lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm

package Lemonldap::NG::Portal::Auth::SSL;

use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_CERTIFICATEREQUIRED
  PE_BADCERTIFICATE
  PE_FIRSTACCESS
  PE_OK
);

our $VERSION = '2.0.12';

extends 'Lemonldap::NG::Portal::Main::Auth';

# INITIALIZATION

has AjaxInitScript => ( is => 'rw', default => '' );
has Name           => ( is => 'ro', default => 'SSL' );

sub init {
    my ($self) = @_;
    $self->AjaxInitScript( '<script type="application/init">{"sslHost":"'
          . $self->conf->{sslHost}
          . '"}</script>' )
      if $self->conf->{sslByAjax};
    return 1;
}

# Read username in SSL environment variables, or return an error
# @return Lemonldap::NG::Portal constant
sub extractFormInfo {
    my ( $self, $req ) = @_;

    # If this is the ajax query, allow response to contain HTML code
    # to update the portal error message
    if ( $req->wantJSON ) {
        $req->wantErrorRender(1);
    }

    my $field = $self->conf->{SSLVar};
    if ( $req->env->{SSL_CLIENT_I_DN} ) {
        $self->logger->debug(
            'Received SSL issuer ' . $req->env->{SSL_CLIENT_I_DN} );

        if ( my $tmp =
            $self->conf->{SSLVarIf}->{ $req->env->{SSL_CLIENT_I_DN} } )
        {
            $field = $tmp;
        }
    }
    $req->env->{$field}
      ? $self->logger->debug("Using SSL environment variable $field")
      : $self->logger->notice(
        "No name found in certificate, check your configuration");
    if ( $req->env->{$field} and $req->user( $req->env->{$field} ) ) {
        $self->userLogger->notice( "GoodSSL authentication for " . $req->user );
        return PE_OK;
    }
    elsif ( $req->env->{SSL_CLIENT_S_DN} ) {
        $self->userLogger->warn("$field was not found in user certificate");
        return PE_BADCERTIFICATE;
    }
    elsif ( $self->conf->{sslByAjax} and not $req->param('nossl') ) {

        # If this is the AJAX query
        if ( $req->wantJSON ) {
            return PE_CERTIFICATEREQUIRED;
        }

        $self->logger->debug( 'Append ' . $self->{Name} . ' init/script' );
        $req->data->{customScript} .= $self->{AjaxInitScript};
        $self->logger->debug(
            "Send init/script -> " . $req->data->{customScript} );
        $req->data->{waitingMessage} = 1;
        return PE_FIRSTACCESS;
    }
    else {
        if ( $self->conf->{sslByAjax} ) {
            $self->logger->debug( 'Append ' . $self->{Name} . ' init/script' );
            $req->data->{customScript} .= $self->{AjaxInitScript};
            $self->logger->debug(
                "Send init/script -> " . $req->data->{customScript} );
            return PE_BADCERTIFICATE;
        }
        $self->userLogger->warn('No certificate found');
        return PE_CERTIFICATEREQUIRED;
    }
}

sub authenticate {
    return PE_OK;
}

sub setAuthSessionInfo {
    my ( $self, $req ) = @_;
    $req->sessionInfo->{authenticationLevel} = $self->conf->{SSLAuthnLevel};
    return PE_OK;
}

sub getDisplayType {
    my ($self) = @_;
    return ( $self->{conf}->{sslByAjax} ? "sslform" : "logo" );
}

sub authLogout {
    return PE_OK;
}

1;
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`package Lemonldap::NG::Portal::Auth::SSL;`

			`use strict;`
			`use Mouse;`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`use Lemonldap::NG::Portal::Main::Constants qw(`
Tidy 2019-02-05 23:12:17 +01:00			`PE_CERTIFICATEREQUIRED`
Perl critic 2021-02-01 22:30:37 +01:00			`PE_BADCERTIFICATE`
Tidy 2019-02-05 23:12:17 +01:00			`PE_FIRSTACCESS`
			`PE_OK`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`);`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00
Perl critic 2021-02-01 22:30:37 +01:00			`our $VERSION = '2.0.12';`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00
Move Auth::Base to Main::Auth 2018-02-19 22:11:43 +01:00			`extends 'Lemonldap::NG::Portal::Main::Auth';`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00
			`# INITIALIZATION`

Improve code (#1636) 2019-02-02 17:34:44 +01:00			`has AjaxInitScript => ( is => 'rw', default => '' );`
			`has Name => ( is => 'ro', default => 'SSL' );`

Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`sub init {`
Improve code (#1636) 2019-02-02 17:34:44 +01:00			`my ($self) = @_;`
			`$self->AjaxInitScript( '<script type="application/init">{"sslHost":"'`
Tidy 2019-02-05 23:12:17 +01:00			`. $self->conf->{sslHost}`
			`. '"}</script>' )`
			`if $self->conf->{sslByAjax};`
WebID (#595) 2017-01-30 22:00:54 +01:00			`return 1;`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`}`

			`# Read username in SSL environment variables, or return an error`
			`# @return Lemonldap::NG::Portal constant`
			`sub extractFormInfo {`
			`my ( $self, $req ) = @_;`
Improve SSL error reporting (#2110) 2020-03-26 20:21:09 +01:00
			`# If this is the ajax query, allow response to contain HTML code`
			`# to update the portal error message`
			`if ( $req->wantJSON ) {`
			`$req->wantErrorRender(1);`
			`}`

Set some default values in Attributes.pm (#595) 2018-04-30 18:06:15 +02:00			`my $field = $self->conf->{SSLVar};`
Manager: fix SSLVarIf syntax (#2082) 2020-01-31 17:43:49 +01:00			`if ( $req->env->{SSL_CLIENT_I_DN} ) {`
			`$self->logger->debug(`
fix whitespace (#2082) 2020-01-31 17:48:21 +01:00			`'Received SSL issuer ' . $req->env->{SSL_CLIENT_I_DN} );`
Manager: fix SSLVarIf syntax (#2082) 2020-01-31 17:43:49 +01:00
			`if ( my $tmp =`
			`$self->conf->{SSLVarIf}->{ $req->env->{SSL_CLIENT_I_DN} } )`
			`{`
			`$field = $tmp;`
			`}`
Add conditional SSLVar (closes: #803) 2017-02-24 07:29:50 +01:00			`}`
Verify that $field is defined with AuthSSL (#2141) 2020-04-11 22:54:55 +02:00			`$req->env->{$field}`
			`? $self->logger->debug("Using SSL environment variable $field")`
			`: $self->logger->notice(`
			`"No name found in certificate, check your configuration");`
			`if ( $req->env->{$field} and $req->user( $req->env->{$field} ) ) {`
Tidy 2019-02-05 23:12:17 +01:00			`$self->userLogger->notice( "GoodSSL authentication for " . $req->user );`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`return PE_OK;`
			`}`
			`elsif ( $req->env->{SSL_CLIENT_S_DN} ) {`
Add conditional SSLVar (closes: #803) 2017-02-24 07:29:50 +01:00			`$self->userLogger->warn("$field was not found in user certificate");`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`return PE_BADCERTIFICATE;`
			`}`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`elsif ( $self->conf->{sslByAjax} and not $req->param('nossl') ) {`
Improve SSL error reporting (#2110) 2020-03-26 20:21:09 +01:00
			`# If this is the AJAX query`
			`if ( $req->wantJSON ) {`
			`return PE_CERTIFICATEREQUIRED;`
			`}`

Fix SSL/Kerberos Auth with Choice & Improve unit tests (#1636) 2019-02-02 21:31:37 +01:00			`$self->logger->debug( 'Append ' . $self->{Name} . ' init/script' );`
			`$req->data->{customScript} .= $self->{AjaxInitScript};`
Improve code (#1636) 2019-02-02 17:34:44 +01:00			`$self->logger->debug(`
			`"Send init/script -> " . $req->data->{customScript} );`
Add a waiting message for Kerberos/SSL workflow (#1670) 2019-03-11 16:36:32 +01:00			`$req->data->{waitingMessage} = 1;`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`return PE_FIRSTACCESS;`
			`}`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`else {`
Fix SSL/Kerberos Auth with Choice & Improve unit tests (#1636) 2019-02-03 20:05:28 +01:00			`if ( $self->conf->{sslByAjax} ) {`
Tidy 2019-02-05 23:12:17 +01:00			`$self->logger->debug( 'Append ' . $self->{Name} . ' init/script' );`
Fix SSL/Kerberos Auth with Choice & Improve unit tests (#1636) 2019-02-03 20:05:28 +01:00			`$req->data->{customScript} .= $self->{AjaxInitScript};`
			`$self->logger->debug(`
			`"Send init/script -> " . $req->data->{customScript} );`
Improve SSL error reporting (#2110) 2020-03-26 20:21:09 +01:00			`return PE_BADCERTIFICATE;`
Fix SSL/Kerberos Auth with Choice & Improve unit tests (#1636) 2019-02-03 20:05:28 +01:00			`}`
Add Ajax to SSL (closes #1212) 2017-04-11 21:19:59 +02:00			`$self->userLogger->warn('No certificate found');`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`return PE_CERTIFICATEREQUIRED;`
			`}`
			`}`

			`sub authenticate {`
Perl critic 2021-02-01 22:30:37 +01:00			`return PE_OK;`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`}`

Enable setAuthSessionInfo (#595) 2016-12-01 23:25:05 +01:00			`sub setAuthSessionInfo {`
			`my ( $self, $req ) = @_;`
Typo & upadte version 2019-04-05 22:58:48 +02:00			`$req->sessionInfo->{authenticationLevel} = $self->conf->{SSLAuthnLevel};`
Perl critic 2021-02-01 22:30:37 +01:00			`return PE_OK;`
Enable setAuthSessionInfo (#595) 2016-12-01 23:25:05 +01:00			`}`

Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`sub getDisplayType {`
make tidy 2018-11-26 14:40:21 +01:00			`my ($self) = @_;`
			`return ( $self->{conf}->{sslByAjax} ? "sslform" : "logo" );`
Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`}`

Append authLogout function to Auth::SSL.pm (#1564) 2018-12-01 16:05:29 +01:00			`sub authLogout {`
Perl critic 2021-02-01 22:30:37 +01:00			`return PE_OK;`
Append authLogout function to Auth::SSL.pm (#1564) 2018-12-01 16:05:29 +01:00			`}`

Add Auth/SSL (#595) 2016-08-05 13:56:16 +02:00			`1;`