2020-10-02 15:05:15 +02:00
|
|
|
package Lemonldap::NG::Portal::Plugins::AdaptativeAuthenticationLevel;
|
|
|
|
|
2020-10-09 22:26:00 +02:00
|
|
|
use strict;
|
2020-10-02 15:05:15 +02:00
|
|
|
use Mouse;
|
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
|
|
|
PE_OK
|
|
|
|
);
|
|
|
|
|
|
|
|
our $VERSION = '2.0.10';
|
|
|
|
|
|
|
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|
|
|
|
2020-11-04 16:48:43 +01:00
|
|
|
use constant aroundSub => { 'store' => 'adaptAuthenticationLevel' };
|
2020-10-02 15:05:15 +02:00
|
|
|
|
|
|
|
has rules => ( is => 'rw', default => sub { {} } );
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
|
|
|
$self->logger->debug('Init AdaptativeAuthenticationLevel plugin');
|
2020-10-04 16:59:21 +02:00
|
|
|
|
2020-10-02 15:05:15 +02:00
|
|
|
foreach (
|
|
|
|
keys %{ $self->conf->{adaptativeAuthenticationLevelRules} // {} } )
|
|
|
|
{
|
|
|
|
$self->logger->debug("adaptativeAuthenticationLevelRules key -> $_");
|
|
|
|
$self->logger->debug( "adaptativeAuthenticationLevelRules value -> "
|
|
|
|
. $self->conf->{adaptativeAuthenticationLevelRules}->{$_} );
|
2020-10-04 16:59:21 +02:00
|
|
|
|
|
|
|
my $rule =
|
|
|
|
$self->p->buildRule( $_, 'adaptativeAuthenticationLevelRules' );
|
|
|
|
next unless $rule;
|
2020-10-02 15:05:15 +02:00
|
|
|
$self->rules->{$_} = $rule;
|
|
|
|
}
|
2020-11-02 15:56:19 +01:00
|
|
|
|
2020-10-02 15:05:15 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub adaptAuthenticationLevel {
|
2020-11-02 15:56:19 +01:00
|
|
|
my ( $self, $sub, $req ) = @_;
|
2020-10-02 15:05:15 +02:00
|
|
|
|
2020-10-04 17:02:55 +02:00
|
|
|
my $userid = $req->sessionInfo->{ $self->conf->{whatToTrace} };
|
2020-10-02 15:05:15 +02:00
|
|
|
$self->logger->debug("Check adaptative authentication rules for $userid");
|
|
|
|
|
|
|
|
my $authenticationLevel = $req->sessionInfo->{authenticationLevel};
|
|
|
|
$self->logger->debug(
|
|
|
|
"Current authentication level for $userid is $authenticationLevel");
|
|
|
|
|
|
|
|
my $updatedAuthenticationLevel = $authenticationLevel;
|
|
|
|
|
2020-10-04 17:05:16 +02:00
|
|
|
foreach ( keys %{ $self->rules } ) {
|
2020-10-02 15:05:15 +02:00
|
|
|
my $rule = $_;
|
|
|
|
$self->logger->debug(
|
|
|
|
"Check adaptativeAuthenticationLevelRules -> $rule");
|
|
|
|
if ( $self->rules->{$_}->( $req, $req->sessionInfo ) ) {
|
|
|
|
my $levelOperation =
|
|
|
|
$self->conf->{adaptativeAuthenticationLevelRules}->{$_};
|
|
|
|
$self->logger->debug(
|
|
|
|
"User $userid match rule, apply $levelOperation on authentication level"
|
|
|
|
);
|
|
|
|
|
|
|
|
my ( $op, $level ) = ( $levelOperation =~ /([=+-])?(\d+)/ );
|
|
|
|
$updatedAuthenticationLevel = $level if ( !$op or $op eq '=' );
|
|
|
|
$updatedAuthenticationLevel += $level if ( $op and $op eq '+' );
|
|
|
|
$updatedAuthenticationLevel -= $level if ( $op and $op eq '-' );
|
|
|
|
$self->logger->debug(
|
|
|
|
"Authentication level for $userid is now $updatedAuthenticationLevel"
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( $authenticationLevel ne $updatedAuthenticationLevel ) {
|
2020-11-02 15:56:19 +01:00
|
|
|
$self->logger->debug("Authentication level has changed for $userid");
|
|
|
|
$req->sessionInfo->{authenticationLevel} = $updatedAuthenticationLevel;
|
2020-10-02 15:05:15 +02:00
|
|
|
}
|
2020-11-02 15:56:19 +01:00
|
|
|
|
|
|
|
return $sub->($req);
|
2020-10-02 15:05:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
1;
|