Merge remote-tracking branch 'origin/v2.0'
This commit is contained in:
Christophe Maudoux
commit
f3a37d2387
|
|
@ -791,7 +791,11 @@ sub sendHtml {
|
||||||
'Expires' => '0'; # Proxies
|
'Expires' => '0'; # Proxies
|
||||||
|
|
||||||
my @cors = split /;/, $self->cors;
|
my @cors = split /;/, $self->cors;
|
||||||
push @{ $res->[1] }, @cors if $self->conf->{corsEnabled};
|
if ( $self->conf->{corsEnabled} ) {
|
||||||
|
push @{ $res->[1] }, @cors;
|
||||||
|
$self->logger->debug(
|
||||||
|
"Apply following CORS policy : " . Data::Dumper::Dumper(\@cors) );
|
||||||
|
}
|
||||||
|
|
||||||
# Set authorized URL for POST
|
# Set authorized URL for POST
|
||||||
my $csp = $self->csp . "form-action " . $self->conf->{cspFormAction};
|
my $csp = $self->csp . "form-action " . $self->conf->{cspFormAction};
|
||||||
|
|
|
||||||
|
|
@ -60,7 +60,7 @@ sub init {
|
||||||
sub check {
|
sub check {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] );
|
my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] );
|
||||||
my $msg = my $auth = '';
|
my $msg = my $auth = my $compute = '';
|
||||||
|
|
||||||
# Check token
|
# Check token
|
||||||
if ( $self->ottRule->( $req, {} ) ) {
|
if ( $self->ottRule->( $req, {} ) ) {
|
||||||
|
|
@ -134,6 +134,7 @@ sub check {
|
||||||
|
|
||||||
# Try to retrieve session from sessions DB
|
# Try to retrieve session from sessions DB
|
||||||
$self->userLogger->notice('Try to retrieve session from DB...');
|
$self->userLogger->notice('Try to retrieve session from DB...');
|
||||||
|
$self->logger->debug('Try to retrieve session from DB...');
|
||||||
my $moduleOptions = $self->conf->{globalStorageOptions} || {};
|
my $moduleOptions = $self->conf->{globalStorageOptions} || {};
|
||||||
$moduleOptions->{backend} = $self->conf->{globalStorage};
|
$moduleOptions->{backend} = $self->conf->{globalStorage};
|
||||||
my $sessions =
|
my $sessions =
|
||||||
|
|
@ -152,7 +153,10 @@ sub check {
|
||||||
$req->{user} = $user;
|
$req->{user} = $user;
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
"NO session found in DB. Compute userData...");
|
"NO session found in DB. Compute userData...");
|
||||||
|
$self->logger->debug(
|
||||||
|
"NO session found in DB. Compute userData...");
|
||||||
$attrs = $self->_userData($req);
|
$attrs = $self->_userData($req);
|
||||||
|
$compute = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -166,6 +170,7 @@ sub check {
|
||||||
$self->{conf}->{impersonationMergeSSOgroups}
|
$self->{conf}->{impersonationMergeSSOgroups}
|
||||||
? 'checkUserMerged'
|
? 'checkUserMerged'
|
||||||
: 'checkUser';
|
: 'checkUser';
|
||||||
|
$msg = 'checkUserComputeSession' if $compute;
|
||||||
|
|
||||||
# Create an array of hashes for template loop
|
# Create an array of hashes for template loop
|
||||||
$self->logger->debug("Delete hidden or empty attributes");
|
$self->logger->debug("Delete hidden or empty attributes");
|
||||||
|
|
@ -197,18 +202,17 @@ sub check {
|
||||||
$url = $self->_urlFormat($url);
|
$url = $self->_urlFormat($url);
|
||||||
|
|
||||||
# User is allowed ?
|
# User is allowed ?
|
||||||
$auth = $self->_authorization( $req, $url );
|
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"checkUser requested for user: $req->{user} and URL: $url");
|
"checkUser requested for user: $attrs->{ $self->{conf}->{whatToTrace} } and URL: $url");
|
||||||
|
$auth = $self->_authorization( $req, $url, $attrs );
|
||||||
if ( $auth >= 0 ) {
|
if ( $auth >= 0 ) {
|
||||||
|
|
||||||
$auth = $auth ? "allowed" : "forbidden";
|
$auth = $auth ? "allowed" : "forbidden";
|
||||||
$self->userLogger->notice( "checkUser -> $req->{user} is "
|
$self->userLogger->notice( "checkUser -> $attrs->{ $self->{conf}->{whatToTrace} } is "
|
||||||
. uc($auth)
|
. uc($auth)
|
||||||
. " to access: $url" );
|
. " to access: $url" );
|
||||||
|
|
||||||
# Return VirtualHost headers
|
# Return VirtualHost headers
|
||||||
$array_hdrs = $self->_headers( $req, $url );
|
$array_hdrs = $self->_headers( $req, $url, $attrs );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$auth = 'VHnotFound';
|
$auth = 'VHnotFound';
|
||||||
|
|
@ -254,6 +258,7 @@ sub display {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my ( $attrs, $array_attrs ) = ( {}, [] );
|
my ( $attrs, $array_attrs ) = ( {}, [] );
|
||||||
|
|
||||||
|
$self->logger->debug("Display current session data...");
|
||||||
$self->userLogger->notice("Retrieve session from Sessions database");
|
$self->userLogger->notice("Retrieve session from Sessions database");
|
||||||
$self->userLogger->warn("Using spoofed SSO groups if exist!!!")
|
$self->userLogger->warn("Using spoofed SSO groups if exist!!!")
|
||||||
if ( $self->conf->{impersonationRule} );
|
if ( $self->conf->{impersonationRule} );
|
||||||
|
|
@ -317,7 +322,6 @@ sub _urlFormat {
|
||||||
$vhost =~ s/:\d+$//;
|
$vhost =~ s/:\d+$//;
|
||||||
$vhost .= $self->conf->{domain} unless ( $vhost =~ /\./ );
|
$vhost .= $self->conf->{domain} unless ( $vhost =~ /\./ );
|
||||||
|
|
||||||
#$appuri ||= '/';
|
|
||||||
return lc("$proto$vhost$port") . "$appuri";
|
return lc("$proto$vhost$port") . "$appuri";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -341,6 +345,13 @@ sub _userData {
|
||||||
return $req->error($error);
|
return $req->error($error);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
unless ( defined $req->sessionInfo->{uid} ) {
|
||||||
|
|
||||||
|
# Avoid error with SAML, OIDC, etc...
|
||||||
|
$self->logger->debug("\"$req->{user}\" NOT found in userDB");
|
||||||
|
return $req->error(PE_BADCREDENTIALS);
|
||||||
|
}
|
||||||
|
|
||||||
# Check identities rule
|
# Check identities rule
|
||||||
unless ( $self->idRule->( $req, $req->sessionInfo ) ) {
|
unless ( $self->idRule->( $req, $req->sessionInfo ) ) {
|
||||||
$self->userLogger->warn(
|
$self->userLogger->warn(
|
||||||
|
|
@ -349,18 +360,13 @@ sub _userData {
|
||||||
$self->logger->debug('Identity not authorized');
|
$self->logger->debug('Identity not authorized');
|
||||||
return $req->error(PE_BADCREDENTIALS);
|
return $req->error(PE_BADCREDENTIALS);
