Commit b83ca9d9 authored by FX Deltombe's avatar FX Deltombe

pass $apacheRequest object to functions in parameters

instead of as a global var (#630)

parent 003a36af
......@@ -11,7 +11,7 @@ server {
location / {
auth_request /auth;
error_page 403 @maybe302;
#proxy_pass http://target.example.com/;
proxy_pass http://target.example.com/;
}
set $redirectURL "";
location @maybe302 {
......@@ -22,6 +22,7 @@ server {
}
location = /auth {
perl Lemonldap::NG::Handler::run;
more_set_input_headers "Toto: tata";
}
# DocumentRoot
......
......@@ -273,7 +273,7 @@ sub vhostAvailable {
sub grant {
my ( $self, $uri, $vhost ) = splice @_;
$vhost ||= $ENV{SERVER_NAME};
$apacheRequest = Lemonldap::NG::Apache::Request->new(
my $apacheRequest = Lemonldap::NG::Apache::Request->new(
{
uri => $uri,
hostname => $vhost,
......
......@@ -330,8 +330,9 @@ sub postUrlInit {
# Register POST form for POST URL
$transform->{$alias}->{$url} = sub {
my $apacheRequest = shift;
Lemonldap::NG::Handler::Main::PostForm->buildPostForm(
$d->{postUrl} );
$apacheRequest, $d->{postUrl} );
}
if ( $url ne $d->{postUrl} );
......@@ -364,7 +365,7 @@ sub postUrlInit {
my $apacheRequest = shift;
return
Lemonldap::NG::Handler::Main::PostForm->buildPostForm(
$d->{postUrl} )
$apacheRequest, $d->{postUrl} )
if ( $apacheRequest->method ne 'POST' );
$apacheRequest->add_input_filter(
sub {
......@@ -460,9 +461,10 @@ sub conditionSub {
$mainClass->localUnlog;
$apacheRequest->add_output_filter(
sub {
my $apacheRequest = shift->r;
return $mainClass->redirectFilter(
$self->portal() . "?url="
. $mainClass->encodeUrl($u)
. $mainClass->encodeUrl($apacheRequest, $u)
. "&logout=1",
@_
);
......
......@@ -14,9 +14,9 @@ has useSafeJail => ( is => 'rw', isa => 'Maybe[Int]' );
has safe => ( is => 'rw' );
our $VERSION = '1.3.1';
our $VERSION = '1.4.0';
# for accessing $datas and $apacheRequest
# for accessing $datas
use Lemonldap::NG::Handler::Main ':jailSharedVars';
## @imethod protected build_safe()
......@@ -43,9 +43,10 @@ sub build_safe {
}
next if ( $self->can($_) );
eval "sub $_ {
my \$uri = \$Lemonldap::NG::Handler::Main::apacheRequest->unparsed_uri();
my \$apacheRequest = shift;
my \$uri = \$apacheRequest->unparsed_uri();
Apache2::URI::unescape_url(\$uri);
return $sub(\$uri, \@_)
return $sub(\$uri, \$apacheRequest, \@_)
}";
Lemonldap::NG::Handler::Main::Logger->lmLog( $@, 'error' ) if ($@);
}
......@@ -63,7 +64,7 @@ sub build_safe {
$Lemonldap::NG::Common::Safelib::functions );
$self->safe->share_from( 'Lemonldap::NG::Handler::Main',
[ '$datas', '$apacheRequest', '&ip', '&portal' ] );
[ '$datas', '&ip', '&portal' ] );
$self->safe->share(@t);
$self->safe->share_from( 'MIME::Base64', ['&encode_base64'] );
......
......@@ -2,13 +2,13 @@ package Lemonldap::NG::Handler::Main::PostForm;
use strict;
# For importing MP function, $tsv->{transform}, $apacheRequest,
# For importing MP function, $tsv->{transform},
# $tsv->{safe}, $tsv->{useSafeJail}, $tsv->{customFunctions}
use Lemonldap::NG::Handler::Main qw( :apache :tsv $apacheRequest );
use Lemonldap::NG::Handler::Main qw( :apache :tsv );
use Lemonldap::NG::Handler::Main::Logger;
use Lemonldap::NG::Handler::Main::Jail;
our $VERSION = '1.3.1';
our $VERSION = '1.4.0';
BEGIN {
......@@ -31,7 +31,7 @@ BEGIN {
# @param uri URI to catch
# @return Apache2::Const
sub transformUri {
my ( $class, $uri ) = splice @_;
my ( $class, $apacheRequest, $uri ) = splice @_;
my $vhost = $apacheRequest->hostname;
if ( defined( $tsv->{transform}->{$vhost}->{$uri} ) ) {
......@@ -49,9 +49,8 @@ sub transformUri {
# @param count Fake input size
# @return Apache2::Const::OK
sub buildPostForm {
my $class = shift;
my $url = shift;
my $count = shift || 1000;
my ($class, $apacheRequest, $url, $count) = @_;
$count ||= 1000;
$apacheRequest->handler("perl-script");
$apacheRequest->add_config( ["SetHandler perl-script"] );
$apacheRequest->set_handlers(
......
......@@ -6,7 +6,7 @@
# This specific handler is intended to be called directly by Apache
package Lemonldap::NG::Handler::SpecificHandlers::AuthBasic;
package Lemonldap::NG::Handler::Specific::AuthBasic;
use strict;
......@@ -44,8 +44,7 @@ BEGIN {
# @param $apacheRequest current request
# @return Apache constant
sub run ($$) {
my $class;
( $class, $apacheRequest ) = splice @_;
my ( $class, $apacheRequest ) = @_;
if ( time() - $lastReload > $reloadTime ) {
unless ( my $tmp = $class->testConf(1) == OK ) {
Lemonldap::NG::Handler::Main::Logger->lmLog(
......@@ -94,7 +93,7 @@ sub run ($$) {
Lemonldap::NG::Handler::Main::Headers->lmHeaderIn( $apacheRequest,
'X-Forwarded-For' );
$xheader .= ", " if ($xheader);
$xheader .= $class->ip();
$xheader .= $class->ip($apacheRequest);
my $soapHeaders =
HTTP::Headers->new( "X-Forwarded-For" => $xheader );
......@@ -110,7 +109,7 @@ sub run ($$) {
# Catch SOAP errors
if ( $r->fault ) {
return $class->abort( "SOAP request to the portal failed: "
return $class->abort($apacheRequest, "SOAP request to the portal failed: "
. $r->fault->{faultstring} );
}
else {
......@@ -147,9 +146,9 @@ sub run ($$) {
unless ( $apacheSession->data ) {
Lemonldap::NG::Handler::Main::Logger->lmLog(
"The cookie $session_id isn't yet available", 'info' );
$class->updateStatus( $class->ip(), $apacheRequest->uri,
'EXPIRED' );
return $class->goToPortal($uri);
$class->updateStatus( $apacheRequest, $class->ip($apacheRequest),
$apacheRequest->uri, 'EXPIRED' );
return $class->goToPortal($apacheRequest, $uri);
}
$datas->{$_} = $apacheSession->data->{$_}
......@@ -168,14 +167,15 @@ sub run ($$) {
$class->lmSetApacheUser( $apacheRequest, $datas->{ $tsv->{whatToTrace} } );
# AUTHORIZATION
return $class->forbidden($uri) unless ( $class->grant($uri) );
$class->updateStatus( $datas->{ $tsv->{whatToTrace} },
return $class->forbidden($apacheRequest, $uri)
unless ( $class->grant($apacheRequest, $uri) );
$class->updateStatus( $apacheRequest, $datas->{ $tsv->{whatToTrace} },
$apacheRequest->uri, 'OK' );
$class->logGranted( $uri, $datas );
# SECURITY
# Hide Lemonldap::NG cookie
$class->hideCookie;
$class->hideCookie($apacheRequest);
# Hide user password
Lemonldap::NG::Handler::Main::Headers->lmUnsetHeaderIn( $apacheRequest,
......
......@@ -8,7 +8,7 @@
# This specific handler is intended to be called directly by Apache
package Lemonldap::NG::Handler::SpecificHandlers::SecureToken;
package Lemonldap::NG::Handler::Specific::SecureToken;
use strict;
use Lemonldap::NG::Handler::SharedConf qw(:all);
......@@ -18,7 +18,7 @@ use Apache::Session::Generate::MD5;
use Lemonldap::NG::Handler::Main::Headers;
use Lemonldap::NG::Handler::Main::Logger;
our $VERSION = '1.1.2';
our $VERSION = '1.4.0';
# Shared variables
our (
......@@ -146,14 +146,14 @@ sub run {
}
# Exit if no connection
return $class->_returnError() unless $class->_isAlive();
return $class->_returnError($r) unless $class->_isAlive();
# Value to store
my $value = $datas->{$secureTokenAttribute};
# Set token
my $key = $class->_setToken($value);
return $class->_returnError() unless $key;
return $class->_returnError($r) unless $key;
# Header location
Lemonldap::NG::Handler::Main::Headers->lmSetHeaderIn( $r,
......@@ -276,7 +276,7 @@ sub _isAlive {
# Give hand back to Apache
# @return Apache2::Const value
sub _returnError {
my ($class) = splice @_;
my ($class, $apacheRequest) = @_;
if ($secureTokenAllowOnError) {
Lemonldap::NG::Handler::Main::Logger->lmLog(
......@@ -288,7 +288,7 @@ sub _returnError {
if ( $tsv->{useRedirectOnError} ) {
Lemonldap::NG::Handler::Main::Logger->lmLog( "Use redirect for error",
'debug' );
return $class->goToPortal( '/', 'lmError=500' );
return $class->goToPortal( $apacheRequest, '/', 'lmError=500' );
}
else {
......
......@@ -8,7 +8,7 @@
# This specific handler is intended to be called directly by Apache
package Lemonldap::NG::Handler::SpecificHandlers::SympaAutoLogin;
package Lemonldap::NG::Handler::Specific::SympaAutoLogin;
use strict;
use Lemonldap::NG::Handler::SharedConf qw(:all);
......@@ -17,7 +17,7 @@ use Digest::MD5;
use Lemonldap::NG::Handler::Main::Headers;
use Lemonldap::NG::Handler::Main::Logger;
our $VERSION = '1.1.2';
our $VERSION = '1.4.0';
# Shared variables
our ( $sympaSecret, $sympaMailKey );
......@@ -79,7 +79,7 @@ sub run {
return $ret unless ( $ret == OK );
# Fail if no sympaSecret
return $class->abort("No Sympa secret configured")
return $class->abort($r, "No Sympa secret configured")
unless ($sympaSecret);
# Mail value
......
......@@ -6,7 +6,7 @@
# This specific handler is intended to be called directly by Apache
package Lemonldap::NG::Handler::SpecificHandlers::UpdateCookie;
package Lemonldap::NG::Handler::Specific::UpdateCookie;
use strict;
use Lemonldap::NG::Handler::SharedConf qw(:all);
......@@ -26,18 +26,17 @@ our $VERSION = '1.4.0';
# @param $apacheRequest Current request
# @return Apache2::Const value (OK, FORBIDDEN, REDIRECT or SERVER_ERROR)
sub run {
my $class = shift;
$apacheRequest = $_[0];
my ( $class, $apacheRequest ) = @_;
# I - Recover the main cookie.
# If not present, then call parent.
my $id;
if ( $id = $class->SUPER::fetchId ) {
if ( $id = $class->SUPER::fetchId($apacheRequest) ) {
# II - Found update cookie.
# If found, remove session from local cache when utime is recent.
my $utime;
if ( $utime = $class->fetchUTime ) {
if ( $utime = $class->fetchUTime($apacheRequest) ) {
my $clear = 0;
my $apacheSession = Lemonldap::NG::Common::Session->new(
......@@ -79,13 +78,15 @@ sub run {
}
# III - Call parent process.
$class->SUPER::run(@_);
$class->SUPER::run($apacheRequest);
}
## @rmethod protected $ fetchUTime()
# Get user cookies and search for Lemonldap::NG update cookie.
# @param $apacheRequest current request
# @return Value of the cookie if found, 0 else
sub fetchUTime {
my ( $class, $apacheRequest ) = @_;
my $t = Lemonldap::NG::Handler::Main::Headers->lmHeaderIn( $apacheRequest,
'Cookie' );
my $c = $tsv->{cookieName} . 'update';
......
......@@ -8,7 +8,7 @@
# This specific handler is intended to be called directly by Apache
package Lemonldap::NG::Handler::SpecificHandlers::ZimbraPreAuth;
package Lemonldap::NG::Handler::Specific::ZimbraPreAuth;
use strict;
use Lemonldap::NG::Handler::SharedConf qw(:all);
......@@ -17,7 +17,7 @@ use Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex);
use Lemonldap::NG::Handler::Main::Headers;
use Lemonldap::NG::Handler::Main::Logger;
our $VERSION = '1.0.0';
our $VERSION = '1.4.0';
# Shared variables
our ( $zimbraPreAuthKey, $zimbraAccountKey, $zimbraBy, $zimbraUrl,
......@@ -94,7 +94,7 @@ sub run {
return OK unless ( $uri =~ $zimbraSsoUrl );
# Check mandatory parameters
return $class->abort("No Zimbra preauth key configured")
return $class->abort($r, "No Zimbra preauth key configured")
unless ($zimbraPreAuthKey);
# Build URL
......
......@@ -16,10 +16,10 @@ use strict;
use warnings;
use Test::More tests => 10;
BEGIN { use_ok( 'Lemonldap::NG::Handler::Main', qw(:all $apacheRequest) ) }
BEGIN { use_ok( 'Lemonldap::NG::Handler::Main', qw(:all) ) }
# get a fake apacheRequest to simulate subroutine hostname
$Lemonldap::NG::Handler::Main::apacheRequest = bless {}, 'FakeApacheRequest';
my $apacheRequest = bless {}, 'FakeApacheRequest';
# get a standard basic configuration in $args hashref
use Cwd 'abs_path';
......@@ -78,9 +78,9 @@ ok( $h->globalInit($args), 'globalInit' );
ok( $h->portal() eq 'http://auth.example.com/', 'portal' );
ok( $h->grant('/s'), 'basic rule "accept"' );
ok( !$h->grant('/no'), 'basic rule "deny"' );
ok( $h->grant('/a/a'), 'bad ordered rule 1/2' );
ok( $h->grant('/a'), 'bad ordered rule 2/2' );
ok( !$h->grant('/b/a'), 'good ordered rule 1/2' );
ok( $h->grant('/b'), 'good ordered rule 2/2' );
ok( $h->grant($apacheRequest, '/s' ), 'basic rule "accept"' );
ok( !$h->grant($apacheRequest, '/no' ), 'basic rule "deny"' );
ok( $h->grant($apacheRequest, '/a/a'), 'bad ordered rule 1/2' );
ok( $h->grant($apacheRequest, '/a' ), 'bad ordered rule 2/2' );
ok( !$h->grant($apacheRequest, '/b/a'), 'good ordered rule 1/2' );
ok( $h->grant($apacheRequest, '/b' ), 'good ordered rule 2/2' );
# Before `make install' is performed this script should be runnable with
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Handler.t'
#########################
# change 'tests => 1' to 'tests => last_test_to_print';
no warnings;
use Test::More; #qw(no_plan)
my $numTests = 2;
eval { require Test::MockObject }
or { $numTests = 1
and warn "Warning: Test::MockObject is needed to run deeper tests\n" };
plan tests => $numTests;
# get a standard basic configuration in $args hashref
use Cwd 'abs_path';
use File::Basename;
use lib dirname( abs_path $0 );
open STDERR, '>/dev/null';
#########################
# Insert your test code below, the Test::More module is use()ed here so read
# its man page ( perldoc Test::More ) for help writing this test script.
use_ok( 'Lemonldap::NG::Handler::Main', ':all' );
if ( $numTests == 2 ) {
my $h;
$h = bless {}, 'Lemonldap::NG::Handler::Main';
# Portal value with $vhost
# $vhost -> test.example.com
# Create a fake Apache2::RequestRec
my $mock = Test::MockObject->new();
$mock->fake_module(
'Apache2::RequestRec' => new =>
sub { return bless {}, 'Apache2::RequestRec' },
hostname => sub { 'test.example.com' },
);
our $apacheRequest = Apache2::RequestRec->new();
my $portal = '"http://".$vhost."/portal"';
my $args = {
'portal' => "$portal",
'globalStorage' => 'Apache::Session::File',
'post' => {},
};
$h->globalInit($args);
ok( ( $h->portal() eq 'http://test.example.com/portal' ),
'Portal value with $vhost' );
}
## Before `make install' is performed this script should be runnable with
## `make test'. After `make install' it should work as `perl Lemonldap-NG-Handler.t'
#
##########################
#
## change 'tests => 1' to 'tests => last_test_to_print';
#no warnings;
#use Test::More; #qw(no_plan)
#
#my $numTests = 2;
#eval { require Test::MockObject }
# or { $numTests = 1
# and warn "Warning: Test::MockObject is needed to run deeper tests\n" };
#
#plan tests => $numTests;
#
## get a standard basic configuration in $args hashref
#use Cwd 'abs_path';
#use File::Basename;
#use lib dirname( abs_path $0 );
#
#open STDERR, '>/dev/null';
#
##########################
#
## Insert your test code below, the Test::More module is use()ed here so read
## its man page ( perldoc Test::More ) for help writing this test script.
#use_ok( 'Lemonldap::NG::Handler::Main', ':all' );
#
#if ( $numTests == 2 ) {
# my $h;
# $h = bless {}, 'Lemonldap::NG::Handler::Main';
#
# # Portal value with $vhost
# # $vhost -> test.example.com
#
# # Create a fake Apache2::RequestRec
# my $mock = Test::MockObject->new();
# $mock->fake_module(
# 'Apache2::RequestRec' => new =>
# sub { return bless {}, 'Apache2::RequestRec' },
# hostname => sub { 'test.example.com' },
# );
# our $apacheRequest = Apache2::RequestRec->new();
#
# my $portal = '"http://".$vhost."/portal"';
#
# my $args = {
# 'portal' => "$portal",
# 'globalStorage' => 'Apache::Session::File',
# 'post' => {},
# };
# $h->globalInit($args);
#
# ok( ( $h->portal() eq 'http://test.example.com/portal' ),
# 'Portal value with $vhost' );
#}
......@@ -29,6 +29,6 @@ $LLNG_DEFAULTCONFFILE = $ini->filename;
# Insert your test code below, the Test::More module is use()ed here so read
# its man page ( perldoc Test::More ) for help writing this test script.
use_ok('Lemonldap::NG::Handler::AuthBasic');
use_ok('Lemonldap::NG::Handler::Specific::AuthBasic');
$LLNG_DEFAULTCONFFILE = undef;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment