2017-03-03 07:29:50 +01:00
|
|
|
package Lemonldap::NG::Handler::Lib::ServiceToken;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
2020-08-19 22:35:59 +02:00
|
|
|
our $VERSION = '2.0.9';
|
2017-03-03 07:29:50 +01:00
|
|
|
|
|
|
|
sub fetchId {
|
2017-03-28 23:07:49 +02:00
|
|
|
my ( $class, $req ) = @_;
|
|
|
|
my $token = $req->{env}->{HTTP_X_LLNG_TOKEN};
|
2020-08-19 22:35:59 +02:00
|
|
|
return $class->Lemonldap::NG::Handler::Main::fetchId($req) unless ($token =~ /\w+/);
|
|
|
|
$class->logger->debug("Found token: $token");
|
2018-04-22 16:08:34 +02:00
|
|
|
|
|
|
|
# Decrypt token
|
2017-03-03 18:25:03 +01:00
|
|
|
my $s = $class->tsv->{cipher}->decrypt($token);
|
2018-04-22 16:08:34 +02:00
|
|
|
|
2019-06-12 22:43:16 +02:00
|
|
|
# Token format:
|
|
|
|
# time:_session_id:vhost1:vhost2:serviceHeader1=value1:serviceHeader2=value2,...
|
2017-03-03 18:25:03 +01:00
|
|
|
my ( $t, $_session_id, @vhosts ) = split /:/, $s;
|
2020-08-19 22:35:59 +02:00
|
|
|
$class->logger->debug("Found epoch: $t");
|
|
|
|
$class->logger->debug("Found _session_id: $_session_id");
|
2018-04-22 16:08:34 +02:00
|
|
|
|
2019-06-12 22:01:36 +02:00
|
|
|
# Looking for service headers
|
2019-10-11 22:12:04 +02:00
|
|
|
my $vhost = $class->resolveAlias($req);
|
2019-06-12 22:53:41 +02:00
|
|
|
my %serviceHeaders;
|
|
|
|
@vhosts = grep {
|
|
|
|
if (/^([\w\-]+)=(.+)$/) {
|
|
|
|
$serviceHeaders{$1} = $2;
|
2019-06-14 17:23:26 +02:00
|
|
|
$class->logger->debug("Found service header: $1 => $2");
|
2019-06-12 22:53:41 +02:00
|
|
|
0;
|
|
|
|
}
|
|
|
|
else { 1 }
|
|
|
|
} @vhosts;
|
2019-06-11 21:44:32 +02:00
|
|
|
|
2019-05-26 22:37:59 +02:00
|
|
|
# $_session_id and at least one vhost
|
2019-05-27 23:07:18 +02:00
|
|
|
unless ( @vhosts and $_session_id ) {
|
2018-04-22 16:08:34 +02:00
|
|
|
$class->userLogger->error('Bad service token');
|
2019-10-11 22:12:04 +02:00
|
|
|
$class->logger->debug(
|
|
|
|
@vhosts ? 'No _session_id found' : 'No VH found' );
|
2017-03-03 07:29:50 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2018-04-22 16:08:34 +02:00
|
|
|
|
|
|
|
# Is vhost listed in token ?
|
2019-10-11 22:12:04 +02:00
|
|
|
unless ( grep { $_ eq $vhost } @vhosts ) {
|
2017-03-04 13:24:56 +01:00
|
|
|
$class->userLogger->error(
|
2019-10-11 22:12:04 +02:00
|
|
|
"$vhost not authorized in token (" . join( ', ', @vhosts ) . ')' );
|
2017-03-04 13:24:56 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2020-08-19 22:35:59 +02:00
|
|
|
$class->logger->debug( 'Found VHosts: ' . join ', ', @vhosts );
|
2019-05-26 21:43:13 +02:00
|
|
|
|
|
|
|
# Is token in good interval ?
|
2020-02-20 23:34:02 +01:00
|
|
|
my $ttl =
|
|
|
|
$class->localConfig->{vhostOptions}->{$vhost}->{vhostServiceTokenTTL}
|
2019-10-11 22:12:04 +02:00
|
|
|
|| $class->tsv->{serviceTokenTTL}->{$vhost};
|
|
|
|
$ttl = $class->tsv->{handlerServiceTokenTTL} unless ( $ttl and $ttl > 0 );
|
|
|
|
my $now = time;
|
|
|
|
unless ( $t <= $now and $t > $now - $ttl ) {
|
2019-05-26 21:43:13 +02:00
|
|
|
$class->userLogger->warn('Expired service token');
|
2019-10-11 22:12:04 +02:00
|
|
|
$class->logger->debug("VH: $vhost with ServiceTokenTTL: $ttl");
|
|
|
|
$class->logger->debug("TokenTime: $t / Time: $now");
|
2019-05-26 21:43:13 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-11-25 22:22:20 +01:00
|
|
|
# Send service headers to protected application if exist
|
2019-06-12 22:01:36 +02:00
|
|
|
if (%serviceHeaders) {
|
2019-11-25 22:55:06 +01:00
|
|
|
$class->logger->info("Append service header(s)...");
|
2019-11-25 22:22:20 +01:00
|
|
|
$class->set_header_in( $req, %serviceHeaders );
|
2019-06-12 22:01:36 +02:00
|
|
|
}
|
|
|
|
|
2017-03-03 07:29:50 +01:00
|
|
|
return $_session_id;
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|