
618 lines
18 KiB
Raw Normal View History

2008-12-26 20:18:23 +01:00
# Menu for Lemonldap::NG portal
# Menu class for Lemonldap::NG portal
package Lemonldap::NG::Portal::Menu;
use strict;
use warnings;
require Lemonldap::NG::Common::CGI;
use Lemonldap::NG::Portal::SharedConf;
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap Object used to change passwords only
use XML::LibXML;
use Lemonldap::NG::Common::Safelib; #link protected safe Safe object
use Safe;
2009-06-02 17:34:13 +02:00
use Lemonldap::NG::Portal::PasswordDBLDAP; #inherits
2009-02-12 20:48:53 +01:00
#inherits Net::LDAP::Control::PasswordPolicy
2009-06-02 17:34:13 +02:00
*_modifyPassword = *Lemonldap::NG::Portal::PasswordDBLDAP::modifyPassword;
*_passwordDBInit = *Lemonldap::NG::Portal::PasswordDBLDAP::passwordDBInit;
our $VERSION = '0.11';
our ( $defaultCondition, $locationCondition, $locationRegexp, $cfgNum, $path ) =
( undef, undef, undef, 0 );
2008-12-28 09:36:52 +01:00
## @method private Safe _safe()
2008-12-26 20:18:23 +01:00
# Build and returns security jail.
# Includes custom functions
2008-12-28 09:36:52 +01:00
# @return Safe object
2008-11-14 08:16:26 +01:00
sub _safe {
my $self = shift;
return $self->{_safe} if ( $self->{_safe} );
2008-11-14 08:16:26 +01:00
$self->{_safe} = new Safe;
$self->{customFunctions} ||= $self->{portalObject}->{customFunctions};
my @t =
$self->{customFunctions} ? split( /\s+/, $self->{customFunctions} ) : ();
foreach (@t) {
my $sub = $_;
unless (/::/) {
$sub = "$self->{caller}::$_";
else {
next if ( __PACKAGE__->can($_) );
eval "sub $_ {
return $sub(\$path,\@_);
2009-02-12 20:48:53 +01:00
$self->{portalObject}->lmLog( $@, 'error' ) if ($@);
$self->{_safe}->share_from( 'main', ['%ENV'] );
$self->{_safe}->share_from( 'Lemonldap::NG::Common::Safelib',
$Lemonldap::NG::Common::Safelib::functions );
$self->{_safe}->share( '&encode_base64', @t );
2008-11-14 08:16:26 +01:00
return $self->{_safe};
my $catlevel = 0;
##@cmethod Lemonldap::NG::Portal::Menu new(hashRef args)
2008-12-28 09:36:52 +01:00
# Constructor.
2008-12-26 20:18:23 +01:00
# $args->{portalObject} is required.
2008-12-28 09:36:52 +01:00
#@param $args hash reference
#@return new object
sub new {
my $class = shift;
my $self = {};
bless( $self, $class );
# Get configuration
2009-02-12 20:48:53 +01:00
or Lemonldap::NG::Common::CGI->abort(
"Unable to read $class->new() parameters");
# Portal is required
2009-02-12 20:48:53 +01:00
Lemonldap::NG::Common::CGI->abort("Portal object required")
unless ( $self->{portalObject} );
# Fill sessionInfo (yet done in portal...)
#&Lemonldap::NG::Portal::Simple::getSessionInfo( $self->{portalObject} );
# Default values
$self->{apps}->{xmlfile} ||= 'apps-list.xml';
$self->{apps}->{imgpath} ||= 'apps/';
$self->{modules}->{appslist} = 0
unless defined $self->{modules}->{appslist};
$self->{modules}->{password} = 0
unless defined $self->{modules}->{password};
$self->{modules}->{logout} = 1 unless defined $self->{modules}->{logout};
$self->{'caller'} = caller;
# Set error to 0 by default
$self->{error} = PE_OK;
# Print Ppolicy warning messages
( $self->{error}, $self->{error_value} ) = $self->_ppolicyWarning;
2009-06-02 17:34:13 +02:00
# Store POST data in $self->{portalObject}
$self->{portalObject}->{'newpassword'} =
$self->{portalObject}->{'confirmpassword'} =
$self->{portalObject}->{'oldpassword'} =
$self->{portalObject}->{'dn'} =
$self->{portalObject}->{'user'} =
# Change password (only if newpassword submitted)
$self->{error} = &_passwordDBInit( $self->{portalObject} )
if $self->{portalObject}->{'newpassword'};
$self->{error} = &_modifyPassword( $self->{portalObject} )
if $self->{portalObject}->{'newpassword'};
return $self;
## @method string error(string language)
2008-12-26 20:18:23 +01:00
# Return error string
2008-12-28 09:36:52 +01:00
# @param $language optional language to use. Default: browser accepted languages
# @return error string
sub error {
# Copied from Simple.pm
# Add a value possibility (stored in $self->{error_value}
my $self = shift;
my $error_string;
$error_string .= $self->{error_value} if defined $self->{error_value};
$error_string .=
&Lemonldap::NG::Portal::_i18n::error( $self->{error},
return $error_string;
*error_type = \&Lemonldap::NG::Portal::Simple::error_type;
## @method boolean displayModule(string modulename)
2008-12-26 20:18:23 +01:00
# Return true if the user can see the module.
# Use for HTML::Template variable.
# @param $modulename string
# @return boolean
sub displayModule {
my $self = shift;
my ($modulename) = @_;
# Manage "0" and "1" rules
return 1 if ( $self->{modules}->{$modulename} eq "1" );
return 0 if ( $self->{modules}->{$modulename} eq "0" );
# Else parse display condition
my $cond = $self->{modules}->{$modulename};
$cond =~ s/\$(\w+)/$self->{portalObject}->{sessionInfo}->{$1}/g;
2008-11-14 08:16:26 +01:00
return $self->_safe->reval("sub {return ( $cond )}");
return 0;
2008-12-28 09:36:52 +01:00
## @method string displayTab()
2008-12-26 20:18:23 +01:00
# Tells which tab should be selected.
# Design for Jquery tabs.
2008-12-28 09:36:52 +01:00
# @return password, appslist or logout
sub displayTab {
my $self = shift;
# Display password tab if password change is needed or failed
return "password"
if (
2009-08-20 16:15:16 +02:00
grep { $_ == $self->{error} } (
&& $self->displayModule("password")
return "appslist" if ( $self->displayModule("appslist") );
return "logout";
2008-12-28 09:36:52 +01:00
## @method string appslistMenu()
2008-12-26 20:18:23 +01:00
# Returns HTML code for application list menu.
2008-12-28 09:36:52 +01:00
# @return HTML string
sub appslistMenu {
my $self = shift;
my $root = $self->_getXML;
# Display all categories and applications
return $self->_displayCategory( $root, $catlevel );
2008-12-28 09:36:52 +01:00
## @method string appslistDescription()
2008-12-26 20:18:23 +01:00
# Returns HTML code for application description.
2008-12-28 09:36:52 +01:00
# @return HTML string
sub appslistDescription {
my $self = shift;
my $root = $self->_getXML;
# Display application description
return $self->_displayDescription($root);
2008-12-28 09:36:52 +01:00
## @method private XML::LibXML::Document _getXML()
# @return XML root element object
sub _getXML {
my $self = shift;
return $self->{_xml} if($self->{_xml});
# Parse XML file
my $parser = XML::LibXML->new();
my $xml;
2009-02-12 20:48:53 +01:00
eval { $xml = $parser->parse_file( $self->{apps}->{xmlfile} ); };
$self->{portalObject}->abort( "Bad XML file", $@ ) if ($@);
my $root = $xml->documentElement;
# Filter XML file with user's authorizations
return $self->{_xml} = $root;
2008-12-28 09:36:52 +01:00
## @method string _displayCategory()
2008-12-26 20:18:23 +01:00
# Creates and returns HTML code for a category.
2008-12-28 09:36:52 +01:00
# @return HTML string
sub _displayCategory {
my $self = shift;
my ( $cat, $catlevel ) = @_;
my $html;
my $catname;
# Category name
if ( $catlevel > 0 ) { $catname = $cat->getAttribute('name') || " "; }
else { $catname = "Menu"; }
# Init HTML list
$html .= "<ul class=\"category cat-level-$catlevel\">\n";
$html .= "<li class=\"catname\"><span>$catname</span>\n";
# Display applications first
my @appnodes = $cat->findnodes("application");
if (@appnodes) {
$html .= "<ul>";
foreach (@appnodes) {
$html .= $self->_displayApplication($_);
$html .= "</ul>";
# Display subcategories
my @catnodes = $cat->findnodes("category");
foreach (@catnodes) {
$html .= $self->_displayCategory( $_, $catlevel );
# Close HTML list
$html .= "</li>\n</ul>\n";
return $html;
## @method private string _userParam(string arg)
2008-12-26 20:18:23 +01:00
# Returns value of $arg variable stored in session.
2008-12-28 09:36:52 +01:00
# @param $arg string to modify
# @return string modified
sub _userParam {
my ( $self, $arg ) = @_;
$arg =~ s/\$([\w]+)/$self->{portalObject}->{sessionInfo}->{$1}/g;
return $arg;
## @method private string _displayApplication(XML::LibXML::Element app)
2008-12-26 20:18:23 +01:00
# Creates HTML code for an application.
2008-12-28 09:36:52 +01:00
# @param $app XML applications element
# @return HTML string
sub _displayApplication {
my $self = shift;
my ($app) = @_;
my $html;
# Get application items
my $appid = $app->getAttribute('id');
my $appname = $app->getChildrenByTagName('name')->string_value() || $appid;
my $appuri =
$self->_userParam( $app->getChildrenByTagName('uri')->string_value()
|| "" );
# Display application
$html .= "<li title=\"$appid\" class=\"appname\"><span>"
. ($appuri ? "<a href=\"$appuri\">$appname</a>" : "<a>$appname</a>")
. "</span>\n";
my @appnodes = $app->findnodes("application");
if (@appnodes) {
$html .= "<ul>";
foreach (@appnodes) {
$html .= $self->_displayApplication($_);
$html .= "</ul>";
$html .= "</li>";
return $html;
## @method private string _displayDescription(XML::LibXML::Document root)
2008-12-26 20:18:23 +01:00
# Create HTML code for application description.
2008-12-28 09:36:52 +01:00
# @param $root XML root element
2008-12-26 20:18:23 +01:00
# @return HTML_string
sub _displayDescription {
my $self = shift;
my ($root) = @_;
my $html;
my @apps = $root->getElementsByTagName('application');
foreach (@apps) {
# Get application items
my $appid = $_->getAttribute('id');
my $appname = $_->getChildrenByTagName('name')->string_value();
my $appuri =
$self->_userParam( $_->getChildrenByTagName('uri')->string_value()
|| "#" );
my $appdesc = $_->getChildrenByTagName('description')->string_value();
my $applogofile = $_->getChildrenByTagName('logo')->string_value();
my $applogo = $self->{apps}->{imgpath} . $applogofile;
# Display application
$html .= "<div id=\"$appid\" class=\"appsdesc\">\n";
$html .=
"<a href=\"$appuri\"><img src=\"$applogo\" alt=\"$appid logo\" /></a>\n"
if $applogofile;
$html .= "<p class=\"appname\">$appname</p>\n" if defined $appname;
$html .= "<p class=\"appdesc\">$appdesc</p>\n" if defined $appdesc;
$html .= "</div>\n";
return $html;
## @method private string _filterXML(XML::LibXML::Document root)
2008-12-26 20:18:23 +01:00
# Remove unauthorized nodes.
2008-12-28 09:36:52 +01:00
# @param $root XML root element
2008-12-26 20:18:23 +01:00
# @return XML_string
sub _filterXML {
my $self = shift;
my ($root) = @_;
my @cat = $root->getElementsByTagName('category');
foreach my $cat (@cat) {
# Hide empty categories
sub _filterApp {
my @apps = $node->getChildrenByTagName('application');
my $tag = 0;
foreach(@apps) {
my $stag = $self->_filterApp($_);
my $appdisplay = $_->getChildrenByTagName('display')->string_value();
my $appuri =
$self->_userParam( $_->getChildrenByTagName('uri')->string_value() );
# Remove node if display is "no"
$_->unbindNode if ( $appdisplay eq "no" );
# Keep node if display is "yes"
if ( $appdisplay eq "yes" ) {
# Check grant function if display is "auto" (this is the default)
unless ( $self->_grant($appuri) ) {
if($stag) {
eval {$_->getChildrenByTagName('uri')->unbindNode() };
else {
else {
return $tag;
## @method private void _hideEmptyCategory(XML::LibXML::Element cat)
2008-12-26 20:18:23 +01:00
# Hides empty categories for _filterXML().
2008-12-28 09:36:52 +01:00
# Return nothing $cat is modified directly
# @param $cat XML element
sub _hideEmptyCategory {
my $self = shift;
my ($cat) = @_;
# Check subnodes
my @catnodes = $cat->findnodes("category");
my @appnodes = $cat->findnodes("application");
# Check each subcategory
foreach (@catnodes) {
# Update node list
@catnodes = $cat->findnodes("category");
# Remove the node if it contains no category or no application
unless ( scalar(@catnodes) || scalar(@appnodes) ) {
2008-12-28 09:36:52 +01:00
## @method private int function _ppolicyWarning()
# Return ppolicy warnings get in AuthLDAP.pm
2008-12-28 09:36:52 +01:00
# @return Lemonldap::NG::Portal constant
sub _ppolicyWarning {
my $self = shift;
# Grace
if (
defined $self->{portalObject}->{ppolicy}
->{grace_authentications_remaining} )
return ( PE_PP_GRACE,
->{grace_authentications_remaining} );
# Expiration warning
if ( defined $self->{portalObject}->{ppolicy}->{time_before_expiration} ) {
$self->{portalObject}->{ppolicy}->{time_before_expiration} );
# Return PE_OK
return ( PE_OK, undef );
## @method private boolean _grant(string uri)
2008-12-26 20:18:23 +01:00
# Check user's authorization for $uri.
2008-12-28 09:36:52 +01:00
# @param $uri URL string
# @return True if granted
sub _grant {
my $self = shift;
my ($uri) = @_;
$uri =~ m{(\w+)://([^/:]+)(:\d+)?(/.*)?$} or return 0;
my ( $protocol, $vhost, $port );
( $protocol, $vhost, $port, $path ) = ( $1, $2, $3, $4 );
$path ||= '/';
$self->_compileRules() if ( $cfgNum != $self->{portalObject}->{cfgNum} );
return -1 unless ( defined( $defaultCondition->{$vhost} ) );
if ( defined $locationRegexp->{$vhost} ) { # Not just a default rule
for ( my $i = 0 ; $i < @{ $locationRegexp->{$vhost} } ; $i++ ) {
if ( $path =~ $locationRegexp->{$vhost}->[$i] ) {
return &{ $locationCondition->{$vhost}->[$i] }($self);
unless ( $defaultCondition->{$vhost} ) {
2009-02-12 20:48:53 +01:00
->lmLog( "Application $uri did not match any configured virtual host",
'warn' );
return 0;
return &{ $defaultCondition->{$vhost} }($self);
return 1;
2008-12-28 09:36:52 +01:00
## @method private boolean _compileRules()
2008-12-26 20:18:23 +01:00
# Parse configured rules and compile them
2008-12-28 09:36:52 +01:00
# @return True
sub _compileRules {
my $self = shift;
foreach my $vhost ( keys %{ $self->{portalObject}->{locationRules} } ) {
my $i = 0;
foreach ( keys %{ $self->{portalObject}->{locationRules}->{$vhost} } ) {
if ( $_ eq 'default' ) {
$defaultCondition->{$vhost} =
$self->{portalObject}->{locationRules}->{$vhost}->{$_} );
else {
$locationCondition->{$vhost}->[$i] =
$self->{portalObject}->{locationRules}->{$vhost}->{$_} );
$locationRegexp->{$vhost}->[$i] = qr/$_/;
# Default policy
$defaultCondition->{$vhost} ||= $self->_conditionSub('accept');
$cfgNum = $self->{portalObject}->{cfgNum};
## @method private CODE _conditionSub(string cond)
2008-12-26 20:18:23 +01:00
# Return subroutine giving authorization condition.
2008-12-28 09:36:52 +01:00
# @param $cond boolean expression
# @return Compiled routine
sub _conditionSub {
my $self = shift;
my ($cond) = @_;
return sub { 1 }
if ( $cond =~ /^accept$/i );
return sub { 0 }
if ( $cond =~ /^(?:deny$|logout)/i );
$cond =~ s/\$date/&POSIX::strftime("%Y%m%d%H%M%S",localtime())/e;
$cond =~ s/\$(\w+)/\$self->{portalObject}->{sessionInfo}->{$1}/g;
my $sub;
2008-11-14 08:16:26 +01:00
$sub = $self->_safe->reval("sub {my \$self = shift; return ( $cond )}");
return $sub;
=head1 NAME
Lemonldap::NG::Portal::Menu - Enhanced menu to display to authenticated users
use Lemonldap::NG::Portal::Menu;
my $menu = Lemonldap::NG::Portal::Menu->new(
portalObject => $portal,
apps => {
xmlfile => "/var/lib/lemonldap-ng/conf/apps-list.xml",
imgpath => "apps/",
modules => {
appslist => 1,
password => 1,
logout => 1,
# Print HTML code of authorized applications list
print $menu->appslistMenu;
Lemonldap::NG::Portal::Menu provides these web modules:
=item * Application list: display a full menu with all authorized applications
=item * Password: allow the user to change its password (with LDAP auth only)
=item * Logout: display a simple logout confirmation page
These web modules are designed to be used in HTML::Template, with the help of
Jquery scripts. Without that, this will only output raw HTML code.
=head1 SEE ALSO
=head1 AUTHOR
Clement OUDOT E<lt>clement@oodo.netE<gt> E<lt>coudot@linagora.comE<gt>
Use OW2 system to report bug or ask for features:
Lemonldap::NG is available at
Copyright (C) 2005-2007 by Clement OUDOT E<lt>clement@oodo.netE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
at your option, any later version of Perl 5 you may have available.