Commit bf1fd28a authored by Xavier Guimard's avatar Xavier Guimard

Backport #1036

parent b18e3b88
......@@ -193,10 +193,7 @@ sub _dbiGKFAS {
my ( $class, $type, $args, $data ) = @_;
my $next;
if ( $type !~ /(?:MySQL)/ ) {
$next = sub {
require MIME::Base64;
return thaw( MIME::Base64::decode_base64( $_[0] ) );
};
$next = \&decodeThaw64;
if ( $args->{useStorable} ) {
$args->{unserialize} = $next;
}
......@@ -349,7 +346,7 @@ sub _LDAPGKFAS {
$entry->get_value('cn'),
$entry->get_value( $args->{ldapAttributeContent} )
);
eval { $v = decodeThaw64($v); };
eval { $v = $args->{unserialize}->( $v, \&decodeThaw64 ); };
next if ($@);
if ( ref($data) eq 'CODE' ) {
$res{$k} = &$data( $v, $k );
......@@ -375,7 +372,8 @@ sub _NoSQLGKFAS {
my %res;
foreach my $k (@keys) {
my $v = eval { decodeThaw64( $redis->get($k) ); };
my $v =
eval { $args->{unserialize}->( $redis->get($k), \&decodeThaw64 ); };
next if ($@);
if ( ref($data) eq 'CODE' ) {
$res{$k} = &$data( $v, $k );
......
......@@ -184,10 +184,10 @@ sub defaultValuesInit {
$class->tsv->{$_} = $conf->{$_} foreach (
qw(
cda cookieExpiration cookieName
customFunctions httpOnly securedCookie
timeoutActivity useRedirectOnError useRedirectOnForbidden
useSafeJail whatToTrace
cda cookieExpiration cookieName
customFunctions httpOnly securedCookie
timeout timeoutActivity useRedirectOnError
useRedirectOnForbidden useSafeJail whatToTrace
)
);
......
......@@ -410,6 +410,18 @@ sub retrieveSession {
$class->lmLog( "Get session $id", 'debug' );
# Verify that session is valid
if (
$now - $class->datas->{_utime} > $class->tsv->{timeout}
or ( $class->tsv->{timeoutActivity}
and $class->datas->{_lastSeen}
and $now - $class->datas->{_lastSeen} > $class->tsv->{timeoutActivity} )
)
{
$class->lmLog( "Session expired", 'info' );
return 0;
}
# Update the session to notify activity, if necessary
if ( $class->tsv->{timeoutActivity}
and ( $now - $class->datas->{_lastSeen} > 60 ) )
......
......@@ -33,29 +33,15 @@ count(4);
# --------------------
# Authorizated query
ok(
$res = $client->_get(
'/',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Authentified query'
);
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
'Authentified query' );
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
count(2);
# Denied query
ok(
$res = $client->_get(
'/deny',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Denied query'
);
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
'Denied query' );
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
......@@ -79,6 +65,8 @@ count(2);
done_testing( count() );
clean();
sub Lemonldap::NG::Handler::PSGI::handler {
my ( $self, $req ) = @_;
ok( $req->{HTTP_AUTH_USER} eq 'dwho', 'Header is given to app' )
......
......@@ -33,15 +33,8 @@ count(4);
# --------------------
# Authorizated query
ok(
$res = $client->_get(
'/',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Authentified query'
);
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
'Authentified query' );
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
count(2);
......@@ -53,15 +46,8 @@ ok( $h{'Auth-User'} eq 'dwho', 'Header Auth-User is set to "dwho"' )
count(1);
# Denied query
ok(
$res = $client->_get(
'/deny',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Denied query'
);
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
'Denied query' );
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
......@@ -85,3 +71,4 @@ count(2);
done_testing( count() );
clean();
......@@ -33,15 +33,8 @@ count(4);
# --------------------
# Authorizated query
ok(
$res = $client->_get(
'/',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Authentified query'
);
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
'Authentified query' );
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
count(2);
......@@ -55,15 +48,8 @@ ok( $h{'Headervalue1'} eq 'dwho', 'Headervalue1 is set to "dwho"' )
count(2);
# Denied query
ok(
$res = $client->_get(
'/deny',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Denied query'
);
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
'Denied query' );
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
......@@ -87,3 +73,4 @@ count(2);
done_testing( count() );
clean();
{"updateTime":"20160201202726","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","startTime":"20160201202726","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":1454354846,"uid":"dwho","_issuerDB":"Null","_url":"http://manager.example.com:19876/%5Bobject%20Object%5DaHR0cDovL21hbmFnZXIuZXhhbXBsZS5jb206MTk4NzYvIy9jb25mcy9sYXRlc3Q=","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":1454354846,"loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":1454354846}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}
\ No newline at end of file
......@@ -3,6 +3,7 @@
use strict;
use Data::Dumper;
use 5.10.0;
use POSIX 'strftime';
use_ok('Lemonldap::NG::Common::PSGI::Cli::Lib');
our $client;
......@@ -10,6 +11,8 @@ our $count = 1;
$Data::Dumper::Deparse = 1;
my $module;
our $sessionId = 'f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545';
our $file = "t/sessions/$sessionId";
sub init {
my $arg = shift;
......@@ -20,6 +23,23 @@ sub init {
ok( $client = Lemonldap::NG::Handler::PSGI::Cli::Lib->new(),
'Client object' );
count(2);
open F, ">$file"
or die $!;
my $now = time;
my $ts = strftime "%Y%m%d%H%M%S", localtime;
print F '{"updateTime":"'
. $ts
. '","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","startTime":"'
. $ts
. '","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":'
. $now
. ',"uid":"dwho","_issuerDB":"Null","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":'
. $now
. ',"loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":'
. $now
. '}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}';
close F;
}
sub client {
......@@ -45,6 +65,10 @@ sub explain {
print STDERR "Expect $ref, get $get\n";
}
sub clean {
unlink $file;
}
package Lemonldap::NG::Handler::PSGI::Cli::Lib;
use Mouse;
......
......@@ -212,6 +212,13 @@ sub autoRedirect {
sub getApacheSession {
my ( $self, $id, $noInfo, $force ) = @_;
if ($id) {
$self->lmLog( "Try to get session $id", 'debug' );
}
else {
$self->lmLog( "Try to get a new session", 'debug' );
}
my $as = Lemonldap::NG::Common::Session->new(
{
storageModule => $self->conf->{globalStorage},
......@@ -225,7 +232,7 @@ sub getApacheSession {
);
if ( $as->error ) {
$self->lmLog( $as->error, 'debug' );
$self->lmLog( $as->error, 'error' );
return;
}
......@@ -234,9 +241,28 @@ sub getApacheSession {
return;
}
my $now = time;
if (
$id
and (
$now - $as->data->{_utime} > $self->conf->{timeout}
or ( $self->conf->{timeoutActivity}
and $as->data->{_lastSeen}
and $now - $as->data->{_lastSeen} >
$self->conf->{timeoutActivity} )
)
)
{
$self->lmLog( "Session $id expired", 'debug' );
return;
}
unless ($noInfo) {
$self->{id} = $as->id;
}
$self->lmLog( "Return session " . $as->id, 'debug' );
return $as;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment