dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'improve-group-2036' into 'v2.0' 

New macro for group handling, and group-handling examples in default config

See merge request lemonldap-ng/lemonldap-ng!128
This commit is contained in:
Maxime Besson 2020-03-02 17:02:35 +01:00
parent 903d3540e4 edc2984c00
commit fab2553064
9 changed files with 96 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
_example/conf/lmConf-1.json
View File

@ -96,10 +96,12 @@
"domain" : "__DNSDOMAIN__",
"exportedHeaders" : {
"test1.__DNSDOMAIN__" : {
"Auth-User" : "$uid"
"Auth-User" : "$uid",
"Auth-Groups" : "$groups"
},
"test2.__DNSDOMAIN__" : {
"Auth-User" : "$uid"
"Auth-User" : "$uid",
"Auth-Groups" : "$groups"
}
},
"exportedVars" : {},
@ -120,15 +122,15 @@
},
"locationRules" : {
"auth.__DNSDOMAIN__" : {
"(?#checkUser)^/checkuser" : "$uid eq \"dwho\"",
"(?#checkUser)^/checkuser" : "inGroup(\"timelords\")",
"(?#errors)^/lmerror/" : "accept",
"default" : "accept"
},
"manager.__DNSDOMAIN__" : {
"(?#Configuration)^/(.*?\\.(fcgi|psgi)/)?(manager\\.html|confs/|$)" : "$uid eq \"dwho\"",
"(?#Notifications)/(.*?\\.(fcgi|psgi)/)?notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
"(?#Sessions)/(.*?\\.(fcgi|psgi)/)?sessions" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
"default" : "$uid eq \"dwho\" or $uid eq \"rtyler\""
"(?#Configuration)^/(.*?\\.(fcgi|psgi)/)?(manager\\.html|confs/|$)" : "inGroup(\"timelords\")",
"(?#Notifications)/(.*?\\.(fcgi|psgi)/)?notifications" : "inGroup(\"timelords\") or $uid eq \"rtyler\"",
"(?#Sessions)/(.*?\\.(fcgi|psgi)/)?sessions" : "inGroup(\"timelords\") or $uid eq \"rtyler\"",
"default" : "inGroup(\"timelords\") or $uid eq \"rtyler\""
},
"test1.__DNSDOMAIN__" : {
"^/logout" : "logout_sso",

4
_example/test/index.pl
View File

@ -92,6 +92,10 @@ print
print "<li>Connected user: <ul>\n";
print "<li><tt>\$ENV{HTTP_AUTH_USER}</tt>: $ENV{HTTP_AUTH_USER}</li>\n";
print "<li><tt>\$ENV{REMOTE_USER}</tt>: $ENV{REMOTE_USER}</li>\n";
print "</ul><li>Groups: <ul>\n";
for my $grp (split /; /, $ENV{HTTP_AUTH_GROUPS}) {
print "<li>$grp</li>\n";
}
print "</ul></li>\n";
print "</ul>\n";
print

3
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
View File

@ -595,6 +595,9 @@ sub substitute {
$expr =~ s/\$env->\{/\$r->{env}->\{/g;
$expr =~ s/\bskip\b/q\{999_SKIP\}/g;
# handle inGroup
$expr =~ s/\binGroup\(([^)]*)\)/listMatch(\$s->{'hGroups'},\1,1),/g;
return $expr;
}

17
lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t
View File

@ -81,6 +81,23 @@ ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
# Required "timelords" group
ok(
$res =
$client->_get( '/fortimelords', undef, undef, "lemonldap=$sessionId" ),
'Require Timelords group'
);
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
count(2);
# Required "dalek" group
ok(
$res = $client->_get( '/fordaleks', undef, undef, "lemonldap=$sessionId" ),
'Require Dalek group'
);
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res, 403 );
count(2);
# Required AuthnLevel = 1
ok( $res = $client->_get( '/AuthWeak', undef, undef, "lemonldap=$sessionId" ),
'Weak Authentified query' );

2
lemonldap-ng-handler/t/lmConf-1.json
View File

@ -47,6 +47,8 @@
"^/test-uri2": "varIsInUri($ENV{REQUEST_URI}, '/test-uri2/', $uid)",
"^/test-restricted_uri": "varIsInUri($ENV{REQUEST_URI}, '/test-restricted_uri/', \"$uid/\", 1)",
"^/skipif": "$ENV{REQUEST_URI} =~ /zz/ ? skip : 1",
"^/fortimelords": "inGroup('timelords')",
"^/fordaleks": "inGroup('daleks')",
"^/logout": "logout_sso",
"^/deny": "deny",
"default": "accept"

47
lemonldap-ng-handler/t/test-psgi-lib.pm
View File

@ -46,17 +46,42 @@ sub init {
my $now = time;
my $ts = strftime "%Y%m%d%H%M%S", localtime;
print F '{"_updateTime":"'
. $ts
. '","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","_startTime":"'
. $ts
. '","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":'
. $now
. ',"uid":"dwho","_issuerDB":"Null","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":'
. $now
. ',"_loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":'
. $now
. '}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}';
print F <<EOF;
{
"_startTime" : "$ts",
"_session_kind" : "SSO",
"UA" : "Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1",
"cn" : "Doctor Who",
"_utime" : $now,
"_whatToTrace" : "dwho",
"mail" : "dwho\@badwolf.org",
"_passwordDB" : "Demo",
"_lastAuthnUTime" : $now,
"uid" : "dwho",
"_issuerDB" : "Null",
"_userDB" : "Demo",
"_user" : "dwho",
"_session_id" : "f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545",
"authenticationLevel" : 1,
"_auth" : "Demo",
"_updateTime" : "$ts",
"_loginHistory" : {
"successLogin" : [
{
"ipAddr" : "127.0.0.1",
"_utime" : $now
}
]
},
"ipAddr" : "127.0.0.1",
"_timezone" : "1",
"groups" : "users; timelords",
"hGroups" : {
"users" : {},
"timelords" : {}
}
}
EOF
close F;
}

21
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Demo.pm
View File

@ -32,6 +32,12 @@ our %demoAccounts = (
},
);
our %demoGroups = (
'timelords' => [qw(dwho)],
'earthlings' => [qw(msmith rtyler)],
'users' => [qw(dwho msmith rtyler)],
);
# INITIALIZATION
sub init {
@ -82,6 +88,21 @@ sub setSessionInfo {
# Do nothing
# @return Lemonldap::NG::Portal constant
sub setGroups {
my ( $self, $req ) = @_;
my $groups = $req->sessionInfo->{groups} || '';
my $hGroups = $req->sessionInfo->{hGroups} || {};
for my $grp ( keys %demoGroups ) {
if ( grep { $_ eq $req->user } @{ $demoGroups{$grp} } ) {
$hGroups->{$grp} = {};
$groups =
($groups)
? $groups . $self->conf->{multiValuesSeparator} . $grp
: $grp;
}
}
$req->sessionInfo->{groups} = $groups;
$req->sessionInfo->{hGroups} = $hGroups;
PE_OK;
}

8
lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
View File

@ -287,10 +287,6 @@ m%<div class="alert alert-success"><div class="text-center"><b><span trspan="all
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
or explain( $res->[2]->[0], 'trspan="headers"' );
ok( $res->[2]->[0] !~ m%<span trspan="groups_sso">%,
'trspan="groups_sso" NOT found' )
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
or explain( $res->[2]->[0], 'trspan="macros"' );
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
@ -309,7 +305,7 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_whatToTrace</td>%,
ok( $res->[2]->[0] =~ m%<td scope="row">testPrefix_groups</td>%,
'Found testPrefix_groups' )
or explain( $res->[2]->[0], 'testPrefix_groups' );
ok( $res->[2]->[0] =~ m%<td scope="row">su; su_test; test_su</td>%,
ok( $res->[2]->[0] =~ m%<td scope="row">[^<]*su; su_test; test_su</td>%,
'Found "su; su_test; test_su"' )
or explain( $res->[2]->[0], 'su' );
ok( $res->[2]->[0] =~ m%<td scope="row">testPrefix_uid</td>%,
@ -322,7 +318,7 @@ ok( $res->[2]->[0] =~ m%<td scope="row">test_impersonation</td>%,
or explain( $res->[2]->[0], 'test_impersonation' );
ok( $res->[2]->[0] =~ m%<td scope="row">rtyler/dwho</td>%, 'Found rtyler/dwo' )
or explain( $res->[2]->[0], 'Found rtyler/dwo' );
count(16);
count(15);
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
ok( scalar keys %attributes == 35, 'Found 35 attributes' )

8
lemonldap-ng-portal/t/68-Impersonation.t
View File

@ -284,10 +284,6 @@ m%<div class="alert alert-success"><div class="text-center"><b><span trspan="all
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
or explain( $res->[2]->[0], 'trspan="headers"' );
ok( $res->[2]->[0] !~ m%<span trspan="groups_sso">%,
'trspan="groups_sso" NOT found' )
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
or explain( $res->[2]->[0], 'trspan="macros"' );
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
@ -306,7 +302,7 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_whatToTrace</td>%,
ok( $res->[2]->[0] =~ m%<td scope="row">testPrefix_groups</td>%,
'Found testPrefix_groups' )
or explain( $res->[2]->[0], 'testPrefix_groups' );
ok( $res->[2]->[0] =~ m%<td scope="row">su; su_test; test_su</td>%,
ok( $res->[2]->[0] =~ m%<td scope="row">[^<]*su; su_test; test_su</td>%,
'Found "su; su_test; test_su"' )
or explain( $res->[2]->[0], 'su' );
ok( $res->[2]->[0] =~ m%<td scope="row">testPrefix_uid</td>%,
@ -324,7 +320,7 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_session_id</td>%, 'Found _session_id' )
ok( $res->[2]->[0] =~ m%<td scope="row">_session_kind</td>%,
'Found _session_id' )
or explain( $res->[2]->[0], 'Found _session_kind' );
count(18);
count(17);
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
ok( keys %attributes == 35, 'Found 35 attributes' )