Commit 9c823b2e authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

Import ServiceTokenTTL into tsv (#1974)

parent 2b4defb2
Pipeline #6761 passed with stage
in 13 minutes and 58 seconds
......@@ -2,7 +2,7 @@ package Lemonldap::NG::Handler::Lib::ServiceToken;
use strict;
our $VERSION = '2.0.6';
our $VERSION = '2.0.7';
sub fetchId {
my ( $class, $req ) = @_;
......@@ -18,7 +18,7 @@ sub fetchId {
my ( $t, $_session_id, @vhosts ) = split /:/, $s;
# Looking for service headers
my $vh = $class->resolveAlias($req);
my $vhost = $class->resolveAlias($req);
my %serviceHeaders;
@vhosts = grep {
if (/^([\w\-]+)=(.+)$/) {
......@@ -32,27 +32,31 @@ sub fetchId {
# $_session_id and at least one vhost
unless ( @vhosts and $_session_id ) {
$class->userLogger->error('Bad service token');
$class->logger->debug(
@vhosts ? 'No _session_id found' : 'No VH found' );
return 0;
}
# Is vhost listed in token ?
unless ( grep { $_ eq $vh } @vhosts ) {
unless ( grep { $_ eq $vhost } @vhosts ) {
$class->userLogger->error(
"$vh not authorized in token (" . join( ', ', @vhosts ) . ')' );
"$vhost not authorized in token (" . join( ', ', @vhosts ) . ')' );
return 0;
}
# Is token in good interval ?
my $localConfig = $class->localConfig;
my $ttl =
$localConfig->{vhostOptions}->{$vh}->{vhostServiceTokenTTL} <= 0
? $class->tsv->{handlerServiceTokenTTL}
: $localConfig->{vhostOptions}->{$vh}->{vhostServiceTokenTTL};
unless ( $t <= time and $t > time - $ttl ) {
my $ttl = $class->localConfig->{vhostOptions}->{$vhost}->{vhostServiceTokenTTL}
|| $class->tsv->{serviceTokenTTL}->{$vhost};
$ttl = $class->tsv->{handlerServiceTokenTTL} unless ( $ttl and $ttl > 0 );
my $now = time;
unless ( $t <= $now and $t > $now - $ttl ) {
$class->userLogger->warn('Expired service token');
$class->logger->debug("VH: $vhost with ServiceTokenTTL: $ttl");
$class->logger->debug("TokenTime: $t / Time: $now");
return 0;
}
# Send service headers if exist
if (%serviceHeaders) {
$class->logger->debug("Append service header(s)...");
$class->set_header_out( $req, %serviceHeaders );
......
package Lemonldap::NG::Handler::Main::Reload;
our $VERSION = '2.0.6';
our $VERSION = '2.0.7';
package Lemonldap::NG::Handler::Main;
......@@ -231,6 +231,8 @@ sub defaultValuesInit {
$conf->{vhostOptions}->{$vhost}->{vhostType};
$class->tsv->{authnLevel}->{$vhost} =
$conf->{vhostOptions}->{$vhost}->{vhostAuthnLevel};
$class->tsv->{serviceTokenTTL}->{$vhost} =
$conf->{vhostOptions}->{$vhost}->{vhostServiceTokenTTL};
}
}
return 1;
......
......@@ -166,7 +166,7 @@ ok( @headers == 0, 'NONE service header found' )
or print STDERR Data::Dumper::Dumper( $res->[1] );
count(1);
$token = $crypt->encrypt( join ':', time, $sessionId, '' );
$token = $crypt->encrypt( join ':', time, $sessionId );
ok(
$res = $client->_get(
'/', undef, 'test2.example.com', undef,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment