lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm

package Lemonldap::NG::Portal::UserDB::OpenIDConnect;

use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_OIDC_AUTH_ERROR
  PE_BADCREDENTIALS
  PE_ERROR
  PE_OK
);

our $VERSION = '2.0.12';

extends qw(
  Lemonldap::NG::Common::Module
  Lemonldap::NG::Portal::Lib::OpenIDConnect
);

# INITIALIZATION

sub init {
    my ($self) = @_;
    return $self->loadOPs;
}

# RUNNING METHODS

sub getUser {
    my ( $self, $req ) = @_;
    my $op = $req->data->{_oidcOPCurrent};

    # This is likely to happen when running getUser without extractFormInfo
    # see #1980
    unless ($op) {
        $self->logger->warn("No OP found in current session");
        return PE_ERROR;
    }

    my $access_token = $req->data->{access_token};

    my $userinfo_content = $self->getUserInfo( $op, $access_token );

    unless ($userinfo_content) {
        $self->logger->warn("No User Info content");
        return PE_OK;
    }

    # call oidcGotUserInfo hook
    my $h =
      $self->p->processHook( $req, 'oidcGotUserInfo', $op, $userinfo_content, );
    return PE_OIDC_AUTH_ERROR if ( $h != PE_OK );

    $req->data->{OpenIDConnect_user_info} = $userinfo_content;

    # Check that received sub is the same than current user
    unless ( $req->data->{OpenIDConnect_user_info}->{sub} eq $req->{user} ) {
        $self->logger->error("Received sub do not match current user");
        return PE_BADCREDENTIALS;
    }

    return PE_OK;
}

sub findUser {

    # Nothing to do here
    return PE_OK;
}

# Get all required attributes
sub setSessionInfo {
    my ( $self, $req ) = @_;
    my $op = $req->data->{_oidcOPCurrent};

    my %vars = (
        %{ $self->conf->{exportedVars} },
        %{ $self->conf->{oidcOPMetaDataExportedVars}->{$op} }
    );

    while ( my ( $k, $v ) = each %vars ) {
        $req->{sessionInfo}->{$k} = $req->data->{OpenIDConnect_user_info}->{$v};
    }

    return PE_OK;
}

# Does nothing
sub setGroups {
    return PE_OK;
}

1;
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`package Lemonldap::NG::Portal::UserDB::OpenIDConnect;`

			`use strict;`
			`use Mouse;`
			`use Lemonldap::NG::Portal::Main::Constants qw(`
Add auth oidc hooks (#2730) new hooks: oidcGenerateAuthenticationRequest oidcGenerateTokenRequest oidcGotIDToken oidcGotUserInfo 2022-03-17 17:50:38 +01:00			`PE_OIDC_AUTH_ERROR`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`PE_BADCREDENTIALS`
Mitigate #1980 by displaying an error to the user 2020-04-27 17:40:34 +02:00			`PE_ERROR`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`PE_OK`
			`);`

Perl critic 2021-04-01 23:07:58 +02:00			`our $VERSION = '2.0.12';`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00
Perl critic 2021-04-01 23:07:58 +02:00			`extends qw(`
			`Lemonldap::NG::Common::Module`
			`Lemonldap::NG::Portal::Lib::OpenIDConnect`
			`);`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00
			`# INITIALIZATION`

			`sub init {`
			`my ($self) = @_;`
OIDC in progress (#595) 2017-01-01 10:43:48 +01:00			`return $self->loadOPs;`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`}`

			`# RUNNING METHODS`

			`sub getUser {`
			`my ( $self, $req ) = @_;`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`my $op = $req->data->{_oidcOPCurrent};`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00
Mitigate #1980 by displaying an error to the user 2020-04-27 17:40:34 +02:00			`# This is likely to happen when running getUser without extractFormInfo`
			`# see #1980`
			`unless ($op) {`
			`$self->logger->warn("No OP found in current session");`
			`return PE_ERROR;`
			`}`

s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`my $access_token = $req->data->{access_token};`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00
			`my $userinfo_content = $self->getUserInfo( $op, $access_token );`

			`unless ($userinfo_content) {`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->warn("No User Info content");`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`return PE_OK;`
			`}`

Add auth oidc hooks (#2730) new hooks: oidcGenerateAuthenticationRequest oidcGenerateTokenRequest oidcGotIDToken oidcGotUserInfo 2022-03-17 17:50:38 +01:00			`# call oidcGotUserInfo hook`
			`my $h =`
			`$self->p->processHook( $req, 'oidcGotUserInfo', $op, $userinfo_content, );`
			`return PE_OIDC_AUTH_ERROR if ( $h != PE_OK );`

Refactor: getUserInfo now returns a hash 2021-01-25 18:09:30 +01:00			`$req->data->{OpenIDConnect_user_info} = $userinfo_content;`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00
			`# Check that received sub is the same than current user`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`unless ( $req->data->{OpenIDConnect_user_info}->{sub} eq $req->{user} ) {`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->error("Received sub do not match current user");`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`return PE_BADCREDENTIALS;`
			`}`

			`return PE_OK;`
			`}`

WIP: UserDB findUser (#1976) 2020-12-22 15:17:23 +01:00			`sub findUser {`

			`# Nothing to do here`
Perl critic 2021-04-01 23:07:58 +02:00			`return PE_OK;`
WIP: UserDB findUser (#1976) 2020-12-22 15:17:23 +01:00			`}`

OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`# Get all required attributes`
			`sub setSessionInfo {`
			`my ( $self, $req ) = @_;`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`my $op = $req->data->{_oidcOPCurrent};`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00
			`my %vars = (`
			`%{ $self->conf->{exportedVars} },`
			`%{ $self->conf->{oidcOPMetaDataExportedVars}->{$op} }`
			`);`

			`while ( my ( $k, $v ) = each %vars ) {`
Do not store session key if attribute was missing from UserDB (#2004) 2019-11-08 11:25:27 +01:00			`$req->{sessionInfo}->{$k} = $req->data->{OpenIDConnect_user_info}->{$v};`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`}`

Perl critic 2021-04-01 23:07:58 +02:00			`return PE_OK;`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`}`

			`# Does nothing`
			`sub setGroups {`
Perl critic 2021-04-01 23:07:58 +02:00			`return PE_OK;`
OIDC in progress (#595) 2016-12-30 08:03:48 +01:00			`}`

			`1;`