Update sessionInfo during auth process & Improve unit tests

f8046dd7 · Christophe Maudoux · 1988983c · f8046dd7 · f8046dd7 · f8046dd7
Commit f8046dd7 authored Jan 03, 2020 by Christophe Maudoux 🐛
4 changed files
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
@@ -52,7 +52,7 @@ sub process {
 sub restoreArgs {
    my ( $self, $req ) = @_;
    $req->mustRedirect(1);
-    return PE_OK;
+    PE_OK;
 }

 sub importHandlerData {
@@ -143,7 +143,6 @@ sub controlUrl {
        $req->data->{_url}  = $url;
        $req->pdata->{_url} = $url;
    }
-
    PE_OK;
 }

@@ -266,7 +265,6 @@ sub checkXSSAttack {
            "XSS attack detected (param: $name | value: $value)");
        return $self->conf->{checkXSS};
    }
-
    return 0;
 }

@@ -327,7 +325,6 @@ sub authenticate {
    # Ignore result, process will end at least with PE_BADCREDENTIALS
    my $tmp = $self->process($req);
    $ret = $tmp if ( $tmp == PE_WAIT );
-
    return $ret;
 }

@@ -349,7 +346,7 @@ sub setSessionInfo {
    my ( $self, $req ) = @_;

    # Set _user
-    $req->{sessionInfo}->{_user} //= $req->{user};
+    $req->{sessionInfo}->{_user} //= $req->user;

    # Get the current user module
    $req->{sessionInfo}->{_auth}   = $self->getModule( $req, "auth" );
@@ -382,7 +379,6 @@ sub setSessionInfo {

    # Call UserDB setSessionInfo
    return $self->_userDB->setSessionInfo($req);
-
    PE_OK;
 }

@@ -404,7 +400,7 @@ sub setPersistentSessionInfo {
    my ( $self, $req ) = @_;

    # Do not restore infos if session already opened
-    unless ( $req->{id} ) {
+    unless ( $req->id ) {
        my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };

        return PE_OK unless ( $key and length($key) );
@@ -450,7 +446,7 @@ sub store {
    $req->userData( $req->sessionInfo );

    # Create second session for unsecure cookie
-    if ( $self->conf->{securedCookie} == 2 and !$req->refresh() ) {
+    if ( $self->conf->{securedCookie} == 2 and !$req->refresh ) {
        my %infos = %{ $req->{sessionInfo} };
        $infos{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
        $self->logger->debug("Set _updateTime with $infos{_updateTime}");
@@ -479,22 +475,24 @@ sub store {

    # Main session
    my $session = $self->getApacheSession(
-        $req->{id},
+        $req->id,
        force => $req->{force},
        info  => $infos
    );
    return PE_APACHESESSIONERROR unless ($session);
-    $req->id( $session->{id} );
+
+    # Update current request
+    $req->id( $session->id );
+    $req->{sessionInfo}->{_session_id} = $session->{id};

    # Compute unsecured cookie value if needed
-    if ( $self->conf->{securedCookie} == 3 and !$req->refresh() ) {
+    if ( $self->conf->{securedCookie} == 3 and !$req->refresh ) {
        $req->{sessionInfo}->{_httpSession} =
-          $self->conf->{cipher}->encryptHex( $req->{id}, "http" );
+          $self->conf->{cipher}->encryptHex( $req->id, "http" );
        $self->logger->debug( " -> Compute unsecured cookie value : "
              . $req->{sessionInfo}->{_httpSession} );
    }
    $req->refresh(0);
-
    PE_OK;
 }

@@ -504,7 +502,7 @@ sub buildCookie {
        $req->addCookie(
            $self->cookie(
                name   => $self->conf->{cookieName},
-                value  => $req->{id},
+                value  => $req->id,
                domain => $self->conf->{domain},
                secure => $self->conf->{securedCookie},
            )

--- a/lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
+++ b/lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
@@ -26,7 +26,7 @@ my $client = LLNG::Manager::Test->new( {
            checkUserDisplayPersistentInfo => 0,
            checkUserDisplayEmptyValues    => 0,
            impersonationMergeSSOgroups    => 0,
-            checkUserHiddenAttributes      => '_loginHistory hGroups',
+            checkUserHiddenAttributes      => '_loginHistory hGroups _session_id',
            macros                         => {
                test_impersonation => '"$testPrefix__user/$_user"',
                _whatToTrace =>

--- a/lemonldap-ng-portal/t/68-Impersonation.t
+++ b/lemonldap-ng-portal/t/68-Impersonation.t
@@ -319,10 +319,12 @@ ok( $res->[2]->[0] =~ m%<td scope="row">test_impersonation</td>%,
  or explain( $res->[2]->[0], 'test_impersonation' );
 ok( $res->[2]->[0] =~ m%<td scope="row">rtyler/dwho</td>%, 'Found rtyler/dwo' )
  or explain( $res->[2]->[0], 'Found rtyler/dwo' );
-count(16);
+ok( $res->[2]->[0] =~ m%<td scope="row">_session_id</td>%, 'Found _session_id' )
+  or explain( $res->[2]->[0], 'Found _session_id' );
+count(17);

 my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
-ok( keys %attributes == 33, 'Found 33 attributes' )
+ok( keys %attributes == 34, 'Found 34 attributes' )
  or print STDERR "Missing attributes -> " . scalar %attributes;
 ok( $attributes{'_auth'} eq 'Demo', '_auth' )
  or print STDERR Dumper( \%attributes );

--- a/lemonldap-ng-portal/t/78-2F-Upgrade.t
+++ b/lemonldap-ng-portal/t/78-2F-Upgrade.t
@@ -140,25 +140,13 @@ ok(
    'Post code'
 );
 count(1);
-
-$pdata = expectCookie( $res, 'lemonldappdata' );
-$id    = expectCookie($res);
-
 expectRedirection( $res, 'http://test1.example.com' );
+$id    = expectCookie($res);

-# Make pdata was cleared and we aren't being redirected
-ok(
-    $res = $client->_get(
-        '/',
-        accept => 'text/html',
-        cookie => "lemonldap=$id;lemonldappdata=$pdata",
-    ),
-    'Post login'
-);
+my $cookies = getCookies($res);
+ok( !defined( $cookies->{lemonldappdata} ), " Make sure no pdata is returned" );
 count(1);

-expectOK($res);
-
 clean_sessions();

 done_testing( count() );