Fix test submitted user param (#1667)
This commit is contained in:
parent
a9fbec3f84
commit
ef4f1fb0bf
|
@ -76,8 +76,10 @@ sub check {
|
||||||
# Use submitted attribute if exists
|
# Use submitted attribute if exists
|
||||||
my $url = $req->param('url') || '';
|
my $url = $req->param('url') || '';
|
||||||
|
|
||||||
unless ( $req->param('user') =~ /$self->{conf}->{userControl}/o ) {
|
if ( $req->param('user') ) {
|
||||||
return PE_MALFORMEDUSER;
|
unless ( $req->param('user') =~ /$self->{conf}->{userControl}/o ) {
|
||||||
|
return PE_MALFORMEDUSER;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $req->param('user') eq $req->{user} or !$req->param('user') ) {
|
if ( $req->param('user') eq $req->{user} or !$req->param('user') ) {
|
||||||
|
@ -89,7 +91,8 @@ sub check {
|
||||||
else {
|
else {
|
||||||
$self->logger->debug("Check requested for $req->{user}");
|
$self->logger->debug("Check requested for $req->{user}");
|
||||||
$req->{user} = $req->param('user');
|
$req->{user} = $req->param('user');
|
||||||
$self->userLogger->notice("Retrieve session from userDB and compute Groups & Macros");
|
$self->userLogger->notice(
|
||||||
|
"Retrieve session from userDB and compute Groups & Macros");
|
||||||
$attrs = $self->_userDatas($req);
|
$attrs = $self->_userDatas($req);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -43,9 +43,10 @@ sub init {
|
||||||
|
|
||||||
sub run {
|
sub run {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
if ( $req->param('spoofId') ) {
|
||||||
unless ( $req->param('spoofId') =~ /$self->{conf}->{userControl}/o ) {
|
unless ( $req->param('spoofId') =~ /$self->{conf}->{userControl}/o ) {
|
||||||
return PE_MALFORMEDUSER;
|
return PE_MALFORMEDUSER;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
my $spoofId = $req->param('spoofId') || '';
|
my $spoofId = $req->param('spoofId') || '';
|
||||||
|
@ -86,11 +87,11 @@ sub run {
|
||||||
my $sphg = "$self->{conf}->{impersonationPrefix}hGroups";
|
my $sphg = "$self->{conf}->{impersonationPrefix}hGroups";
|
||||||
my $separator = $self->{conf}->{multiValuesSeparator};
|
my $separator = $self->{conf}->{multiValuesSeparator};
|
||||||
$realSession->{$spg} ||= '';
|
$realSession->{$spg} ||= '';
|
||||||
|
|
||||||
$self->logger->debug("Processing groups...");
|
$self->logger->debug("Processing groups...");
|
||||||
my @spoofGrps = my @realGrps = ();
|
my @spoofGrps = my @realGrps = ();
|
||||||
@spoofGrps = split /\Q$separator/, $spoofSession->{groups};
|
@spoofGrps = split /\Q$separator/, $spoofSession->{groups};
|
||||||
@realGrps = split /\Q$separator/, $realSession->{$spg};
|
@realGrps = split /\Q$separator/, $realSession->{$spg};
|
||||||
@spoofGrps = ( @spoofGrps, @realGrps );
|
@spoofGrps = ( @spoofGrps, @realGrps );
|
||||||
my %hash = map { $_, 1 } @spoofGrps;
|
my %hash = map { $_, 1 } @spoofGrps;
|
||||||
$spoofSession->{groups} = join $separator, sort keys %hash;
|
$spoofSession->{groups} = join $separator, sort keys %hash;
|
||||||
|
@ -98,8 +99,8 @@ sub run {
|
||||||
$self->logger->debug("Processing hGroups...");
|
$self->logger->debug("Processing hGroups...");
|
||||||
$spoofSession->{hGroups} ||= {};
|
$spoofSession->{hGroups} ||= {};
|
||||||
$realSession->{$sphg} ||= {};
|
$realSession->{$sphg} ||= {};
|
||||||
$spoofSession->{hGroups} = { %{ $spoofSession->{hGroups} },
|
$spoofSession->{hGroups}
|
||||||
%{ $realSession->{$sphg} } };
|
= { %{ $spoofSession->{hGroups} }, %{ $realSession->{$sphg} } };
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create spoofed session
|
# Create spoofed session
|
||||||
|
|
Loading…
Reference in New Issue
Block a user