Add addAuthRouteWithRedirect() method to Try (#1787)
This commit is contained in:
Xavier
parent
946384272e
commit
f4bca7430a
|
|
@ -37,6 +37,19 @@ sub addUnauthRoute {
|
|||
return $self->SUPER::addRoute(@_);
|
||||
}
|
||||
|
||||
sub addAuthRouteWithRedirect {
|
||||
my $self = shift;
|
||||
$self->logger->debug("Route with redirect to $_[0]");
|
||||
$self->addAuthRoute(@_);
|
||||
$self->addUnauthRoute( $_[0] => '_auth_and_redirect', [ 'GET', 'POST' ] );
|
||||
}
|
||||
|
||||
sub _auth_and_redirect {
|
||||
my ( $self, $req ) = @_;
|
||||
$self->api->goToPortal( $req, $req->{env}->{REQUEST_URI} );
|
||||
return [ 302, $req->respHeaders, [] ];
|
||||
}
|
||||
|
||||
sub defaultAuthRoute {
|
||||
my $self = shift;
|
||||
$self->routes( $self->authRoutes );
|
||||
|
|
|
|||
|
|
@ -30,6 +30,11 @@ sub addUnauthRoute {
|
|||
return $self->_addRoute( 'addUnauthRoute', @_ );
|
||||
}
|
||||
|
||||
sub addAuthRouteWithRedirect {
|
||||
my $self = shift;
|
||||
return $self->_addRoute( 'addAuthRouteWithRedirect', @_ );
|
||||
}
|
||||
|
||||
sub _addRoute {
|
||||
my ( $self, $type, $word, $subName, $methods, $transform ) = @_;
|
||||
$transform //= sub {
|
||||
|
|
|
|||
|
|
@ -39,8 +39,8 @@ sub hAttr {
|
|||
sub init {
|
||||
my ($self) = @_;
|
||||
my $hd = $self->p->HANDLER;
|
||||
$self->addAuthRoute( checkuser => 'check', ['POST'] );
|
||||
$self->addAuthRoute( checkuser => 'display', ['GET'] );
|
||||
$self->addAuthRoute( checkuser => 'check', ['POST'] );
|
||||
$self->addAuthRouteWithRedirect( checkuser => 'display', ['GET'] );
|
||||
|
||||
# Parse identity rule
|
||||
$self->logger->debug(
|
||||
|
|
@ -155,9 +155,8 @@ sub check {
|
|||
$req->{user} = $user;
|
||||
$self->userLogger->notice(
|
||||
"NO session found in DB. Compute userData...");
|
||||
$self->logger->debug(
|
||||
"NO session found in DB. Compute userData...");
|
||||
$attrs = $self->_userData($req);
|
||||
$self->logger->debug("NO session found in DB. Compute userData...");
|
||||
$attrs = $self->_userData($req);
|
||||
$compute = 1;
|
||||
}
|
||||
}
|
||||
|
|
@ -205,11 +204,13 @@ sub check {
|
|||
|
||||
# User is allowed ?
|
||||
$self->logger->debug(
|
||||
"checkUser requested for user: $attrs->{ $self->{conf}->{whatToTrace} } and URL: $url");
|
||||
"checkUser requested for user: $attrs->{ $self->{conf}->{whatToTrace} } and URL: $url"
|
||||
);
|
||||
$auth = $self->_authorization( $req, $url, $attrs );
|
||||
if ( $auth >= 0 ) {
|
||||
$auth = $auth ? "allowed" : "forbidden";
|
||||
$self->userLogger->notice( "checkUser -> $attrs->{ $self->{conf}->{whatToTrace} } is "
|
||||
$self->userLogger->notice(
|
||||
"checkUser -> $attrs->{ $self->{conf}->{whatToTrace} } is "
|
||||
. uc($auth)
|
||||
. " to access: $url" );
|
||||
|
||||
|
|
@ -381,10 +382,10 @@ sub _authorization {
|
|||
}
|
||||
}
|
||||
|
||||
$self->logger->debug("Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" authorization");
|
||||
$self->logger->debug(
|
||||
"Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" authorization");
|
||||
return $exist
|
||||
? $self->p->HANDLER->grant( $req, $attrs, $appuri,
|
||||
undef, $vhost )
|
||||
? $self->p->HANDLER->grant( $req, $attrs, $appuri, undef, $vhost )
|
||||
: -1;
|
||||
}
|
||||
|
||||
|
|
@ -395,7 +396,8 @@ sub _headers {
|
|||
$vhost =~ s/:\d+$//;
|
||||
$req->{env}->{HTTP_HOST} = $vhost;
|
||||
$self->p->HANDLER->headersInit( $self->{conf} );
|
||||
$self->logger->debug("Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" headers");
|
||||
$self->logger->debug(
|
||||
"Return \"$attrs->{ $self->{conf}->{whatToTrace} }\" headers");
|
||||
return $self->p->HANDLER->checkHeaders( $req, $attrs );
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,13 @@ my $client = LLNG::Manager::Test->new( {
|
|||
}
|
||||
);
|
||||
|
||||
ok( $res = $client->_get( '/checkuser', accept => 'text/html' ),
|
||||
'Test unauth redirection' );
|
||||
expectRedirection( $res,
|
||||
'http://auth.example.com/?url=aHR0cDovL2F1dGguZXhhbXBsZS5jb20vY2hlY2t1c2Vy'
|
||||
);
|
||||
count(1);
|
||||
|
||||
## Try to authenticate
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
|
|
@ -36,7 +43,6 @@ ok(
|
|||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
|
||||
my $id = expectCookie($res);
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
|
|
@ -146,7 +152,8 @@ count(3);
|
|||
|
||||
# Request with bad VH
|
||||
$query =~ s/user=dwho/user=rtyler/;
|
||||
$query =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Ftry.example.com/;
|
||||
$query =~
|
||||
s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Ftry.example.com/;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkuser',
|
||||
|
|
@ -166,7 +173,8 @@ ok( $res->[2]->[0] =~ m%<span trspan="VHnotFound">%,
|
|||
count(1);
|
||||
|
||||
# Request with forbidden URL
|
||||
$query =~ s#url=http%3A%2F%2Ftry.example.com#url=http%3A%2F%2Fauth.example.com/checkuser#;
|
||||
$query =~
|
||||
s#url=http%3A%2F%2Ftry.example.com#url=http%3A%2F%2Fauth.example.com/checkuser#;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkuser',
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user