Send source VH header & Improve unit test (#1797)

6 years ago · aa0b67f979
parent a6aaf8a507
commit aa0b67f979
2 changed files with 23 additions and 9 deletions
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm
@ -18,6 +18,18 @@ sub fetchId {
    # time:_session_id:vhost1:vhost2,...
    my ( $t, $_session_id, @vhosts ) = split /:/, $s;

+    # Search if XFromVH is defined
+    my $vh = $class->resolveAlias($req);
+    my $XFromVH;
+    my @XFromVH = grep { $_ =~ s/^XFromVH=([\w-.]+)/$1/ } @vhosts;
+    if (@XFromVH) {
+        $XFromVH = $XFromVH[0];
+        $class->logger->debug("Found XFromVH -> $XFromVH");
+        $class->headersInit( undef,
+            { $vh => { 'XFromVH' => "qw($XFromVH)" } } );
+        @vhosts = map { $_ =~ /^XFromVH=[\w-.]+/ ? () : $_ } @vhosts;
+    }
+
    # $_session_id and at least one vhost
    unless ( @vhosts and $_session_id ) {
        $class->userLogger->error('Bad service token');
@ -25,7 +37,6 @@ sub fetchId {
    }

    # Is vhost listed in token ?
-    my $vh = $class->resolveAlias($req);
    unless ( grep { $_ eq $vh } @vhosts ) {
        $class->userLogger->error(
            "$vh not authorized in token (" . join( ', ', @vhosts ) . ')' );
--- a/lemonldap-ng-handler/t/65-Lemonldap-NG-Handler-PSGI-ServiceToken.t
+++ b/lemonldap-ng-handler/t/65-Lemonldap-NG-Handler-PSGI-ServiceToken.t
@ -7,19 +7,19 @@ BEGIN {
 init(
    'Lemonldap::NG::Handler::Server',
    {
-        logLevel               => 'error',
+        logLevel               => 'debug',
        handlerServiceTokenTTL => 2,
        vhostOptions           => {
            'test1.example.com' => {
-                vhostHttps          => 0,
-                vhostPort           => 80,
-                vhostMaintenance    => 0,
+                vhostHttps           => 0,
+                vhostPort            => 80,
+                vhostMaintenance     => 0,
                vhostServiceTokenTTL => 3,
            },
            'test2.example.com' => {
-                vhostHttps          => 0,
-                vhostPort           => 80,
-                vhostMaintenance    => 0,
+                vhostHttps           => 0,
+                vhostPort            => 80,
+                vhostMaintenance     => 0,
                vhostServiceTokenTTL => 5,
            }
        },
@ -28,7 +28,10 @@ init(

 my $res;
 my $crypt = Lemonldap::NG::Common::Crypto->new('qwertyui');
-my $token = $crypt->encrypt( join ':', time, $sessionId, 'test1.example.com', 'test2.example.com', '*.example.com' );
+my $token =
+  $crypt->encrypt( join ':', time, $sessionId, 'test1.example.com',
+    'XFromVH=app1-auth.example.com',
+    'test2.example.com', '*.example.com' );

 ok(
    $res = $client->_get(