New skip() function in rules

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm

@@ -13,6 +13,7 @@ use Scalar::Util qw(weaken);
 
 use constant UNPROTECT => 1;
 use constant SKIP      => 2;
+use constant MAYSKIP   => 3;
 
 our @_onReload;
 
@@ -546,6 +547,9 @@ sub conditionSub {
         );
     }
 
+    my $mayskip = 0;
+    $mayskip = MAYSKIP if $cond =~ /\bskip\b/;
+
     # Replace some strings in condition
     $cond = $class->substitute($cond);
     my $sub;
@@ -555,7 +559,7 @@ sub conditionSub {
     }
 
     # Return sub and protected flag
-    return ( $sub, 0 );
+    return ( $sub, $mayskip );
 }
 
 ## @method arrayref aliasInit
@@ -589,6 +593,7 @@ sub substitute {
     $expr =~ s/\$(?!(?:ENV|env)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg;
     $expr =~ s/\$ENV\{/\$r->{env}->\{/g;
     $expr =~ s/\$env->\{/\$r->{env}->\{/g;
+    $expr =~ s/\bskip\b/q\{999_SKIP\}/g;
 
     return $expr;
 }

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm

@@ -192,6 +192,11 @@ sub run {
         $class->cleanHeaders($req);
         return $class->OK;
     }
+    elsif ( $protection == $class->MAYSKIP
+        and $class->grant( $req, $session, $uri, $cond ) eq '999_SKIP' )
+    {
+        return $class->OK;
+    }
 
     else {
 

lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t

@@ -8,6 +8,7 @@ require 't/test-psgi-lib.pm';
 init('Lemonldap::NG::Handler::PSGI');
 
 my $res;
+my $SKIPUSER = 0;
 
 # Unauthentified query
 # --------------------
@@ -36,27 +37,42 @@ ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
 count(2);
 
 # Request an URI protected by custom function -> allowed
-ok( $res = $client->_get( '/test-uri1/dwho', undef, undef, "lemonldap=$sessionId" ),
-    'Authentified query' );
+ok(
+    $res =
+      $client->_get( '/test-uri1/dwho', undef, undef, "lemonldap=$sessionId" ),
+    'Authentified query'
+);
 ok( $res->[0] == 200, '/test-uri1 -> Code is 200' ) or explain( $res, 200 );
 count(2);
 
 # Request an URI protected by custom function -> allowed
-ok( $res = $client->_get( '/test-uri2/dwho/dummy', undef, undef, "lemonldap=$sessionId" ),
-    'Authentified query' );
+ok(
+    $res = $client->_get(
+        '/test-uri2/dwho/dummy', undef, undef, "lemonldap=$sessionId"
+    ),
+    'Authentified query'
+);
 ok( $res->[0] == 200, '/test-uri2 -> Code is 200' ) or explain( $res, 200 );
 count(2);
 
 # Request an URI protected by custom function -> denied
-ok( $res = $client->_get( '/test-uri1/dwho/', undef, undef, "lemonldap=$sessionId" ),
-    'Denied query' );
-ok( $res->[0] == 403, '/test-uri1 -> Code is 403' ) or explain( $res->[0], 403 );
+ok(
+    $res =
+      $client->_get( '/test-uri1/dwho/', undef, undef, "lemonldap=$sessionId" ),
+    'Denied query'
+);
+ok( $res->[0] == 403, '/test-uri1 -> Code is 403' )
+  or explain( $res->[0], 403 );
 count(2);
 
 # Request an URI protected by custom function -> denied
-ok( $res = $client->_get( '/test-uri1/dwh', undef, undef, "lemonldap=$sessionId" ),
-    'Denied query' );
-ok( $res->[0] == 403, '/test-uri1 -> Code is 403' ) or explain( $res->[0], 403 );
+ok(
+    $res =
+      $client->_get( '/test-uri1/dwh', undef, undef, "lemonldap=$sessionId" ),
+    'Denied query'
+);
+ok( $res->[0] == 403, '/test-uri1 -> Code is 403' )
+  or explain( $res->[0], 403 );
 count(2);
 
 # Denied query
@@ -136,14 +152,25 @@ ok(
   );
 count(3);
 
+ok( $res = $client->_get( '/skipif/za', undef, 'test1.example.com' ),
+    'Test skip() rule 1' );
+ok( $res->[0] == 302, 'Code is 302' ) or explain( $res, 302 );
+$SKIPUSER = 1;
+ok( $res = $client->_get( '/skipif/zz', undef, 'test1.example.com' ),
+    'Test skip() rule 2' );
+ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
+count(4);
+
 done_testing( count() );
 
 clean();
 
 sub Lemonldap::NG::Handler::PSGI::handler {
     my ( $self, $req ) = @_;
+    unless ($SKIPUSER) {
         ok( $req->env->{HTTP_AUTH_USER} eq 'dwho', 'Header is given to app' )
           or explain( $req->env->{HTTP_AUTH_USER}, 'dwho' );
         count(1);
+    }
     return [ 200, [ 'Content-Type', 'text/plain' ], ['Hello'] ];
 }

lemonldap-ng-handler/t/lmConf-1.json

@@ -46,6 +46,7 @@
       "^/test-uri1": "varIsInUri($ENV{REQUEST_URI}, '/test-uri1/', $uid, 1)",
       "^/test-uri2": "varIsInUri($ENV{REQUEST_URI}, '/test-uri2/', $uid)",
       "^/test-restricted_uri": "varIsInUri($ENV{REQUEST_URI}, '/test-restricted_uri/', \"$uid/\", 1)",
+      "^/skipif": "$ENV{REQUEST_URI} =~ /zz/ ? skip : 1",
       "^/logout": "logout_sso",
       "^/deny": "deny",
       "default": "accept"