dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix test submitted user param (#1667)

Browse Source
This commit is contained in:
Christophe Maudoux 2019-03-07 10:47:14 +01:00
parent a9fbec3f84
commit ef4f1fb0bf
2 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
View File

@ -76,8 +76,10 @@ sub check {
# Use submitted attribute if exists # Use submitted attribute if exists
my $url = $req->param('url') || ''; my $url = $req->param('url') || '';
unless ( $req->param('user') =~ /$self->{conf}->{userControl}/o ) { if ( $req->param('user') ) {
return PE_MALFORMEDUSER; unless ( $req->param('user') =~ /$self->{conf}->{userControl}/o ) {
return PE_MALFORMEDUSER;
}
} }
if ( $req->param('user') eq $req->{user} or !$req->param('user') ) { if ( $req->param('user') eq $req->{user} or !$req->param('user') ) {
@ -89,7 +91,8 @@ sub check {
else { else {
$self->logger->debug("Check requested for $req->{user}"); $self->logger->debug("Check requested for $req->{user}");
$req->{user} = $req->param('user'); $req->{user} = $req->param('user');
$self->userLogger->notice("Retrieve session from userDB and compute Groups & Macros"); $self->userLogger->notice(
"Retrieve session from userDB and compute Groups & Macros");
$attrs = $self->_userDatas($req); $attrs = $self->_userDatas($req);
} }

15
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
View File

@ -43,9 +43,10 @@ sub init {
sub run { sub run {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
if ( $req->param('spoofId') ) {
unless ( $req->param('spoofId') =~ /$self->{conf}->{userControl}/o ) { unless ( $req->param('spoofId') =~ /$self->{conf}->{userControl}/o ) {
return PE_MALFORMEDUSER; return PE_MALFORMEDUSER;
}
} }
my $spoofId = $req->param('spoofId') || ''; my $spoofId = $req->param('spoofId') || '';
@ -86,11 +87,11 @@ sub run {
my $sphg = "$self->{conf}->{impersonationPrefix}hGroups"; my $sphg = "$self->{conf}->{impersonationPrefix}hGroups";
my $separator = $self->{conf}->{multiValuesSeparator}; my $separator = $self->{conf}->{multiValuesSeparator};
$realSession->{$spg} ||= ''; $realSession->{$spg} ||= '';
$self->logger->debug("Processing groups..."); $self->logger->debug("Processing groups...");
my @spoofGrps = my @realGrps = (); my @spoofGrps = my @realGrps = ();
@spoofGrps = split /\Q$separator/, $spoofSession->{groups}; @spoofGrps = split /\Q$separator/, $spoofSession->{groups};
@realGrps = split /\Q$separator/, $realSession->{$spg}; @realGrps = split /\Q$separator/, $realSession->{$spg};
@spoofGrps = ( @spoofGrps, @realGrps ); @spoofGrps = ( @spoofGrps, @realGrps );
my %hash = map { $_, 1 } @spoofGrps; my %hash = map { $_, 1 } @spoofGrps;
$spoofSession->{groups} = join $separator, sort keys %hash; $spoofSession->{groups} = join $separator, sort keys %hash;
@ -98,8 +99,8 @@ sub run {
$self->logger->debug("Processing hGroups..."); $self->logger->debug("Processing hGroups...");
$spoofSession->{hGroups} ||= {}; $spoofSession->{hGroups} ||= {};
$realSession->{$sphg} ||= {}; $realSession->{$sphg} ||= {};
$spoofSession->{hGroups} = { %{ $spoofSession->{hGroups} }, $spoofSession->{hGroups}
%{ $realSession->{$sphg} } }; = { %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
} }
# Create spoofed session # Create spoofed session