...
 
Commits (12)
......@@ -86,7 +86,7 @@
"authentication" : "Demo",
"cfgAuthor" : "The LemonLDAP::NG team",
"cfgNum" : 1,
"cfgVersion" : "2.0.3",
"cfgVersion" : "2.0.6",
"cookieName" : "lemonldap",
"demoExportedVars" : {
"cn" : "cn",
......
......@@ -24,7 +24,7 @@ use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|ingle(?:Session(?:UserByIP)?|(?:UserBy)?IP)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|RPMetaDataOptions(?:LogoutSessionRequired|BypassConsent|RequirePKCE|Public)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:User(?:Display(?:PersistentInfo|EmptyValues))?|State|XSS)|o(?:ntextSwitchingStopWithLogout|rsEnabled)|da)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?)?|y(?:Deleted|Other))|AjaxHook)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|d(?:isablePersistentStorage|biDynamicHashEnabled|ontCompactConf)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|rest(?:(?:Session|Config)Server|ExportSecretKeys)|br(?:owsersDontStorePassword|uteForceProtection)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
......
......@@ -54,7 +54,7 @@ our $authParameters = {
radiusParams => [qw(radiusAuthnLevel radiusSecret radiusServer)],
remoteParams => [qw(remotePortal remoteCookieName remoteGlobalStorage remoteGlobalStorageOptions)],
restParams => [qw(restAuthnLevel restAuthUrl restUserDBUrl restPwdConfirmUrl restPwdModifyUrl)],
slaveParams => [qw(slaveAuthnLevel slaveExportedVars slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent)],
slaveParams => [qw(slaveAuthnLevel slaveUserHeader slaveMasterIP slaveHeaderName slaveHeaderContent slaveDisplayLogo slaveExportedVars)],
sslParams => [qw(SSLAuthnLevel SSLVar SSLVarIf sslByAjax sslHost)],
twitterParams => [qw(twitterAuthnLevel twitterKey twitterSecret twitterAppName twitterUserField)],
webidParams => [qw(webIDAuthnLevel webIDExportedVars webIDWhitelist)],
......
......@@ -22,14 +22,12 @@ BEGIN {
}
has customFunctions => ( is => 'rw', isa => 'Maybe[Str]' );
has useSafeJail => ( is => 'rw', isa => 'Maybe[Int]' );
has jail => ( is => 'rw' );
has error => ( is => 'rw' );
has useSafeJail => ( is => 'rw', isa => 'Maybe[Int]' );
has jail => ( is => 'rw' );
has error => ( is => 'rw' );
our $VERSION = '2.0.0';
our $VERSION = '2.0.6';
our @builtCustomFunctions;
## @imethod protected build_jail()
# Build and return the security jail used to compile rules and headers.
......@@ -59,9 +57,9 @@ sub build_jail {
}
}
my @t =
@builtCustomFunctions =
$self->customFunctions ? split( /\s+/, $self->customFunctions ) : ();
foreach (@t) {
foreach (@builtCustomFunctions) {
no warnings 'redefine';
$api->logger->debug("Custom function : $_");
my $sub = $_;
......@@ -90,7 +88,7 @@ sub build_jail {
$self->jail->share_from( 'Lemonldap::NG::Common::Safelib',
$Lemonldap::NG::Common::Safelib::functions );
$self->jail->share_from( __PACKAGE__, [ @t, '&encrypt', '&token' ] );
$self->jail->share_from( __PACKAGE__, [ @builtCustomFunctions, '&encrypt', '&token' ] );
$self->jail->share_from( 'MIME::Base64', ['&encode_base64'] );
#$self->jail->share_from( 'Lemonldap::NG::Handler::Main', ['$_v'] );
......
......@@ -7,8 +7,13 @@ sub perlExpr {
my ( $val, $conf ) = @_;
my $cpt = 'Safe'->new;
$cpt->share_from( 'MIME::Base64', ['&encode_base64'] );
$cpt->share_from( 'Lemonldap::NG::Handler::Main::Jail',
[ '&encrypt', '&token' ] );
$cpt->share_from(
'Lemonldap::NG::Handler::Main::Jail',
[
'&encrypt', '&token',
@Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions
]
);
$cpt->share_from( 'Lemonldap::NG::Common::Safelib',
$Lemonldap::NG::Common::Safelib::functions );
$cpt->reval("BEGIN { 'warnings'->unimport; } $val");
......@@ -3396,6 +3401,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 2,
'type' => 'int'
},
'slaveDisplayLogo' => {
'default' => 0,
'type' => 'bool'
},
'slaveExportedVars' => {
'default' => {},
'keyMsgFail' => '__badVariableName__',
......
