lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm

package Lemonldap::NG::Portal::Lib::RESTProxy;

use strict;
use JSON;
use Mouse;
use Lemonldap::NG::Common::UserAgent;
use Lemonldap::NG::Portal::Main::Constants qw(
  URIRE
  PE_OK
  PE_ERROR
  PE_BADCREDENTIALS
);
use Lemonldap::NG::Common::FormEncode;

our $VERSION = '2.0.14';

has ua             => ( is => 'rw' );
has cookieName     => ( is => 'rw' );
has sessionService => ( is => 'rw' );

# INITIALIZATION

sub init {
    my ($self) = @_;

    unless ( defined $self->conf->{proxyAuthService}
        && $self->conf->{proxyAuthService} =~ URIRE )
    {
        $self->error("Bad or missing proxyAuthService parameter");
        return 0;
    }

    my $sessionService = $self->conf->{proxySessionService}
      || $self->conf->{proxyAuthService} . '/session/my';
    $sessionService =~ s#/*$##;
    unless ( $sessionService =~ URIRE ) {
        $self->error("Malformed proxySessionService parameter");
        return 0;
    }
    $self->sessionService($sessionService);
    $self->ua( Lemonldap::NG::Common::UserAgent->new( $self->conf ) );
    $self->ua->default_header( Accept => 'application/json' );
    $self->cookieName( $self->conf->{proxyCookieName}
          || $self->conf->{cookieName} );

    return 1;
}

no warnings 'once';
*authenticate = \&getUser;

sub getUser {
    my ( $self, $req ) = @_;
    return PE_OK if ( $req->data->{_proxyQueryDone} );
    $self->logger->debug(
        'Proxy push auth to ' . $self->conf->{proxyAuthService} );
    my $resp = $self->ua->post(
        $self->conf->{proxyAuthService},
        {
            user     => $req->{user},
            password => $req->data->{password},
            (
                $self->conf->{proxyAuthServiceChoiceParam}
                  && $self->conf->{proxyAuthServiceChoiceValue}
                ? ( $self->conf->{proxyAuthServiceChoiceParam} =>
                      $self->conf->{proxyAuthServiceChoiceValue} )
                : ()
            ),
            (
                $self->conf->{proxyAuthServiceImpersonation}
                  && $req->param('spoofId')
                ? ( spoofId => $req->param('spoofId') )
                : ()
            )
        }
    );
    unless ( $resp->is_success ) {
        $self->logger->error(
            'Unable to query authentication service: ' . $resp->status_line );
        return PE_ERROR;
    }
    $self->logger->debug('Proxy gets a response');
    my $res = eval { JSON::from_json( $resp->content, { allow_nonref => 1 } ) };
    if ($@) {
        $self->logger->error("Bad content: $@");
        return PE_ERROR;
    }
    unless ( $res->{result} ) {
        $self->userLogger->warn("Authentication failed for $req->{user}");
        $self->setSecurity($req);
        return PE_BADCREDENTIALS;
    }
    my $name = $self->cookieName;
    unless ( grep /\b$name=/, $resp->header('Set-Cookie') ) {
        $self->logger->error("No cookie named '$name'");
        return PE_ERROR;
    }

    $req->sessionInfo->{_proxyCookies} = join '; ',
      map { s/;.*$//; $_ } $resp->header('Set-Cookie');
    $self->logger->debug( 'Store remote cookies in session ('
          . $req->sessionInfo->{_proxyCookies}
          . ')' );
    $req->data->{_proxyQueryDone}++;

    return PE_OK;
}

sub findUser {

    # Nothing to do here
    return PE_OK;
}

sub setSessionInfo {
    my ( $self, $req ) = @_;
    return PE_OK if ( $req->data->{_setSessionInfoDone} );
    $self->logger->debug(
        'Proxy requests sessionInfo to ' . $self->sessionService . '/global' );
    my $q = HTTP::Request->new(
        GET => $self->sessionService . '/global',
        [
            Cookie => $req->sessionInfo->{_proxyCookies},
            Accept => 'application/json'
        ]
    );
    my $resp = $self->ua->request($q);
    unless ( $resp->is_success ) {
        $self->logger->error(
            'Unable to query session service: ' . $resp->status_line );
        return PE_ERROR;
    }
    $self->logger->debug('Proxy gets a response');
    my $res = eval { JSON::from_json( $resp->content, { allow_nonref => 1 } ) };
    if ($@) {
        $self->logger->error("Bad content: $@");
        return PE_ERROR;
    }
    foreach ( keys %$res ) {
        $req->{sessionInfo}->{$_} ||= $res->{$_} unless (/^_/);
    }
    $req->data->{_setSessionInfoDone}++;

    return PE_OK;
}

sub authLogout {
    my ( $self, $req ) = @_;
    $self->logger->debug(
        'Proxy ask logout to ' . $self->conf->{proxyAuthService} );
    my $q = HTTP::Request->new(
        GET => $self->conf->{proxyAuthService} . '?logout=1',
        [
            Cookie => $req->sessionInfo->{_proxyCookies},
            Accept => 'application/json'
        ]
    );
    my $resp = $self->ua->request($q);
    unless ( $resp->is_success ) {
        $self->logger->error(
            'Unable to query authentication service: ' . $resp->status_line );
        return PE_OK;
    }
    $self->logger->debug('Proxy gets a response');
    my $res = eval { JSON::from_json( $resp->content, { allow_nonref => 1 } ) };
    if ($@) {
        $self->logger->error("Bad content: $@");
        return PE_OK;
    }
    my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
    unless ( $res->{result} ) {
        $self->userLogger->warn("Internal Portal logout failed for $user")
          if $user;
        return PE_OK;
    }
    $self->userLogger->notice(
        "User $user has been disconnected from internal Portal")
      if $user;

    return PE_OK;
}

1;
REST in progress (#970) 2017-01-10 13:25:30 +01:00			`package Lemonldap::NG::Portal::Lib::RESTProxy;`
Start REST client (#970) 2017-01-10 07:04:40 +01:00
			`use strict;`
			`use JSON;`
			`use Mouse;`
Add LWP options (closes: #1065) 2017-02-15 16:08:23 +01:00			`use Lemonldap::NG::Common::UserAgent;`
Test & code refactoring(#2601) 2021-09-06 17:10:55 +02:00			`use Lemonldap::NG::Portal::Main::Constants qw(`
Test URIs (#2600) 2021-09-08 22:10:45 +02:00			`URIRE`
Test & code refactoring(#2601) 2021-09-06 17:10:55 +02:00			`PE_OK`
			`PE_ERROR`
			`PE_BADCREDENTIALS`
			`);`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`use Lemonldap::NG::Common::FormEncode;`

Test & code refactoring(#2601) 2021-09-06 17:10:55 +02:00			`our $VERSION = '2.0.14';`
Start REST client (#970) 2017-01-10 07:04:40 +01:00
Test & code refactoring(#2601) 2021-09-06 17:10:55 +02:00			`has ua => ( is => 'rw' );`
Test cookieName & Improve code + unit test (#2600) 2021-09-09 14:28:06 +02:00			`has cookieName => ( is => 'rw' );`
Test & code refactoring(#2601) 2021-09-06 17:10:55 +02:00			`has sessionService => ( is => 'rw' );`
Start REST client (#970) 2017-01-10 07:04:40 +01:00
			`# INITIALIZATION`

			`sub init {`
			`my ($self) = @_;`

Test URIs (#2600) 2021-09-08 22:10:45 +02:00			`unless ( defined $self->conf->{proxyAuthService}`
			`&& $self->conf->{proxyAuthService} =~ URIRE )`
			`{`
			`$self->error("Bad or missing proxyAuthService parameter");`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`return 0;`
			`}`
Test & code refactoring(#2601) 2021-09-06 17:10:55 +02:00
			`my $sessionService = $self->conf->{proxySessionService}`
			`\|\| $self->conf->{proxyAuthService} . '/session/my';`
			`$sessionService =~ s#/*$##;`
Test URIs (#2600) 2021-09-08 22:10:45 +02:00			`unless ( $sessionService =~ URIRE ) {`
			`$self->error("Malformed proxySessionService parameter");`
			`return 0;`
			`}`
Test & code refactoring(#2601) 2021-09-06 17:10:55 +02:00			`$self->sessionService($sessionService);`
			`$self->ua( Lemonldap::NG::Common::UserAgent->new( $self->conf ) );`
			`$self->ua->default_header( Accept => 'application/json' );`
Spit Remote and Proxy Auth cookie name parameter (#2613) 2021-09-10 22:13:51 +02:00			`$self->cookieName( $self->conf->{proxyCookieName}`
Test cookieName & Improve code + unit test (#2600) 2021-09-09 14:28:06 +02:00			`\|\| $self->conf->{cookieName} );`
Test & code refactoring(#2601) 2021-09-06 17:10:55 +02:00
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`return 1;`
			`}`

REST in progress (#970) 2017-01-10 13:25:30 +01:00			`no warnings 'once';`
			`*authenticate = \&getUser;`
Start REST client (#970) 2017-01-10 07:04:40 +01:00
			`sub getUser {`
			`my ( $self, $req ) = @_;`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`return PE_OK if ( $req->data->{_proxyQueryDone} );`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->debug(`
			`'Proxy push auth to ' . $self->conf->{proxyAuthService} );`
Append ChoiceParam & ChoiceValue (#2600) 2021-09-06 10:47:06 +02:00			`my $resp = $self->ua->post(`
			`$self->conf->{proxyAuthService},`
			`{`
			`user => $req->{user},`
			`password => $req->data->{password},`
			`(`
			`$self->conf->{proxyAuthServiceChoiceParam}`
			`&& $self->conf->{proxyAuthServiceChoiceValue}`
			`? ( $self->conf->{proxyAuthServiceChoiceParam} =>`
			`$self->conf->{proxyAuthServiceChoiceValue} )`
			`: ()`
			`),`
Append spoofId parameter (#2601) 2021-09-06 14:18:10 +02:00			`(`
Test URIs (#2600) 2021-09-08 22:10:45 +02:00			`$self->conf->{proxyAuthServiceImpersonation}`
			`&& $req->param('spoofId')`
Append spoofId parameter (#2601) 2021-09-06 14:18:10 +02:00			`? ( spoofId => $req->param('spoofId') )`
			`: ()`
			`)`
Append ChoiceParam & ChoiceValue (#2600) 2021-09-06 10:47:06 +02:00			`}`
			`);`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`unless ( $resp->is_success ) {`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->error(`
			`'Unable to query authentication service: ' . $resp->status_line );`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`return PE_ERROR;`
			`}`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->debug('Proxy gets a response');`
Fix from_json methods (#1303) 2017-09-28 14:52:14 +02:00			`my $res = eval { JSON::from_json( $resp->content, { allow_nonref => 1 } ) };`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`if ($@) {`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->error("Bad content: $@");`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`return PE_ERROR;`
			`}`
REST in progress (#970) 2017-01-10 13:25:30 +01:00			`unless ( $res->{result} ) {`
Test cookieName & Improve code + unit test (#2600) 2021-09-09 14:28:06 +02:00			`$self->userLogger->warn("Authentication failed for $req->{user}");`
Reinitialize token when login fails (#1140) 2017-03-14 17:52:11 +01:00			`$self->setSecurity($req);`
REST in progress (#970) 2017-01-10 13:25:30 +01:00			`return PE_BADCREDENTIALS;`
			`}`
Test cookieName & Improve code + unit test (#2600) 2021-09-09 14:28:06 +02:00			`my $name = $self->cookieName;`
Improve logout message (#2600) 2021-09-09 14:54:40 +02:00			`unless ( grep /\b$name=/, $resp->header('Set-Cookie') ) {`
Test cookieName & Improve code + unit test (#2600) 2021-09-09 14:28:06 +02:00			`$self->logger->error("No cookie named '$name'");`
			`return PE_ERROR;`
			`}`

REST in progress (#970) 2017-01-10 13:25:30 +01:00			`$req->sessionInfo->{_proxyCookies} = join '; ',`
REST in progress (#970) 2017-01-10 17:09:28 +01:00			`map { s/;.*$//; $_ } $resp->header('Set-Cookie');`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->debug( 'Store remote cookies in session ('`
			`. $req->sessionInfo->{_proxyCookies}`
			`. ')' );`
Test cookieName & Improve code + unit test (#2600) 2021-09-09 14:28:06 +02:00			`$req->data->{_proxyQueryDone}++;`
Perl critic 2021-04-01 23:07:58 +02:00
			`return PE_OK;`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`}`

Fix other Backend (#1976) 2021-01-02 18:58:40 +01:00			`sub findUser {`

			`# Nothing to do here`
Perl critic 2021-04-01 23:07:58 +02:00			`return PE_OK;`
Fix other Backend (#1976) 2021-01-02 18:58:40 +01:00			`}`

Start REST client (#970) 2017-01-10 07:04:40 +01:00			`sub setSessionInfo {`
			`my ( $self, $req ) = @_;`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`return PE_OK if ( $req->data->{_setSessionInfoDone} );`
Test cookieName & Improve code + unit test (#2600) 2021-09-09 14:28:06 +02:00			`$self->logger->debug(`
			`'Proxy requests sessionInfo to ' . $self->sessionService . '/global' );`
REST in progress (#970) 2017-01-10 13:25:30 +01:00			`my $q = HTTP::Request->new(`
Test cookieName & Improve code + unit test (#2600) 2021-09-09 14:28:06 +02:00			`GET => $self->sessionService . '/global',`
REST in progress (#970) 2017-01-10 17:09:28 +01:00			`[`
			`Cookie => $req->sessionInfo->{_proxyCookies},`
			`Accept => 'application/json'`
			`]`
REST in progress (#970) 2017-01-10 13:25:30 +01:00			`);`
REST in progress (#970) 2017-01-10 17:09:28 +01:00			`my $resp = $self->ua->request($q);`
REST in progress (#970) 2017-01-10 13:25:30 +01:00			`unless ( $resp->is_success ) {`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->error(`
			`'Unable to query session service: ' . $resp->status_line );`
REST in progress (#970) 2017-01-10 13:25:30 +01:00			`return PE_ERROR;`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`}`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->debug('Proxy gets a response');`
Fix from_json methods (#1303) 2017-09-28 14:52:14 +02:00			`my $res = eval { JSON::from_json( $resp->content, { allow_nonref => 1 } ) };`
REST in progress (#970) 2017-01-10 13:25:30 +01:00			`if ($@) {`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->error("Bad content: $@");`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`return PE_ERROR;`
			`}`
REST in progress (#970) 2017-01-10 13:25:30 +01:00			`foreach ( keys %$res ) {`
			`$req->{sessionInfo}->{$_} \|\|= $res->{$_} unless (/^_/);`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`}`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`$req->data->{_setSessionInfoDone}++;`
Append ChoiceParam & ChoiceValue (#2600) 2021-09-06 10:47:06 +02:00
Perl critic 2021-04-01 23:07:58 +02:00			`return PE_OK;`
Start REST client (#970) 2017-01-10 07:04:40 +01:00			`}`

REST in progress (#970) 2017-01-10 17:09:28 +01:00			`sub authLogout {`
			`my ( $self, $req ) = @_;`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->debug(`
			`'Proxy ask logout to ' . $self->conf->{proxyAuthService} );`
REST in progress (#970) 2017-01-10 17:09:28 +01:00			`my $q = HTTP::Request->new(`
			`GET => $self->conf->{proxyAuthService} . '?logout=1',`
			`[`
			`Cookie => $req->sessionInfo->{_proxyCookies},`
			`Accept => 'application/json'`
			`]`
			`);`
			`my $resp = $self->ua->request($q);`
Improve logout message (#2600) 2021-09-09 14:54:40 +02:00			`unless ( $resp->is_success ) {`
			`$self->logger->error(`
			`'Unable to query authentication service: ' . $resp->status_line );`
			`return PE_OK;`
			`}`
			`$self->logger->debug('Proxy gets a response');`
			`my $res = eval { JSON::from_json( $resp->content, { allow_nonref => 1 } ) };`
			`if ($@) {`
			`$self->logger->error("Bad content: $@");`
			`return PE_OK;`
			`}`
			`my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };`
			`unless ( $res->{result} ) {`
			`$self->userLogger->warn("Internal Portal logout failed for $user")`
			`if $user;`
			`return PE_OK;`
			`}`
			`$self->userLogger->notice(`
			`"User $user has been disconnected from internal Portal")`
			`if $user;`
Spit Remote and Proxy Auth cookie name parameter (#2613) 2021-09-10 22:13:51 +02:00
REST in progress (#970) 2017-01-10 17:09:28 +01:00			`return PE_OK;`
			`}`

Start REST client (#970) 2017-01-10 07:04:40 +01:00			`1;`