|
||||||
}
|
}
|
||||||
unless ( defined $req->sessionInfo->{uid} ) {
|
|
||||||
|
|
||||||
# Avoid error with SAML, OIDC, etc...
|
|
||||||
$self->logger->debug("\"$req->{user}\" NOT found in userDB");
|
|
||||||
return $req->error(PE_BADCREDENTIALS);
|
|
||||||
}
|
|
||||||
$self->logger->debug("Return \"$req->{user}\" sessionInfo");
|
$self->logger->debug("Return \"$req->{user}\" sessionInfo");
|
||||||
return $req->{sessionInfo};
|
return $req->{sessionInfo};
|
||||||
}
|
}
|
||||||
|
|
||||||
sub _authorization {
|
sub _authorization {
|
||||||
my ( $self, $req, $uri ) = @_;
|
my ( $self, $req, $uri, $attrs ) = @_;
|
||||||
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
|
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
|
||||||
my $exist = 0;
|
my $exist = 0;
|
||||||
|
|
||||||
|
|
@ -373,23 +379,22 @@ sub _authorization {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$self->logger->debug("Return \"$req->{user}\" authorization");
|
$self->logger->debug("Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" authorization");
|
||||||
return $exist
|
return $exist
|
||||||
? $self->p->HANDLER->grant( $req, $req->{userData}, $appuri,
|
? $self->p->HANDLER->grant( $req, $attrs, $appuri,
|
||||||
undef, $vhost )
|
undef, $vhost )
|
||||||
: -1;
|
: -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub _headers {
|
sub _headers {
|
||||||
my ( $self, $req, $uri ) = @_;
|
my ( $self, $req, $uri, $attrs ) = @_;
|
||||||
my ($vhost) = $uri =~ m#^https?://([^/]*).*#;
|
my ($vhost) = $uri =~ m#^https?://([^/]*).*#;
|
||||||
|
|
||||||
$vhost =~ s/:\d+$//;
|
$vhost =~ s/:\d+$//;
|
||||||
$req->{env}->{HTTP_HOST} = $vhost;
|
$req->{env}->{HTTP_HOST} = $vhost;
|
||||||
$self->p->HANDLER->headersInit( $self->{conf} );
|
$self->p->HANDLER->headersInit( $self->{conf} );
|
||||||
|
$self->logger->debug("Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" headers");
|
||||||
$self->logger->debug("Return \"$req->{user}\" headers");
|
return $self->p->HANDLER->checkHeaders( $req, $attrs );
|
||||||
return $self->p->HANDLER->checkHeaders( $req, $req->{userData} );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub _splitAttributes {
|
sub _splitAttributes {
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"تحقق من آخر تسجيلات دخول الخاصة بي",
|
"checkLastLogins":"تحقق من آخر تسجيلات دخول الخاصة بي",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Choose your second factor",
|
"choose2f":"Choose your second factor",
|
||||||
"chooseApp":"اختر أحد التطبيقات المسموح لك بالدخول إليها",
|
"chooseApp":"اختر أحد التطبيقات المسموح لك بالدخول إليها",
|
||||||
"clickHere":"الرجاء الضغط هنا",
|
"clickHere":"الرجاء الضغط هنا",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Überprüfe meine letzten Logins",
|
"checkLastLogins":"Überprüfe meine letzten Logins",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Wählen deinen Ihren zweiten Faktor",
|
"choose2f":"Wählen deinen Ihren zweiten Faktor",
|
||||||
"chooseApp":"Wählen Sie eine Anwendung aus, auf die du zugreifen darfst",
|
"chooseApp":"Wählen Sie eine Anwendung aus, auf die du zugreifen darfst",
|
||||||
"clickHere":"Bitte hier klicken",
|
"clickHere":"Bitte hier klicken",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Check my last logins",
|
"checkLastLogins":"Check my last logins",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Choose your second factor",
|
"choose2f":"Choose your second factor",
|
||||||
"chooseApp":"Choose an application your are allowed to access to",
|
"chooseApp":"Choose an application your are allowed to access to",
|
||||||
"clickHere":"Please click here",
|
"clickHere":"Please click here",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Check my last logins",
|
"checkLastLogins":"Check my last logins",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Choose your second factor",
|
"choose2f":"Choose your second factor",
|
||||||
"chooseApp":"Choose an application your are allowed to access to",
|
"chooseApp":"Choose an application your are allowed to access to",
|
||||||
"clickHere":"Please click here",
|
"clickHere":"Please click here",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Tarkista viimeiset kirjautumiseni",
|
"checkLastLogins":"Tarkista viimeiset kirjautumiseni",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Choose your second factor",
|
"choose2f":"Choose your second factor",
|
||||||
"chooseApp":"Choose an application your are allowed to access to",
|
"chooseApp":"Choose an application your are allowed to access to",
|
||||||
"clickHere":"Please click here",
|
"clickHere":"Please click here",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Voir mes dernières connexions",
|
"checkLastLogins":"Voir mes dernières connexions",
|
||||||
"checkUser":"Vérifier le profil SSO d'un utilisateur",
|
"checkUser":"Vérifier le profil SSO d'un utilisateur",
|
||||||
"checkUserMerged":"Vérifier le profil SSO d'un utilisateur. Les groupes SSO réels et usurpés sont fusionnés !!!",
|
"checkUserMerged":"Vérifier le profil SSO d'un utilisateur. Les groupes SSO réels et usurpés sont fusionnés !!!",
|
||||||
|
"checkUserComputeSession":"Données de session issues d'une évaluation !!!",
|
||||||
"choose2f":"Choisissez votre second facteur",
|
"choose2f":"Choisissez votre second facteur",
|
||||||
"chooseApp":"Choisissez une application à laquelle vous êtes autorisé à accéder",
|
"chooseApp":"Choisissez une application à laquelle vous êtes autorisé à accéder",
|
||||||
"clickHere":"Cliquez ici",
|
"clickHere":"Cliquez ici",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Controllare i miei ultimi accessi",
|
"checkLastLogins":"Controllare i miei ultimi accessi",
|
||||||
"checkUser":"Controlla il profilo SSO dell'utente",
|
"checkUser":"Controlla il profilo SSO dell'utente",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Scegli il tuo secondo fattore",
|
"choose2f":"Scegli il tuo secondo fattore",
|
||||||
"chooseApp":"Scegli un'applicazione alla quale ti è consentito l'accesso",
|
"chooseApp":"Scegli un'applicazione alla quale ti è consentito l'accesso",
|
||||||
"clickHere":"Per favore clicka qui",
|
"clickHere":"Per favore clicka qui",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Check my last logins",
|
"checkLastLogins":"Check my last logins",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Choose your second factor",
|
"choose2f":"Choose your second factor",
|
||||||
"chooseApp":"Choose an application your are allowed to access to",
|
"chooseApp":"Choose an application your are allowed to access to",
|
||||||
"clickHere":"Please click here",
|
"clickHere":"Please click here",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Check my last logins",
|
"checkLastLogins":"Check my last logins",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Choose your second factor",
|
"choose2f":"Choose your second factor",
|
||||||
"chooseApp":"Choose an application your are allowed to access to",
|
"chooseApp":"Choose an application your are allowed to access to",
|
||||||
"clickHere":"Please click here",
|
"clickHere":"Please click here",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Check my last logins",
|
"checkLastLogins":"Check my last logins",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Choose your second factor",
|
"choose2f":"Choose your second factor",
|
||||||
"chooseApp":"Choose an application your are allowed to access to",
|
"chooseApp":"Choose an application your are allowed to access to",
|
||||||
"clickHere":"Please click here",
|
"clickHere":"Please click here",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Kiểm tra lần đăng nhập cuối cùng của bạn",
|
"checkLastLogins":"Kiểm tra lần đăng nhập cuối cùng của bạn",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Choose your second factor",
|
"choose2f":"Choose your second factor",
|
||||||
"chooseApp":"Chọn một ứng dụng bạn được phép truy cập vào",
|
"chooseApp":"Chọn một ứng dụng bạn được phép truy cập vào",
|
||||||
"clickHere":"Vui lòng nhấp vào đây",
|
"clickHere":"Vui lòng nhấp vào đây",
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@
|
||||||
"checkLastLogins":"Check my last logins",
|
"checkLastLogins":"Check my last logins",
|
||||||
"checkUser":"Check user SSO profile",
|
"checkUser":"Check user SSO profile",
|
||||||
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
"checkUserMerged":"Check user SSO profile. Real and Spoofed SSO groups are merged!!!",
|
||||||
|
"checkUserComputeSession":"Computed session data!!!",
|
||||||
"choose2f":"Choose your second factor",
|
"choose2f":"Choose your second factor",
|
||||||
"chooseApp":"Choose an application your are allowed to access to",
|
"chooseApp":"Choose an application your are allowed to access to",
|
||||||
"clickHere":"请点击这里",
|
"clickHere":"请点击这里",
|
||||||
|
|
|
||||||
|
|
@ -105,8 +105,8 @@ count(1);
|
||||||
|
|
||||||
( $host, $url, $query ) =
|
( $host, $url, $query ) =
|
||||||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
ok( $res->[2]->[0] =~ m%<span trspan="checkUserComputeSession">%, 'Found trspan="checkUserComputeSession"' )
|
||||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
or explain( $res->[2]->[0], 'trspan="checkUserComputeSession"' );
|
||||||
ok(
|
ok(
|
||||||
$res->[2]->[0] =~
|
$res->[2]->[0] =~
|
||||||
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
||||||
|
|
|
||||||
|
|
@ -267,7 +267,7 @@ SKIP: {
|
||||||
or explain( $res->[2]->[0], 'Value french' );
|
or explain( $res->[2]->[0], 'Value french' );
|
||||||
count(4);
|
count(4);
|
||||||
|
|
||||||
# CheckUser request with unknown user
|
# CheckUser request with an unknown user
|
||||||
$query =~ s/user=french/user=rtyler/;
|
$query =~ s/user=french/user=rtyler/;
|
||||||
ok(
|
ok(
|
||||||
$res = $sp->_post(
|
$res = $sp->_post(
|
||||||
|
|
@ -286,7 +286,7 @@ m%<div class="message message-positive alert"><span trspan="PE5"></span></div>%,
|
||||||
) or explain( $res->[2]->[0], 'PE5 - Unknown identity' );
|
) or explain( $res->[2]->[0], 'PE5 - Unknown identity' );
|
||||||
count(2);
|
count(2);
|
||||||
|
|
||||||
# CheckUser request with an already authneticated user
|
# CheckUser request with an already authenticated user
|
||||||
$query =~ s/user=rtyler/user=davros/;
|
$query =~ s/user=rtyler/user=davros/;
|
||||||
ok(
|
ok(
|
||||||
$res = $sp->_post(
|
$res = $sp->_post(
|
||||||
|
|
|
||||||
|
|
@ -105,8 +105,10 @@ count(1);
|
||||||
|
|
||||||
( $host, $url, $query ) =
|
( $host, $url, $query ) =
|
||||||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
ok(
|
||||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
$res->[2]->[0] =~ m%<span trspan="checkUserComputeSession">%,
|
||||||
|
'Found trspan="checkUserComputeSession"'
|
||||||
|
) or explain( $res->[2]->[0], 'trspan="checkUserComputeSession"' );
|
||||||
ok(
|
ok(
|
||||||
$res->[2]->[0] =~
|
$res->[2]->[0] =~
|
||||||
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
m%<div class="alert alert-success"><b><span trspan="allowed"></span></b></div>%,
|
||||||
|
|
|
||||||
|
|
@ -144,6 +144,7 @@ ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
|
||||||
or explain( $res->[2]->[0], 'Macro Value dwho' );
|
or explain( $res->[2]->[0], 'Macro Value dwho' );
|
||||||
count(3);
|
count(3);
|
||||||
|
|
||||||
|
# Request with bad VH
|
||||||
$query =~ s/user=dwho/user=rtyler/;
|
$query =~ s/user=dwho/user=rtyler/;
|
||||||
$query =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Ftry.example.com/;
|
$query =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Ftry.example.com/;
|
||||||
ok(
|
ok(
|
||||||
|
|
@ -157,8 +158,6 @@ ok(
|
||||||
'POST checkuser'
|
'POST checkuser'
|
||||||
);
|
);
|
||||||
count(1);
|
count(1);
|
||||||
|
|
||||||
# Request with bad VH
|
|
||||||
( $host, $url, $query ) =
|
( $host, $url, $query ) =
|
||||||
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||||
ok( $res->[2]->[0] =~ m%<span trspan="VHnotFound">%,
|
ok( $res->[2]->[0] =~ m%<span trspan="VHnotFound">%,
|
||||||
|
|
@ -166,10 +165,30 @@ ok( $res->[2]->[0] =~ m%<span trspan="VHnotFound">%,
|
||||||
or explain( $res->[2]->[0], 'trspan="VHnotFound"' );
|
or explain( $res->[2]->[0], 'trspan="VHnotFound"' );
|
||||||
count(1);
|
count(1);
|
||||||
|
|
||||||
|
# Request with forbidden URL
|
||||||
|
$query =~ s#url=http%3A%2F%2Ftry.example.com#url=http%3A%2F%2Fauth.example.com/checkuser#;
|
||||||
|
ok(
|
||||||
|
$res = $client->_post(
|
||||||
|
'/checkuser',
|
||||||
|
IO::String->new($query),
|
||||||
|
cookie => "lemonldap=$id",
|
||||||
|
length => length($query),
|
||||||
|
accept => 'text/html',
|
||||||
|
),
|
||||||
|
'POST checkuser'
|
||||||
|
);
|
||||||
|
( $host, $url, $query ) =
|
||||||
|
expectForm( $res, undef, '/checkuser', 'user', 'url' );
|
||||||
|
ok(
|
||||||
|
$res->[2]->[0] =~
|
||||||
|
m%<div class="alert alert-danger"><b><span trspan="forbidden"></span></b></div>%,
|
||||||
|
'Found trspan="forbidden"'
|
||||||
|
) or explain( $res->[2]->[0], 'trspan="forbidden"' );
|
||||||
|
count(2);
|
||||||
|
|
||||||
# Request with good VH & user
|
# Request with good VH & user
|
||||||
$query =~
|
$query =~
|
||||||
s#url=http%3A%2F%2Ftry.example.com#url=hTTp%3A%2F%2FTest1.exAmple.cOm/UriTesT#;
|
s#url=http%3A%2F%2Fauth.example.com%2Fcheckuser#url=hTTp%3A%2F%2FTest1.exAmple.cOm/UriTesT#;
|
||||||
|
|
||||||
ok(
|
ok(
|
||||||
$res = $client->_post(
|
$res = $client->_post(
|
||||||
'/checkuser',
|
'/checkuser',
|
||||||
|
|
@ -222,6 +241,10 @@ ok( $res->[2]->[0] =~ m%<td class="text-left">uid</td>%, 'Found uid' )
|
||||||
or explain( $res->[2]->[0], 'Attribute Value uid' );
|
or explain( $res->[2]->[0], 'Attribute Value uid' );
|
||||||
count(11);
|
count(11);
|
||||||
|
|
||||||
|
my @c = ( $res->[2]->[0] =~ /<td class="align-middle">rtyler/gs );
|
||||||
|
ok( @c == 2, ' -> Two entries found' );
|
||||||
|
count(1);
|
||||||
|
|
||||||
# Request with short VH url & user
|
# Request with short VH url & user
|
||||||
$query =~
|
$query =~
|
||||||
s#url=http%3A%2F%2Ftest1.example.com%2FUriTesT#url=http%3A%2F%2Ftest1:1234#;
|
s#url=http%3A%2F%2Ftest1.example.com%2FUriTesT#url=http%3A%2F%2Ftest1:1234#;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user