......@@ -14,8 +14,13 @@ sub perlExpr {
my ( $val, $conf ) = @_;
my $cpt = new Safe;
$cpt->share_from( 'MIME::Base64', ['&encode_base64'] );
$cpt->share_from( 'Lemonldap::NG::Handler::Main::Jail',
[ '&encrypt', '&token' ] );
$cpt->share_from(
'Lemonldap::NG::Handler::Main::Jail',
[
'&encrypt', '&token',
@Lemonldap::NG::Handler::Main::Jail::builtCustomFunctions
]
);
$cpt->share_from( 'Lemonldap::NG::Common::Safelib',
$Lemonldap::NG::Common::Safelib::functions );
$cpt->reval("BEGIN { 'warnings'->unimport; } $val");
......@@ -3330,6 +3335,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
},
slaveHeaderName => { type => 'text', },
slaveHeaderContent => { type => 'text', },
slaveDisplayLogo => {
type => 'bool',
default => 0,
documentation => 'Display Slave authentication logo',
},
# Choice
authChoiceParam => {
......
......@@ -386,9 +386,10 @@ sub tree {
title => 'slaveParams',
help => 'authslave.html',
nodes => [
'slaveAuthnLevel', 'slaveExportedVars',
'slaveUserHeader', 'slaveMasterIP',
'slaveHeaderName', 'slaveHeaderContent'
'slaveAuthnLevel', 'slaveUserHeader',
'slaveMasterIP', 'slaveHeaderName',
'slaveHeaderContent', 'slaveDisplayLogo',
'slaveExportedVars',
]
},
{
......
......@@ -788,6 +788,7 @@
"singleSessionUserByIP":"جلسة واحدة بواسطة عنوان الآي بي",
"skipRenewConfirmation":"Skip re-auth confirmation",
"slaveAuthnLevel":"مستوى إثبات الهوية",
"slaveDisplayLogo":"Display authentication logo",
"slaveExportedVars":"المتغيرات المصدرة",
"slaveMasterIP":"عنوان آي بي الماستر",
"slaveParams":"معاييرالتابع",
......
......@@ -788,6 +788,7 @@
"singleSessionUserByIP":"One session by IP address",
"skipRenewConfirmation":"Skip re-auth confirmation",
"slaveAuthnLevel":"Authentication level",
"slaveDisplayLogo":"Display authentication logo",
"slaveExportedVars":"Exported variables",
"slaveMasterIP":"Master's IP address",
"slaveParams":"Slave parameters",
......
......@@ -788,6 +788,7 @@
"singleSessionUserByIP":"One session by IP address",
"skipRenewConfirmation":"Skip re-auth confirmation",
"slaveAuthnLevel":"Authentication level",
"slaveDisplayLogo":"Display authentication logo",
"slaveExportedVars":"Exported variables",
"slaveMasterIP":"Master's IP address",
"slaveParams":"Slave parameters",
......
......@@ -788,6 +788,7 @@
"singleSessionUserByIP":"Une seule session par IP",
"skipRenewConfirmation":"Éviter la confirmation de ré-authentification",
"slaveAuthnLevel":"Niveau d'authentification",
"slaveDisplayLogo":"Afficher le logo d'authentification",
"slaveExportedVars":"Variables exportées",
"slaveMasterIP":"IP accréditées",
"slaveParams":"Paramètres Slave",
......
......@@ -788,6 +788,7 @@
"singleSessionUserByIP":"Una sessione per indirizzo IP",
"skipRenewConfirmation":"Salta la conferma di re-auth",
"slaveAuthnLevel":"Livello di autenticazione",
"slaveDisplayLogo":"Display authentication logo",
"slaveExportedVars":"Variabili esportate",
"slaveMasterIP":"Indirizzo IP del master",
"slaveParams":"Parametri di slave",
......
......@@ -788,6 +788,7 @@
"singleSessionUserByIP":"Một phiên theo địa chỉ IP",
"skipRenewConfirmation":"Skip re-auth confirmation",
"slaveAuthnLevel":"Mức xác thực",
"slaveDisplayLogo":"Display authentication logo",
"slaveExportedVars":"Biến đã được xuất",
"slaveMasterIP":"Địa chỉ IP của Master",
"slaveParams":"Tham số Slave",
......
......@@ -788,6 +788,7 @@
"singleSessionUserByIP":"One session by IP address",
"skipRenewConfirmation":"Skip re-auth confirmation",
"slaveAuthnLevel":"认证等级",
"slaveDisplayLogo":"Display authentication logo",
"slaveExportedVars":"Exported variables",
"slaveMasterIP":"Master's IP address",
"slaveParams":"Slave parameters",
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -453,7 +453,8 @@ t/22-Auth-and-password-AD.t
t/23-Auth-and-password-REST.t
t/24-AuthApache.t
t/24-AuthKerberos.t
t/25-AuthSlave.t
t/25-AuthSlave-with-Choice.t
t/25-AuthSlave-with-Credentials.t
t/26-AuthRemote.t
t/27-AuthProxy.t
t/28-AuthChoice-and-password.t
......
......@@ -12,7 +12,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SENDRESPONSE
);
our $VERSION = '2.0.4';
our $VERSION = '2.0.6';
extends 'Lemonldap::NG::Portal::Main::Auth', 'Lemonldap::NG::Portal::Lib::CAS';
......@@ -83,6 +83,9 @@ sub extractFormInfo {
# Local URL
my $local_url = $self->p->fullUrl($req);
# Remove cancel parameter
$local_url =~ s/cancel=1&?//;
# Catch proxy callback
if ( $req->param('casProxy') ) {
$self->logger->debug("CAS: Proxy callback detected");
......
......@@ -23,6 +23,11 @@ sub extractFormInfo {
return PE_FORBIDDENIP
unless ( $self->checkIP($req) and $self->checkHeader($req) );
unless ( $self->conf->{slaveUserHeader} ) {
$self->logger->debug('slaveUserHeader is undefined');
return PE_USERNOTFOUND;
}
my $user_header = $self->conf->{slaveUserHeader};
$user_header = 'HTTP_' . uc($user_header);
$user_header =~ s/\-/_/g;
......@@ -47,7 +52,8 @@ sub setAuthSessionInfo {
}
sub getDisplayType {
return "logo";
my ($self) = @_;
return ( $self->{conf}->{slaveDisplayLogo} ? "logo" : "_none_" );
}
sub authLogout {
......
......@@ -10,7 +10,7 @@ use base qw(Exporter);
use strict;
our @EXPORT = qw(checkIP checkHeader);
our $VERSION = '2.0.0';
our $VERSION = '2.0.6';
# RUNNING METHODS
......@@ -34,8 +34,15 @@ sub checkHeader {
return 1
unless ( $self->conf->{slaveHeaderName}
and $self->conf->{slaveHeaderContent} );
my $headerContent = $req->{ $self->conf->{slaveHeaderName} };
return 1 if ( $self->conf->{slaveHeaderContent} =~ /\b$headerContent\b/ );
my $slave_header = 'HTTP_' . uc( $self->{conf}->{slaveHeaderName} );
$slave_header =~ s/\-/_/g;
my $headerContent = $req->env->{$slave_header};
$self->logger->debug("Required Slave header => $self->{conf}->{slaveHeaderName}");
$self->logger->debug("Received Slave header content => $headerContent");
return 1
if ( $headerContent
and $self->conf->{slaveHeaderContent} =~ /\b$headerContent\b/ );
$self->userLogger->warn('Matching header not found for Slave module ');
return 0;
......
......@@ -263,7 +263,12 @@ sub do {
{
result => 1,
error => $err,
id => $req->id
id => $req->id,
(
$req->sessionInfo->{_httpSession}
? ( id_http => $req->sessionInfo->{_httpSession} )
: ()
)
}
);
}
......@@ -1004,7 +1009,7 @@ sub registerLogin {
}
my $history = $req->sessionInfo->{_loginHistory} ||= {};
my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
$history->{$type} ||= [];
$self->logger->debug("Current login saved into $type");
......
......@@ -223,7 +223,8 @@ setCookie = (name, value, exdays) ->
# Initialization
datas = {}
$(document).ready ->
#$(document).ready ->
$(window).on 'load', () ->
# Get application/init variables
datas = getValues()
# Export datas for other scripts
......
// Generated by CoffeeScript 1.12.8
// Generated by CoffeeScript 1.12.7
/*
LemonLDAP::NG Portal jQuery scripts
......@@ -222,7 +222,7 @@ LemonLDAP::NG Portal jQuery scripts
datas = {};
$(document).ready(function() {
$(window).on('load', function() {
var action, al, authMenuTabs, back_url, i, l, lang, langdiv, langs, langs2, len, len1, len2, len3, link, m, menuIndex, menuTabs, method, n, nl, nlangs, re, ref, ref1, ref2;
datas = getValues();
window.datas = datas;
......
use Test::More;
use strict;
use JSON;
use Lemonldap::NG::Portal::Main::Constants qw(PE_FIRSTACCESS);
require 't/test-lib.pm';
my $res;
my $json;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,
authentication => 'Slave',
authentication => 'Choice',
userDB => 'Same',
passwordDB => 'Choice',
authChoiceModules => {
'1_Demo' => 'Demo;Demo;Null',
'2_Slave' => 'Slave;Demo;Null',
},
slaveUserHeader => 'My-Test',
slaveExportedVars => {
name => 'Name',
......@@ -19,15 +26,45 @@ my $client = LLNG::Manager::Test->new( {
}
);
# Good credentials with bad module
ok(
$res = $client->_get(
'/',
query => 'lmAuth=1_Slave',
ip => '127.0.0.1',
custom => {
HTTP_MY_TEST => 'dwho',
HTTP_NAME => 'Dr Who',
}
),
'Auth query'
);
ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{error} == PE_FIRSTACCESS, 'Response is PE_FIRSTACCESS' )
or explain( $json, "error => 9" );
count(4);
# Good credentials with right module
ok(
$res = $client->_get(
'/', custom => { HTTP_MY_TEST => 'dwho', HTTP_NAME => 'Dr Who' }
'/',
query => 'lmAuth=2_Slave',
ip => '127.0.0.2',
custom => {
HTTP_MY_TEST => 'dwho',
HTTP_NAME => 'Dr Who',
}
),
'Auth query'
);
count(1);
expectOK($res);
my $id = expectCookie($res);
clean_sessions();
expectCookie($res);
clean_sessions();
done_testing( count() );
use Test::More;
use strict;
use JSON;
use Lemonldap::NG::Portal::Main::Constants qw(PE_FORBIDDENIP PE_USERNOTFOUND);
require 't/test-lib.pm';
my $res;
my $json;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,
securedCookie => 3,
authentication => 'Slave',
userDB => 'Same',
slaveUserHeader => 'My-Test',
slaveHeaderName => 'Check-Slave',
slaveHeaderContent => 'Password',
slaveMasterIP => '127.0.0.1',
slaveExportedVars => {
name => 'Name',
}
}
}
);
# Bad password
ok(
$res = $client->_get(
'/',
ip => '127.0.0.1',
custom => {
HTTP_MY_TEST => 'dwho',
HTTP_NAME => 'Dr Who',
HTTP_CHECK_SLAVE => 'Passwor',
}
),
'Auth query'
);
ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{error} == PE_FORBIDDENIP, 'Response is PE_FORBIDDENIP' )
or explain( $json, "error => 75" );
count(4);
# Good credentials with forbidden IP
ok(
$res = $client->_get(
'/',
ip => '127.0.0.2',
custom => {
HTTP_MY_TEST => 'dwho',
HTTP_NAME => 'Dr Who',
HTTP_CHECK_SLAVE => 'Password',
}
),
'Auth query'
);
ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{error} == PE_FORBIDDENIP, 'Response is PE_FORBIDDENIP' )
or explain( $json, "error => 75" );
count(4);
# Good credentials without slaveUserHeader
ok(
$res = $client->_get(
'/',
ip => '127.0.0.1',
custom => {
HTTP_MY_TES => 'dwho',
HTTP_NAME => 'Dr Who',
HTTP_CHECK_SLAVE => 'Password',
}
),
'Auth query'
);
ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{error} == PE_USERNOTFOUND, 'Response is PE_USERNOTFOUND' )
or explain( $json, "error => 4" );
count(4);
# Good credentials with acredited IP
ok(
$res = $client->_get(
'/',
ip => '127.0.0.1',
custom => {
HTTP_MY_TEST => 'dwho',
HTTP_NAME => 'Dr Who',
HTTP_CHECK_SLAVE => 'Password',
}
),
'Auth query'
);
count(1);
expectOK($res);
my $id = expectCookie($res);
my $id_http = expectCookie( $res, 'lemonldaphttp' );
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{id} eq "$id", 'Session id found' )
or explain( $json, "id => session_id" );
ok( $json->{id_http} eq "$id_http", 'httpSession id found' )
or explain( $json, "id_http => http_session_id" );
count(3);
clean_sessions();
done_testing( count() );