2016-08-05 13:56:16 +02:00
|
|
|
package Lemonldap::NG::Portal::Auth::SSL;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Mouse;
|
2017-04-11 21:19:59 +02:00
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
|
|
|
PE_BADCERTIFICATE
|
|
|
|
PE_CERTIFICATEREQUIRED
|
|
|
|
PE_FIRSTACCESS
|
|
|
|
PE_OK
|
|
|
|
);
|
2016-08-05 13:56:16 +02:00
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
2018-02-19 22:11:43 +01:00
|
|
|
extends 'Lemonldap::NG::Portal::Main::Auth';
|
2016-08-05 13:56:16 +02:00
|
|
|
|
|
|
|
# PROPERTIES
|
|
|
|
|
|
|
|
has SSLField => ( is => 'rw' );
|
|
|
|
|
|
|
|
# INITIALIZATION
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
|
|
|
$self->SSLField( $self->conf->{SSLVar} ||= 'SSL_CLIENT_S_DN_Email' );
|
2017-02-24 07:29:50 +01:00
|
|
|
$self->conf->{SSLVarIf} ||= {};
|
2017-01-30 22:00:54 +01:00
|
|
|
return 1;
|
2016-08-05 13:56:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
# Read username in SSL environment variables, or return an error
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub extractFormInfo {
|
|
|
|
my ( $self, $req ) = @_;
|
2017-02-24 07:29:50 +01:00
|
|
|
my $field = $self->SSLField;
|
|
|
|
if ( $req->env->{SSL_CLIENT_I_DN}
|
|
|
|
and my $tmp =
|
|
|
|
$self->conf->{SSLVarIf}->{ $req->env->{SSL_CLIENT_I_DN} } )
|
|
|
|
{
|
|
|
|
$field = $tmp;
|
|
|
|
}
|
2017-04-11 21:19:59 +02:00
|
|
|
if ( $req->user( $req->env->{$field} ) ) {
|
|
|
|
$self->userLogger->notice( "GoodSSL authentication for " . $req->user );
|
|
|
|
return PE_OK;
|
|
|
|
}
|
|
|
|
elsif ( $req->env->{SSL_CLIENT_S_DN} ) {
|
2017-02-24 07:29:50 +01:00
|
|
|
$self->userLogger->warn("$field was not found in user certificate");
|
2016-08-05 13:56:16 +02:00
|
|
|
return PE_BADCERTIFICATE;
|
|
|
|
}
|
2017-04-11 21:19:59 +02:00
|
|
|
elsif ( $self->conf->{sslByAjax} and not $req->param('nossl') ) {
|
|
|
|
$self->logger->debug('Send SSL javascript');
|
|
|
|
$req->datas->{customScript} .=
|
|
|
|
'<script type="application/init">{"sslHost":"'
|
|
|
|
. $self->conf->{sslHost}
|
|
|
|
. '"}</script>';
|
|
|
|
return PE_FIRSTACCESS;
|
|
|
|
}
|
2016-08-05 13:56:16 +02:00
|
|
|
else {
|
2017-04-11 21:19:59 +02:00
|
|
|
$self->userLogger->warn('No certificate found');
|
2016-08-05 13:56:16 +02:00
|
|
|
return PE_CERTIFICATEREQUIRED;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
sub authenticate {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2016-12-01 23:25:05 +01:00
|
|
|
sub setAuthSessionInfo {
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{SSLAuthnLevel};
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2016-08-05 13:56:16 +02:00
|
|
|
sub getDisplayType {
|
2017-04-11 21:19:59 +02:00
|
|
|
return ( $_[0]->conf->{sslByAjax} ? "sslform" : "logo" );
|
2016-08-05 13:56:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
1;
|