Hide persistent session attributes & Improve unit tests (#2093)

5 years ago · 15c12346ab
parent 9ea79511d3
commit 15c12346ab
10 changed files with 95 additions and 21 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@ -221,6 +221,8 @@ sub defaultValues {
        'passwordPolicyMinSize'               => 0,
        'passwordPolicyMinUpper'              => 0,
        'passwordResetAllowedRetries'         => 3,
+        'persistentSessionAttributes' =>
+          '_loginHistory _2fDevices notification_',
        'port'                                => -1,
        'portal'                              => 'http://auth.example.com/',
        'portalAntiFrame'                     => 1,
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm
@ -108,7 +108,7 @@ sub portalConsts {
 }

 # EXPORTER PARAMETERS
-our @EXPORT_OK   = ('portalConsts');
+our @EXPORT_OK = ('portalConsts');
 our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );

 1;
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -142,7 +142,7 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
                eval {
                    do {
                        qr/$_[0]/;
-                    }
+                      }
                };
                return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
            }
@ -223,7 +223,8 @@ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\
        },
        'select' => {
            'test' => sub {
-                my $test = grep( { $_ eq $_[0]; }
+                my $test =
+                  grep( { $_ eq $_[0]; }
                    map( { $_->{'k'}; } @{ $_[2]{'select'}; } ) );
                return $test
                  ? 1
@ -1694,7 +1695,7 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
                    eval {
                        do {
                            qr/$_[0]/;
-                        }
+                          }
                    };
                    return $@ ? 0 : 1;
                },
@ -2434,6 +2435,10 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
 qr/^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$/,
            'type' => 'text'
        },
+        'persistentSessionAttributes' => {
+            'default' => '_loginHistory _2fDevices notification_',
+            'type'    => 'text'
+        },
        'persistentStorage' => {
            'type' => 'PerlModule'
        },
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -415,7 +415,7 @@ sub attributes {
        },
        groupsBeforeMacros => {
            type          => 'bool',
-            default       =>  0,
+            default       => 0,
            documentation => 'Compute groups before macros',
        },
        multiValuesSeparator => {
@ -793,6 +793,11 @@ sub attributes {
            default       => '_password _2fDevices',
            documentation => 'Name of attributes to hide in logs',
        },
+        persistentSessionAttributes => {
+            type          => 'text',
+            default       => '_loginHistory _2fDevices notification_',
+            documentation => 'Persistent session attributes to hide',
+        },
        key => {
            type          => 'password',
            documentation => 'Secret key',
--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js
--- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map
+++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map
--- a/lemonldap-ng-manager/t/80-attributes.t
+++ b/lemonldap-ng-manager/t/80-attributes.t
@ -57,7 +57,7 @@ my @notManagedAttributes = (
    'mySessionAuthorizedRWKeys',    'handlerInternalCache',
    'handlerServiceTokenTTL',       'impersonationPrefix',    'pdataDomain',
    'forceGlobalStorageUpgradeOTT', 'forceGlobalStorageIssuerOTT',
-    'notificationsMaxRetrieve'
+    'notificationsMaxRetrieve', 'persistentSessionAttributes'
 );

 # Words used either as attribute name and node title
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
@ -38,6 +38,11 @@ sub hAttr {
      . $_[0]->{conf}->{hiddenAttributes};
 }

+sub persistentAttrs {
+    $_[0]->{conf}->{persistentSessionAttributes}
+      || '_loginHistory _2fDevices notification_';
+}
+
 sub init {
    my ($self) = @_;
    my $hd = $self->p->HANDLER;
@ -72,6 +77,9 @@ sub display {
      if ( $self->conf->{impersonationRule} );
    $attrs = $req->userData;

+    $attrs = $self->_removePersistentAttributes($attrs)
+      unless $self->conf->{checkUserDisplayPersistentInfo};
+
    # Create an array of hashes for template loop
    $self->logger->debug("Delete hidden or empty attributes");
    if ( $self->conf->{checkUserDisplayEmptyValues} ) {
@ -239,7 +247,10 @@ sub check {
        $attrs       = {};
    }
    else {
-        $msg = 'checkUser' . $self->merged;
+        $msg   = 'checkUser' . $self->merged;
+        $attrs = $self->_removePersistentAttributes($attrs)
+          unless $self->conf->{checkUserDisplayPersistentInfo};
+
        if ($compute) {
            $msg                          = 'checkUserComputeSession';
            $attrs->{authenticationLevel} = $authLevel;
@ -478,4 +489,15 @@ sub _splitAttributes {
    return [ $grps, $mcrs, $others ];
 }

+sub _removePersistentAttributes {
+    my ( $self, $attrs ) = @_;
+    my $regex      = join '|', split /\s+/, $self->persistentAttrs;
+    my %attributes = %$attrs;
+    my @keys       = grep /$regex/, keys %attributes;
+    $self->logger->debug("Remove persistent session attributes");
+    delete @attributes{@keys};
+
+    return \%attributes;
+}
+
 1;
--- a/lemonldap-ng-portal/t/40-Notifications-Explorer-JSON-File.t
+++ b/lemonldap-ng-portal/t/40-Notifications-Explorer-JSON-File.t
@ -24,14 +24,16 @@ close F;

 my $client = LLNG::Manager::Test->new( {
        ini => {
-            logLevel                   => 'error',
-            useSafeJail                => 1,
-            notification               => 1,
-            notificationStorage        => 'File',
-            notificationStorageOptions => { dirName => $main::tmpDir },
-            portalMainLogo             => 'common/logos/logo_llng_old.png',
-            oldNotifFormat             => 0,
-            notificationsExplorer      => 1,
+            logLevel                       => 'error',
+            useSafeJail                    => 1,
+            notification                   => 1,
+            notificationStorage            => 'File',
+            notificationStorageOptions     => { dirName => $main::tmpDir },
+            portalMainLogo                 => 'common/logos/logo_llng_old.png',
+            oldNotifFormat                 => 0,
+            notificationsExplorer          => 1,
+            checkUser                      => 1,
+            checkUserDisplayPersistentInfo => 1
        }
    }
 );
@ -236,6 +238,25 @@ ok( !$json->{notification}, ' Notification is 0' )
  or explain( $json, "notification => 0" );
 count(4);

+# CheckUser form
+# ------------------------
+ok(
+    $res = $client->_get(
+        '/checkuser',
+        cookie => "lemonldap=$id",
+        accept => 'text/html'
+    ),
+    'CheckUser form',
+);
+my ( $host, $url, $query ) =
+  expectForm( $res, undef, '/checkuser', 'user', 'url' );
+ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
+  or explain( $res->[2]->[0], 'trspan="checkUser"' );
+ok( $res->[2]->[0] =~ m%<td scope="row">notification_testref</td>%,
+    'Found notification "testref"' )
+  or explain( $res->[2]->[0], 'notification_testref' );
+count(3);
+
 clean_sessions();

 unlink $file;
--- a/lemonldap-ng-portal/t/40-Notifications-Explorer-XML-File.t
+++ b/lemonldap-ng-portal/t/40-Notifications-Explorer-XML-File.t
@ -7,7 +7,7 @@ require 't/test-lib.pm';

 my $res;
 my $file      = "$main::tmpDir/20160530_dwho_dGVzdHJlZg==.xml";
-my $maintests = 36;
+my $maintests = 39;

 SKIP: {
    eval { require XML::LibXML; require XML::LibXSLT; };
@ -41,7 +41,8 @@ SKIP: {
                notificationStorageOptions => { dirName => $main::tmpDir },
                portalMainLogo             => 'common/logos/logo_llng_old.png',
                oldNotifFormat             => 1,
-                notificationsExplorer      => 1,
+                checkUser                  => 1,
+                notificationsExplorer      => 1
            }
        }
    );
@ -255,10 +256,27 @@ m%<span notif=\'testref\' epoch=\'(\d{10})\' class="btn btn-success" role="butto
    ok( !$json->{notification}, ' Notification is 0' )
      or explain( $json, "notification => 0" );

-    clean_sessions();
+    # CheckUser form
+    # ------------------------
+    ok(
+        $res = $client->_get(
+            '/checkuser',
+            cookie => "lemonldap=$id",
+            accept => 'text/html'
+        ),
+        'CheckUser form',
+    );
+    my ( $host, $url, $query ) =
+      expectForm( $res, undef, '/checkuser', 'user', 'url' );
+    ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%,
+        'Found trspan="checkUser"' )
+      or explain( $res->[2]->[0], 'trspan="checkUser"' );
+    ok( $res->[2]->[0] !~ m%<td scope="row">notification_%,
+        'Notification "testref" not found' )
+      or explain( $res->[2]->[0], 'notification_testref' );

+    clean_sessions();
    unlink $file;
-
 }

 count($maintests);