2017-02-16 19:14:42 +01:00
|
|
|
package Lemonldap::NG::Portal::Plugins::GrantSession;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Mouse;
|
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
2019-02-05 23:12:17 +01:00
|
|
|
PE_OK
|
|
|
|
PE_BADCREDENTIALS
|
2020-10-09 22:26:00 +02:00
|
|
|
PE_SESSIONNOTGRANTED
|
2017-02-16 19:14:42 +01:00
|
|
|
);
|
|
|
|
|
2020-10-09 22:26:00 +02:00
|
|
|
our $VERSION = '2.0.10';
|
2017-02-28 21:53:19 +01:00
|
|
|
|
2017-02-16 19:14:42 +01:00
|
|
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|
|
|
|
2018-10-01 15:20:41 +02:00
|
|
|
use constant afterData => 'run';
|
2017-02-16 19:14:42 +01:00
|
|
|
|
|
|
|
has rules => ( is => 'rw', default => sub { {} } );
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
2019-08-27 10:32:26 +02:00
|
|
|
foreach ( keys %{ $self->conf->{grantSessionRules} // {} } ) {
|
2018-10-01 19:43:16 +02:00
|
|
|
$self->logger->debug("GrantRule key -> $_");
|
|
|
|
$self->logger->debug(
|
|
|
|
"GrantRule value -> " . $self->conf->{grantSessionRules}->{$_} );
|
2020-10-09 22:26:00 +02:00
|
|
|
my $rule = $self->p->buildRule( $self->conf->{grantSessionRules}->{$_},
|
|
|
|
'grantSessionRules' );
|
|
|
|
next unless ($rule);
|
2017-02-16 19:14:42 +01:00
|
|
|
$self->rules->{$_} = $rule;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2018-10-01 15:20:41 +02:00
|
|
|
sub run {
|
2017-02-16 19:14:42 +01:00
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
|
|
|
|
sub sortByComment {
|
|
|
|
my $A = ( $a =~ /^.*?##(.*)$/ )[0];
|
|
|
|
my $B = ( $b =~ /^.*?##(.*)$/ )[0];
|
|
|
|
return !$A ? 1 : !$B ? -1 : $A cmp $B;
|
|
|
|
}
|
2018-10-01 19:43:16 +02:00
|
|
|
|
2019-02-04 18:59:37 +01:00
|
|
|
# Avoid display notification if AuthResult is not null
|
2019-03-18 11:53:30 +01:00
|
|
|
if ( $req->authResult > PE_OK ) {
|
|
|
|
$self->logger->debug(
|
|
|
|
"Bad authentication, do not check grant session rules");
|
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
2019-02-04 17:40:18 +01:00
|
|
|
|
2017-02-16 19:14:42 +01:00
|
|
|
foreach ( sort sortByComment keys %{ $self->rules } ) {
|
2019-05-06 19:10:26 +02:00
|
|
|
my $rule = $self->conf->{grantSessionRules}->{$_};
|
|
|
|
$self->logger->debug("Grant session condition -> $rule");
|
2017-03-28 23:07:49 +02:00
|
|
|
unless ( $self->rules->{$_}->( $req, $req->sessionInfo ) ) {
|
2017-02-19 08:17:48 +01:00
|
|
|
$req->userData( {} );
|
2018-10-01 19:43:16 +02:00
|
|
|
|
|
|
|
# Catch rule message
|
|
|
|
$_ =~ /^(.*?)##.*$/;
|
2018-10-07 11:40:26 +02:00
|
|
|
if ($1) {
|
2018-10-01 22:46:28 +02:00
|
|
|
$self->logger->debug("Message -> $1");
|
2018-10-07 15:19:00 +02:00
|
|
|
|
2019-02-05 23:12:17 +01:00
|
|
|
# Message can contain session data as user attributes or macros
|
2018-10-07 14:13:13 +02:00
|
|
|
my $hd = $self->p->HANDLER;
|
|
|
|
my $msg = $hd->substitute($1);
|
2018-10-07 21:32:26 +02:00
|
|
|
unless ( $msg = $hd->buildSub($msg) ) {
|
2020-03-28 18:12:34 +01:00
|
|
|
my $error = $hd->tsv->{jail}->error || '???';
|
2020-03-28 17:58:39 +01:00
|
|
|
$self->error("Bad message -> $error");
|
2018-10-07 21:32:26 +02:00
|
|
|
return PE_OK;
|
2018-10-07 14:13:13 +02:00
|
|
|
}
|
|
|
|
$msg = $msg->( $req, $req->sessionInfo );
|
2019-05-06 19:10:26 +02:00
|
|
|
$self->logger->debug("Transformed message -> $msg");
|
2018-10-01 19:43:16 +02:00
|
|
|
$req->info(
|
|
|
|
$self->loadTemplate(
|
2019-06-28 13:40:56 +02:00
|
|
|
$req, 'simpleInfo', params => { trspan => $msg }
|
2018-10-01 19:43:16 +02:00
|
|
|
)
|
|
|
|
);
|
|
|
|
$self->userLogger->error( 'User '
|
2019-02-05 23:12:17 +01:00
|
|
|
. $req->sessionInfo->{uid}
|
2019-05-06 19:10:26 +02:00
|
|
|
. " was not granted to open session (rule -> $rule)" );
|
2018-10-01 19:43:16 +02:00
|
|
|
$req->urldc( $self->conf->{portal} );
|
|
|
|
return $req->authResult(PE_SESSIONNOTGRANTED);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$self->userLogger->error( 'User '
|
2019-02-05 23:12:17 +01:00
|
|
|
. $req->sessionInfo->{uid}
|
|
|
|
. " was not granted to open session (rule -> "
|
|
|
|
. $self->conf->{grantSessionRules}->{$_}
|
|
|
|
. ")" );
|
2018-10-01 19:43:16 +02:00
|
|
|
$req->urldc( $self->conf->{portal} );
|
|
|
|
return $req->authResult(PE_SESSIONNOTGRANTED);
|
|
|
|
}
|
2017-02-16 19:14:42 +01:00
|
|
|
}
|
|
|
|
}
|
2019-03-27 16:00:39 +01:00
|
|
|
|
|
|
|
# Log
|
|
|
|
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
|
|
|
my $mod = $req->{sessionInfo}->{_auth};
|
2019-03-27 21:44:25 +01:00
|
|
|
$self->userLogger->notice(
|
|
|
|
"Session granted for $user by $mod ($req->{sessionInfo}->{ipAddr})")
|
|
|
|
if $user;
|
2018-10-01 19:53:21 +02:00
|
|
|
return PE_OK;
|
2017-02-16 19:14:42 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
1;
|