2008-12-26 20:18:23 +01:00
|
|
|
##@file
|
|
|
|
|
# Web form authentication backend file
|
|
|
|
|
|
|
|
|
|
##@class
|
|
|
|
|
# Web form authentication backend class
|
2008-11-24 15:06:54 +01:00
|
|
|
package Lemonldap::NG::Portal::_WebForm;
|
|
|
|
|
|
|
|
|
|
use Lemonldap::NG::Portal::Simple qw(:all);
|
|
|
|
|
use strict;
|
|
|
|
|
|
2012-07-17 09:31:15 +02:00
|
|
|
our $VERSION = '1.3.0';
|
2009-06-08 18:29:13 +02:00
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod int authInit()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Does nothing.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-11-24 15:06:54 +01:00
|
|
|
sub authInit {
|
|
|
|
|
PE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod int extractFormInfo()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Read username and password from POST datas
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-11-24 15:06:54 +01:00
|
|
|
sub extractFormInfo {
|
|
|
|
|
my $self = shift;
|
2011-11-07 15:54:22 +01:00
|
|
|
|
|
|
|
|
# Detect first access and empty forms
|
|
|
|
|
my $defUser = defined $self->param('user');
|
|
|
|
|
my $defPassword = defined $self->param('password');
|
|
|
|
|
my $defOldPassword = defined $self->param('oldpassword');
|
|
|
|
|
|
|
|
|
|
# 1. No user defined at all -> first access
|
|
|
|
|
return PE_FIRSTACCESS unless $defUser;
|
|
|
|
|
|
|
|
|
|
# 2. If user and password defined -> login form
|
|
|
|
|
if ( $defUser && $defPassword ) {
|
|
|
|
|
return PE_FORMEMPTY
|
|
|
|
|
unless ( ( $self->{user} = $self->param('user') )
|
|
|
|
|
&& ( $self->{password} = $self->param('password') ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# 3. If user and oldpassword defined -> password form
|
|
|
|
|
if ( $defUser && $defOldPassword ) {
|
|
|
|
|
return PE_PASSWORDFORMEMPTY
|
|
|
|
|
unless ( ( $self->{user} = $self->param('user') )
|
|
|
|
|
&& ( $self->{oldpassword} = $self->param('oldpassword') )
|
|
|
|
|
&& ( $self->{newpassword} = $self->param('newpassword') )
|
|
|
|
|
&& ( $self->{confirmpassword} = $self->param('confirmpassword') ) );
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-04 16:22:30 +02:00
|
|
|
# 4. If the captcha feature is enabled, captcha form
|
2012-07-04 14:33:03 +02:00
|
|
|
if ( $self->{captcha_enabled} ) {
|
|
|
|
|
my $captcha_user_code;
|
|
|
|
|
if ( $self->param('captcha_user_code') && $self->param('captcha_code') ) {
|
|
|
|
|
$captcha_user_code = $self->param('captcha_user_code');
|
|
|
|
|
$self->{captcha_code} = $self->param('captcha_code');
|
|
|
|
|
}
|
|
|
|
|
$self->{captcha_result} = $self->checkCaptcha($captcha_user_code, $self->{captcha_code});
|
|
|
|
|
}
|
|
|
|
|
if ( $self->{captcha_result} != 1 ) {
|
|
|
|
|
if ( $self->{captcha_result} == -3 or $self->{captcha_result} == -2 ) {
|
|
|
|
|
$self->lmLog("Captcha failed: wrong code", "error");
|
|
|
|
|
return PE_CAPTCHAERROR;
|
|
|
|
|
}
|
|
|
|
|
elsif ( $self->{captcha_result} == 0 ) {
|
|
|
|
|
$self->lmLog("Captcha failed: code not checked (file error)", "error");
|
|
|
|
|
return PE_CAPTCHAERROR;
|
|
|
|
|
}
|
|
|
|
|
elsif ( $self->{captcha_result} == -1 ) {
|
|
|
|
|
$self->lmLog("Captcha failed: code has expired", "error");
|
|
|
|
|
return PE_CAPTCHAERROR;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-11-07 15:54:22 +01:00
|
|
|
# Other parameters
|
|
|
|
|
$self->{timezone} = $self->param('timezone');
|
2009-12-19 09:57:59 +01:00
|
|
|
$self->{userControl} ||= '^[\w\.\-@]+$';
|
2011-11-07 15:54:22 +01:00
|
|
|
|
|
|
|
|
# Check user
|
2009-12-19 09:57:59 +01:00
|
|
|
return PE_MALFORMEDUSER unless ( $self->{user} =~ /$self->{userControl}/o );
|
2011-11-07 15:54:22 +01:00
|
|
|
|
2008-11-24 15:06:54 +01:00
|
|
|
PE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod int setAuthSessionInfo()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Set password in session datas if wanted.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-11-24 15:06:54 +01:00
|
|
|
sub setAuthSessionInfo {
|
|
|
|
|
my $self = shift;
|
|
|
|
|
|
2010-04-14 17:37:57 +02:00
|
|
|
# authenticationLevel
|
2010-09-01 18:06:01 +02:00
|
|
|
# -1 if password can be remebered
|
|
|
|
|
# +1 for user/password with HTTPS
|
|
|
|
|
$self->{_authnLevel} ||= 0;
|
|
|
|
|
$self->{_authnLevel} += 1 if $self->https();
|
|
|
|
|
$self->{_authnLevel} -= 1 if $self->{portalAutocomplete};
|
|
|
|
|
|
|
|
|
|
$self->{sessionInfo}->{authenticationLevel} = $self->{_authnLevel};
|
2009-04-08 12:32:33 +02:00
|
|
|
|
2009-05-25 14:59:57 +02:00
|
|
|
# Store user submitted login for basic rules
|
|
|
|
|
$self->{sessionInfo}->{'_user'} = $self->{'user'};
|
|
|
|
|
|
2008-11-24 15:06:54 +01:00
|
|
|
# Store submitted password if set in configuration
|
|
|
|
|
# WARNING: it can be a security hole
|
|
|
|
|
if ( $self->{storePassword} ) {
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->{sessionInfo}->{'_password'} = $self->{'newpassword'}
|
|
|
|
|
|| $self->{'password'};
|
2008-11-24 15:06:54 +01:00
|
|
|
}
|
2009-06-22 12:01:58 +02:00
|
|
|
|
|
|
|
|
# Store user timezone
|
|
|
|
|
$self->{sessionInfo}->{'_timezone'} = $self->{'timezone'};
|
2009-10-12 18:55:35 +02:00
|
|
|
|
2008-11-24 15:06:54 +01:00
|
|
|
PE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-04 14:33:03 +02:00
|
|
|
## @method int checkCaptcha(code, ccode)
|
|
|
|
|
# Check captcha auth
|
|
|
|
|
# @return a constant
|
|
|
|
|
# @param code that user enter in the form
|
|
|
|
|
# @param captcha code generated by Authen::Captcha
|
|
|
|
|
sub checkCaptcha {
|
|
|
|
|
my ($self, $code, $ccode) = splice @_ ;
|
|
|
|
|
opendir(OUTPUT, $self->{captcha_output}) or $self->lmLog("Can't open captcha output dir", "error");
|
|
|
|
|
opendir(DATA, $self->{captcha_data}) or $self->lmLog("Can't open captcha data dir", "error");
|
|
|
|
|
$self->{captcha_result} = $self->{captcha}->check_code($code, $ccode);
|
|
|
|
|
closedir(OUTPUT) && closedir(DATA);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-11-24 15:06:54 +01:00
|
|
|
1;
|
