lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm

package Lemonldap::NG::Portal::Auth::SSL;

use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_BADCERTIFICATE
  PE_CERTIFICATEREQUIRED
  PE_FIRSTACCESS
  PE_OK
);

our $VERSION = '2.0.0';

extends 'Lemonldap::NG::Portal::Main::Auth';

# PROPERTIES

has SSLField => ( is => 'rw' );

# INITIALIZATION

sub init {
    my ($self) = @_;
    $self->SSLField( $self->conf->{SSLVar} ||= 'SSL_CLIENT_S_DN_Email' );
    $self->conf->{SSLVarIf} ||= {};
    return 1;
}

# Read username in SSL environment variables, or return an error
# @return Lemonldap::NG::Portal constant
sub extractFormInfo {
    my ( $self, $req ) = @_;
    my $field = $self->SSLField;
    if ( $req->env->{SSL_CLIENT_I_DN}
        and my $tmp =
        $self->conf->{SSLVarIf}->{ $req->env->{SSL_CLIENT_I_DN} } )
    {
        $field = $tmp;
    }
    if ( $req->user( $req->env->{$field} ) ) {
        $self->userLogger->notice( "GoodSSL authentication for " . $req->user );
        return PE_OK;
    }
    elsif ( $req->env->{SSL_CLIENT_S_DN} ) {
        $self->userLogger->warn("$field was not found in user certificate");
        return PE_BADCERTIFICATE;
    }
    elsif ( $self->conf->{sslByAjax} and not $req->param('nossl') ) {
        $self->logger->debug('Send SSL javascript');
        $req->datas->{customScript} .=
            '<script type="application/init">{"sslHost":"'
          . $self->conf->{sslHost}
          . '"}</script>';
        return PE_FIRSTACCESS;
    }
    else {
        $self->userLogger->warn('No certificate found');
        return PE_CERTIFICATEREQUIRED;
    }
}

sub authenticate {
    PE_OK;
}

sub setAuthSessionInfo {
    my ( $self, $req ) = @_;
    $req->{sessionInfo}->{authenticationLevel} = $self->conf->{SSLAuthnLevel};
    PE_OK;
}

sub getDisplayType {
    return ( $_[0]->conf->{sslByAjax} ? "sslform" : "logo" );
}

1;
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`package Lemonldap::NG::Portal::Auth::SSL;`

			`use strict;`
			`use Mouse;`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`use Lemonldap::NG::Portal::Main::Constants qw(`
			`PE_BADCERTIFICATE`
			`PE_CERTIFICATEREQUIRED`
			`PE_FIRSTACCESS`
			`PE_OK`
			`);`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00
			`our $VERSION = '2.0.0';`

Move Auth::Base to Main::Auth 2018-02-19 22:11:43 +01:00			`extends 'Lemonldap::NG::Portal::Main::Auth';`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00
			`# PROPERTIES`

			`has SSLField => ( is => 'rw' );`

			`# INITIALIZATION`

			`sub init {`
			`my ($self) = @_;`
			`$self->SSLField( $self->conf->{SSLVar} \|\|= 'SSL_CLIENT_S_DN_Email' );`
Add conditional SSLVar (closes: #803) 2017-02-24 07:29:50 +01:00			`$self->conf->{SSLVarIf} \|\|= {};`
WebID (#595) 2017-01-30 22:00:54 +01:00			`return 1;`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`}`

			`# Read username in SSL environment variables, or return an error`
			`# @return Lemonldap::NG::Portal constant`
			`sub extractFormInfo {`
			`my ( $self, $req ) = @_;`
Add conditional SSLVar (closes: #803) 2017-02-24 07:29:50 +01:00			`my $field = $self->SSLField;`
			`if ( $req->env->{SSL_CLIENT_I_DN}`
			`and my $tmp =`
			`$self->conf->{SSLVarIf}->{ $req->env->{SSL_CLIENT_I_DN} } )`
			`{`
			`$field = $tmp;`
			`}`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`if ( $req->user( $req->env->{$field} ) ) {`
			`$self->userLogger->notice( "GoodSSL authentication for " . $req->user );`
			`return PE_OK;`
			`}`
			`elsif ( $req->env->{SSL_CLIENT_S_DN} ) {`
Add conditional SSLVar (closes: #803) 2017-02-24 07:29:50 +01:00			`$self->userLogger->warn("$field was not found in user certificate");`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`return PE_BADCERTIFICATE;`
			`}`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`elsif ( $self->conf->{sslByAjax} and not $req->param('nossl') ) {`
			`$self->logger->debug('Send SSL javascript');`
			`$req->datas->{customScript} .=`
			`'<script type="application/init">{"sslHost":"'`
			`. $self->conf->{sslHost}`
			`. '"}</script>';`
			`return PE_FIRSTACCESS;`
			`}`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`else {`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`$self->userLogger->warn('No certificate found');`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`return PE_CERTIFICATEREQUIRED;`
			`}`
			`}`

			`sub authenticate {`
			`PE_OK;`
			`}`

Enable setAuthSessionInfo (#595) 2016-12-01 23:25:05 +01:00			`sub setAuthSessionInfo {`
			`my ( $self, $req ) = @_;`
			`$req->{sessionInfo}->{authenticationLevel} = $self->conf->{SSLAuthnLevel};`
			`PE_OK;`
			`}`

Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`sub getDisplayType {`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`return ( $_[0]->conf->{sslByAjax} ? "sslform" : "logo" );`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`}`

			`1;`