worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add regexp capture feature in rules (#321)

Browse Source
2009-display-authentication-error-on-login-form-with-combination-kerberos-ldap
Xavier 6 years ago
parent 6453a04a55
commit aa2fa22074
4 changed files with 19 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
  2. 5
      lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
  3. 12
      lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t
  4. 1
      lemonldap-ng-handler/t/lmConf-1.json

5
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
Unescape View File

@ -572,9 +572,10 @@ sub substitute {
$expr =~ s/\$ip\b/\$ENV{REMOTE_ADDR}/sg;
# substitute vars with session data, excepts special vars $_ and $\d+
$expr =~ s/\$(?!(?:ENV|env)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg;
$expr =~ s/\$(?!(?:ENV|env|_rulematch)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg;
$expr =~ s/\$ENV\{/\$r->{env}->\{/g;
$expr =~ s/\$env->\{/\$r->{env}->\{/g;
$expr =~ s/\$_rulematch\[/\$m->\[/g;
return $expr;
}
@ -582,7 +583,7 @@ sub substitute {
sub buildSub {
my ( $class, $val ) = @_;
my $res =
$class->tsv->{jail}->jail_reval("sub{my (\$r,\$s)=\@_;return($val)}");
$class->tsv->{jail}->jail_reval("sub{my (\$r,\$s,\$m)=\@_;return($val)}");
unless ($res) {
$class->logger->error( $class->tsv->{jail}->error );
}

5
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
Unescape View File

@ -284,11 +284,12 @@ sub grant {
)
{
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
my $match = [ undef, @{^CAPTURE} ] || [];
$class->logger->debug( 'Regexp "'
. $class->tsv->{locationConditionText}->{$vhost}->[$i]
. '" match' );
return $class->tsv->{locationCondition}->{$vhost}->[$i]
->( $req, $session );
->( $req, $session, $match );
}
}
unless ( $class->tsv->{defaultCondition}->{$vhost} ) {
@ -298,7 +299,7 @@ sub grant {
return 0;
}
$class->logger->debug("$vhost: Apply default rule");
return $class->tsv->{defaultCondition}->{$vhost}->( $req, $session );
return $class->tsv->{defaultCondition}->{$vhost}->( $req, $session, [] );
}
## @rmethod protected int forbidden(string uri)

12
lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t
Unescape View File

@ -37,6 +37,12 @@ ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
count(2);
ok( $res = $client->_get( '/user_dwho/', undef, undef, "lemonldap=$sessionId" ),
'Regexp query' );
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
count(2);
# Denied query
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
'Denied query' );
@ -44,6 +50,12 @@ ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
ok( $res = $client->_get( '/user_rtyler/', undef, undef, "lemonldap=$sessionId" ),
'Regexp deny query' );
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res, 403 );
count(2);
# Bad cookie
ok(
$res = $client->_get(

1
lemonldap-ng-handler/t/lmConf-1.json
Unescape View File

@ -43,6 +43,7 @@
"test1.example.com": {
"^/logout": "logout_sso",
"^/deny": "deny",
"^/user_(\\w+)/": "$uid eq $_rulematch[1]",
"default": "accept"
},
"test2.example.com": {

Write Preview
Loading…
Cancel
Save