From 18dd7c2c4147f967a33c227826332d2e88150b6b Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 4 Jun 2019 16:19:01 +0200 Subject: [PATCH 1/7] Append debug msg (#1765) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 9d1b7d2f5..930ba3464 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -793,7 +793,10 @@ sub sendHtml { 'Expires' => '0'; # Proxies my @cors = split /;/, $self->cors; - push @{ $res->[1] }, @cors if $self->conf->{corsEnabled}; + if ( $self->conf->{corsEnabled} ) { + push @{ $res->[1] }, @cors; + $self->logger->debug("Apply following CORS policy : @cors"); + } # Set authorized URL for POST my $csp = $self->csp . "form-action " . $self->conf->{cspFormAction}; From dfe83355204e5e6174387333185da6f04f2a6e08 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 4 Jun 2019 18:18:33 +0200 Subject: [PATCH 2/7] Update langs (#1774) --- lemonldap-ng-portal/site/htdocs/static/languages/ar.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/de.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/en.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/es.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/fi.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/fr.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/it.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/nl.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/pt.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/ro.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/vi.json | 1 + lemonldap-ng-portal/site/htdocs/static/languages/zh.json | 1 + 12 files changed, 12 insertions(+) diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json index e8b4f00a4..9256030a8 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json @@ -109,6 +109,7 @@ "checkLastLogins":"تحقق من آخر تسجيلات دخول الخاصة بي", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Choose your second factor", "chooseApp":"اختر أحد التطبيقات المسموح لك بالدخول إليها", "clickHere":"الرجاء الضغط هنا", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/de.json b/lemonldap-ng-portal/site/htdocs/static/languages/de.json index aeb52f2d5..562953c58 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/de.json @@ -109,6 +109,7 @@ "checkLastLogins":"Überprüfe meine letzten Logins", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Wählen deinen Ihren zweiten Faktor", "chooseApp":"Wählen Sie eine Anwendung aus, auf die du zugreifen darfst", "clickHere":"Bitte hier klicken", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/en.json b/lemonldap-ng-portal/site/htdocs/static/languages/en.json index 10a3d929b..dae23be45 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json @@ -109,6 +109,7 @@ "checkLastLogins":"Check my last logins", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Choose your second factor", "chooseApp":"Choose an application your are allowed to access to", "clickHere":"Please click here", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/es.json b/lemonldap-ng-portal/site/htdocs/static/languages/es.json index 1b823f578..53286bce1 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/es.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/es.json @@ -109,6 +109,7 @@ "checkLastLogins":"Check my last logins", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Choose your second factor", "chooseApp":"Choose an application your are allowed to access to", "clickHere":"Please click here", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json index 9cc9cbc28..477115bcd 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json @@ -109,6 +109,7 @@ "checkLastLogins":"Tarkista viimeiset kirjautumiseni", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Choose your second factor", "chooseApp":"Choose an application your are allowed to access to", "clickHere":"Please click here", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json index 7232045b7..4dde91e34 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json @@ -109,6 +109,7 @@ "checkLastLogins":"Voir mes dernières connexions", "checkUser":"Vérifier le profil SSO d'un utilisateur", "checkUserMerged":"Vérifier le profil SSO d'un utilisateur. Les groupes SSO réels et usurpés sont fusionnés !!!", +"checkUserComputeSession":"Données de session issues d'une évaluation !!!", "choose2f":"Choisissez votre second facteur", "chooseApp":"Choisissez une application à laquelle vous êtes autorisé à accéder", "clickHere":"Cliquez ici", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/it.json b/lemonldap-ng-portal/site/htdocs/static/languages/it.json index cf641e7a8..e1b210f34 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/it.json @@ -109,6 +109,7 @@ "checkLastLogins":"Controllare i miei ultimi accessi", "checkUser":"Controlla il profilo SSO dell'utente", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Scegli il tuo secondo fattore", "chooseApp":"Scegli un'applicazione alla quale ti è consentito l'accesso", "clickHere":"Per favore clicka qui", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json index ff422d7ac..69662ffe8 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json @@ -109,6 +109,7 @@ "checkLastLogins":"Check my last logins", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Choose your second factor", "chooseApp":"Choose an application your are allowed to access to", "clickHere":"Please click here", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json index d2e849651..eae0e694b 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json @@ -109,6 +109,7 @@ "checkLastLogins":"Check my last logins", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Choose your second factor", "chooseApp":"Choose an application your are allowed to access to", "clickHere":"Please click here", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json index 2ddd792e5..c5c288a7c 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json @@ -109,6 +109,7 @@ "checkLastLogins":"Check my last logins", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Choose your second factor", "chooseApp":"Choose an application your are allowed to access to", "clickHere":"Please click here", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json index 959515af0..d512d525f 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json @@ -109,6 +109,7 @@ "checkLastLogins":"Kiểm tra lần đăng nhập cuối cùng của bạn", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Choose your second factor", "chooseApp":"Chọn một ứng dụng bạn được phép truy cập vào", "clickHere":"Vui lòng nhấp vào đây", diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json index 2c9730149..7e9b4bcb3 100644 --- a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json @@ -109,6 +109,7 @@ "checkLastLogins":"Check my last logins", "checkUser":"Check user SSO profile", "checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!", +"checkUserComputeSession":"Computed session data!!!", "choose2f":"Choose your second factor", "chooseApp":"Choose an application your are allowed to access to", "clickHere":"请点击这里", From 2b21762a9a60c3c26bc72021bea0251b93361c48 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 4 Jun 2019 18:18:53 +0200 Subject: [PATCH 3/7] Update unit tests (#1774) --- lemonldap-ng-portal/t/67-CheckUser-with-Global-token.t | 4 ++-- lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t | 4 ++-- lemonldap-ng-portal/t/67-CheckUser-with-token.t | 6 ++++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lemonldap-ng-portal/t/67-CheckUser-with-Global-token.t b/lemonldap-ng-portal/t/67-CheckUser-with-Global-token.t index e71714687..18d3b5366 100644 --- a/lemonldap-ng-portal/t/67-CheckUser-with-Global-token.t +++ b/lemonldap-ng-portal/t/67-CheckUser-with-Global-token.t @@ -105,8 +105,8 @@ count(1); ( $host, $url, $query ) = expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' ); -ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) - or explain( $res->[2]->[0], 'trspan="checkUser"' ); +ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUserComputeSession"' ) + or explain( $res->[2]->[0], 'trspan="checkUserComputeSession"' ); ok( $res->[2]->[0] =~ m%
%, diff --git a/lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t b/lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t index 0e7620b33..35c47578c 100644 --- a/lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t +++ b/lemonldap-ng-portal/t/67-CheckUser-with-issuer-SAML-POST.t @@ -267,7 +267,7 @@ SKIP: { or explain( $res->[2]->[0], 'Value french' ); count(4); - # CheckUser request with unknown user + # CheckUser request with an unknown user $query =~ s/user=french/user=rtyler/; ok( $res = $sp->_post( @@ -286,7 +286,7 @@ m%
%, ) or explain( $res->[2]->[0], 'PE5 - Unknown identity' ); count(2); - # CheckUser request with an already authneticated user + # CheckUser request with an already authenticated user $query =~ s/user=rtyler/user=davros/; ok( $res = $sp->_post( diff --git a/lemonldap-ng-portal/t/67-CheckUser-with-token.t b/lemonldap-ng-portal/t/67-CheckUser-with-token.t index 5059a31d2..caeaf0e05 100644 --- a/lemonldap-ng-portal/t/67-CheckUser-with-token.t +++ b/lemonldap-ng-portal/t/67-CheckUser-with-token.t @@ -105,8 +105,10 @@ count(1); ( $host, $url, $query ) = expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' ); -ok( $res->[2]->[0] =~ m%%, 'Found trspan="checkUser"' ) - or explain( $res->[2]->[0], 'trspan="checkUser"' ); +ok( + $res->[2]->[0] =~ m%%, + 'Found trspan="checkUserComputeSession"' +) or explain( $res->[2]->[0], 'trspan="checkUserComputeSession"' ); ok( $res->[2]->[0] =~ m%
%, From 95b188ccfeae064116e67a5c7bc284babc7e726a Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 4 Jun 2019 18:19:33 +0200 Subject: [PATCH 4/7] Fix grant parameter, append warning msg & debug logs (#1774) --- .../Lemonldap/NG/Portal/Plugins/CheckUser.pm | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm index cdbb81cf1..d43f2b4e3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm @@ -62,7 +62,7 @@ sub init { sub check { my ( $self, $req ) = @_; my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] ); - my $msg = my $auth = ''; + my $msg = my $auth = my $compute = ''; # Check token if ( $self->ottRule->( $req, {} ) ) { @@ -136,6 +136,7 @@ sub check { # Try to retrieve session from sessions DB $self->userLogger->notice('Try to retrieve session from DB...'); + $self->logger->debug('Try to retrieve session from DB...'); my $moduleOptions = $self->conf->{globalStorageOptions} || {}; $moduleOptions->{backend} = $self->conf->{globalStorage}; my $sessions = @@ -154,7 +155,10 @@ sub check { $req->{user} = $user; $self->userLogger->notice( "NO session found in DB. Compute userData..."); + $self->logger->debug( + "NO session found in DB. Compute userData..."); $attrs = $self->_userData($req); + $compute = 1; } } @@ -168,6 +172,7 @@ sub check { $self->{conf}->{impersonationMergeSSOgroups} ? 'checkUserMerged' : 'checkUser'; + $msg = 'checkUserComputeSession' if $compute; # Create an array of hashes for template loop $self->logger->debug("Delete hidden or empty attributes"); @@ -199,13 +204,12 @@ sub check { $url = $self->_urlFormat($url); # User is allowed ? - $auth = $self->_authorization( $req, $url ); $self->logger->debug( - "checkUser requested for user: $req->{user} and URL: $url"); + "checkUser requested for user: $attrs->{ $self->{conf}->{whatToTrace} } and URL: $url"); + $auth = $self->_authorization( $req, $url, $attrs ); if ( $auth >= 0 ) { - $auth = $auth ? "allowed" : "forbidden"; - $self->userLogger->notice( "checkUser -> $req->{user} is " + $self->userLogger->notice( "checkUser -> $attrs->{ $self->{conf}->{whatToTrace} } is " . uc($auth) . " to access: $url" ); @@ -362,7 +366,7 @@ sub _userData { } sub _authorization { - my ( $self, $req, $uri ) = @_; + my ( $self, $req, $uri, $attrs ) = @_; my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#; my $exist = 0; @@ -375,9 +379,9 @@ sub _authorization { } } - $self->logger->debug("Return \"$req->{user}\" authorization"); + $self->logger->debug("Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" authorization"); return $exist - ? $self->p->HANDLER->grant( $req, $req->{userData}, $appuri, + ? $self->p->HANDLER->grant( $req, $attrs, $appuri, undef, $vhost ) : -1; } From eab00052f32b6870d41f5330746cd4a6f91e42c4 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 4 Jun 2019 19:58:52 +0200 Subject: [PATCH 5/7] Fix debug msg (#1774) --- lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 930ba3464..b640d973d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -795,7 +795,8 @@ sub sendHtml { my @cors = split /;/, $self->cors; if ( $self->conf->{corsEnabled} ) { push @{ $res->[1] }, @cors; - $self->logger->debug("Apply following CORS policy : @cors"); + $self->logger->debug( + "Apply following CORS policy : " . Data::Dumper::Dumper(\@cors) ); } # Set authorized URL for POST From c044ebc473957288de180799ba7c0364c12d0f93 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 4 Jun 2019 23:18:06 +0200 Subject: [PATCH 6/7] Fix functions parameter (#1774) --- .../Lemonldap/NG/Portal/Plugins/CheckUser.pm | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm index d43f2b4e3..dcc3f570e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm @@ -214,7 +214,7 @@ sub check { . " to access: $url" ); # Return VirtualHost headers - $array_hdrs = $self->_headers( $req, $url ); + $array_hdrs = $self->_headers( $req, $url, $attrs ); } else { $auth = 'VHnotFound'; @@ -260,6 +260,7 @@ sub display { my ( $self, $req ) = @_; my ( $attrs, $array_attrs ) = ( {}, [] ); + $self->logger->debug("Display current session data..."); $self->userLogger->notice("Retrieve session from Sessions database"); $self->userLogger->warn("Using spoofed SSO groups if exist!!!") if ( $self->conf->{impersonationRule} ); @@ -323,7 +324,6 @@ sub _urlFormat { $vhost =~ s/:\d+$//; $vhost .= $self->conf->{domain} unless ( $vhost =~ /\./ ); - #$appuri ||= '/'; return lc("$proto$vhost$port") . "$appuri"; } @@ -347,6 +347,13 @@ sub _userData { return $req->error($error); } + unless ( defined $req->sessionInfo->{uid} ) { + + # Avoid error with SAML, OIDC, etc... + $self->logger->debug("\"$req->{user}\" NOT found in userDB"); + return $req->error(PE_BADCREDENTIALS); + } + # Check identities rule unless ( $self->idRule->( $req, $req->sessionInfo ) ) { $self->userLogger->warn( @@ -355,12 +362,7 @@ sub _userData { $self->logger->debug('Identity not authorized'); return $req->error(PE_BADCREDENTIALS); } - unless ( defined $req->sessionInfo->{uid} ) { - # Avoid error with SAML, OIDC, etc... - $self->logger->debug("\"$req->{user}\" NOT found in userDB"); - return $req->error(PE_BADCREDENTIALS); - } $self->logger->debug("Return \"$req->{user}\" sessionInfo"); return $req->{sessionInfo}; } @@ -387,15 +389,14 @@ sub _authorization { } sub _headers { - my ( $self, $req, $uri ) = @_; + my ( $self, $req, $uri, $attrs ) = @_; my ($vhost) = $uri =~ m#^https?://([^/]*).*#; $vhost =~ s/:\d+$//; $req->{env}->{HTTP_HOST} = $vhost; $self->p->HANDLER->headersInit( $self->{conf} ); - - $self->logger->debug("Return \"$req->{user}\" headers"); - return $self->p->HANDLER->checkHeaders( $req, $req->{userData} ); + $self->logger->debug("Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" headers"); + return $self->p->HANDLER->checkHeaders( $req, $attrs ); } sub _splitAttributes { From 59637200fd2fc235bea17f88cd4baa72d728177c Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 4 Jun 2019 23:18:35 +0200 Subject: [PATCH 7/7] Improve unit test (#1774) --- lemonldap-ng-portal/t/67-CheckUser.t | 31 ++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-portal/t/67-CheckUser.t b/lemonldap-ng-portal/t/67-CheckUser.t index 3e3fb88a7..28059b093 100644 --- a/lemonldap-ng-portal/t/67-CheckUser.t +++ b/lemonldap-ng-portal/t/67-CheckUser.t @@ -144,6 +144,7 @@ ok( $res->[2]->[0] =~ m%dwho%, 'Found dwho' ) or explain( $res->[2]->[0], 'Macro Value dwho' ); count(3); +# Request with bad VH $query =~ s/user=dwho/user=rtyler/; $query =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Ftry.example.com/; ok( @@ -157,8 +158,6 @@ ok( 'POST checkuser' ); count(1); - -# Request with bad VH ( $host, $url, $query ) = expectForm( $res, undef, '/checkuser', 'user', 'url' ); ok( $res->[2]->[0] =~ m%%, @@ -166,10 +165,30 @@ ok( $res->[2]->[0] =~ m%%, or explain( $res->[2]->[0], 'trspan="VHnotFound"' ); count(1); +# Request with forbidden URL +$query =~ s#url=http%3A%2F%2Ftry.example.com#url=http%3A%2F%2Fauth.example.com/checkuser#; +ok( + $res = $client->_post( + '/checkuser', + IO::String->new($query), + cookie => "lemonldap=$id", + length => length($query), + accept => 'text/html', + ), + 'POST checkuser' +); +( $host, $url, $query ) = + expectForm( $res, undef, '/checkuser', 'user', 'url' ); +ok( + $res->[2]->[0] =~ +m%
%, + 'Found trspan="forbidden"' +) or explain( $res->[2]->[0], 'trspan="forbidden"' ); +count(2); + # Request with good VH & user $query =~ -s#url=http%3A%2F%2Ftry.example.com#url=hTTp%3A%2F%2FTest1.exAmple.cOm/UriTesT#; - +s#url=http%3A%2F%2Fauth.example.com%2Fcheckuser#url=hTTp%3A%2F%2FTest1.exAmple.cOm/UriTesT#; ok( $res = $client->_post( '/checkuser', @@ -222,6 +241,10 @@ ok( $res->[2]->[0] =~ m%uid%, 'Found uid' ) or explain( $res->[2]->[0], 'Attribute Value uid' ); count(11); +my @c = ( $res->[2]->[0] =~ /rtyler/gs ); +ok( @c == 2, ' -> Two entries found' ); +count(1); + # Request with short VH url & user $query =~ s#url=http%3A%2F%2Ftest1.example.com%2FUriTesT#url=http%3A%2F%2Ftest1:1234#;