2016-12-30 08:03:48 +01:00
|
|
|
package Lemonldap::NG::Portal::UserDB::OpenIDConnect;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Mouse;
|
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
2022-03-17 17:50:38 +01:00
|
|
|
PE_OIDC_AUTH_ERROR
|
2016-12-30 08:03:48 +01:00
|
|
|
PE_BADCREDENTIALS
|
2020-04-27 17:40:34 +02:00
|
|
|
PE_ERROR
|
2016-12-30 08:03:48 +01:00
|
|
|
PE_OK
|
|
|
|
);
|
|
|
|
|
2021-04-01 23:07:58 +02:00
|
|
|
our $VERSION = '2.0.12';
|
2016-12-30 08:03:48 +01:00
|
|
|
|
2021-04-01 23:07:58 +02:00
|
|
|
extends qw(
|
|
|
|
Lemonldap::NG::Common::Module
|
|
|
|
Lemonldap::NG::Portal::Lib::OpenIDConnect
|
|
|
|
);
|
2016-12-30 08:03:48 +01:00
|
|
|
|
|
|
|
# INITIALIZATION
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
2017-01-01 10:43:48 +01:00
|
|
|
return $self->loadOPs;
|
2016-12-30 08:03:48 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# RUNNING METHODS
|
|
|
|
|
|
|
|
sub getUser {
|
|
|
|
my ( $self, $req ) = @_;
|
2018-07-05 22:56:16 +02:00
|
|
|
my $op = $req->data->{_oidcOPCurrent};
|
2016-12-30 08:03:48 +01:00
|
|
|
|
2020-04-27 17:40:34 +02:00
|
|
|
# This is likely to happen when running getUser without extractFormInfo
|
|
|
|
# see #1980
|
|
|
|
unless ($op) {
|
|
|
|
$self->logger->warn("No OP found in current session");
|
|
|
|
return PE_ERROR;
|
|
|
|
}
|
|
|
|
|
2018-07-05 22:56:16 +02:00
|
|
|
my $access_token = $req->data->{access_token};
|
2016-12-30 08:03:48 +01:00
|
|
|
|
|
|
|
my $userinfo_content = $self->getUserInfo( $op, $access_token );
|
|
|
|
|
|
|
|
unless ($userinfo_content) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->warn("No User Info content");
|
2016-12-30 08:03:48 +01:00
|
|
|
return PE_OK;
|
|
|
|
}
|
|
|
|
|
2022-03-17 17:50:38 +01:00
|
|
|
# call oidcGotUserInfo hook
|
|
|
|
my $h =
|
|
|
|
$self->p->processHook( $req, 'oidcGotUserInfo', $op, $userinfo_content, );
|
|
|
|
return PE_OIDC_AUTH_ERROR if ( $h != PE_OK );
|
|
|
|
|
2021-01-25 18:09:30 +01:00
|
|
|
$req->data->{OpenIDConnect_user_info} = $userinfo_content;
|
2016-12-30 08:03:48 +01:00
|
|
|
|
|
|
|
# Check that received sub is the same than current user
|
2018-07-05 22:56:16 +02:00
|
|
|
unless ( $req->data->{OpenIDConnect_user_info}->{sub} eq $req->{user} ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error("Received sub do not match current user");
|
2016-12-30 08:03:48 +01:00
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
|
|
|
|
|
|
|
return PE_OK;
|
|
|
|
}
|
|
|
|
|
2020-12-22 15:17:23 +01:00
|
|
|
sub findUser {
|
|
|
|
|
|
|
|
# Nothing to do here
|
2021-04-01 23:07:58 +02:00
|
|
|
return PE_OK;
|
2020-12-22 15:17:23 +01:00
|
|
|
}
|
|
|
|
|
2016-12-30 08:03:48 +01:00
|
|
|
# Get all required attributes
|
|
|
|
sub setSessionInfo {
|
|
|
|
my ( $self, $req ) = @_;
|
2018-07-05 22:56:16 +02:00
|
|
|
my $op = $req->data->{_oidcOPCurrent};
|
2016-12-30 08:03:48 +01:00
|
|
|
|
|
|
|
my %vars = (
|
|
|
|
%{ $self->conf->{exportedVars} },
|
|
|
|
%{ $self->conf->{oidcOPMetaDataExportedVars}->{$op} }
|
|
|
|
);
|
|
|
|
|
|
|
|
while ( my ( $k, $v ) = each %vars ) {
|
2019-11-08 11:25:27 +01:00
|
|
|
$req->{sessionInfo}->{$k} = $req->data->{OpenIDConnect_user_info}->{$v};
|
2016-12-30 08:03:48 +01:00
|
|
|
}
|
|
|
|
|
2021-04-01 23:07:58 +02:00
|
|
|
return PE_OK;
|
2016-12-30 08:03:48 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Does nothing
|
|
|
|
sub setGroups {
|
2021-04-01 23:07:58 +02:00
|
|
|
return PE_OK;
|
2016-12-30 08:03:48 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
1;
|