Commit a2ac16bf authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

WIP - Append conf. parameters (#1664)

parent 6f69d263
...@@ -64,31 +64,35 @@ sub defaultValues { ...@@ -64,31 +64,35 @@ sub defaultValues {
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
}, },
'gpgDb' => '', 'gpgDb' => '',
'groups' => {}, 'groups' => {},
'handlerInternalCache' => 15, 'handlerInternalCache' => 15,
'hiddenAttributes' => '_password', 'hiddenAttributes' => '_password',
'httpOnly' => 1, 'httpOnly' => 1,
'https' => -1, 'https' => -1,
'idSpoofing' => 1, 'idSpoofing' => 1,
'infoFormMethod' => 'get', 'idSpoofingHiddenAttributes' => '_2fDevices _loginHistory',
'issuerDBCASPath' => '^/cas/', 'idSpoofingPrefix' => 'real_',
'issuerDBCASRule' => 1, 'idSpoofingRule' => 1,
'issuerDBGetParameters' => {}, 'idSpoofingSkipEmptyValues' => 1,
'issuerDBGetPath' => '^/get/', 'infoFormMethod' => 'get',
'issuerDBGetRule' => 1, 'issuerDBCASPath' => '^/cas/',
'issuerDBOpenIDConnectPath' => '^/oauth2/', 'issuerDBCASRule' => 1,
'issuerDBOpenIDConnectRule' => 1, 'issuerDBGetParameters' => {},
'issuerDBOpenIDPath' => '^/openidserver/', 'issuerDBGetPath' => '^/get/',
'issuerDBOpenIDRule' => 1, 'issuerDBGetRule' => 1,
'issuerDBSAMLPath' => '^/saml/', 'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBSAMLRule' => 1, 'issuerDBOpenIDConnectRule' => 1,
'jsRedirect' => 0, 'issuerDBOpenIDPath' => '^/openidserver/',
'krbAuthnLevel' => 3, 'issuerDBOpenIDRule' => 1,
'krbRemoveDomain' => 1, 'issuerDBSAMLPath' => '^/saml/',
'ldapAuthnLevel' => 2, 'issuerDBSAMLRule' => 1,
'ldapBase' => 'dc=example,dc=com', 'jsRedirect' => 0,
'ldapExportedVars' => { 'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'cn' => 'cn', 'cn' => 'cn',
'mail' => 'mail', 'mail' => 'mail',
'uid' => 'uid' 'uid' => 'uid'
......
...@@ -1199,6 +1199,22 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][ ...@@ -1199,6 +1199,22 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
'default' => 1, 'default' => 1,
'type' => 'bool' 'type' => 'bool'
}, },
'idSpoofingHiddenAttributes' => {
'default' => '_2fDevices _loginHistory',
'type' => 'text'
},
'idSpoofingPrefix' => {
'default' => 'real_',
'type' => 'text'
},
'idSpoofingRule' => {
'default' => 1,
'type' => 'boolOrExpr'
},
'idSpoofingSkipEmptyValues' => {
'default' => 1,
'type' => 'bool'
},
'infoFormMethod' => { 'infoFormMethod' => {
'default' => 'get', 'default' => 'get',
'select' => [ { 'select' => [ {
......
...@@ -443,10 +443,32 @@ sub attributes { ...@@ -443,10 +443,32 @@ sub attributes {
idSpoofing => { idSpoofing => {
default => 1, default => 1,
type => 'bool', type => 'bool',
documentation => 'Enable Id Spoofing plugin', documentation => 'Enable IdSpoofing plugin',
flags => 'p',
},
idSpoofingPrefix => {
type => 'text',
default => 'real_',
documentation => 'Prefix to rename real session attributes',
flags => 'p',
},
idSpoofingRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'IdSpoofing activation rule',
},
idSpoofingHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory',
documentation => 'Attributes to skip',
flags => 'p',
},
idSpoofingSkipEmptyValues => {
default => 1,
type => 'bool',
documentation => 'Skip session empty values',
flags => 'p', flags => 'p',
}, },
skipRenewConfirmation => { skipRenewConfirmation => {
type => 'bool', type => 'bool',
default => 0, default => 0,
......
...@@ -12,6 +12,11 @@ extends 'Lemonldap::NG::Portal::Main::Plugin'; ...@@ -12,6 +12,11 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
use constant endAuth => 'run'; use constant endAuth => 'run';
sub hAttr {
$_[0]->{conf}->{idSpoofingHiddenAttributes} . ' '
. $_[0]->{conf}->{hiddenAttributes};
}
sub init {1} sub init {1}
# RUNNING METHOD # RUNNING METHOD
...@@ -24,31 +29,36 @@ sub run { ...@@ -24,31 +29,36 @@ sub run {
my ( $realSession, $spoofSession ) = ( {}, {} ); my ( $realSession, $spoofSession ) = ( {}, {} );
my $spk = ''; my $spk = '';
foreach my $k ( keys %{ $req->{sessionInfo} } ) { foreach my $k ( keys %{ $req->{sessionInfo} } ) {
if ( $self->{conf}->{idSpoofingSkipEmptyValues} ) {
# next unless defined $req->{sessionInfo}->{$k}; next unless defined $req->{sessionInfo}->{$k};
$spk = "real_$k"; }
$realSession->{$spk} = $req->{sessionInfo}->{$k}; $spk = "$self->{conf}->{idSpoofingPrefix}$k";
$self->logger->debug("-> Store $k in realSession key: $spk"); unless ( $self->hAttr =~ /\b$k\b/ ) {
$realSession->{$spk} = $req->{sessionInfo}->{$k};
$self->logger->debug("-> Store $k in realSession key: $spk");
}
} }
$self->logger->debug( "**** req before " . Data::Dumper::Dumper($req) ); $self->logger->debug( "**** req before " . Data::Dumper::Dumper($req) );
$self->logger->debug( "+++++ realSession " . Data::Dumper::Dumper($realSession) ); $self->logger->debug(
"+++++ realSession " . Data::Dumper::Dumper($realSession) );
$req->{user} = $spoofId; $req->{user} = $spoofId;
$spoofSession = $self->_userDatas($req); $spoofSession = $self->_userDatas($req);
$self->logger->debug( "+++++ spoofSession " . Data::Dumper::Dumper($spoofSession) ); $self->logger->debug(
"+++++ spoofSession " . Data::Dumper::Dumper($spoofSession) );
$self->logger->debug( "**** req after " . Data::Dumper::Dumper($req) ); $self->logger->debug( "**** req after " . Data::Dumper::Dumper($req) );
$spoofSession = { %$spoofSession, %$realSession };
$spoofSession = { %$spoofSession, %$realSession }; $self->logger->debug( "!!!!!!!!!!!!!!!!!! spoofSession "
. Data::Dumper::Dumper($spoofSession) );
$self->logger->debug( "!!!!!!!!!!!!!!!!!! spoofSession " . Data::Dumper::Dumper($spoofSession) );
# Main session
$self->p->updateSession( $req, $spoofSession ); $self->p->updateSession( $req, $spoofSession );
return PE_OK; #$self->p->updatePersistentSession( $req, $spoofSession ); #?????
# Main session return PE_OK;
#$self->p->updateSession( $req, $spoofSession );
} }
sub _userDatas { sub _userDatas {
...@@ -57,9 +67,11 @@ sub _userDatas { ...@@ -57,9 +67,11 @@ sub _userDatas {
# Search user in database # Search user in database
$req->steps( $req->steps(
[ 'getUser', 'setSessionInfo', [ 'getUser', 'setSessionInfo',
'setMacros', 'setGroups', 'setMacros', 'setGroups',
'setPersistentSessionInfo', 'setLocalGroups'
#'setPersistentSessionInfo', 'setLocalGroups'
'setLocalGroups'
] ]
); );
if ( my $error = $self->p->process($req) ) { if ( my $error = $self->p->process($req) ) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment