Append a custom param to be logged (#1885)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -50,6 +50,7 @@ sub defaultValues {
         'cspImg'                         => '\'self\' data:',
         'cspScript'                      => '\'self\'',
         'cspStyle'                       => '\'self\'',
+        'customToTrace'                  => 'mail',
         'dbiAuthnLevel'                  => 2,
         'dbiExportedVars'                => {},
         'demoExportedVars'               => {

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/FCGIClient.pm

@@ -92,6 +92,10 @@ sub handler {
     if ( $hdrs{'Lm-Remote-User'} ) {
         $r->user( $hdrs{'Lm-Remote-User'} );
     }
+    if ( $hdrs{'Lm-Remote-Custom'} ) {
+        $r->custom( $hdrs{'Lm-Remote-Custom'} );
+    }
+
     my $i = 1;
     while ( $hdrs{"Headername$i"} ) {
         $r->headers_in->set( $hdrs{"Headername$i"} => $hdrs{"Headervalue$i"} )

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm

@@ -81,6 +81,14 @@ sub set_user {
     $request->env->{'psgi.r'}->user($user);
 }
 
+## @method void set_user(string user)
+# sets remote_user
+# @param user string username
+sub set_custom {
+    my ( $class, $request, $custom ) = @_;
+    $request->env->{'psgi.r'}->custom($custom);
+}
+
 ## @method void set_header_in(hash headers)
 # sets or modifies request headers
 # @param headers hash containing header names => header value

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm

@@ -177,6 +177,14 @@ sub user {
           || _whatToTrace => 'anonymous' };
 }
 
+## @method hashRef custom()
+# @return hash of custom data
+sub custom {
+    my ( $self, $req ) = @_;
+    return { $Lemonldap::NG::Handler::Main::tsv->{customToTrace}
+          || customToTrace => '-' };
+}
+
 ## @method string userId()
 # @return user identifier to log
 sub userId {

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm

@@ -197,7 +197,7 @@ sub defaultValuesInit {
         securedCookie           timeout            timeoutActivity
         timeoutActivityInterval useRedirectOnError useRedirectOnForbidden
         useSafeJail             whatToTrace        handlerInternalCache
-        handlerServiceTokenTTL
+        handlerServiceTokenTTL  customToTrace
         )
     );
 

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm

@@ -147,6 +147,7 @@ sub run {
 
         # ACCOUNTING (1. Inform web server)
         $class->set_user( $req, $session->{ $class->tsv->{whatToTrace} } );
+        $class->set_custom( $req, $session->{ $class->tsv->{customToTrace} } );
 
         # AUTHORIZATION
         return ( $class->forbidden( $req, $session ), $session )

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Main.pm

@@ -41,6 +41,14 @@ sub set_user {
     push @{ $req->{respHeaders} }, 'Lm-Remote-User' => $user;
 }
 
+## @method void set_custom(string custom)
+# sets remote_custom in response headers
+# @param custom string custom_value
+sub set_custom {
+    my ( $class, $req, $custom ) = @_;
+    push @{ $req->{respHeaders} }, 'Lm-Remote-Custom' => $custom;
+}
+
 ## @method void set_header_in(hash headers)
 # sets or modifies request headers
 # @param headers hash containing header names => header value

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Main.pm

@@ -39,6 +39,7 @@ sub unset_header_in {
 *setServerSignature = *Lemonldap::NG::Handler::PSGI::Main::setServerSignature;
 *thread_share       = *Lemonldap::NG::Handler::PSGI::Main::thread_share;
 *set_user           = *Lemonldap::NG::Handler::PSGI::Main::set_user;
+*set_custom         = *Lemonldap::NG::Handler::PSGI::Main::set_custom;
 *set_header_out     = *Lemonldap::NG::Handler::PSGI::Main::set_header_out;
 *is_initial_req     = *Lemonldap::NG::Handler::PSGI::Main::is_initial_req;
 *print              = *Lemonldap::NG::Handler::PSGI::Main::print;

