lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm

package Lemonldap::NG::Portal::Plugins::GrantSession;

use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
  PE_OK
  PE_SESSIONNOTGRANTED
  PE_BADCREDENTIALS
);

our $VERSION = '2.1.0';

extends 'Lemonldap::NG::Portal::Main::Plugin';

use constant afterData => 'run';

has rules => ( is => 'rw', default => sub { {} } );

sub init {
    my ($self) = @_;
    my $hd = $self->p->HANDLER;
    foreach ( keys %{ $self->conf->{grantSessionRules} // {} } ) {
        $self->logger->debug("GrantRule key -> $_");
        $self->logger->debug(
            "GrantRule value -> " . $self->conf->{grantSessionRules}->{$_} );
        my $rule =
          $hd->buildSub(
            $hd->substitute( $self->conf->{grantSessionRules}->{$_} ) );
        unless ($rule) {
            my $error = $hd->tsv->{jail}->error || '???';
            $self->error("Bad grantSession rule -> $error");
            return 0;
        }
        $self->rules->{$_} = $rule;
    }
    return 1;
}

sub run {
    my ( $self, $req ) = @_;

    sub sortByComment {
        my $A = ( $a =~ /^.*?##(.*)$/ )[0];
        my $B = ( $b =~ /^.*?##(.*)$/ )[0];
        return !$A ? 1 : !$B ? -1 : $A cmp $B;
    }

    # Avoid display notification if AuthResult is not null
    if ( $req->authResult > PE_OK ) {
        $self->logger->debug(
            "Bad authentication, do not check grant session rules");
        return PE_BADCREDENTIALS;
    }

    foreach ( sort sortByComment keys %{ $self->rules } ) {
        my $rule = $self->conf->{grantSessionRules}->{$_};
        $self->logger->debug("Grant session condition -> $rule");
        unless ( $self->rules->{$_}->( $req, $req->sessionInfo ) ) {
            $req->userData( {} );

            # Catch rule message
            $_ =~ /^(.*?)##.*$/;
            if ($1) {
                $self->logger->debug("Message -> $1");

                # Message can contain session data as user attributes or macros
                my $hd  = $self->p->HANDLER;
                my $msg = $hd->substitute($1);
                unless ( $msg = $hd->buildSub($msg) ) {
                    my $error = $hd->tsv->{jail}->error || '???';
                    $self->error("Bad message -> $error");
                    return PE_OK;
                }
                $msg = $msg->( $req, $req->sessionInfo );
                $self->logger->debug("Transformed message -> $msg");
                $req->info(
                    $self->loadTemplate(
                        $req, 'simpleInfo', params => { trspan => $msg }
                    )
                );
                $self->userLogger->error( 'User '
                      . $req->sessionInfo->{uid}
                      . " was not granted to open session (rule -> $rule)" );
                $req->urldc( $self->conf->{portal} );
                return $req->authResult(PE_SESSIONNOTGRANTED);
            }
            else {
                $self->userLogger->error( 'User '
                      . $req->sessionInfo->{uid}
                      . " was not granted to open session (rule -> "
                      . $self->conf->{grantSessionRules}->{$_}
                      . ")" );
                $req->urldc( $self->conf->{portal} );
                return $req->authResult(PE_SESSIONNOTGRANTED);
            }
        }
    }

    # Log
    my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
    my $mod  = $req->{sessionInfo}->{_auth};
    $self->userLogger->notice(
        "Session granted for $user by $mod ($req->{sessionInfo}->{ipAddr})")
      if $user;
    return PE_OK;
}

1;
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00			`package Lemonldap::NG::Portal::Plugins::GrantSession;`

			`use strict;`
			`use Mouse;`
			`use Lemonldap::NG::Portal::Main::Constants qw(`
Tidy 2019-02-05 23:12:17 +01:00			`PE_OK`
			`PE_SESSIONNOTGRANTED`
			`PE_BADCREDENTIALS`
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00			`);`

Set master version to 2.1.0 2019-02-12 18:21:38 +01:00			`our $VERSION = '2.1.0';`
Missing versions (#595) 2017-02-28 21:53:19 +01:00
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00			`extends 'Lemonldap::NG::Portal::Main::Plugin';`

Fix conf parameter name (#1510) 2018-10-01 15:20:41 +02:00			`use constant afterData => 'run';`
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00
			`has rules => ( is => 'rw', default => sub { {} } );`

			`sub init {`
			`my ($self) = @_;`
			`my $hd = $self->p->HANDLER;`
More tests 2019-08-27 10:32:26 +02:00			`foreach ( keys %{ $self->conf->{grantSessionRules} // {} } ) {`
WIP - Fix grantSession rules creation from manager & message display (#1510) 2018-10-01 19:43:16 +02:00			`$self->logger->debug("GrantRule key -> $_");`
			`$self->logger->debug(`
			`"GrantRule value -> " . $self->conf->{grantSessionRules}->{$_} );`
Tidy 2019-02-05 23:12:17 +01:00			`my $rule =`
			`$hd->buildSub(`
Fix conf parameter name (#1510) 2018-10-01 15:20:41 +02:00			`$hd->substitute( $self->conf->{grantSessionRules}->{$_} ) );`
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00			`unless ($rule) {`
Highlight error message (#2126 & #1625) 2020-03-28 18:12:34 +01:00			`my $error = $hd->tsv->{jail}->error \|\| '???';`
Fix warning if error is undefined (#2126 & #1625) 2020-03-28 17:58:39 +01:00			`$self->error("Bad grantSession rule -> $error");`
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00			`return 0;`
			`}`
			`$self->rules->{$_} = $rule;`
			`}`
			`return 1;`
			`}`

Fix conf parameter name (#1510) 2018-10-01 15:20:41 +02:00			`sub run {`
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00			`my ( $self, $req ) = @_;`

			`sub sortByComment {`
			`my $A = ( $a =~ /^.?##(.)$/ )[0];`
			`my $B = ( $b =~ /^.?##(.)$/ )[0];`
			`return !$A ? 1 : !$B ? -1 : $A cmp $B;`
			`}`
WIP - Fix grantSession rules creation from manager & message display (#1510) 2018-10-01 19:43:16 +02:00
Cleaning code (#1628) 2019-02-04 18:59:37 +01:00			`# Avoid display notification if AuthResult is not null`
Adapt GrantSession plugin to display authentication error on login form (#1666) 2019-03-18 11:53:30 +01:00			`if ( $req->authResult > PE_OK ) {`
			`$self->logger->debug(`
			`"Bad authentication, do not check grant session rules");`
			`return PE_BADCREDENTIALS;`
			`}`
Fix error msg & Improve unit test (#1628) 2019-02-04 17:40:18 +01:00
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00			`foreach ( sort sortByComment keys %{ $self->rules } ) {`
Improve log in plugin GrantSession (#1739) 2019-05-06 19:10:26 +02:00			`my $rule = $self->conf->{grantSessionRules}->{$_};`
			`$self->logger->debug("Grant session condition -> $rule");`
Replace request management in handler (#1044) Note: this is a big change, more tests needed 2017-03-28 23:07:49 +02:00			`unless ( $self->rules->{$_}->( $req, $req->sessionInfo ) ) {`
Enable history (#595) 2017-02-19 08:17:48 +01:00			`$req->userData( {} );`
WIP - Fix grantSession rules creation from manager & message display (#1510) 2018-10-01 19:43:16 +02:00
			`# Catch rule message`
			`$_ =~ /^(.?)##.$/;`
perltidy 2018-10-07 11:40:26 +02:00			`if ($1) {`
Append debug message (#1510) 2018-10-01 22:46:28 +02:00			`$self->logger->debug("Message -> $1");`
perltidy 2018-10-07 15:19:00 +02:00
Tidy 2019-02-05 23:12:17 +01:00			`# Message can contain session data as user attributes or macros`
GrantSession message can contain session data (#1510) 2018-10-07 14:13:13 +02:00			`my $hd = $self->p->HANDLER;`
			`my $msg = $hd->substitute($1);`
Improve code (#1510) 2018-10-07 21:32:26 +02:00			`unless ( $msg = $hd->buildSub($msg) ) {`
Highlight error message (#2126 & #1625) 2020-03-28 18:12:34 +01:00			`my $error = $hd->tsv->{jail}->error \|\| '???';`
Fix warning if error is undefined (#2126 & #1625) 2020-03-28 17:58:39 +01:00			`$self->error("Bad message -> $error");`
Improve code (#1510) 2018-10-07 21:32:26 +02:00			`return PE_OK;`
GrantSession message can contain session data (#1510) 2018-10-07 14:13:13 +02:00			`}`
			`$msg = $msg->( $req, $req->sessionInfo );`
Improve log in plugin GrantSession (#1739) 2019-05-06 19:10:26 +02:00			`$self->logger->debug("Transformed message -> $msg");`
WIP - Fix grantSession rules creation from manager & message display (#1510) 2018-10-01 19:43:16 +02:00			`$req->info(`
			`$self->loadTemplate(`
Use user skin in loadTemplate (Fixes: #1828) 2019-06-28 13:40:56 +02:00			`$req, 'simpleInfo', params => { trspan => $msg }`
WIP - Fix grantSession rules creation from manager & message display (#1510) 2018-10-01 19:43:16 +02:00			`)`
			`);`
			`$self->userLogger->error( 'User '`
Tidy 2019-02-05 23:12:17 +01:00			`. $req->sessionInfo->{uid}`
Improve log in plugin GrantSession (#1739) 2019-05-06 19:10:26 +02:00			`. " was not granted to open session (rule -> $rule)" );`
WIP - Fix grantSession rules creation from manager & message display (#1510) 2018-10-01 19:43:16 +02:00			`$req->urldc( $self->conf->{portal} );`
			`return $req->authResult(PE_SESSIONNOTGRANTED);`
			`}`
			`else {`
			`$self->userLogger->error( 'User '`
Tidy 2019-02-05 23:12:17 +01:00			`. $req->sessionInfo->{uid}`
			`. " was not granted to open session (rule -> "`
			`. $self->conf->{grantSessionRules}->{$_}`
			`. ")" );`
WIP - Fix grantSession rules creation from manager & message display (#1510) 2018-10-01 19:43:16 +02:00			`$req->urldc( $self->conf->{portal} );`
			`return $req->authResult(PE_SESSIONNOTGRANTED);`
			`}`
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00			`}`
			`}`
Add user logs informations (#1687) 2019-03-27 16:00:39 +01:00
			`# Log`
			`my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };`
			`my $mod = $req->{sessionInfo}->{_auth};`
Merge branch 'antoinerosier/lemonldap-ng-logs' into v2.0 2019-03-27 21:44:25 +01:00			`$self->userLogger->notice(`
			`"Session granted for $user by $mod ($req->{sessionInfo}->{ipAddr})")`
			`if $user;`
Fix mistake (#1510) 2018-10-01 19:53:21 +02:00			`return PE_OK;`
GrantSession plugin (#595) 2017-02-16 19:14:42 +01:00			`}`

			`1;`