Merge branch 'improve-group-2036' into 'v2.0'
New macro for group handling, and group-handling examples in default config See merge request lemonldap-ng/lemonldap-ng!128
This commit is contained in:
commit
fab2553064
|
@ -96,10 +96,12 @@
|
|||
"domain" : "__DNSDOMAIN__",
|
||||
"exportedHeaders" : {
|
||||
"test1.__DNSDOMAIN__" : {
|
||||
"Auth-User" : "$uid"
|
||||
"Auth-User" : "$uid",
|
||||
"Auth-Groups" : "$groups"
|
||||
},
|
||||
"test2.__DNSDOMAIN__" : {
|
||||
"Auth-User" : "$uid"
|
||||
"Auth-User" : "$uid",
|
||||
"Auth-Groups" : "$groups"
|
||||
}
|
||||
},
|
||||
"exportedVars" : {},
|
||||
|
@ -120,15 +122,15 @@
|
|||
},
|
||||
"locationRules" : {
|
||||
"auth.__DNSDOMAIN__" : {
|
||||
"(?#checkUser)^/checkuser" : "$uid eq \"dwho\"",
|
||||
"(?#checkUser)^/checkuser" : "inGroup(\"timelords\")",
|
||||
"(?#errors)^/lmerror/" : "accept",
|
||||
"default" : "accept"
|
||||
},
|
||||
"manager.__DNSDOMAIN__" : {
|
||||
"(?#Configuration)^/(.*?\\.(fcgi|psgi)/)?(manager\\.html|confs/|$)" : "$uid eq \"dwho\"",
|
||||
"(?#Notifications)/(.*?\\.(fcgi|psgi)/)?notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
||||
"(?#Sessions)/(.*?\\.(fcgi|psgi)/)?sessions" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
|
||||
"default" : "$uid eq \"dwho\" or $uid eq \"rtyler\""
|
||||
"(?#Configuration)^/(.*?\\.(fcgi|psgi)/)?(manager\\.html|confs/|$)" : "inGroup(\"timelords\")",
|
||||
"(?#Notifications)/(.*?\\.(fcgi|psgi)/)?notifications" : "inGroup(\"timelords\") or $uid eq \"rtyler\"",
|
||||
"(?#Sessions)/(.*?\\.(fcgi|psgi)/)?sessions" : "inGroup(\"timelords\") or $uid eq \"rtyler\"",
|
||||
"default" : "inGroup(\"timelords\") or $uid eq \"rtyler\""
|
||||
},
|
||||
"test1.__DNSDOMAIN__" : {
|
||||
"^/logout" : "logout_sso",
|
||||
|
|
|
@ -92,6 +92,10 @@ print
|
|||
print "<li>Connected user: <ul>\n";
|
||||
print "<li><tt>\$ENV{HTTP_AUTH_USER}</tt>: $ENV{HTTP_AUTH_USER}</li>\n";
|
||||
print "<li><tt>\$ENV{REMOTE_USER}</tt>: $ENV{REMOTE_USER}</li>\n";
|
||||
print "</ul><li>Groups: <ul>\n";
|
||||
for my $grp (split /; /, $ENV{HTTP_AUTH_GROUPS}) {
|
||||
print "<li>$grp</li>\n";
|
||||
}
|
||||
print "</ul></li>\n";
|
||||
print "</ul>\n";
|
||||
print
|
||||
|
|
|
@ -595,6 +595,9 @@ sub substitute {
|
|||
$expr =~ s/\$env->\{/\$r->{env}->\{/g;
|
||||
$expr =~ s/\bskip\b/q\{999_SKIP\}/g;
|
||||
|
||||
# handle inGroup
|
||||
$expr =~ s/\binGroup\(([^)]*)\)/listMatch(\$s->{'hGroups'},\1,1),/g;
|
||||
|
||||
return $expr;
|
||||
}
|
||||
|
||||
|
|
|
@ -81,6 +81,23 @@ ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
|
|||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
|
||||
count(2);
|
||||
|
||||
# Required "timelords" group
|
||||
ok(
|
||||
$res =
|
||||
$client->_get( '/fortimelords', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Require Timelords group'
|
||||
);
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
count(2);
|
||||
|
||||
# Required "dalek" group
|
||||
ok(
|
||||
$res = $client->_get( '/fordaleks', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Require Dalek group'
|
||||
);
|
||||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res, 403 );
|
||||
count(2);
|
||||
|
||||
# Required AuthnLevel = 1
|
||||
ok( $res = $client->_get( '/AuthWeak', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Weak Authentified query' );
|
||||
|
|
|
@ -47,6 +47,8 @@
|
|||
"^/test-uri2": "varIsInUri($ENV{REQUEST_URI}, '/test-uri2/', $uid)",
|
||||
"^/test-restricted_uri": "varIsInUri($ENV{REQUEST_URI}, '/test-restricted_uri/', \"$uid/\", 1)",
|
||||
"^/skipif": "$ENV{REQUEST_URI} =~ /zz/ ? skip : 1",
|
||||
"^/fortimelords": "inGroup('timelords')",
|
||||
"^/fordaleks": "inGroup('daleks')",
|
||||
"^/logout": "logout_sso",
|
||||
"^/deny": "deny",
|
||||
"default": "accept"
|
||||
|
|
|
@ -46,17 +46,42 @@ sub init {
|
|||
my $now = time;
|
||||
my $ts = strftime "%Y%m%d%H%M%S", localtime;
|
||||
|
||||
print F '{"_updateTime":"'
|
||||
. $ts
|
||||
. '","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","_startTime":"'
|
||||
. $ts
|
||||
. '","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":'
|
||||
. $now
|
||||
. ',"uid":"dwho","_issuerDB":"Null","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":'
|
||||
. $now
|
||||
. ',"_loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":'
|
||||
. $now
|
||||
. '}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}';
|
||||
print F <<EOF;
|
||||
{
|
||||
"_startTime" : "$ts",
|
||||
"_session_kind" : "SSO",
|
||||
"UA" : "Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1",
|
||||
"cn" : "Doctor Who",
|
||||
"_utime" : $now,
|
||||
"_whatToTrace" : "dwho",
|
||||
"mail" : "dwho\@badwolf.org",
|
||||
"_passwordDB" : "Demo",
|
||||
"_lastAuthnUTime" : $now,
|
||||
"uid" : "dwho",
|
||||
"_issuerDB" : "Null",
|
||||
"_userDB" : "Demo",
|
||||
"_user" : "dwho",
|
||||
"_session_id" : "f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545",
|
||||
"authenticationLevel" : 1,
|
||||
"_auth" : "Demo",
|
||||
"_updateTime" : "$ts",
|
||||
"_loginHistory" : {
|
||||
"successLogin" : [
|
||||
{
|
||||
"ipAddr" : "127.0.0.1",
|
||||
"_utime" : $now
|
||||
}
|
||||
]
|
||||
},
|
||||
"ipAddr" : "127.0.0.1",
|
||||
"_timezone" : "1",
|
||||
"groups" : "users; timelords",
|
||||
"hGroups" : {
|
||||
"users" : {},
|
||||
"timelords" : {}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
close F;
|
||||
}
|
||||
|
||||
|
|
|
@ -32,6 +32,12 @@ our %demoAccounts = (
|
|||
},
|
||||
);
|
||||
|
||||
our %demoGroups = (
|
||||
'timelords' => [qw(dwho)],
|
||||
'earthlings' => [qw(msmith rtyler)],
|
||||
'users' => [qw(dwho msmith rtyler)],
|
||||
);
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
sub init {
|
||||
|
@ -82,6 +88,21 @@ sub setSessionInfo {
|
|||
# Do nothing
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub setGroups {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
my $groups = $req->sessionInfo->{groups} || '';
|
||||
my $hGroups = $req->sessionInfo->{hGroups} || {};
|
||||
for my $grp ( keys %demoGroups ) {
|
||||
if ( grep { $_ eq $req->user } @{ $demoGroups{$grp} } ) {
|
||||
$hGroups->{$grp} = {};
|
||||
$groups =
|
||||
($groups)
|
||||
? $groups . $self->conf->{multiValuesSeparator} . $grp
|
||||
: $grp;
|
||||
}
|
||||
}
|
||||
$req->sessionInfo->{groups} = $groups;
|
||||
$req->sessionInfo->{hGroups} = $hGroups;
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -287,10 +287,6 @@ m%<div class="alert alert-success"><div class="text-center"><b><span trspan="all
|
|||
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
|
||||
or explain( $res->[2]->[0], 'trspan="headers"' );
|
||||
|
||||
ok( $res->[2]->[0] !~ m%<span trspan="groups_sso">%,
|
||||
'trspan="groups_sso" NOT found' )
|
||||
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
|
||||
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
|
||||
or explain( $res->[2]->[0], 'trspan="macros"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
|
||||
|
@ -309,7 +305,7 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_whatToTrace</td>%,
|
|||
ok( $res->[2]->[0] =~ m%<td scope="row">testPrefix_groups</td>%,
|
||||
'Found testPrefix_groups' )
|
||||
or explain( $res->[2]->[0], 'testPrefix_groups' );
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">su; su_test; test_su</td>%,
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">[^<]*su; su_test; test_su</td>%,
|
||||
'Found "su; su_test; test_su"' )
|
||||
or explain( $res->[2]->[0], 'su' );
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">testPrefix_uid</td>%,
|
||||
|
@ -322,7 +318,7 @@ ok( $res->[2]->[0] =~ m%<td scope="row">test_impersonation</td>%,
|
|||
or explain( $res->[2]->[0], 'test_impersonation' );
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">rtyler/dwho</td>%, 'Found rtyler/dwo' )
|
||||
or explain( $res->[2]->[0], 'Found rtyler/dwo' );
|
||||
count(16);
|
||||
count(15);
|
||||
|
||||
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
|
||||
ok( scalar keys %attributes == 35, 'Found 35 attributes' )
|
||||
|
|
|
@ -284,10 +284,6 @@ m%<div class="alert alert-success"><div class="text-center"><b><span trspan="all
|
|||
ok( $res->[2]->[0] =~ m%<span trspan="headers">%, 'Found trspan="headers"' )
|
||||
or explain( $res->[2]->[0], 'trspan="headers"' );
|
||||
|
||||
ok( $res->[2]->[0] !~ m%<span trspan="groups_sso">%,
|
||||
'trspan="groups_sso" NOT found' )
|
||||
or explain( $res->[2]->[0], 'trspan="groups_sso"' );
|
||||
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="macros">%, 'Found trspan="macros"' )
|
||||
or explain( $res->[2]->[0], 'trspan="macros"' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="attributes">%,
|
||||
|
@ -306,7 +302,7 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_whatToTrace</td>%,
|
|||
ok( $res->[2]->[0] =~ m%<td scope="row">testPrefix_groups</td>%,
|
||||
'Found testPrefix_groups' )
|
||||
or explain( $res->[2]->[0], 'testPrefix_groups' );
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">su; su_test; test_su</td>%,
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">[^<]*su; su_test; test_su</td>%,
|
||||
'Found "su; su_test; test_su"' )
|
||||
or explain( $res->[2]->[0], 'su' );
|
||||
ok( $res->[2]->[0] =~ m%<td scope="row">testPrefix_uid</td>%,
|
||||
|
@ -324,7 +320,7 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_session_id</td>%, 'Found _session_id' )
|
|||
ok( $res->[2]->[0] =~ m%<td scope="row">_session_kind</td>%,
|
||||
'Found _session_id' )
|
||||
or explain( $res->[2]->[0], 'Found _session_kind' );
|
||||
count(18);
|
||||
count(17);
|
||||
|
||||
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
|
||||
ok( keys %attributes == 35, 'Found 35 attributes' )
|
||||
|
|
Loading…
Reference in New Issue