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm

@@ -72,7 +72,7 @@ sub handler {
     my $i = 0;
     while ( my $k = shift @$hdrs ) {
         my $v = shift @$hdrs;
-        if ( $k =~ /^(?:Lm-Remote-User|Cookie)$/ ) {
+        if ( $k =~ /^(?:Lm-Remote-(?:User|Custom)|Cookie)$/ ) {
             push @convertedHdrs, $k, $v;
         }
         else {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -1019,6 +1019,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
         'customRegister' => {
             'type' => 'text'
         },
+        'customToTrace' => {
+            'default' => 'mail',
+            'type'    => 'lmAttrOrMacro'
+        },
         'customUserDB' => {
             'type' => 'text'
         },

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -879,6 +879,12 @@ sub attributes {
             documentation => 'Session parameter used to fill REMOTE_USER',
             flags         => 'hp',
         },
+        customToTrace => {
+            type          => 'lmAttrOrMacro',
+            default       => 'mail',
+            documentation => 'Session parameter used to fill REMOTE_CUSTOM',
+            flags         => 'hp',
+        },
         lwpOpts => {
             type          => 'keyTextContainer',
             documentation => 'Options given to LWP::UserAgent',

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -499,7 +499,7 @@ sub tree {
                     title => 'logParams',
                     help  => 'logs.html',
                     form  => 'simpleInputContainer',
-                    nodes => [ 'whatToTrace', 'hiddenAttributes' ]
+                    nodes => [ 'whatToTrace', 'customToTrace', 'hiddenAttributes' ]
                 },
                 {
                     title => 'cookieParams',

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -204,6 +204,7 @@
 "customPassword":"وحدة كلمة المرورالمخصصة",
 "customPortalSkin":"غلاف البوابة مخصص",
 "customRegister":"وحدة تسجيل مخصص",
+"customToTrace":"REMOTE_CUSTOM",
 "customUserDB":"وحدة قاعدة البيانات المخصصة",
 "date":"تاريخ",
 "dbiAuthChain":"سلسلة",

lemonldap-ng-manager/site/htdocs/static/languages/de.json

@@ -204,6 +204,7 @@
 "customPassword":"Custom password module",
 "customPortalSkin":"Custom portal skin",
 "customRegister":"Custom register module",
+"customToTrace":"REMOTE_CUSTOM",
 "customUserDB":"Custom user DB module",
 "date":"Datum",
 "dbiAuthChain":"Chain",

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -204,6 +204,7 @@
 "customPassword":"Custom password module",
 "customPortalSkin":"Custom portal skin",
 "customRegister":"Custom register module",
+"customToTrace":"REMOTE_CUSTOM",
 "customUserDB":"Custom user DB module",
 "date":"Date",
 "dbiAuthChain":"Chain",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -204,6 +204,7 @@
 "customPassword":"Module de mots-de-passe personnalisé",
 "customPortalSkin":"Style personnalisé du portail",
 "customRegister":"Module d'enregistrement personnalisé",
+"customToTrace":"REMOTE_CUSTOM",
 "customUserDB":"Module BD utilisateurs personnalisé",
 "date":"Date",
 "dbiAuthChain":"Chaîne",

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -204,6 +204,7 @@
 "customPassword":"Personalizza il modulo password",
 "customPortalSkin":"Personalizza faccia del portale ",
 "customRegister":"Personalizza modulo di registro",
+"customToTrace":"REMOTE_CUSTOM",
 "customUserDB":"Personalizza modulo utente DB",
 "date":"Data",
 "dbiAuthChain":"Catena",

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -204,6 +204,7 @@
 "customPassword":"Mô đun mật khẩu tùy chỉnh",
 "customPortalSkin":"Tùy chỉnh giao diện cổng thông tin",
 "customRegister":"Module đăng ký tùy chỉnh",
+"customToTrace":"REMOTE_CUSTOM",
 "customUserDB":"Mô đun DB người dùng tùy chỉnh",
 "date":"Ngày",
 "dbiAuthChain":"Chuỗi",

lemonldap-ng-manager/site/htdocs/static/languages/zh.json

@@ -204,6 +204,7 @@
 "customPassword":"Custom password module",
 "customPortalSkin":"Custom portal skin",
 "customRegister":"Custom register module",
+"customToTrace":"REMOTE_CUSTOM",
 "customUserDB":"Custom user DB module",
 "date":"日期",
 "dbiAuthChain":"Chain",

lemonldap-ng-portal/t/01-CSP-and-CORS-headers.t

@@ -37,44 +37,33 @@ ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
   or print STDERR Dumper( $res->[2]->[0] );
 count(2);
 
+my %policy = @{ $res->[1] };
+
 # CORS
-ok( $res->[1]->[12] eq 'Access-Control-Allow-Origin', ' CORS origin found' )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[13] eq '', " CORS origin ''" )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[14] eq 'Access-Control-Allow-Credentials',
-    ' CORS credentials found' )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[15] eq 'true', " CORS credentials 'true'" )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[16] eq 'Access-Control-Allow-Headers', " CORS headers found" )
+ok( $policy{'Access-Control-Allow-Origin'} eq '', "CORS origin '' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[17] eq '*', " CORS headers '*'" )
+ok( $policy{'Access-Control-Allow-Credentials'} eq 'true',
+    "CORS credentials 'true' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[18] eq 'Access-Control-Allow-Methods', " CORS methods found" )
+ok( $policy{'Access-Control-Allow-Headers'} eq '*', "CORS headers '*' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[19] eq 'POST', " CORS methods 'POST'" )
+ok( $policy{'Access-Control-Allow-Methods'} eq 'POST',
+    "CORS methods 'POST' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[20] eq 'Access-Control-Expose-Headers',
-    " CORS expose-headers found" )
+ok( $policy{'Access-Control-Expose-Headers'} eq '*',
+    "CORS expose-headers '*' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[21] eq '*', " CORS expose-headers '*'" )
+ok( $policy{'Access-Control-Max-Age'} eq '86400', "CORS max-age '86400' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[22] eq 'Access-Control-Max-Age', ' CORS max-age found' )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[23] == 86400, ' CORS max-age 86400' )
-  or print STDERR Dumper( $res->[1] );
-count(12);
+count(6);
 
 #CSP
-ok( $res->[1]->[26] eq 'Content-Security-Policy', ' CSP found' )
-  or print STDERR Dumper( $res->[1] );
 ok(
-    $res->[1]->[27] =~
+    $policy{'Content-Security-Policy'} =~
 /default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action \*;frame-ancestors 'none'/,
-    ' CSP headers found'
+    'CSP header value found'
 ) or print STDERR Dumper( $res->[1] );
-count(2);
+count(1);
 
 # Try to authenticate with good password
 # --------------------------------------
@@ -115,39 +104,27 @@ ok(
 );
 count(1);
 
-ok( $res->[1]->[14] eq 'Access-Control-Allow-Origin', ' CORS origin found' )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[15] eq '', " CORS origin ''" )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[16] eq 'Access-Control-Allow-Credentials',
-    ' CORS credentials found' )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[17] eq 'true', " CORS credentials 'true'" )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[18] eq 'Access-Control-Allow-Headers', " CORS headers found" )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[19] eq '*', " CORS headers '*'" )
-  or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[20] eq 'Access-Control-Allow-Methods', " CORS methods found" )
+# CORS
+%policy = @{ $res->[1] };
+ok( $policy{'Access-Control-Allow-Origin'} eq '', "CORS origin '' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[21] eq 'POST', " CORS methods 'POST'" )
+ok( $policy{'Access-Control-Allow-Credentials'} eq 'true',
+    "CORS credentials 'true' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[22] eq 'Access-Control-Expose-Headers',
-    " CORS expose-headers found" )
+ok( $policy{'Access-Control-Allow-Headers'} eq '*', "CORS headers '*' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[23] eq '*', " CORS expose-headers '*'" )
+ok( $policy{'Access-Control-Allow-Methods'} eq 'POST',
+    "CORS methods 'POST' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[24] eq 'Access-Control-Max-Age', ' CORS max-age found' )
+ok( $policy{'Access-Control-Expose-Headers'} eq '*',
+    "CORS expose-headers '*' found" )
   or print STDERR Dumper( $res->[1] );
-ok( $res->[1]->[25] == 86400, ' CORS max-age 86400' )
+ok( $policy{'Access-Control-Max-Age'} eq '86400', "CORS max-age '86400' found" )
   or print STDERR Dumper( $res->[1] );
-count(12);
+count(6);
 
-# Test logout
 $client->logout($id);
 
-#print STDERR Dumper($res);
-
 clean_sessions();
 
 done_testing( count() );