Use real authentificationLevel & Improve unit test (#2129)

5 years ago · 154250e6e7
parent 2a34d1ae8c
commit 154250e6e7
7 changed files with 64 additions and 10 deletions
--- a/fastcgi-server/man/llng-fastcgi-server.8p
+++ b/fastcgi-server/man/llng-fastcgi-server.8p
@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "llng-fastcgi-server 8"
-.TH llng-fastcgi-server 8 "2020-03-02" "perl v5.26.1" "User Contributed Perl Documentation"
+.TH llng-fastcgi-server 8 "2020-04-01" "perl v5.26.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
@ -263,6 +263,7 @@ sub check {
                    "Compute groups and macros with real and spoofed attributes"
                );
                $req->sessionInfo($attrs);
+                delete $req->sessionInfo->{groups};
                $req->steps( [ $self->p->groupsAndMacros, 'setLocalGroups' ] );
                if ( my $error = $self->p->process($req) ) {
                    $self->logger->debug("Process returned error: $error");
@ -410,10 +411,10 @@ sub _userData {
    # Compute groups & macros again with real authenticationLevel
    $req->sessionInfo->{authenticationLevel} = $realAuthLevel;
    delete $req->sessionInfo->{groups};
+
    $req->steps( [ $self->p->groupsAndMacros, 'setLocalGroups' ] );
    if ( my $error = $self->p->process($req) ) {
-        $self->logger->debug(
-            "ContextSwitching: Process returned error: $error");
+        $self->logger->debug("CheckUser: Process returned error: $error");
        return $req->error($error);
    }

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
@ -230,6 +230,18 @@ sub _userData {
            $req->error($error);
        }
    }
+
+    # Compute groups & macros again with real authenticationLevel
+    $req->sessionInfo->{authenticationLevel} =
+      $realSession->{real_authenticationLevel};
+    delete $req->sessionInfo->{groups};
+    $req->steps( [ $self->p->groupsAndMacros, 'setLocalGroups' ] );
+    if ( my $error = $self->p->process($req) ) {
+        $self->logger->debug("Impersonation: Process returned error: $error");
+        $req->error($error);
+    }
+
+    $self->logger->debug("Return \"$req->{user}\" sessionInfo");
    return $req->{sessionInfo};
 }

--- a/lemonldap-ng-portal/t/67-CheckUser.t
+++ b/lemonldap-ng-portal/t/67-CheckUser.t
@ -212,14 +212,12 @@ ok( $res->[2]->[0] !~ m%_2fDevices</td>%, '_2fDevices NOT Found!' )

 ok( $res->[2]->[0] =~ m%<td scope="row">authMode</td>%, 'Found macro authMode' )
  or explain( $res->[2]->[0], 'Macro Key authMode' );
-ok( $res->[2]->[0] =~ m%<td scope="row">DEMO</td>%, 'Found DEMO' )
-  or explain( $res->[2]->[0], 'Macro Value DEMO' );
 ok( $res->[2]->[0] =~ m%<td scope="row">real_authMode</td>%,
    'Found macro real_authMode' )
  or explain( $res->[2]->[0], 'Macro Key real_authMode' );
 ok( $res->[2]->[0] =~ m%<td scope="row">TOTP</td>%, 'Found TOTP' )
  or explain( $res->[2]->[0], 'Macro Value TOTP' );
-count(8);
+count(7);

 $query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/;
 ok(
--- a/lemonldap-ng-portal/t/68-Impersonation-with-TOTP.t
+++ b/lemonldap-ng-portal/t/68-Impersonation-with-TOTP.t
@ -28,6 +28,7 @@ SKIP: {
                impersonationMergeSSOgroups    => 1,
                totp2fSelfRegistration         => 1,
                totp2fActivation               => 1,
+                totp2fAuthnLevel               => 8
            }
        }
    );
@ -233,6 +234,46 @@ m%<div class="alert alert-success"><div class="text-center"><b><span trspan="all
      or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
    count(12);

+    ok(
+        $res = $client->_get(
+            '/checkuser',
+            cookie => "lemonldap=$id",
+            accept => 'text/html'
+        ),
+        'CheckUser form',
+    );
+    ( $host, $url, $query ) =
+      expectForm( $res, undef, '/checkuser', 'user', 'url' );
+    ok( $res->[2]->[0] =~ m%<span trspan="checkUserMerged">%,
+        'Found trspan="checkUserMerged"' )
+      or explain( $res->[2]->[0], 'trspan="checkUserMerged"' );
+    count(2);
+
+    $query =~ s/user=dwho/user=rtyler/;
+
+    ok(
+        $res = $client->_post(
+            '/checkuser',
+            IO::String->new($query),
+            cookie => "lemonldap=$id",
+            length => length($query),
+            accept => 'text/html',
+        ),
+        'POST checkuser'
+    );
+
+    ( $host, $url, $query ) =
+      expectForm( $res, undef, '/checkuser', 'user', 'url' );
+    ok( $res->[2]->[0] =~ m%<span trspan="checkUserComputeSession">%,
+        'Found trspan="checkUserComputeSession"' )
+      or explain( $res->[2]->[0], 'trspan="checkUserComputeSession"' );
+    ok( $res->[2]->[0] =~ m%<td scope="row">authMode</td>%,
+        'Found macro authMode' )
+      or explain( $res->[2]->[0], 'Macro Key authMode' );
+    ok( $res->[2]->[0] =~ m%<td scope="row">TOTP</td>%, 'Found TOTP' )
+      or explain( $res->[2]->[0], 'Macro Value TOTP' );
+    count(4);
+
    $client->logout($id);
 }
 clean_sessions();
--- a/lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
+++ b/lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
@ -321,8 +321,8 @@ ok( $res->[2]->[0] =~ m%<td scope="row">rtyler/dwho</td>%, 'Found rtyler/dwo' )
 count(15);

 my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
-ok( scalar keys %attributes == 35, 'Found 35 attributes' )
-  or print STDERR ( keys %attributes < 35 )
+ok( scalar keys %attributes == 34, 'Found 34 attributes' )
+  or print STDERR ( keys %attributes < 34 )
  ? "Missing attributes -> " . scalar keys %attributes
  : "Too much attributes -> " . scalar keys %attributes;
 ok( $attributes{'_auth'} eq 'Demo', '_auth' )
--- a/lemonldap-ng-portal/t/68-Impersonation.t
+++ b/lemonldap-ng-portal/t/68-Impersonation.t
@ -323,8 +323,10 @@ ok( $res->[2]->[0] =~ m%<td scope="row">_session_kind</td>%,
 count(17);

 my %attributes = map /<td scope="row">(.+)?<\/td>/g, $res->[2]->[0];
-ok( keys %attributes == 35, 'Found 35 attributes' )
-  or print STDERR "Missing attributes -> " . scalar %attributes;
+ok( keys %attributes == 34, 'Found 34 attributes' )
+  or print STDERR ( keys %attributes < 34 )
+  ? "Missing attributes -> " . scalar keys %attributes
+  : "Too much attributes -> " . scalar keys %attributes;
 ok( $attributes{'_auth'} eq 'Demo', '_auth' )
  or print STDERR Dumper( \%attributes );
 ok( $attributes{'uid'}, 'uid' ) or print STDERR Dumper( \%attributes );