2016-04-07 23:31:56 +02:00
|
|
|
## @file
|
|
|
|
# Display functions for LemonLDAP::NG Portal
|
|
|
|
package Lemonldap::NG::Portal::Main::Display;
|
|
|
|
|
2020-08-29 22:12:09 +02:00
|
|
|
our $VERSION = '2.0.10';
|
2016-04-07 23:31:56 +02:00
|
|
|
|
|
|
|
package Lemonldap::NG::Portal::Main;
|
|
|
|
use strict;
|
2017-09-18 22:40:01 +02:00
|
|
|
use Mouse;
|
2018-07-15 19:17:48 +02:00
|
|
|
use JSON;
|
2020-04-14 18:48:35 +02:00
|
|
|
use URI;
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2020-08-24 22:43:03 +02:00
|
|
|
has isPP => ( is => 'rw' );
|
|
|
|
has speChars => ( is => 'rw' );
|
2020-04-27 15:03:58 +02:00
|
|
|
has skinRules => ( is => 'rw' );
|
|
|
|
has requireOldPwd => ( is => 'rw', default => sub { 1 } );
|
2016-08-09 14:08:49 +02:00
|
|
|
|
|
|
|
sub displayInit {
|
|
|
|
my ($self) = @_;
|
|
|
|
$self->skinRules( [] );
|
|
|
|
if ( $self->conf->{portalSkinRules} ) {
|
2018-10-12 10:04:03 +02:00
|
|
|
foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) {
|
2016-08-09 14:08:49 +02:00
|
|
|
my $sub = HANDLER->buildSub( HANDLER->substitute($skinRule) );
|
|
|
|
if ($sub) {
|
|
|
|
push @{ $self->skinRules },
|
2018-10-12 10:04:03 +02:00
|
|
|
[ $self->conf->{portalSkinRules}->{$skinRule}, $sub ];
|
2016-08-09 14:08:49 +02:00
|
|
|
}
|
|
|
|
else {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error(
|
2016-08-09 14:08:49 +02:00
|
|
|
qq(Skin rule "$skinRule" returns an error: )
|
2018-10-12 10:04:03 +02:00
|
|
|
. HANDLER->tsv->{jail}->error );
|
2016-08-09 14:08:49 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-04-27 15:03:58 +02:00
|
|
|
my $rule = HANDLER->buildSub(
|
|
|
|
HANDLER->substitute( $self->conf->{portalRequireOldPassword} ) );
|
|
|
|
unless ($rule) {
|
|
|
|
my $error = HANDLER->tsv->{jail}->error || '???';
|
|
|
|
$self->logger->error( "Bad requireOldPwd rule: " . $error );
|
|
|
|
}
|
|
|
|
$self->requireOldPwd($rule);
|
2020-08-24 22:43:03 +02:00
|
|
|
|
2020-08-29 22:12:09 +02:00
|
|
|
my $speChars =
|
|
|
|
$self->conf->{passwordPolicySpecialChar} eq '__ALL__'
|
|
|
|
? ''
|
|
|
|
: $self->conf->{passwordPolicySpecialChar};
|
2020-08-24 22:43:03 +02:00
|
|
|
$speChars =~ s/\s+/ /g;
|
|
|
|
$speChars =~ s/(?:^\s|\s$)//g;
|
|
|
|
$self->speChars($speChars);
|
|
|
|
|
|
|
|
my $isPP =
|
|
|
|
$self->conf->{passwordPolicyMinSize}
|
|
|
|
|| $self->conf->{passwordPolicyMinLower}
|
|
|
|
|| $self->conf->{passwordPolicyMinUpper}
|
|
|
|
|| $self->conf->{passwordPolicyMinDigit}
|
|
|
|
|| $speChars;
|
|
|
|
$self->isPP($isPP);
|
2016-08-09 14:08:49 +02:00
|
|
|
}
|
|
|
|
|
2016-04-07 23:31:56 +02:00
|
|
|
# Call portal process and set template parameters
|
|
|
|
# @return template name and template parameters
|
|
|
|
sub display {
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
|
2019-06-26 11:59:13 +02:00
|
|
|
my $skin_dir = $self->conf->{templateDir};
|
2016-05-24 07:05:51 +02:00
|
|
|
my ( $skinfile, %templateParams );
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 1. Authentication not complete
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 1.1 A notification has to be done (session is created but hidden and
|
2016-12-17 08:58:53 +01:00
|
|
|
# unusable until the user has accept the message)
|
2018-07-05 22:56:16 +02:00
|
|
|
if ( my $notif = $req->data->{notification} ) {
|
2017-03-16 21:19:06 +01:00
|
|
|
$self->logger->debug('Display: notification detected');
|
2016-04-07 23:31:56 +02:00
|
|
|
$skinfile = 'notification';
|
|
|
|
%templateParams = (
|
2018-10-09 22:40:28 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2018-11-07 20:50:33 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2016-04-07 23:31:56 +02:00
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
|
|
|
NOTIFICATION => $notif,
|
2016-11-22 21:55:10 +01:00
|
|
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
2018-07-05 22:56:16 +02:00
|
|
|
AUTH_URL => $req->{data}->{_url},
|
2016-04-07 23:31:56 +02:00
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2018-07-05 22:56:16 +02:00
|
|
|
CHOICE_VALUE => $req->data->{_authChoice},
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2017-04-06 13:33:12 +02:00
|
|
|
: ()
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2018-06-29 17:51:39 +02:00
|
|
|
# 1.2a An authentication (or userDB) module needs to ask a question
|
2016-04-07 23:31:56 +02:00
|
|
|
# before processing to the request
|
|
|
|
elsif ( $req->{error} == PE_CONFIRM ) {
|
2017-03-16 21:19:06 +01:00
|
|
|
$self->logger->debug('Display: confirm detected');
|
2016-04-07 23:31:56 +02:00
|
|
|
$skinfile = 'confirm';
|
|
|
|
%templateParams = (
|
2018-10-09 22:40:28 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2018-11-07 20:10:31 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2016-04-07 23:31:56 +02:00
|
|
|
AUTH_ERROR => $req->error,
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
2018-07-05 22:56:16 +02:00
|
|
|
AUTH_URL => $req->{data}->{_url},
|
2016-04-07 23:31:56 +02:00
|
|
|
MSG => $req->info,
|
2016-11-22 21:55:10 +01:00
|
|
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
2018-07-05 22:56:16 +02:00
|
|
|
ACTIVE_TIMER => $req->data->{activeTimer},
|
2020-04-14 21:05:26 +02:00
|
|
|
FORM_ACTION => $req->data->{confirmFormAction} || "#",
|
2016-04-07 23:31:56 +02:00
|
|
|
FORM_METHOD => $self->conf->{confirmFormMethod},
|
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2018-07-05 22:56:16 +02:00
|
|
|
CHOICE_VALUE => $req->data->{_authChoice},
|
2016-04-07 23:31:56 +02:00
|
|
|
CHECK_LOGINS => $self->conf->{portalCheckLogins}
|
2018-10-12 10:04:03 +02:00
|
|
|
&& $req->data->{login},
|
2020-10-31 22:10:14 +01:00
|
|
|
ASK_LOGINS => $req->param('checkLogins') || 0,
|
|
|
|
ASK_STAYCONNECTED => $req->param('stayconnected') || 0,
|
|
|
|
CONFIRMKEY => $self->stamp(),
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2018-06-29 17:51:39 +02:00
|
|
|
: ()
|
|
|
|
),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
# 1.2b An authentication (or userDB) module needs to ask a question
|
|
|
|
# before processing to the request
|
|
|
|
elsif ( $req->{error} == PE_IDPCHOICE ) {
|
|
|
|
$self->logger->debug('Display: IDP choice detected');
|
|
|
|
$skinfile = 'idpchoice';
|
|
|
|
%templateParams = (
|
2018-10-09 22:40:28 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2018-11-07 20:10:31 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2018-06-29 17:51:39 +02:00
|
|
|
AUTH_ERROR => $req->error,
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
2018-07-05 22:56:16 +02:00
|
|
|
AUTH_URL => $req->{data}->{_url},
|
2018-06-29 17:51:39 +02:00
|
|
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
2018-07-05 22:56:16 +02:00
|
|
|
ACTIVE_TIMER => $req->data->{activeTimer},
|
2018-06-29 17:51:39 +02:00
|
|
|
FORM_METHOD => $self->conf->{confirmFormMethod},
|
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2018-07-05 22:56:16 +02:00
|
|
|
CHOICE_VALUE => $req->data->{_authChoice},
|
2018-06-29 17:51:39 +02:00
|
|
|
CHECK_LOGINS => $self->conf->{portalCheckLogins}
|
2018-10-12 10:04:03 +02:00
|
|
|
&& $req->data->{login},
|
2020-10-31 22:10:14 +01:00
|
|
|
ASK_LOGINS => $req->param('checkLogins') || 0,
|
|
|
|
ASK_STAYCONNECTED => $req->param('stayconnected') || 0,
|
|
|
|
CONFIRMKEY => $self->stamp(),
|
|
|
|
LIST => $req->data->{list} || [],
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2017-04-06 13:33:12 +02:00
|
|
|
: ()
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 1.3 There is a message to display
|
|
|
|
elsif ( my $info = $req->info ) {
|
2020-02-20 23:34:02 +01:00
|
|
|
my $method =
|
|
|
|
$req->data->{infoFormMethod} || $self->conf->{infoFormMethod};
|
2017-03-16 21:19:06 +01:00
|
|
|
$self->logger->debug('Display: info detected');
|
2019-08-27 10:10:11 +02:00
|
|
|
$self->logger->debug('Hidden values :');
|
|
|
|
$self->logger->debug( " $_: " . $req->{portalHiddenFormValues}->{$_} )
|
|
|
|
for keys %{ $req->{portalHiddenFormValues} // {} };
|
2016-04-07 23:31:56 +02:00
|
|
|
$skinfile = 'info';
|
|
|
|
%templateParams = (
|
2018-10-09 22:40:28 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2018-11-07 20:10:31 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2016-04-07 23:31:56 +02:00
|
|
|
AUTH_ERROR => $self->error,
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
|
|
|
MSG => $info,
|
2020-05-24 00:04:33 +02:00
|
|
|
URL => $req->{urldc} || $self->conf->{portal}, # Fix 2158
|
|
|
|
HIDDEN_INPUTS => $self->buildOutgoingHiddenForm( $req, $method ),
|
|
|
|
ACTIVE_TIMER => $req->data->{activeTimer},
|
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
|
|
|
CHOICE_VALUE => $req->data->{_authChoice},
|
|
|
|
FORM_METHOD => $method,
|
2020-02-07 21:39:58 +01:00
|
|
|
(
|
2020-04-27 15:03:58 +02:00
|
|
|
( not $req->{urldc} ) ? ( SEND_PARAMS => 1 )
|
2020-02-07 21:39:58 +01:00
|
|
|
: ()
|
|
|
|
),
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2017-04-06 13:33:12 +02:00
|
|
|
: ()
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 1.4 OpenID menu page
|
2016-04-07 23:31:56 +02:00
|
|
|
elsif ($req->{error} == PE_OPENID_EMPTY
|
|
|
|
or $req->{error} == PE_OPENID_BADID )
|
|
|
|
{
|
|
|
|
$skinfile = 'openid';
|
2017-01-05 22:45:34 +01:00
|
|
|
my $p = $self->conf->{portal} . $self->conf->{issuerDBOpenIDPath};
|
|
|
|
$p =~ s#(?<!:)/?\^?/#/#g;
|
2017-01-09 16:43:37 +01:00
|
|
|
my $id = $req->{sessionInfo}
|
2018-10-12 10:04:03 +02:00
|
|
|
->{ $self->conf->{openIdAttr} || $self->conf->{whatToTrace} };
|
2016-04-07 23:31:56 +02:00
|
|
|
%templateParams = (
|
2018-10-09 22:40:28 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2018-11-07 20:10:31 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2016-04-07 23:31:56 +02:00
|
|
|
AUTH_ERROR => $self->error,
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
|
|
|
PROVIDERURI => $p,
|
2017-01-09 16:43:37 +01:00
|
|
|
MSG => $req->info(),
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2017-04-06 13:33:12 +02:00
|
|
|
: ()
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
2018-07-05 22:56:16 +02:00
|
|
|
$templateParams{ID} = $req->data->{_openidPortal} . $id if ($id);
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 2. Good authentication
|
|
|
|
|
|
|
|
# 2.1 Redirection
|
|
|
|
elsif ( $req->{error} == PE_REDIRECT ) {
|
2020-04-14 18:48:35 +02:00
|
|
|
my $method = $req->data->{redirectFormMethod} || 'get';
|
2017-01-01 10:43:48 +01:00
|
|
|
$skinfile = "redirect";
|
|
|
|
%templateParams = (
|
2019-08-29 19:29:27 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2020-03-02 14:30:58 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2017-01-01 10:43:48 +01:00
|
|
|
URL => $req->{urldc},
|
2020-04-14 18:48:35 +02:00
|
|
|
HIDDEN_INPUTS => $self->buildOutgoingHiddenForm( $req, $method ),
|
|
|
|
FORM_METHOD => $method,
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2017-04-06 13:33:12 +02:00
|
|
|
: ()
|
|
|
|
),
|
2017-01-01 10:43:48 +01:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2017-02-19 08:17:37 +01:00
|
|
|
# 2.2 Case : display menu (with error or not)
|
2017-02-19 08:17:42 +01:00
|
|
|
elsif ( $req->error == PE_OK ) {
|
2017-01-01 10:43:48 +01:00
|
|
|
$skinfile = 'menu';
|
|
|
|
|
|
|
|
#utf8::decode($auth_user);
|
|
|
|
%templateParams = (
|
2018-10-10 23:12:38 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2018-11-07 20:10:31 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2018-10-12 10:04:03 +02:00
|
|
|
AUTH_USER => $req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
|
|
|
|
NEWWINDOW => $self->conf->{portalOpenLinkInNewWindow},
|
2020-05-24 00:04:33 +02:00
|
|
|
LOGOUT_URL => $self->conf->{portal} . "?logout=1",
|
|
|
|
APPSLIST_ORDER => $req->{sessionInfo}->{'_appsListOrder'},
|
|
|
|
PING => $self->conf->{portalPingInterval},
|
|
|
|
REQUIRE_OLDPASSWORD =>
|
|
|
|
$self->requireOldPwd->( $req, $req->userData ),
|
2020-08-29 22:12:09 +02:00
|
|
|
HIDE_OLDPASSWORD => 0,
|
|
|
|
PPOLICY_NOPOLICY => !$self->isPP(),
|
|
|
|
DISPLAY_PPOLICY => $self->conf->{portalDisplayPasswordPolicy},
|
|
|
|
PPOLICY_MINSIZE => $self->conf->{passwordPolicyMinSize},
|
|
|
|
PPOLICY_MINLOWER => $self->conf->{passwordPolicyMinLower},
|
|
|
|
PPOLICY_MINUPPER => $self->conf->{passwordPolicyMinUpper},
|
|
|
|
PPOLICY_MINDIGIT => $self->conf->{passwordPolicyMinDigit},
|
|
|
|
PPOLICY_MINSPECHAR => $self->conf->{passwordPolicyMinSpeChar},
|
2020-04-02 13:30:22 +02:00
|
|
|
(
|
2020-08-29 22:12:09 +02:00
|
|
|
$self->conf->{passwordPolicyMinSpeChar}
|
|
|
|
? ( PPOLICY_ALLOWEDSPECHAR => $self->speChars() )
|
2020-04-02 13:30:22 +02:00
|
|
|
: ()
|
|
|
|
),
|
2017-01-01 10:43:48 +01:00
|
|
|
$self->menu->params($req),
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2017-04-06 13:33:12 +02:00
|
|
|
: ()
|
|
|
|
),
|
2017-01-01 10:43:48 +01:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2020-06-09 15:33:44 +02:00
|
|
|
# when upgrading session, the administrator can configure LLNG
|
|
|
|
# to ask only for 2FA
|
|
|
|
elsif ( $req->error == PE_UPGRADESESSION ) {
|
|
|
|
$skinfile = 'upgradesession';
|
|
|
|
%templateParams = (
|
2020-06-09 22:01:16 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
|
|
|
LANGS => $self->conf->{showLanguages},
|
|
|
|
FORMACTION => '/upgradesession',
|
|
|
|
MSG => 'askToUpgrade',
|
|
|
|
PORTALBUTTON => 1,
|
|
|
|
BUTTON => 'upgradeSession',
|
|
|
|
CONFIRMKEY => $self->stamp,
|
|
|
|
PORTAL => $self->conf->{portal},
|
|
|
|
URL => $req->data->{_url},
|
2020-06-09 15:33:44 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
|
|
|
: ()
|
|
|
|
),
|
|
|
|
);
|
|
|
|
}
|
2020-06-09 22:01:16 +02:00
|
|
|
|
2020-06-09 15:33:44 +02:00
|
|
|
# renew uses the same plugin as upgrade, but first factor is mandatory
|
2017-03-23 21:49:52 +01:00
|
|
|
elsif ( $req->error == PE_RENEWSESSION ) {
|
2017-03-27 18:51:18 +02:00
|
|
|
$skinfile = 'upgradesession';
|
2017-03-23 21:49:52 +01:00
|
|
|
%templateParams = (
|
2020-06-09 22:01:16 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
|
|
|
LANGS => $self->conf->{showLanguages},
|
|
|
|
FORMACTION => '/renewsession',
|
|
|
|
MSG => 'askToRenew',
|
|
|
|
CONFIRMKEY => $self->stamp,
|
|
|
|
PORTAL => $self->conf->{portal},
|
|
|
|
PORTALBUTTON => 1,
|
|
|
|
BUTTON => 'renewSession',
|
|
|
|
URL => $req->data->{_url},
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2017-04-06 13:33:12 +02:00
|
|
|
: ()
|
|
|
|
),
|
2017-03-23 21:49:52 +01:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2020-06-09 15:33:44 +02:00
|
|
|
# Looks a lot like upgradesession, but no portal logo
|
2018-10-03 22:22:15 +02:00
|
|
|
elsif ( $req->error == PE_MUSTAUTHN ) {
|
2020-06-09 22:01:16 +02:00
|
|
|
$skinfile = 'upgradesession';
|
2018-10-03 22:22:15 +02:00
|
|
|
%templateParams = (
|
2018-10-09 22:40:28 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2018-11-07 20:10:31 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2020-06-09 22:01:16 +02:00
|
|
|
FORMACTION => '/renewsession',
|
2018-10-03 22:22:15 +02:00
|
|
|
MSG => 'PE87',
|
|
|
|
CONFIRMKEY => $self->stamp,
|
2020-06-09 22:01:16 +02:00
|
|
|
BUTTON => 'renewSession',
|
2018-10-03 22:22:15 +02:00
|
|
|
PORTAL => $self->conf->{portal},
|
|
|
|
URL => $req->data->{_url},
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-10-03 22:22:15 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
|
|
|
: ()
|
|
|
|
),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2018-09-23 12:52:30 +02:00
|
|
|
# 2.3 Case : user authenticated but an error was returned (bad url,...)
|
2018-02-20 22:58:20 +01:00
|
|
|
elsif (
|
|
|
|
$req->noLoginDisplay
|
2018-07-05 22:56:16 +02:00
|
|
|
or ( not $req->data->{noerror}
|
2018-02-20 22:58:20 +01:00
|
|
|
and $req->userData
|
|
|
|
and %{ $req->userData } )
|
2019-08-24 23:10:09 +02:00
|
|
|
|
|
|
|
# Avoid issue 1867
|
|
|
|
or ( $self->conf->{authentication} eq 'Combination'
|
|
|
|
and $req->{error} > PE_OK
|
2019-10-24 08:58:04 +02:00
|
|
|
and $req->{error} != PE_FIRSTACCESS
|
2019-12-13 11:15:05 +01:00
|
|
|
and $req->{error} != PE_BADCREDENTIALS
|
2020-09-04 16:14:17 +02:00
|
|
|
and $req->{error} != PE_PP_CHANGE_AFTER_RESET
|
2019-10-24 08:58:04 +02:00
|
|
|
and $req->{error} != PE_PP_PASSWORD_EXPIRED )
|
2018-10-12 10:04:03 +02:00
|
|
|
)
|
2017-03-27 18:51:18 +02:00
|
|
|
{
|
2017-02-19 08:17:42 +01:00
|
|
|
$skinfile = 'error';
|
|
|
|
%templateParams = (
|
2018-10-10 23:12:38 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2018-11-07 20:10:31 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2017-02-19 08:17:42 +01:00
|
|
|
AUTH_ERROR => $req->error,
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
2020-02-24 21:27:50 +01:00
|
|
|
LOCKTIME => $req->lockTime(),
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2017-04-06 13:33:12 +02:00
|
|
|
: ()
|
|
|
|
),
|
2017-02-19 08:17:42 +01:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2017-02-19 08:17:37 +01:00
|
|
|
# 3 Authentication has been refused OR first access
|
2016-04-07 23:31:56 +02:00
|
|
|
else {
|
2016-04-10 09:20:54 +02:00
|
|
|
$skinfile = 'login';
|
|
|
|
my $login = $self->userId($req);
|
2019-09-18 15:55:13 +02:00
|
|
|
if ( $login eq 'anonymous' ) {
|
|
|
|
$login = '';
|
|
|
|
}
|
|
|
|
elsif ( $req->user ) {
|
|
|
|
$login = $req->{user};
|
|
|
|
}
|
2016-04-07 23:31:56 +02:00
|
|
|
%templateParams = (
|
2018-10-12 10:04:03 +02:00
|
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
2018-11-07 20:10:31 +01:00
|
|
|
LANGS => $self->conf->{showLanguages},
|
2018-10-12 10:04:03 +02:00
|
|
|
AUTH_ERROR => $req->error,
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
|
|
|
AUTH_URL => $req->{data}->{_url},
|
|
|
|
LOGIN => $login,
|
2019-09-08 19:26:09 +02:00
|
|
|
DONT_STORE_PASSWORD => $self->conf->{browsersDontStorePassword},
|
2018-10-12 10:04:03 +02:00
|
|
|
CHECK_LOGINS => $self->conf->{portalCheckLogins},
|
|
|
|
ASK_LOGINS => $req->param('checkLogins') || 0,
|
2020-10-31 22:10:14 +01:00
|
|
|
ASK_STAYCONNECTED => $req->param('stayconnected') || 0,
|
2018-10-12 10:04:03 +02:00
|
|
|
DISPLAY_RESETPASSWORD => $self->conf->{portalDisplayResetPassword},
|
|
|
|
DISPLAY_REGISTER => $self->conf->{portalDisplayRegister},
|
2020-02-20 23:34:02 +01:00
|
|
|
DISPLAY_UPDATECERTIF =>
|
|
|
|
$self->conf->{portalDisplayCertificateResetByMail},
|
|
|
|
MAILCERTIF_URL => $self->conf->{certificateResetByMailURL},
|
|
|
|
MAIL_URL => $self->conf->{mailUrl},
|
|
|
|
REGISTER_URL => $self->conf->{registerUrl},
|
|
|
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
|
|
|
STAYCONNECTED => $self->conf->{stayConnected},
|
|
|
|
SPOOFID => $self->conf->{impersonationRule},
|
2018-10-12 10:04:03 +02:00
|
|
|
(
|
|
|
|
$req->data->{customScript}
|
2018-07-05 22:56:16 +02:00
|
|
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
2017-04-06 13:33:12 +02:00
|
|
|
: ()
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
# Display captcha if it's enabled
|
2017-01-25 12:11:48 +01:00
|
|
|
if ( $req->captcha ) {
|
2016-04-07 23:31:56 +02:00
|
|
|
%templateParams = (
|
|
|
|
%templateParams,
|
2017-01-25 12:11:48 +01:00
|
|
|
CAPTCHA_SRC => $req->captcha,
|
2017-01-26 18:53:14 +01:00
|
|
|
CAPTCHA_SIZE => $self->{conf}->{captcha_size} || 6
|
2017-01-25 12:11:48 +01:00
|
|
|
);
|
|
|
|
}
|
|
|
|
if ( $req->token ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
%templateParams = ( %templateParams, TOKEN => $req->token, );
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
# Show password form if password policy error
|
|
|
|
if (
|
|
|
|
|
|
|
|
$req->{error} == PE_PP_CHANGE_AFTER_RESET
|
|
|
|
or $req->{error} == PE_PP_MUST_SUPPLY_OLD_PASSWORD
|
|
|
|
or $req->{error} == PE_PP_INSUFFICIENT_PASSWORD_QUALITY
|
|
|
|
or $req->{error} == PE_PP_PASSWORD_TOO_SHORT
|
|
|
|
or $req->{error} == PE_PP_PASSWORD_TOO_YOUNG
|
|
|
|
or $req->{error} == PE_PP_PASSWORD_IN_HISTORY
|
|
|
|
or $req->{error} == PE_PASSWORD_MISMATCH
|
|
|
|
or $req->{error} == PE_BADOLDPASSWORD
|
|
|
|
or $req->{error} == PE_PASSWORDFORMEMPTY
|
2016-05-11 15:04:40 +02:00
|
|
|
or ( $req->{error} == PE_PP_PASSWORD_EXPIRED
|
|
|
|
and $self->conf->{ldapAllowResetExpiredPassword} )
|
2018-10-12 10:04:03 +02:00
|
|
|
)
|
2016-04-07 23:31:56 +02:00
|
|
|
{
|
|
|
|
%templateParams = (
|
|
|
|
%templateParams,
|
|
|
|
REQUIRE_OLDPASSWORD =>
|
2018-10-12 10:04:03 +02:00
|
|
|
1, # Old password is required to check user credentials
|
2016-04-07 23:31:56 +02:00
|
|
|
DISPLAY_FORM => 0,
|
|
|
|
DISPLAY_OPENID_FORM => 0,
|
|
|
|
DISPLAY_YUBIKEY_FORM => 0,
|
|
|
|
DISPLAY_PASSWORD => 1,
|
|
|
|
DISPLAY_RESETPASSWORD => 0,
|
|
|
|
AUTH_LOOP => [],
|
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2018-07-05 22:56:16 +02:00
|
|
|
CHOICE_VALUE => $req->data->{_authChoice},
|
2016-05-11 15:04:40 +02:00
|
|
|
OLDPASSWORD => $self->checkXSSAttack( 'oldpassword',
|
2020-08-24 22:43:03 +02:00
|
|
|
$req->data->{oldpassword} ) ? ""
|
2018-07-05 22:56:16 +02:00
|
|
|
: $req->data->{oldpassword},
|
2016-04-07 23:31:56 +02:00
|
|
|
HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
|
2020-08-29 22:12:09 +02:00
|
|
|
PPOLICY_NOPOLICY => !$self->isPP(),
|
2019-09-05 13:02:51 +02:00
|
|
|
DISPLAY_PPOLICY => $self->conf->{portalDisplayPasswordPolicy},
|
2019-09-05 12:46:32 +02:00
|
|
|
PPOLICY_MINSIZE => $self->conf->{passwordPolicyMinSize},
|
|
|
|
PPOLICY_MINLOWER => $self->conf->{passwordPolicyMinLower},
|
|
|
|
PPOLICY_MINUPPER => $self->conf->{passwordPolicyMinUpper},
|
|
|
|
PPOLICY_MINDIGIT => $self->conf->{passwordPolicyMinDigit},
|
2020-08-29 22:12:09 +02:00
|
|
|
PPOLICY_MINSPECHAR => $self->conf->{passwordPolicyMinSpeChar},
|
2020-08-24 22:43:03 +02:00
|
|
|
(
|
2020-08-29 22:12:09 +02:00
|
|
|
$self->conf->{passwordPolicyMinSpeChar}
|
|
|
|
? ( PPOLICY_ALLOWEDSPECHAR => $self->speChars() )
|
2020-08-24 22:43:03 +02:00
|
|
|
: ()
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
# Disable all forms on:
|
|
|
|
# * Logout message
|
2020-02-24 21:27:50 +01:00
|
|
|
# * Account lock
|
2016-04-07 23:31:56 +02:00
|
|
|
# * Bad URL error
|
|
|
|
elsif ($req->{error} == PE_LOGOUT_OK
|
2018-09-28 00:03:46 +02:00
|
|
|
or $req->{error} == PE_WAIT
|
2019-03-18 11:41:41 +01:00
|
|
|
or $req->{error} == PE_BADURL )
|
2016-04-07 23:31:56 +02:00
|
|
|
{
|
|
|
|
%templateParams = (
|
|
|
|
%templateParams,
|
|
|
|
DISPLAY_RESETPASSWORD => 0,
|
|
|
|
DISPLAY_FORM => 0,
|
|
|
|
DISPLAY_OPENID_FORM => 0,
|
|
|
|
DISPLAY_YUBIKEY_FORM => 0,
|
|
|
|
AUTH_LOOP => [],
|
|
|
|
MSG => $req->info(),
|
2020-02-26 22:31:22 +01:00
|
|
|
LOCKTIME => $req->lockTime(),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2017-02-07 07:21:23 +01:00
|
|
|
# Display authentication form
|
2016-04-07 23:31:56 +02:00
|
|
|
else {
|
|
|
|
|
|
|
|
# Authentication loop
|
2017-04-25 10:11:16 +02:00
|
|
|
if ( $self->conf->{authentication} eq 'Choice'
|
2016-07-03 09:28:08 +02:00
|
|
|
and my $authLoop = $self->_buildAuthLoop($req) )
|
|
|
|
{
|
2016-04-07 23:31:56 +02:00
|
|
|
%templateParams = (
|
|
|
|
%templateParams,
|
2016-07-02 21:09:45 +02:00
|
|
|
AUTH_LOOP => $authLoop,
|
2016-04-07 23:31:56 +02:00
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2018-07-05 22:56:16 +02:00
|
|
|
CHOICE_VALUE => $req->data->{_authChoice},
|
2020-03-11 11:46:14 +01:00
|
|
|
DISPLAY_TAB => scalar( $req->param("tab") ),
|
2016-04-07 23:31:56 +02:00
|
|
|
DISPLAY_FORM => 0,
|
|
|
|
DISPLAY_OPENID_FORM => 0,
|
|
|
|
DISPLAY_YUBIKEY_FORM => 0,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
# Choose what form to display if not in a loop
|
|
|
|
else {
|
|
|
|
|
2018-10-12 10:04:03 +02:00
|
|
|
my $displayType =
|
2019-06-13 17:51:36 +02:00
|
|
|
eval { $self->_authentication->getDisplayType($req) }
|
|
|
|
|| 'logo';
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2020-11-08 13:14:41 +01:00
|
|
|
$self->logger->debug("Display type $displayType");
|
2016-04-07 23:31:56 +02:00
|
|
|
|
|
|
|
%templateParams = (
|
|
|
|
%templateParams,
|
2018-10-10 23:12:38 +02:00
|
|
|
DISPLAY_FORM => $displayType =~ /\bstandardform\b/ ? 1
|
|
|
|
: 0,
|
2018-10-12 10:04:03 +02:00
|
|
|
DISPLAY_OPENID_FORM => $displayType =~ /\bopenidform\b/ ? 1
|
2017-02-19 08:17:37 +01:00
|
|
|
: 0,
|
|
|
|
DISPLAY_YUBIKEY_FORM => $displayType =~ /\byubikeyform\b/
|
|
|
|
? 1
|
2016-04-07 23:31:56 +02:00
|
|
|
: 0,
|
2017-04-11 21:19:59 +02:00
|
|
|
DISPLAY_SSL_FORM => $displayType =~ /sslform/ ? 1 : 0,
|
2018-12-04 18:14:19 +01:00
|
|
|
DISPLAY_GPG_FORM => $displayType =~ /gpgform/ ? 1 : 0,
|
2017-04-11 21:19:59 +02:00
|
|
|
DISPLAY_LOGO_FORM => $displayType eq "logo" ? 1 : 0,
|
|
|
|
module => $displayType eq "logo"
|
2016-05-23 23:52:32 +02:00
|
|
|
? $self->getModule( $req, 'auth' )
|
2016-04-07 23:31:56 +02:00
|
|
|
: "",
|
2018-10-12 10:04:03 +02:00
|
|
|
AUTH_LOOP => [],
|
|
|
|
PORTAL_URL =>
|
|
|
|
( $displayType eq "logo" ? $self->conf->{portal} : 0 ),
|
2016-04-07 23:31:56 +02:00
|
|
|
MSG => $req->info(),
|
|
|
|
);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2019-03-11 16:36:32 +01:00
|
|
|
if ( $req->data->{waitingMessage} ) {
|
|
|
|
$templateParams{WAITING_MESSAGE} = 1;
|
|
|
|
}
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Skin returned: $skinfile");
|
2016-04-13 23:06:04 +02:00
|
|
|
return ( $skinfile, \%templateParams );
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
##@method public void printImage(string file, string type)
|
|
|
|
# Print image to STDOUT
|
|
|
|
# @param $file The path to the file to print
|
|
|
|
# @param $type The content-type to use (ie: image/png)
|
|
|
|
# @return void
|
|
|
|
sub staticFile {
|
2016-12-17 08:58:53 +01:00
|
|
|
my ( $self, $req, $file, $type ) = @_;
|
2016-04-07 23:31:56 +02:00
|
|
|
require Plack::Util;
|
|
|
|
require Cwd;
|
|
|
|
require HTTP::Date;
|
2019-06-26 11:59:13 +02:00
|
|
|
open my $fh, '<:raw', $self->conf->{templateDir} . "/$file"
|
2018-10-12 10:04:03 +02:00
|
|
|
or return $self->sendError( $req,
|
2019-06-26 11:59:13 +02:00
|
|
|
$self->conf->{templateDir} . "/$file: $!", 403 );
|
2016-04-07 23:31:56 +02:00
|
|
|
my @stat = stat $file;
|
|
|
|
Plack::Util::set_io_path( $fh, Cwd::realpath($file) );
|
|
|
|
return [
|
|
|
|
200,
|
2018-10-12 10:04:03 +02:00
|
|
|
[
|
|
|
|
'Content-Type' => $type,
|
2016-04-07 23:31:56 +02:00
|
|
|
'Content-Length' => $stat[7],
|
|
|
|
'Last-Modified' => HTTP::Date::time2str( $stat[9] )
|
|
|
|
],
|
|
|
|
$fh,
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
2020-04-14 18:48:35 +02:00
|
|
|
sub buildOutgoingHiddenForm {
|
|
|
|
my ( $self, $req, $method ) = @_;
|
|
|
|
my @keys = keys %{ $req->{portalHiddenFormValues} };
|
|
|
|
|
2020-05-28 19:15:04 +02:00
|
|
|
if ( lc $method eq 'get' ) {
|
|
|
|
my $uri = URI->new( $req->{urldc} );
|
|
|
|
my %query_params = $uri->query_form;
|
|
|
|
|
|
|
|
# Redirection URL contains query string. Before displaying a form,
|
|
|
|
# we must set the query string parameters as form fields so they can
|
|
|
|
# be preserved #2085
|
|
|
|
if (%query_params) {
|
|
|
|
$self->logger->debug(
|
2020-04-14 18:48:35 +02:00
|
|
|
"urldc contains query parameters, setting them as hidden form values"
|
2020-05-28 19:15:04 +02:00
|
|
|
);
|
|
|
|
foreach ( keys %query_params ) {
|
|
|
|
$self->setHiddenFormValue( $req, $_, $query_params{$_}, "", 0 );
|
|
|
|
}
|
2020-04-14 18:48:35 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return $self->buildHiddenForm($req);
|
|
|
|
}
|
|
|
|
|
2016-04-07 23:31:56 +02:00
|
|
|
sub buildHiddenForm {
|
2016-11-22 21:55:10 +01:00
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
my @keys = keys %{ $req->{portalHiddenFormValues} };
|
|
|
|
my $val = '';
|
2016-04-07 23:31:56 +02:00
|
|
|
|
|
|
|
foreach (@keys) {
|
|
|
|
|
|
|
|
# Check XSS attacks
|
|
|
|
next
|
2018-10-12 10:04:03 +02:00
|
|
|
if $self->checkXSSAttack( $_, $req->{portalHiddenFormValues}->{$_} );
|
2016-04-07 23:31:56 +02:00
|
|
|
|
|
|
|
# Build hidden input HTML code
|
2019-02-03 20:05:28 +01:00
|
|
|
# 'id' is removed to avoid warning with Choice
|
2019-02-03 00:17:53 +01:00
|
|
|
#$val .= qq{<input type="hidden" name="$_" id="$_" value="}
|
2019-02-03 20:05:28 +01:00
|
|
|
$val .= qq{<input type="hidden" name="$_" value="}
|
2018-10-12 10:04:03 +02:00
|
|
|
. $req->{portalHiddenFormValues}->{$_} . '" />';
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return $val;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Return skin name
|
|
|
|
# @return skin name
|
2016-08-02 15:52:29 +02:00
|
|
|
# TODO: create property for skinRule
|
2016-04-07 23:31:56 +02:00
|
|
|
sub getSkin {
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
my $skin = $self->conf->{portalSkin};
|
|
|
|
|
|
|
|
# Fill sessionInfo to eval rule if empty (unauthenticated user)
|
|
|
|
$req->{sessionInfo}->{_url} ||= $req->{urldc};
|
2017-01-04 17:36:54 +01:00
|
|
|
$req->{sessionInfo}->{ipAddr} ||= $req->address;
|
2016-04-07 23:31:56 +02:00
|
|
|
|
|
|
|
# Load specific skin from skinRules
|
2017-12-20 22:48:12 +01:00
|
|
|
foreach my $rule ( @{ $self->{skinRules} } ) {
|
2017-03-28 23:07:49 +02:00
|
|
|
if ( $rule->[1]->( $req, $req->sessionInfo ) ) {
|
2017-12-20 22:48:12 +01:00
|
|
|
if ( -d $self->conf->{templateDir} . '/' . $rule->[0] ) {
|
|
|
|
$skin = $rule->[0];
|
|
|
|
$self->logger->debug("Skin $skin selected from skin rule");
|
|
|
|
last;
|
|
|
|
}
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# Check skin GET/POST parameter
|
|
|
|
my $skinParam = $req->param('skin');
|
2017-12-20 22:52:52 +01:00
|
|
|
if ( defined $skinParam ) {
|
2018-01-24 22:29:09 +01:00
|
|
|
if ( $skinParam =~ /^[\w\-]+$/ ) {
|
2017-12-20 22:52:52 +01:00
|
|
|
if ( -d $self->conf->{templateDir} . '/' . $skinParam ) {
|
|
|
|
$skin = $skinParam;
|
|
|
|
$self->logger->debug(
|
|
|
|
"Skin $skin selected from GET/POST parameter");
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$self->userLogger->error(
|
|
|
|
"User tries to access to unexistent skin dir $skinParam");
|
|
|
|
}
|
2017-12-20 22:48:12 +01:00
|
|
|
}
|
|
|
|
else {
|
2017-12-20 22:52:52 +01:00
|
|
|
$self->userLogger->error("Strange skin parameter: $skinParam");
|
2017-12-20 22:48:12 +01:00
|
|
|
}
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return $skin;
|
|
|
|
}
|
|
|
|
|
2016-04-13 23:06:04 +02:00
|
|
|
# Build an HTML array to display sessions
|
2018-07-05 22:56:16 +02:00
|
|
|
# @param $sessions Array ref of hash ref containing sessions data
|
2016-04-13 23:06:04 +02:00
|
|
|
# @param $title Title of the array
|
|
|
|
# @param $displayUser To display "User" column
|
|
|
|
# @param $displaError To display "Error" column
|
|
|
|
# @return HTML string
|
|
|
|
sub mkSessionArray {
|
2019-06-28 13:40:56 +02:00
|
|
|
my ( $self, $req, $sessions, $title, $displayUser, $displayError ) = @_;
|
2016-04-13 23:06:04 +02:00
|
|
|
|
|
|
|
return "" unless ( ref $sessions eq "ARRAY" and @$sessions );
|
|
|
|
|
2017-10-10 13:04:40 +02:00
|
|
|
my @fields = sort keys %{ $self->conf->{sessionDataToRemember} };
|
|
|
|
return $self->loadTemplate(
|
2019-06-28 13:40:56 +02:00
|
|
|
$req,
|
2017-10-10 13:04:40 +02:00
|
|
|
'sessionArray',
|
|
|
|
params => {
|
|
|
|
title => $title,
|
|
|
|
displayUser => $displayUser,
|
|
|
|
displayError => $displayError,
|
|
|
|
fields => [
|
|
|
|
map { { name => $self->conf->{sessionDataToRemember}->{$_} } }
|
2018-10-12 10:04:03 +02:00
|
|
|
@fields
|
2017-10-10 13:04:40 +02:00
|
|
|
],
|
|
|
|
sessions => [
|
|
|
|
map {
|
|
|
|
my $session = $_;
|
2018-10-12 10:04:03 +02:00
|
|
|
{
|
|
|
|
user => $session->{user},
|
2017-10-10 13:04:40 +02:00
|
|
|
utime => $session->{_utime},
|
|
|
|
ip => $session->{ipAddr},
|
|
|
|
values => [ map { { v => $session->{$_} } } @fields ],
|
|
|
|
error => $session->{error},
|
2020-04-20 18:26:46 +02:00
|
|
|
displayUser => $displayUser,
|
2018-11-06 21:34:48 +01:00
|
|
|
displayError => $displayError,
|
2017-10-10 13:04:40 +02:00
|
|
|
}
|
|
|
|
} @$sessions
|
|
|
|
],
|
|
|
|
}
|
|
|
|
);
|
2016-04-13 23:06:04 +02:00
|
|
|
}
|
|
|
|
|
2017-09-15 14:31:42 +02:00
|
|
|
sub mkOidcConsent {
|
2019-06-28 13:40:56 +02:00
|
|
|
my ( $self, $req, $session ) = @_;
|
2018-06-16 20:58:51 +02:00
|
|
|
|
2018-06-23 07:23:16 +02:00
|
|
|
if ( defined( $self->conf->{oidcRPMetaDataOptions} )
|
|
|
|
and ref( $self->conf->{oidcRPMetaDataOptions} ) )
|
|
|
|
{
|
2018-09-23 11:07:58 +02:00
|
|
|
|
2018-10-10 23:12:38 +02:00
|
|
|
# Set default RP displayname
|
2018-06-16 20:58:51 +02:00
|
|
|
foreach my $oidc ( keys %{ $self->conf->{oidcRPMetaDataOptions} } ) {
|
2018-06-19 20:04:04 +02:00
|
|
|
$self->conf->{oidcRPMetaDataOptions}->{$oidc}
|
2018-10-12 10:04:03 +02:00
|
|
|
->{oidcRPMetaDataOptionsDisplayName} ||= $oidc;
|
2018-06-19 20:04:04 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-07-15 19:17:48 +02:00
|
|
|
# Loading existing oidcConsents
|
2018-09-23 11:07:58 +02:00
|
|
|
$self->logger->debug("Searching OIDC Consents...");
|
|
|
|
my $_oidcConsents;
|
2018-07-15 19:17:48 +02:00
|
|
|
if ( exists $session->{_oidcConsents} ) {
|
2018-09-23 11:07:58 +02:00
|
|
|
$_oidcConsents = eval {
|
2018-07-15 19:17:48 +02:00
|
|
|
from_json( $session->{_oidcConsents}, { allow_nonref => 1 } );
|
|
|
|
};
|
|
|
|
if ($@) {
|
|
|
|
$self->logger->error("Corrupted session (_oidcConsents): $@");
|
|
|
|
return PE_ERROR;
|
2018-06-16 20:58:51 +02:00
|
|
|
}
|
|
|
|
}
|
2018-07-15 19:17:48 +02:00
|
|
|
else {
|
|
|
|
$self->logger->debug("No OIDC Consent found");
|
|
|
|
}
|
|
|
|
my $consents = {};
|
2018-09-23 11:07:58 +02:00
|
|
|
foreach (@$_oidcConsents) {
|
2018-07-15 22:08:30 +02:00
|
|
|
if ( defined $_->{rp} ) {
|
|
|
|
my $rp = $_->{rp};
|
|
|
|
$self->logger->debug("RP { $rp } Consent found");
|
|
|
|
$consents->{$rp}->{epoch} = $_->{epoch};
|
|
|
|
$consents->{$rp}->{scope} = $_->{scope};
|
2018-10-12 10:04:03 +02:00
|
|
|
$consents->{$rp}->{displayName} =
|
|
|
|
$self->conf->{oidcRPMetaDataOptions}->{$rp}
|
|
|
|
->{oidcRPMetaDataOptionsDisplayName};
|
2018-07-15 22:08:30 +02:00
|
|
|
}
|
2018-07-15 19:17:48 +02:00
|
|
|
}
|
|
|
|
|
2018-09-23 11:07:58 +02:00
|
|
|
# Display existing oidcConsents
|
2017-10-10 13:04:40 +02:00
|
|
|
return $self->loadTemplate(
|
2019-06-28 13:40:56 +02:00
|
|
|
$req,
|
2017-10-10 13:04:40 +02:00
|
|
|
'oidcConsents',
|
|
|
|
params => {
|
|
|
|
partners => [
|
2019-02-07 09:27:56 +01:00
|
|
|
map { {
|
2018-10-12 10:04:03 +02:00
|
|
|
name => $_,
|
2018-07-15 22:08:30 +02:00
|
|
|
epoch => $consents->{$_}->{epoch},
|
2018-06-19 20:04:04 +02:00
|
|
|
scope => $consents->{$_}->{scope},
|
|
|
|
displayName => $consents->{$_}->{displayName}
|
|
|
|
}
|
|
|
|
} ( sort keys %$consents )
|
2017-10-10 13:04:40 +02:00
|
|
|
],
|
2018-06-19 20:04:04 +02:00
|
|
|
consents => join( ",", keys %$consents ),
|
2017-10-10 13:04:40 +02:00
|
|
|
}
|
|
|
|
);
|
2017-09-15 14:31:42 +02:00
|
|
|
}
|
|
|
|
|
2016-04-07 23:31:56 +02:00
|
|
|
1;
|