lemonldap-ng/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm

package Lemonldap::NG::Handler::Lib::ServiceToken;

use strict;

our $VERSION = '2.0.6';

sub fetchId {
    my ( $class, $req ) = @_;
    my $token = $req->{env}->{HTTP_X_LLNG_TOKEN};
    return $class->Lemonldap::NG::Handler::Main::fetchId($req) unless ($token);
    $class->logger->debug('Found token header');

    # Decrypt token
    my $s = $class->tsv->{cipher}->decrypt($token);

# Token format:
# time:_session_id:vhost1:vhost2:serviceHeader1=value1:serviceHeader2=value2,...
    my ( $t, $_session_id, @vhosts ) = split /:/, $s;

    # Looking for service headers
    my $vh = $class->resolveAlias($req);
    my %serviceHeaders;
    @vhosts = grep {
        if (/^([\w\-]+)=(.+)$/) {
            $serviceHeaders{$1} = $2;
            $class->logger->debug("Found service header: $1 => $2");
            0;
        }
        else { 1 }
    } @vhosts;

    # $_session_id and at least one vhost
    unless ( @vhosts and $_session_id ) {
        $class->userLogger->error('Bad service token');
        return 0;
    }

    # Is vhost listed in token ?
    unless ( grep { $_ eq $vh } @vhosts ) {
        $class->userLogger->error(
            "$vh not authorized in token (" . join( ', ', @vhosts ) . ')' );
        return 0;
    }

    # Is token in good interval ?
    my $localConfig = $class->localConfig;
    my $ttl =
        $localConfig->{vhostOptions}->{$vh}->{vhostServiceTokenTTL} <= 0
      ? $class->tsv->{handlerServiceTokenTTL}
      : $localConfig->{vhostOptions}->{$vh}->{vhostServiceTokenTTL};
    unless ( $t <= time and $t > time - $ttl ) {
        $class->userLogger->warn('Expired service token');
        return 0;
    }

    if (%serviceHeaders) {
        $class->logger->debug("Append service header(s)...");
        $class->set_header_out( $req, %serviceHeaders );
    }

    return $_session_id;
}

1;
Service token in progress (#971) 2017-03-03 07:29:50 +01:00			`package Lemonldap::NG::Handler::Lib::ServiceToken;`

			`use strict;`

Cleaning code 2019-08-26 22:52:15 +02:00			`our $VERSION = '2.0.6';`
Service token in progress (#971) 2017-03-03 07:29:50 +01:00
			`sub fetchId {`
Replace request management in handler (#1044) Note: this is a big change, more tests needed 2017-03-28 23:07:49 +02:00			`my ( $class, $req ) = @_;`
			`my $token = $req->{env}->{HTTP_X_LLNG_TOKEN};`
			`return $class->Lemonldap::NG::Handler::Main::fetchId($req) unless ($token);`
Service token in progress (#971) 2017-03-03 07:29:50 +01:00			`$class->logger->debug('Found token header');`
Some comments 2018-04-22 16:08:34 +02:00
			`# Decrypt token`
Clean repo 2017-03-03 18:25:03 +01:00			`my $s = $class->tsv->{cipher}->decrypt($token);`
Some comments 2018-04-22 16:08:34 +02:00
tidy 2019-06-12 22:43:16 +02:00			`# Token format:`
			`# time:_session_id:vhost1:vhost2:serviceHeader1=value1:serviceHeader2=value2,...`
Clean repo 2017-03-03 18:25:03 +01:00			`my ( $t, $_session_id, @vhosts ) = split /:/, $s;`
Some comments 2018-04-22 16:08:34 +02:00
Send service headers & improve unit test (#1797) 2019-06-12 22:01:36 +02:00			`# Looking for service headers`
Send source VH header & Improve unit test (#1797) 2019-06-11 21:44:32 +02:00			`my $vh = $class->resolveAlias($req);`
Optimize #1797 2019-06-12 22:53:41 +02:00			`my %serviceHeaders;`
			`@vhosts = grep {`
			`if (/^([\w\-]+)=(.+)$/) {`
			`$serviceHeaders{$1} = $2;`
Tidy 2019-06-14 17:23:26 +02:00			`$class->logger->debug("Found service header: $1 => $2");`
Optimize #1797 2019-06-12 22:53:41 +02:00			`0;`
			`}`
			`else { 1 }`
			`} @vhosts;`
Send source VH header & Improve unit test (#1797) 2019-06-11 21:44:32 +02:00
Append ServiceToken test (#1773) 2019-05-26 22:37:59 +02:00			`# $_session_id and at least one vhost`
Modify ServiceToken TTL option (#1773) 2019-05-27 23:07:18 +02:00			`unless ( @vhosts and $_session_id ) {`
Some comments 2018-04-22 16:08:34 +02:00			`$class->userLogger->error('Bad service token');`
Service token in progress (#971) 2017-03-03 07:29:50 +01:00			`return 0;`
			`}`
Some comments 2018-04-22 16:08:34 +02:00
			`# Is vhost listed in token ?`
Simple token system as discuss in #971 2017-03-04 13:24:56 +01:00			`unless ( grep { $_ eq $vh } @vhosts ) {`
			`$class->userLogger->error(`
Typo & Version 2019-05-26 10:32:27 +02:00			`"$vh not authorized in token (" . join( ', ', @vhosts ) . ')' );`
Simple token system as discuss in #971 2017-03-04 13:24:56 +01:00			`return 0;`
			`}`
Append ServiceToken TTL option (#1773) 2019-05-26 21:43:13 +02:00
			`# Is token in good interval ?`
			`my $localConfig = $class->localConfig;`
Modify ServiceToken TTL option (#1773) 2019-05-27 23:07:18 +02:00			`my $ttl =`
			`$localConfig->{vhostOptions}->{$vh}->{vhostServiceTokenTTL} <= 0`
			`? $class->tsv->{handlerServiceTokenTTL}`
			`: $localConfig->{vhostOptions}->{$vh}->{vhostServiceTokenTTL};`
Append ServiceToken TTL option (#1773) 2019-05-26 21:43:13 +02:00			`unless ( $t <= time and $t > time - $ttl ) {`
			`$class->userLogger->warn('Expired service token');`
			`return 0;`
			`}`

Send service headers & improve unit test (#1797) 2019-06-12 22:01:36 +02:00			`if (%serviceHeaders) {`
			`$class->logger->debug("Append service header(s)...");`
			`$class->set_header_out( $req, %serviceHeaders );`
			`}`

Service token in progress (#971) 2017-03-03 07:29:50 +01:00			`return $_session_id;`
			`}`

			`1;`