Commit f8046dd7 authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

Update sessionInfo during auth process & Improve unit tests

parent 1988983c
...@@ -52,7 +52,7 @@ sub process { ...@@ -52,7 +52,7 @@ sub process {
sub restoreArgs { sub restoreArgs {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
$req->mustRedirect(1); $req->mustRedirect(1);
return PE_OK; PE_OK;
} }
sub importHandlerData { sub importHandlerData {
...@@ -143,7 +143,6 @@ sub controlUrl { ...@@ -143,7 +143,6 @@ sub controlUrl {
$req->data->{_url} = $url; $req->data->{_url} = $url;
$req->pdata->{_url} = $url; $req->pdata->{_url} = $url;
} }
PE_OK; PE_OK;
} }
...@@ -266,7 +265,6 @@ sub checkXSSAttack { ...@@ -266,7 +265,6 @@ sub checkXSSAttack {
"XSS attack detected (param: $name | value: $value)"); "XSS attack detected (param: $name | value: $value)");
return $self->conf->{checkXSS}; return $self->conf->{checkXSS};
} }
return 0; return 0;
} }
...@@ -327,7 +325,6 @@ sub authenticate { ...@@ -327,7 +325,6 @@ sub authenticate {
# Ignore result, process will end at least with PE_BADCREDENTIALS # Ignore result, process will end at least with PE_BADCREDENTIALS
my $tmp = $self->process($req); my $tmp = $self->process($req);
$ret = $tmp if ( $tmp == PE_WAIT ); $ret = $tmp if ( $tmp == PE_WAIT );
return $ret; return $ret;
} }
...@@ -349,7 +346,7 @@ sub setSessionInfo { ...@@ -349,7 +346,7 @@ sub setSessionInfo {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
# Set _user # Set _user
$req->{sessionInfo}->{_user} //= $req->{user}; $req->{sessionInfo}->{_user} //= $req->user;
# Get the current user module # Get the current user module
$req->{sessionInfo}->{_auth} = $self->getModule( $req, "auth" ); $req->{sessionInfo}->{_auth} = $self->getModule( $req, "auth" );
...@@ -382,7 +379,6 @@ sub setSessionInfo { ...@@ -382,7 +379,6 @@ sub setSessionInfo {
# Call UserDB setSessionInfo # Call UserDB setSessionInfo
return $self->_userDB->setSessionInfo($req); return $self->_userDB->setSessionInfo($req);
PE_OK; PE_OK;
} }
...@@ -404,7 +400,7 @@ sub setPersistentSessionInfo { ...@@ -404,7 +400,7 @@ sub setPersistentSessionInfo {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
# Do not restore infos if session already opened # Do not restore infos if session already opened
unless ( $req->{id} ) { unless ( $req->id ) {
my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} }; my $key = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
return PE_OK unless ( $key and length($key) ); return PE_OK unless ( $key and length($key) );
...@@ -450,7 +446,7 @@ sub store { ...@@ -450,7 +446,7 @@ sub store {
$req->userData( $req->sessionInfo ); $req->userData( $req->sessionInfo );
# Create second session for unsecure cookie # Create second session for unsecure cookie
if ( $self->conf->{securedCookie} == 2 and !$req->refresh() ) { if ( $self->conf->{securedCookie} == 2 and !$req->refresh ) {
my %infos = %{ $req->{sessionInfo} }; my %infos = %{ $req->{sessionInfo} };
$infos{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() ); $infos{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
$self->logger->debug("Set _updateTime with $infos{_updateTime}"); $self->logger->debug("Set _updateTime with $infos{_updateTime}");
...@@ -479,22 +475,24 @@ sub store { ...@@ -479,22 +475,24 @@ sub store {
# Main session # Main session
my $session = $self->getApacheSession( my $session = $self->getApacheSession(
$req->{id}, $req->id,
force => $req->{force}, force => $req->{force},
info => $infos info => $infos
); );
return PE_APACHESESSIONERROR unless ($session); return PE_APACHESESSIONERROR unless ($session);
$req->id( $session->{id} );
# Update current request
$req->id( $session->id );
$req->{sessionInfo}->{_session_id} = $session->{id};
# Compute unsecured cookie value if needed # Compute unsecured cookie value if needed
if ( $self->conf->{securedCookie} == 3 and !$req->refresh() ) { if ( $self->conf->{securedCookie} == 3 and !$req->refresh ) {
$req->{sessionInfo}->{_httpSession} = $req->{sessionInfo}->{_httpSession} =
$self->conf->{cipher}->encryptHex( $req->{id}, "http" ); $self->conf->{cipher}->encryptHex( $req->id, "http" );
$self->logger->debug( " -> Compute unsecured cookie value : " $self->logger->debug( " -> Compute unsecured cookie value : "
. $req->{sessionInfo}->{_httpSession} ); . $req->{sessionInfo}->{_httpSession} );
} }
$req->refresh(0); $req->refresh(0);
PE_OK; PE_OK;
} }
...@@ -504,7 +502,7 @@ sub buildCookie { ...@@ -504,7 +502,7 @@ sub buildCookie {
$req->addCookie( $req->addCookie(
$self->cookie( $self->cookie(
name => $self->conf->{cookieName}, name => $self->conf->{cookieName},
value => $req->{id}, value => $req->id,
domain => $self->conf->{domain}, domain => $self->conf->{domain},
secure => $self->conf->{securedCookie}, secure => $self->conf->{securedCookie},
) )
......
