WIP - Append conf. parameters (#1664)
This commit is contained in:
parent
3bb7f6e664
commit
f9db9a0258
|
@ -64,31 +64,35 @@ sub defaultValues {
|
|||
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
|
||||
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
|
||||
},
|
||||
'gpgDb' => '',
|
||||
'groups' => {},
|
||||
'handlerInternalCache' => 15,
|
||||
'hiddenAttributes' => '_password',
|
||||
'httpOnly' => 1,
|
||||
'https' => -1,
|
||||
'idSpoofing' => 1,
|
||||
'infoFormMethod' => 'get',
|
||||
'issuerDBCASPath' => '^/cas/',
|
||||
'issuerDBCASRule' => 1,
|
||||
'issuerDBGetParameters' => {},
|
||||
'issuerDBGetPath' => '^/get/',
|
||||
'issuerDBGetRule' => 1,
|
||||
'issuerDBOpenIDConnectPath' => '^/oauth2/',
|
||||
'issuerDBOpenIDConnectRule' => 1,
|
||||
'issuerDBOpenIDPath' => '^/openidserver/',
|
||||
'issuerDBOpenIDRule' => 1,
|
||||
'issuerDBSAMLPath' => '^/saml/',
|
||||
'issuerDBSAMLRule' => 1,
|
||||
'jsRedirect' => 0,
|
||||
'krbAuthnLevel' => 3,
|
||||
'krbRemoveDomain' => 1,
|
||||
'ldapAuthnLevel' => 2,
|
||||
'ldapBase' => 'dc=example,dc=com',
|
||||
'ldapExportedVars' => {
|
||||
'gpgDb' => '',
|
||||
'groups' => {},
|
||||
'handlerInternalCache' => 15,
|
||||
'hiddenAttributes' => '_password',
|
||||
'httpOnly' => 1,
|
||||
'https' => -1,
|
||||
'idSpoofing' => 1,
|
||||
'idSpoofingHiddenAttributes' => '_2fDevices _loginHistory',
|
||||
'idSpoofingPrefix' => 'real_',
|
||||
'idSpoofingRule' => 1,
|
||||
'idSpoofingSkipEmptyValues' => 1,
|
||||
'infoFormMethod' => 'get',
|
||||
'issuerDBCASPath' => '^/cas/',
|
||||
'issuerDBCASRule' => 1,
|
||||
'issuerDBGetParameters' => {},
|
||||
'issuerDBGetPath' => '^/get/',
|
||||
'issuerDBGetRule' => 1,
|
||||
'issuerDBOpenIDConnectPath' => '^/oauth2/',
|
||||
'issuerDBOpenIDConnectRule' => 1,
|
||||
'issuerDBOpenIDPath' => '^/openidserver/',
|
||||
'issuerDBOpenIDRule' => 1,
|
||||
'issuerDBSAMLPath' => '^/saml/',
|
||||
'issuerDBSAMLRule' => 1,
|
||||
'jsRedirect' => 0,
|
||||
'krbAuthnLevel' => 3,
|
||||
'krbRemoveDomain' => 1,
|
||||
'ldapAuthnLevel' => 2,
|
||||
'ldapBase' => 'dc=example,dc=com',
|
||||
'ldapExportedVars' => {
|
||||
'cn' => 'cn',
|
||||
'mail' => 'mail',
|
||||
'uid' => 'uid'
|
||||
|
|
|
@ -1199,6 +1199,22 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
|
|||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'idSpoofingHiddenAttributes' => {
|
||||
'default' => '_2fDevices _loginHistory',
|
||||
'type' => 'text'
|
||||
},
|
||||
'idSpoofingPrefix' => {
|
||||
'default' => 'real_',
|
||||
'type' => 'text'
|
||||
},
|
||||
'idSpoofingRule' => {
|
||||
'default' => 1,
|
||||
'type' => 'boolOrExpr'
|
||||
},
|
||||
'idSpoofingSkipEmptyValues' => {
|
||||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'infoFormMethod' => {
|
||||
'default' => 'get',
|
||||
'select' => [ {
|
||||
|
|
|
@ -443,10 +443,32 @@ sub attributes {
|
|||
idSpoofing => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
documentation => 'Enable Id Spoofing plugin',
|
||||
documentation => 'Enable IdSpoofing plugin',
|
||||
flags => 'p',
|
||||
},
|
||||
idSpoofingPrefix => {
|
||||
type => 'text',
|
||||
default => 'real_',
|
||||
documentation => 'Prefix to rename real session attributes',
|
||||
flags => 'p',
|
||||
},
|
||||
idSpoofingRule => {
|
||||
type => 'boolOrExpr',
|
||||
default => 1,
|
||||
documentation => 'IdSpoofing activation rule',
|
||||
},
|
||||
idSpoofingHiddenAttributes => {
|
||||
type => 'text',
|
||||
default => '_2fDevices _loginHistory',
|
||||
documentation => 'Attributes to skip',
|
||||
flags => 'p',
|
||||
},
|
||||
idSpoofingSkipEmptyValues => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
documentation => 'Skip session empty values',
|
||||
flags => 'p',
|
||||
},
|
||||
|
||||
skipRenewConfirmation => {
|
||||
type => 'bool',
|
||||
default => 0,
|
||||
|
|
|
@ -12,6 +12,11 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|||
|
||||
use constant endAuth => 'run';
|
||||
|
||||
sub hAttr {
|
||||
$_[0]->{conf}->{idSpoofingHiddenAttributes} . ' '
|
||||
. $_[0]->{conf}->{hiddenAttributes};
|
||||
}
|
||||
|
||||
sub init {1}
|
||||
|
||||
# RUNNING METHOD
|
||||
|
@ -24,31 +29,36 @@ sub run {
|
|||
my ( $realSession, $spoofSession ) = ( {}, {} );
|
||||
my $spk = '';
|
||||
foreach my $k ( keys %{ $req->{sessionInfo} } ) {
|
||||
|
||||
# next unless defined $req->{sessionInfo}->{$k};
|
||||
$spk = "real_$k";
|
||||
$realSession->{$spk} = $req->{sessionInfo}->{$k};
|
||||
$self->logger->debug("-> Store $k in realSession key: $spk");
|
||||
if ( $self->{conf}->{idSpoofingSkipEmptyValues} ) {
|
||||
next unless defined $req->{sessionInfo}->{$k};
|
||||
}
|
||||
$spk = "$self->{conf}->{idSpoofingPrefix}$k";
|
||||
unless ( $self->hAttr =~ /\b$k\b/ ) {
|
||||
$realSession->{$spk} = $req->{sessionInfo}->{$k};
|
||||
$self->logger->debug("-> Store $k in realSession key: $spk");
|
||||
}
|
||||
}
|
||||
$self->logger->debug( "**** req before " . Data::Dumper::Dumper($req) );
|
||||
$self->logger->debug( "+++++ realSession " . Data::Dumper::Dumper($realSession) );
|
||||
$self->logger->debug(
|
||||
"+++++ realSession " . Data::Dumper::Dumper($realSession) );
|
||||
$req->{user} = $spoofId;
|
||||
$spoofSession = $self->_userDatas($req);
|
||||
|
||||
$self->logger->debug( "+++++ spoofSession " . Data::Dumper::Dumper($spoofSession) );
|
||||
$self->logger->debug(
|
||||
"+++++ spoofSession " . Data::Dumper::Dumper($spoofSession) );
|
||||
$self->logger->debug( "**** req after " . Data::Dumper::Dumper($req) );
|
||||
|
||||
$spoofSession = { %$spoofSession, %$realSession };
|
||||
|
||||
$spoofSession = { %$spoofSession, %$realSession };
|
||||
|
||||
$self->logger->debug( "!!!!!!!!!!!!!!!!!! spoofSession " . Data::Dumper::Dumper($spoofSession) );
|
||||
|
||||
$self->p->updateSession( $req, $spoofSession );
|
||||
|
||||
return PE_OK;
|
||||
$self->logger->debug( "!!!!!!!!!!!!!!!!!! spoofSession "
|
||||
. Data::Dumper::Dumper($spoofSession) );
|
||||
|
||||
# Main session
|
||||
#$self->p->updateSession( $req, $spoofSession );
|
||||
$self->p->updateSession( $req, $spoofSession );
|
||||
|
||||
#$self->p->updatePersistentSession( $req, $spoofSession ); #?????
|
||||
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
sub _userDatas {
|
||||
|
@ -57,9 +67,11 @@ sub _userDatas {
|
|||
|
||||
# Search user in database
|
||||
$req->steps(
|
||||
[ 'getUser', 'setSessionInfo',
|
||||
'setMacros', 'setGroups',
|
||||
'setPersistentSessionInfo', 'setLocalGroups'
|
||||
[ 'getUser', 'setSessionInfo',
|
||||
'setMacros', 'setGroups',
|
||||
|
||||
#'setPersistentSessionInfo', 'setLocalGroups'
|
||||
'setLocalGroups'
|
||||
]
|
||||
);
|
||||
if ( my $error = $self->p->process($req) ) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user