Retrieve session from DB if exists & Improve unit test (#1774)

6 years ago · a89f83294b
parent 8fd3f6be90
commit a89f83294b
2 changed files with 82 additions and 17 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
@ -11,8 +11,8 @@ use Lemonldap::NG::Portal::Main::Constants qw(

 our $VERSION = '2.0.5';

-extends qw(Lemonldap::NG::Portal::Main::Plugin
-  Lemonldap::NG::Portal::Lib::_tokenRule);
+extends
+  qw(Lemonldap::NG::Portal::Main::Plugin Lemonldap::NG::Portal::Lib::_tokenRule Lemonldap::NG::Portal::Lib::OtherSessions);

 # INITIALIZATION

@ -121,17 +121,39 @@ sub check {
    }

    if ( $user eq $req->{user} or !$user ) {
-        $self->userLogger->notice("Retrieve session from Sessions database");
+        $self->logger->debug("checkUser requested for myself");
+        $self->userLogger->notice("Return userData...");
        $self->userLogger->warn("Using spoofed SSO groups if exist!!!")
          if ( $self->conf->{impersonationRule} );
        $attrs = $req->userData;
+        $user  = $req->{user};
    }
    else {
-        $self->logger->debug("checkUser requested for $req->{user}");
-        $req->{user} = $user;
-        $self->userLogger->notice(
-            "Retrieve session from userDB and compute Groups & Macros");
-        $attrs = $self->_userDatas($req);
+        $self->logger->debug("checkUser requested for $user");
+
+        # Try to retrieve session from sessions DB
+        $self->userLogger->notice('Try to retrieve session from DB...');
+        my $moduleOptions = $self->conf->{globalStorageOptions} || {};
+        $moduleOptions->{backend} = $self->conf->{globalStorage};
+        my $sessions =
+          $self->module->searchOn( $moduleOptions, $self->conf->{whatToTrace},
+            $user );
+        my $age = '1';
+        foreach my $id ( keys %$sessions ) {
+            my $session = $self->p->getApacheSession($id) or next;
+
+            if ( $session->{data}->{_utime} gt $age ) {
+
+                $attrs = $session->{data};
+                $age   = $session->{data}->{_utime};
+            }
+        }
+        unless ( defined $attrs->{_session_id} ) {
+            $req->{user} = $user;
+            $self->userLogger->notice(
+                "NO session found in DB. Compute userData...");
+            $attrs = $self->_userData($req);
+        }
    }

    if ( $req->error ) {
@ -206,11 +228,8 @@ sub check {
        LANGS     => $self->conf->{showLanguages},
        MSG       => $msg,
        ALERTE    => ( $msg eq 'checkUser' ? 'alert-info' : 'alert-warning' ),
-        LOGIN     => (
-              $self->p->checkXSSAttack( 'LOGIN', $req->{userData}->{uid} ) ? ""
-            : $req->{userData}->{uid}
-        ),
-        URL => (
+        LOGIN     => $user,
+        URL       => (
              $self->p->checkXSSAttack( 'URL', $url ) ? ""
            : $url
        ),
@ -302,10 +321,10 @@ sub _urlFormat {
    return lc("$proto$vhost$port") . "$appuri";
 }

-sub _userDatas {
+sub _userData {
    my ( $self, $req ) = @_;

-    # Search user in database
+    # Compute session
    my $steps = [ 'getUser', 'setSessionInfo', 'setMacros', 'setGroups' ];
    $self->conf->{checkUserDisplayPersistentInfo}
      ? push @$steps, 'setPersistentSessionInfo', 'setLocalGroups'
--- a/lemonldap-ng-portal/t/67-CheckUser.t
+++ b/lemonldap-ng-portal/t/67-CheckUser.t
@ -57,6 +57,21 @@ ok( $res->[2]->[0] =~ m%An error occurs, you're going to be redirected to%,
 count(1);
 $client->logout($id);

+## Try to authenticate
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=rtyler&password=rtyler'),
+        length => 27,
+        accept => 'text/html',
+    ),
+    'Auth query'
+);
+count(1);
+
+$id = expectCookie($res);
+expectRedirection( $res, 'http://auth.example.com/' );
+
 ## Try to authenticate
 ok(
    $res = $client->_post(
@ -85,7 +100,6 @@ ok(
 );
 count(1);

-# Request with bad VH
 my ( $host, $url, $query ) =
  expectForm( $res, undef, '/checkuser', 'user', 'url' );
 ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
@ -99,8 +113,39 @@ ok( $res->[2]->[0] =~ m%<td class="text-left">dwho</td>%, 'Found value dwho' )
  or explain( $res->[2]->[0], 'Value dwho' );
 count(2);

+$query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/;
+ok(
+    $res = $client->_post(
+        '/checkuser',
+        IO::String->new($query),
+        cookie => "lemonldap=$id",
+        length => length($query),
+        accept => 'text/html',
+    ),
+    'POST checkuser'
+);
+count(1);
+
+( $host, $url, $query ) =
+  expectForm( $res, undef, '/checkuser', 'user', 'url' );
+ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
+  or explain( $res->[2]->[0], 'trspan="checkUser"' );
+
+count(2);
+ok( $res->[2]->[0] =~ m%<td class="align-middle">Auth-User</td>%,
+    'Found Auth-User' )
+  or explain( $res->[2]->[0], 'Header Key: Auth-User' );
+ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
+  or explain( $res->[2]->[0], 'Header Value: dwho' );
+ok( $res->[2]->[0] =~ m%<td class="align-middle">_whatToTrace</td>%,
+    'Found _whatToTrace' )
+  or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
+ok( $res->[2]->[0] =~ m%<td class="align-middle">dwho</td>%, 'Found dwho' )
+  or explain( $res->[2]->[0], 'Macro Value dwho' );
+count(3);
+
 $query =~ s/user=dwho/user=rtyler/;
-$query =~ s/url=/url=http%3A%2F%2Ftry.example.com/;
+$query =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Ftry.example.com/;
 ok(
    $res = $client->_post(
        '/checkuser',
@ -113,6 +158,7 @@ ok(
 );
 count(1);

+# Request with bad VH
 ( $host, $url, $query ) =
  expectForm( $res, undef, '/checkuser', 'user', 'url' );
 ok( $res->[2]->[0] =~ m%<span trspan="VHnotFound">%,