Commit aa2fa220 authored by Xavier Guimard's avatar Xavier Guimard

Add regexp capture feature in rules (#321)

parent 6453a04a
Pipeline #6791 failed with stages
in 19 minutes and 22 seconds
......@@ -572,9 +572,10 @@ sub substitute {
$expr =~ s/\$ip\b/\$ENV{REMOTE_ADDR}/sg;
# substitute vars with session data, excepts special vars $_ and $\d+
$expr =~ s/\$(?!(?:ENV|env)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg;
$expr =~ s/\$(?!(?:ENV|env|_rulematch)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg;
$expr =~ s/\$ENV\{/\$r->{env}->\{/g;
$expr =~ s/\$env->\{/\$r->{env}->\{/g;
$expr =~ s/\$_rulematch\[/\$m->\[/g;
return $expr;
}
......@@ -582,7 +583,7 @@ sub substitute {
sub buildSub {
my ( $class, $val ) = @_;
my $res =
$class->tsv->{jail}->jail_reval("sub{my (\$r,\$s)=\@_;return($val)}");
$class->tsv->{jail}->jail_reval("sub{my (\$r,\$s,\$m)=\@_;return($val)}");
unless ($res) {
$class->logger->error( $class->tsv->{jail}->error );
}
......
......@@ -284,11 +284,12 @@ sub grant {
)
{
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
my $match = [ undef, @{^CAPTURE} ] || [];
$class->logger->debug( 'Regexp "'
. $class->tsv->{locationConditionText}->{$vhost}->[$i]
. '" match' );
return $class->tsv->{locationCondition}->{$vhost}->[$i]
->( $req, $session );
->( $req, $session, $match );
}
}
unless ( $class->tsv->{defaultCondition}->{$vhost} ) {
......@@ -298,7 +299,7 @@ sub grant {
return 0;
}
$class->logger->debug("$vhost: Apply default rule");
return $class->tsv->{defaultCondition}->{$vhost}->( $req, $session );
return $class->tsv->{defaultCondition}->{$vhost}->( $req, $session, [] );
}
## @rmethod protected int forbidden(string uri)
......
......@@ -37,6 +37,12 @@ ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
count(2);
ok( $res = $client->_get( '/user_dwho/', undef, undef, "lemonldap=$sessionId" ),
'Regexp query' );
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
count(2);
# Denied query
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
'Denied query' );
......@@ -44,6 +50,12 @@ ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
ok( $res = $client->_get( '/user_rtyler/', undef, undef, "lemonldap=$sessionId" ),
'Regexp deny query' );
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res, 403 );
count(2);
# Bad cookie
ok(
$res = $client->_get(
......
......@@ -43,6 +43,7 @@
"test1.example.com": {
"^/logout": "logout_sso",
"^/deny": "deny",
"^/user_(\\w+)/": "$uid eq $_rulematch[1]",
"default": "accept"
},
"test2.example.com": {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment