2017-03-03 07:29:50 +01:00
|
|
|
package Lemonldap::NG::Handler::Lib::ServiceToken;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
|
|
|
sub fetchId {
|
2017-03-28 23:07:49 +02:00
|
|
|
my ( $class, $req ) = @_;
|
|
|
|
my $token = $req->{env}->{HTTP_X_LLNG_TOKEN};
|
|
|
|
return $class->Lemonldap::NG::Handler::Main::fetchId($req) unless ($token);
|
2017-03-03 07:29:50 +01:00
|
|
|
$class->logger->debug('Found token header');
|
2018-04-22 16:08:34 +02:00
|
|
|
|
|
|
|
# Decrypt token
|
2017-03-03 18:25:03 +01:00
|
|
|
my $s = $class->tsv->{cipher}->decrypt($token);
|
2018-04-22 16:08:34 +02:00
|
|
|
|
|
|
|
# Token format:
|
|
|
|
# time:_session_id:vhost1:vhost2,...
|
2017-03-03 18:25:03 +01:00
|
|
|
my ( $t, $_session_id, @vhosts ) = split /:/, $s;
|
2018-04-22 16:08:34 +02:00
|
|
|
|
|
|
|
# At least one vhost
|
2017-03-03 18:25:03 +01:00
|
|
|
unless (@vhosts) {
|
2018-04-22 16:08:34 +02:00
|
|
|
$class->userLogger->error('Bad service token');
|
2017-03-03 07:29:50 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2018-04-22 16:08:34 +02:00
|
|
|
|
|
|
|
# Is token in good interval ?
|
2017-03-04 15:38:41 +01:00
|
|
|
unless ( $t <= time and $t > time - 30 ) {
|
2018-04-22 16:08:34 +02:00
|
|
|
$class->userLogger->warn('Expired service token');
|
2017-03-03 07:29:50 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2018-04-22 16:08:34 +02:00
|
|
|
|
|
|
|
# Is vhost listed in token ?
|
2017-03-28 23:07:49 +02:00
|
|
|
my $vh = $class->resolveAlias($req);
|
2017-03-04 13:24:56 +01:00
|
|
|
unless ( grep { $_ eq $vh } @vhosts ) {
|
|
|
|
$class->userLogger->error(
|
|
|
|
"$vh not authorizated in token (" . join( ', ', @vhosts ) . ')' );
|
|
|
|
return 0;
|
|
|
|
}
|
2017-03-03 07:29:50 +01:00
|
|
|
return $_session_id;
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|