...@@ -26,7 +26,7 @@ my $client = LLNG::Manager::Test->new( { ...@@ -26,7 +26,7 @@ my $client = LLNG::Manager::Test->new( {
checkUserDisplayPersistentInfo => 0, checkUserDisplayPersistentInfo => 0,
checkUserDisplayEmptyValues => 0, checkUserDisplayEmptyValues => 0,
impersonationMergeSSOgroups => 0, impersonationMergeSSOgroups => 0,
checkUserHiddenAttributes => '_loginHistory hGroups', checkUserHiddenAttributes => '_loginHistory hGroups _session_id',
macros => { macros => {
test_impersonation => '"$testPrefix__user/$_user"', test_impersonation => '"$testPrefix__user/$_user"',
_whatToTrace => _whatToTrace =>
......
...@@ -319,10 +319,12 @@ ok( $res->[2]->[0] =~ m%<td scope="row">test_impersonation</td>%, ...@@ -319,10 +319,12 @@ ok( $res->[2]->[0] =~ m%<td scope="row">test_impersonation</td>%,
or explain( $res->[2]->[0], 'test_impersonation' ); or explain( $res->[2]->[0], 'test_impersonation' );
ok( $res->[2]->[0] =~ m%<td scope="row">rtyler/dwho</td>%, 'Found rtyler/dwo' ) ok( $res->[2]->[0] =~ m%<td scope="row">rtyler/dwho</td>%, 'Found rtyler/dwo' )
or explain( $res->[2]->[0], 'Found rtyler/dwo' ); or explain( $res->[2]->[0], 'Found rtyler/dwo' );
count(16); ok( $res->[2]->[0] =~ m%<td scope="row">_session_id</td>%, 'Found _session_id' )
or explain( $res->[2]->[0], 'Found _session_id' );
count(17);
my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0]; my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
ok( keys %attributes == 33, 'Found 33 attributes' ) ok( keys %attributes == 34, 'Found 34 attributes' )
or print STDERR "Missing attributes -> " . scalar %attributes; or print STDERR "Missing attributes -> " . scalar %attributes;
ok( $attributes{'_auth'} eq 'Demo', '_auth' ) ok( $attributes{'_auth'} eq 'Demo', '_auth' )
or print STDERR Dumper( \%attributes ); or print STDERR Dumper( \%attributes );
......
...@@ -140,25 +140,13 @@ ok( ...@@ -140,25 +140,13 @@ ok(
'Post code' 'Post code'
); );
count(1); count(1);
$pdata = expectCookie( $res, 'lemonldappdata' );
$id = expectCookie($res);
expectRedirection( $res, 'http://test1.example.com' ); expectRedirection( $res, 'http://test1.example.com' );
$id = expectCookie($res);
# Make pdata was cleared and we aren't being redirected my $cookies = getCookies($res);
ok( ok( !defined( $cookies->{lemonldappdata} ), " Make sure no pdata is returned" );
$res = $client->_get(
'/',
accept => 'text/html',
cookie => "lemonldap=$id;lemonldappdata=$pdata",
),
'Post login'
);
count(1); count(1);
expectOK($res);
clean_sessions(); clean_sessions();
done_testing( count() ); done_testing( count() );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment