
392 lines
11 KiB
Raw Normal View History

# Manager main component
# This package contains these parts:
# - Properties and private methods
# - Initialization method (launched by Lemonldap::NG::Common::PSGI)
# that declares routes
# - Upload methods (launched by Lemonldap::NG::Common::PSGI::Router)
# It inherits from Conf.pm to responds to display methods and from
# Sessions.pm to manage sessions
package Lemonldap::NG::Manager;
2020-11-21 18:19:10 +01:00
use strict;
2016-01-07 13:34:34 +01:00
use utf8;
use Mouse;
use JSON;
use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Common::PSGI::Constants;
2021-07-22 17:53:50 +02:00
our $VERSION = '2.0.12';
extends qw(
2017-03-15 23:27:58 +01:00
has csp => ( is => 'rw' );
2020-02-20 23:34:02 +01:00
has loadedPlugins => ( is => 'rw', default => sub { [] } );
2020-01-27 18:32:59 +01:00
has hLoadedPlugins => ( is => 'rw', default => sub { {} } );
## @method boolean init($args)
# Launch initialization method
# @param $args hashref to merge with object
# @return 0 in case of error, 1 else
sub init {
my ( $self, $args ) = @_;
$args ||= {};
if ( my $localconf = $self->confAcc->getLocalConf(MANAGERSECTION) ) {
2017-02-21 07:41:50 +01:00
foreach ( keys %$localconf ) {
$args->{$_} //= $localconf->{$_};
2017-03-03 18:25:03 +01:00
$self->{$_} = $args->{$_} unless (/^(?:l|userL)ogger$/);
2017-02-21 07:41:50 +01:00
# Manager needs to keep new Ajax behaviour
$args->{noAjaxHook} = 0;
2016-02-17 11:12:19 +01:00
return 0
unless ( $self->Lemonldap::NG::Handler::PSGI::Router::init($args) );
# TODO: manage errors
unless ( -r $self->{templateDir} ) {
2015-05-14 08:45:03 +02:00
$self->error("Unable to read $self->{templateDir}");
return 0;
2009-12-11 19:17:00 +01:00
2020-01-27 18:32:59 +01:00
my $conf = $self->confAcc->getConf;
2020-02-20 23:34:02 +01:00
$conf->{$_} = $args->{$_} foreach ( keys %$args );
2020-01-27 18:32:59 +01:00
2019-11-08 18:31:50 +01:00
$self->{enabledModules} ||= "conf, sessions, notifications, 2ndFA, api";
my @links;
my @enabledModules =
2020-01-27 18:32:59 +01:00
map {
my @res = ( "Lemonldap::NG::Manager::" . ucfirst($_) );
if ( my $tmp = $self->loadPlugin( @res, $conf ) ) {
$self->logger->debug("Plugin $_ loaded");
push @links, $_;
push @{ $self->loadedPlugins }, $tmp;
$self->hLoadedPlugins->{$_} = $tmp;
else {
$self->logger->error("Unable to load $_, skipping");
@res = ();
split( /[,\s]+/, $self->{enabledModules} );
2020-01-27 18:32:59 +01:00
unless (@enabledModules) {
$self->logger->error('No plugins loaded, aborting');
return 0;
2017-06-05 18:45:55 +02:00
unless ($conf) {
require Lemonldap::NG::Manager::Conf::Zero;
$conf = Lemonldap::NG::Manager::Conf::Zero::zeroConf();
2020-01-27 18:32:59 +01:00
# TODO: -> loadPlugin
#for ( my $i = 0 ; $i < @enabledModules ; $i++ ) {
# my $mod = $enabledModules[$i];
# no strict 'refs';
# if ( &{"${mod}::addRoutes"}( $self, $conf ) ) {
# $self->logger->debug("Module $mod enabled");
# push @working, $mod;
# }
# else {
# $links[$i] = undef;
# $self->logger->error(
# "Module $mod can not be enabled: " . $self->error );
# }
2017-02-21 06:38:59 +01:00
$self->addRoute( links => 'links', ['GET'] );
$self->addRoute( 'psgi.js' => 'sendJs', ['GET'] );
2017-03-15 23:27:58 +01:00
my $portal = $conf->{portal};
2017-03-16 07:30:32 +01:00
$portal =~ s#https?://([^/]*).*#$1#;
2017-03-15 23:27:58 +01:00
2018-03-13 07:14:01 +01:00
"default-src 'self' $portal;frame-ancestors 'none';form-action 'self';"
2017-03-15 23:27:58 +01:00
# Avoid restricted users to access configuration by default route
2020-01-27 18:32:59 +01:00
my $defaultMod = $self->{defaultModule} =
$self->{defaultModule} || $enabledModules[0];
$self->logger->debug("Default module -> $defaultMod");
my ($index) =
2020-01-27 18:32:59 +01:00
grep { $enabledModules[$_] eq $defaultMod } ( 0 .. $#enabledModules );
$index //= 0;
$self->logger->debug("Default index -> $index");
2020-01-27 18:32:59 +01:00
$self->defaultRoute( $self->loadedPlugins->[$index]->defaultRoute );
# Find out more glyphicones at https://www.w3schools.com/icons/bootstrap_icons_glyphicons.asp
2018-03-13 07:14:01 +01:00
my $linksIcons = {
'conf' => 'cog',
'sessions' => 'duplicate',
'notifications' => 'bell',
2019-03-12 22:59:15 +01:00
'2ndFA' => 'wrench',
'viewer' => 'eye-open',
2018-03-13 07:14:01 +01:00
2016-01-05 15:41:14 +01:00
$self->links( [] );
for ( my $i = 0 ; $i < @links ; $i++ ) {
next unless ( defined $links[$i] );
push @{ $self->links },
2016-01-05 15:41:14 +01:00
2020-01-27 18:32:59 +01:00
target => $self->loadedPlugins->[$i]->defaultRoute,
2016-01-05 15:41:14 +01:00
title => $links[$i],
icon => $linksIcons->{ $links[$i] }
2009-12-11 19:17:00 +01:00
2016-01-05 15:41:14 +01:00
2016-01-05 14:59:42 +01:00
$self->menuLinks( [] );
2017-06-23 11:57:07 +02:00
if (
my $portal =
2017-06-05 18:45:55 +02:00
? Lemonldap::NG::Handler::PSGI::Main->tsv->{portal}->()
2017-06-23 11:57:07 +02:00
: $conf->{portal}
2017-06-05 18:45:55 +02:00
2016-07-03 09:28:08 +02:00
push @{ $self->menuLinks },
target => $portal,
title => 'backtoportal',
icon => 'home'
target => "$portal?logout=1",
title => 'logout',
icon => 'log-out'
2009-12-11 19:17:00 +01:00
sub tplParams {
my ( $self, $req ) = @_;
2020-02-20 23:34:02 +01:00
my $res = eval {
$self->hLoadedPlugins->{viewer}->brwRule->( $req, $req->{userData} );
} || 0;
return ( VERSION => $VERSION, ALLOWBROWSER => $res );
2017-01-18 00:17:23 +01:00
sub javascript {
my ( $self, $req ) = @_;
2020-02-20 23:34:02 +01:00
my $res = eval {
2020-04-15 00:51:18 +02:00
&& $self->hLoadedPlugins->{viewer}
->diffRule->( $req, $req->{userData} );
2020-02-20 23:34:02 +01:00
} || 0;
2020-01-27 18:32:59 +01:00
print STDERR $@ if $@;
2020-02-11 17:52:52 +01:00
my $impPrefix = $self->{impersonationPrefix} || 'real_';
2020-02-20 23:34:02 +01:00
my $ttl = $self->{timeout} || 72000;
2017-01-18 00:17:23 +01:00
'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";var viewPrefix=scriptname+"view/";'
. 'var allowDiff=' . "$res;"
2019-05-11 20:18:43 +02:00
. 'var impPrefix=' . "'"
. $impPrefix . "'" . ';'
. 'var sessionTTL=' . "$ttl;"
2017-01-18 00:17:23 +01:00
. ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' )
2017-02-15 07:41:50 +01:00
. (
2017-01-18 00:17:23 +01:00
? 'var menulinks=' . to_json( $self->menuLinks ) . ';'
2017-02-15 07:41:50 +01:00
: ''
2017-03-15 23:27:58 +01:00
sub sendHtml {
my ( $self, $req, $template, %args ) = @_;
my $res = $self->SUPER::sendHtml( $req, $template, %args );
push @{ $res->[1] },
'Content-Security-Policy' => $self->csp,
'X-Content-Type-Options' => 'nosniff',
'X-Frame-Options' => 'DENY',
'X-XSS-Protection' => '1; mode=block';
return $res;
2020-01-27 18:32:59 +01:00
sub loadPlugin {
my ( $self, $plugin, $conf ) = @_;
unless ($plugin) {
require Carp;
Carp::confess('Calling loadPugin without arg !');
my $obj;
$plugin = "Lemonldap::NG::Manager$plugin" if ( $plugin =~ /^::/ );
eval "require $plugin";
if ($@) {
$self->logger->error("$plugin load error: $@");
return 0;
eval {
$obj = $plugin->new( { p => $self, conf => $conf } );
$self->logger->debug("Module $plugin loaded");
if ($@) {
$self->error("Unable to build $plugin object: $@");
return 0;
( $obj and $obj->init($conf) ) or return 0;
return $obj;
2009-12-11 19:17:00 +01:00
=head1 NAME
=encoding utf8
Lemonldap::NG::Manager - Perl extension for managing Lemonldap::NG Web-SSO
2017-01-05 08:41:29 +01:00
Use any of Plack launcher. Example:
#!/usr/bin/env plackup
use Lemonldap::NG::Manager;
# This must be the last instruction ! See PSGI for more
Lemonldap::NG::Manager provides a web interface to manage Lemonldap::NG Web-SSO
2015-12-26 08:30:27 +01:00
The Perl part of Lemonldap::NG::Manager is the REST server. Web interface is
written in Javascript, using AngularJS framework and can be found in `site`
2018-08-22 15:19:37 +02:00
directory. The REST API is described in REST-API.md file provided in source tree.
2015-12-26 08:30:27 +01:00
2018-08-22 15:19:37 +02:00
Lemonldap::NG Manager uses L<Plack> to be CGI, FastCGI and so on compatible.
It inherits of L<Lemonldap::NG::Handler::PSGI::Router>
2015-12-26 08:30:27 +01:00
2018-04-29 22:02:26 +02:00
Lemonldap::NG Manager contains 6 parts:
2015-12-26 08:30:27 +01:00
2017-01-05 06:57:16 +01:00
=item Configuration management
2015-12-26 08:30:27 +01:00
2017-01-05 06:57:16 +01:00
=item Session explorer
2015-12-26 08:30:27 +01:00
2017-01-05 06:57:16 +01:00
=item Notification explorer
2015-12-26 08:30:27 +01:00
2018-04-29 22:02:26 +02:00
=item Second Factors manager
2017-01-05 06:57:16 +01:00
=item Configuration builder (see L<Lemonldap::NG::Manager::Build>
2016-01-01 20:56:00 +01:00
2018-08-22 15:19:37 +02:00
=item Command line interface (see L<Lemonldap::NG::Manager::Cli>
2015-12-26 08:30:27 +01:00
2018-08-22 15:19:37 +02:00
=head2 Static files generation
2015-12-26 08:30:27 +01:00
2018-08-22 15:19:37 +02:00
`scripts/jsongenerator.pl` file uses Lemonldap::NG::Manager::Build::Attributes,
Lemonldap::NG::Manager::Build::Tree and Lemonldap::NG::Manager::Build::CTrees to generate
2015-12-26 08:30:27 +01:00
2017-02-27 07:08:22 +01:00
=item `site/htdocs/static/struct.json`:
2016-01-01 20:56:00 +01:00
2018-08-22 15:19:37 +02:00
main file containing the tree view;
2016-01-01 20:56:00 +01:00
2017-02-27 07:08:22 +01:00
=item `site/htdocs/static/js/conftree.js`:
2016-01-01 20:56:00 +01:00
2018-08-22 15:19:37 +02:00
generates Virtualhosts, SAML and OpenID-Connect partners sub-trees;
2016-01-01 20:56:00 +01:00
=item `Lemonldap::NG::Common::Conf::ReConstants`:
2015-12-26 08:30:27 +01:00
2016-01-01 20:56:00 +01:00
constants used by all Perl manager components;
2015-12-26 08:30:27 +01:00
2016-01-01 20:56:00 +01:00
=item `Lemonldap::NG::Common::Conf::DefaultValues`:
2015-12-26 08:30:27 +01:00
2016-01-01 20:56:00 +01:00
constants used to read configuration.
2015-12-26 08:30:27 +01:00
You can use a hash ref to override any LemonLDAP::NG parameter. Currently, you
can specify where your lemonldap-ng.ini file is:
Lemonldap::NG::Manager->run( { confFile => '/path/to/lemonldap-ng.ini' } );
2015-12-26 08:30:27 +01:00
=head2 lemonldap-ng.ini parameters
You can override any configuration parameter in lemonldap-ng.ini, but some are
required and can't be set to global configuration (as any Lemonldap::NG module,
you can also fix them in $opts hash ref passed as argument to run() or new()).
;protection: choose one of none, authenticate, manager as explain in
; Lemonldap::NG::Handler::PSGI::Router doc.
2015-12-26 08:30:27 +01:00
protection = manager
2018-05-02 15:10:23 +02:00
;enabledModules: Modules to display. Default to `conf, sessions, notifications, 2ndFA`
2018-04-29 22:02:26 +02:00
enabledModules = conf, sessions, notifications, 2ndFA
2015-12-26 08:30:27 +01:00
;logLevel: choose one of error, warn, notice, info, debug
; See Lemonldap::NG::Common::PSGI doc for more
logLevel = notice
;staticPrefix: set here the URI path to static content
; See Lemonldap::NG::Common::PSGI doc for more
staticPrefix = static/
;languages: Available interface languages
languages = en, fr
2018-08-22 15:19:37 +02:00
;templateDir: path to the directory containing HTML templates
2015-12-26 08:30:27 +01:00
; See Lemonldap::NG::Common::PSGI doc for more
templateDir = /usr/share/lemonldap-ng/manager/
=head1 SEE ALSO
2010-10-26 08:08:16 +02:00
=head1 AUTHORS
2017-01-04 21:37:29 +01:00
=item LemonLDAP::NG team L<http://lemonldap-ng.org/team>
Use OW2 system to report bug or ask for features:
2017-11-11 14:06:23 +01:00
2017-01-05 06:57:16 +01:00
Note that if you want to post a ticket for a conf upload problem, please
see L<Lemonldap::NG::Manager::Conf::Parser> before.
Lemonldap::NG is available at
2021-08-12 16:05:42 +02:00
2017-01-04 21:37:29 +01:00
See COPYING file for details.
This library is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see L<http://www.gnu.org/licenses/>.