...
 
Commits (5)
......@@ -165,6 +165,8 @@ sub storeEnv {
$self->checkMessage( $req, $req->uri, $req->method, $req->content_type );
return PE_OK if ( $artifact or !$request );
my $login = $self->createLogin( $self->lassoServer );
$self->disableSignatureVerification($login);
$self->processAuthnRequestMsg( $login, $request );
if ( my $sp = $login->remote_providerID() ) {
$req->env->{llng_saml_sp} = $sp;
if ( my $spConfKey = $self->spList->{$sp}->{confKey} ) {
......
......@@ -2385,6 +2385,18 @@ sub samldate2timestamp {
sub sendLogoutResponseToServiceProvider {
my ( $self, $req, $logout, $method ) = @_;
my $httpmethod = $self->getFirstHttpMethod(
$self->lassoServer,
$logout->remote_providerID,
Lasso::Constants::MD_PROTOCOL_TYPE_SINGLE_LOGOUT
);
if ( $httpmethod == Lasso::Constants::HTTP_METHOD_NONE ) {
$self->logger->warn( "Provider "
. $logout->remote_providerID
. " has no SingleLogoutService in metadata, staying on portal" );
return $self->p->do( $req, [] );
}
# Logout response
unless ( $self->buildLogoutResponseMsg($logout) ) {
return $self->p->sendError( $req, "Unable to build SLO response", 500 );
......
......@@ -226,16 +226,47 @@ sub check {
sub display {
my ( $self, $req ) = @_;
my ( $attrs, $array_attrs ) = ( {}, [] );
$self->userLogger->notice("Retrieve session from Sessions database");
$self->userLogger->warn("Using spoofed SSO groups if exist!!!")
if ( $self->conf->{impersonationRule} );
$attrs = $req->userData;
# Create an array of hashes for template loop
$self->logger->debug("Delete hidden or empty attributes");
if ( $self->conf->{checkUserDisplayEmptyValues} ) {
foreach my $k ( sort keys %$attrs ) {
# Ignore hidden attributes
push @$array_attrs, { key => $k, value => $attrs->{$k} }
unless ( $self->hAttr =~ /\b$k\b/ );
}
}
else {
foreach my $k ( sort keys %$attrs ) {
# Ignore hidden attributes and empty values
push @$array_attrs, { key => $k, value => $attrs->{$k} }
unless ( $self->hAttr =~ /\b$k\b/ or !$attrs->{$k} );
}
}
# ARRAY_REF = [ A_REF GROUPS, A_REF MACROS, A_REF OTHERS ]
$array_attrs = $self->_splitAttributes($array_attrs);
# Display form
my $params = {
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => 'checkUser',
ALERTE => 'alert-info',
LOGIN => '',
TOKEN => (
PORTAL => $self->conf->{portal},
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => 'checkUser',
ALERTE => 'alert-info',
LOGIN => $req->{userData}->{uid},
ATTRIBUTES => $array_attrs->[2],
MACROS => $array_attrs->[1],
GROUPS => $array_attrs->[0],
TOKEN => (
$self->conf->{requireToken}
? $self->ott->createToken( $req->userData )
: ''
......
......@@ -74,6 +74,7 @@ expectRedirection( $res, 'http://auth.example.com/' );
# CheckUser form -> granted
# ------------------------
ok(
$res = $client->_get(
'/checkuser',
......@@ -91,7 +92,15 @@ ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
count(1);
$query =~ s/user=/user=rtyler/;
ok( $res->[2]->[0] =~ m%<td class="text-left">_user</td>%,
'Found attribute _user' )
or explain( $res->[2]->[0], 'Attribute _user' );
ok( $res->[2]->[0] =~ m%<td class="text-left">dwho</td>%,
'Found value dwho' )
or explain( $res->[2]->[0], 'Value dwho' );
count(2);
$query =~ s/user=dwho/user=rtyler/;
$query =~ s/url=/url=http%3A%2F%2Ftry.example.com/;
ok(
$res = $client->_post(
......