Commit 3bb7f6e6 authored by Christophe Maudoux's avatar Christophe Maudoux

WIP - Create session (#1664)

parent 285b1f81
......@@ -70,6 +70,7 @@ sub defaultValues {
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'idSpoofing' => 1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
......
......@@ -1195,6 +1195,10 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
'default' => -1,
'type' => 'trool'
},
'idSpoofing' => {
'default' => 1,
'type' => 'bool'
},
'infoFormMethod' => {
'default' => 'get',
'select' => [ {
......
......@@ -416,6 +416,37 @@ sub attributes {
type => 'text',
documentation => 'Secret token for CheckState plugin',
},
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory hGroups',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
idSpoofing => {
default => 1,
type => 'bool',
documentation => 'Enable Id Spoofing plugin',
flags => 'p',
},
skipRenewConfirmation => {
type => 'bool',
default => 0,
......@@ -578,30 +609,6 @@ sub attributes {
documentation => 'Enable Cross Domain Authentication',
flags => 'hp',
},
checkUser => {
default => 0,
type => 'bool',
documentation => 'Enable check user',
flags => 'p',
},
checkUserHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory hGroups',
documentation => 'Attributes to hide in CheckUser plugin',
flags => 'p',
},
checkUserDisplayPersistentInfo => {
default => 0,
type => 'bool',
documentation => 'Display persistent session info',
flags => 'p',
},
checkUserDisplayEmptyValues => {
default => 0,
type => 'bool',
documentation => 'Display session empty values',
flags => 'p',
},
checkXSS => {
default => 1,
type => 'bool',
......
......@@ -26,6 +26,7 @@ our @pList = (
checkState => '::Plugins::CheckState',
portalForceAuthn => '::Plugins::ForceAuthn',
checkUser => '::Plugins::CheckUser',
idSpoofing => '::Plugins::IdSpoofing',
);
##@method list enabledPlugins
......
package Lemonldap::NG::Portal::Plugins::IdSpoofing;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw( PE_OK PE_BADCREDENTIALS );
our $VERSION = '2.0.3';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
use constant endAuth => 'run';
sub init {1}
# RUNNING METHOD
sub run {
my ( $self, $req ) = @_;
my $spoofId = $req->param('spoofId') || 'rtyler';
# Fill spoof session
my ( $realSession, $spoofSession ) = ( {}, {} );
my $spk = '';
foreach my $k ( keys %{ $req->{sessionInfo} } ) {
# next unless defined $req->{sessionInfo}->{$k};
$spk = "real_$k";
$realSession->{$spk} = $req->{sessionInfo}->{$k};
$self->logger->debug("-> Store $k in realSession key: $spk");
}
$self->logger->debug( "**** req before " . Data::Dumper::Dumper($req) );
$self->logger->debug( "+++++ realSession " . Data::Dumper::Dumper($realSession) );
$req->{user} = $spoofId;
$spoofSession = $self->_userDatas($req);
$self->logger->debug( "+++++ spoofSession " . Data::Dumper::Dumper($spoofSession) );
$self->logger->debug( "**** req after " . Data::Dumper::Dumper($req) );
$spoofSession = { %$spoofSession, %$realSession };
$self->logger->debug( "!!!!!!!!!!!!!!!!!! spoofSession " . Data::Dumper::Dumper($spoofSession) );
$self->p->updateSession( $req, $spoofSession );
return PE_OK;
# Main session
#$self->p->updateSession( $req, $spoofSession );
}
sub _userDatas {
my ( $self, $req ) = @_;
$req->{sessionInfo} = {};
# Search user in database
$req->steps(
[ 'getUser', 'setSessionInfo',
'setMacros', 'setGroups',
'setPersistentSessionInfo', 'setLocalGroups'
]
);
if ( my $error = $self->p->process($req) ) {
if ( $error == PE_BADCREDENTIALS ) {
$self->userLogger->warn(
'IdSpoofing requested for an unvalid user ('
. $req->{user}
. ")" );
}
$self->logger->debug("Process returned error: $error");
return $req->error($error);
}
return $req->{sessionInfo};
}
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment