLOWED;
|
||||
}
|
||||
$unUser = $self->unrestrictedUsersRule->( $req, $req->sessionInfo );
|
||||
}
|
||||
|
||||
# Fill spoof session
|
||||
|
|
@ -98,8 +127,9 @@ sub run {
|
|||
delete $req->{sessionInfo}->{$k};
|
||||
}
|
||||
|
||||
$spoofSession = $self->_userData( $req, $spoofId, $realSession );
|
||||
$spoofSession = $self->_userData( $req, $spoofId, $realSession, $unUser );
|
||||
if ( $req->error ) {
|
||||
$self->setSecurity($req);
|
||||
if ( $req->error == PE_BADCREDENTIALS ) {
|
||||
$statut = PE_BADCREDENTIALS;
|
||||
}
|
||||
|
|
@ -168,8 +198,9 @@ sub run {
|
|||
}
|
||||
|
||||
sub _userData {
|
||||
my ( $self, $req, $spoofId, $realSession ) = @_;
|
||||
my ( $self, $req, $spoofId, $realSession, $unUser ) = @_;
|
||||
my $realId = $req->{user};
|
||||
$self->logger->info("$realId is an unrestricted user!") if $unUser;
|
||||
$req->{user} = $spoofId;
|
||||
my $raz = 0;
|
||||
|
||||
|
|
@ -195,7 +226,7 @@ sub _userData {
|
|||
|
||||
# Check identity rule if Impersonation required
|
||||
if ( $realId ne $spoofId ) {
|
||||
unless ( $self->idRule->( $req, $req->sessionInfo ) ) {
|
||||
unless ( $unUser || $self->idRule->( $req, $req->sessionInfo ) ) {
|
||||
$self->userLogger->warn(
|
||||
'Impersonation requested for an unvalid user ('
|
||||
. $req->{user}
|
||||
|
|
@ -215,7 +246,7 @@ sub _userData {
|
|||
$self->p->groupsAndMacros, 'setLocalGroups'
|
||||
]
|
||||
);
|
||||
$self->logger->debug('Spoof session equal real session');
|
||||
$self->logger->debug('Reset Impersonation process');
|
||||
$req->error(PE_BADCREDENTIALS);
|
||||
if ( my $error = $self->p->process($req) ) {
|
||||
$self->logger->debug("Process returned error: $error");
|
||||
|
|
@ -238,4 +269,14 @@ sub _userData {
|
|||
return $req->{sessionInfo};
|
||||
}
|
||||
|
||||
sub setSecurity {
|
||||
my ( $self, $req ) = @_;
|
||||
if ( $self->captcha ) {
|
||||
$self->captcha->setCaptcha($req);
|
||||
}
|
||||
elsif ( $self->ottRule->( $req, {} ) ) {
|
||||
$self->ott->setToken($req);
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user