lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm

package Lemonldap::NG::Portal::Auth::Combination;

use strict;
use Mouse;
use Lemonldap::NG::Common::Combination::Parser;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR);
use Scalar::Util 'weaken';

our $VERSION = '2.0.2';

# TODO: See Lib::Wrapper
extends 'Lemonldap::NG::Portal::Main::Auth';
with 'Lemonldap::NG::Portal::Lib::OverConf';

# PROPERTIES

has stackSub => ( is => 'rw' );

has wrapUserLogger => (
    is      => 'rw',
    lazy    => 1,
    default => sub {
        Lemonldap::NG::Portal::Lib::Combination::UserLogger->new(
            $_[0]->userLogger );
    }
);

# INITIALIZATION

sub init {
    my ($self) = @_;

    # Check if expression exists
    unless ( $self->conf->{combination} ) {
        $self->error('No combination found');
        return 0;
    }

    # Load all declared modules
    my %mods;
    foreach my $key ( keys %{ $self->conf->{combModules} } ) {
        my @tmp = ( undef, undef );
        my $mod = $self->conf->{combModules}->{$key};

        unless ( $mod->{type} and defined $mod->{for} ) {
            $self->error("Malformed combination module $key");
            return 0;
        }

        # Override parameters

        # "for" key can have 3 values:
        # 0: this module will be used for Auth and UserDB
        # 1: this module will be used for Auth only
        # 2: this module will be used for UserDB only

        # Load Auth module
        if ( $mod->{for} < 2 ) {
            $tmp[0] = $self->loadPlugin( "::Auth::$mod->{type}", $mod->{over} );
            unless ( $tmp[0] ) {
                $self->error("Unable to load Auth::$mod->{type}");
                return 0;
            }
            $tmp[0]->{userLogger} = $self->wrapUserLogger;
            weaken $tmp[0]->{userLogger};
        }

        # Load UserDB module
        unless ( $mod->{for} == 1 ) {
            $tmp[1] =
              $self->loadPlugin( "::UserDB::$mod->{type}", $mod->{over} );
            unless ( $tmp[1] ) {
                $self->error("Unable to load UserDB::$mod->{type}");
                return 0;
            }
            $tmp[1]->{userLogger} = $self->wrapUserLogger;
            weaken $tmp[1]->{userLogger};
        }

        # Store modules as array
        $mods{$key} = \@tmp;
    }

    # Compile expression
    eval {
        $self->stackSub(
            Lemonldap::NG::Common::Combination::Parser->parse(
                \%mods, $self->conf->{combination}
            )
        );
    };
    if ($@) {
        $self->error("Bad combination: $@");
        return 0;
    }
    return 1;
}

# Each first method must call getStack() to get the auth scheme available for
# the current user
sub extractFormInfo {
    my ( $self, $req ) = @_;
    return $self->try( 0, 'extractFormInfo', $req );
}

# Note that UserDB::Combination uses the same object.
sub getUser {
    return $_[0]->try( 1, 'getUser', $_[1] );
}

sub authenticate {
    return $_[0]->try( 0, 'authenticate', $_[1] );
}

sub setAuthSessionInfo {
    return $_[0]->try( 0, 'setAuthSessionInfo', $_[1] );
}

sub setSessionInfo {
    return $_[0]->try( 1, 'setSessionInfo', $_[1] );
}

sub setGroups {
    return $_[0]->try( 1, 'setGroups', $_[1] );
}

sub getDisplayType {
    my ( $self, $req ) = @_;
    return $self->conf->{combinationForms}
      if ( $self->conf->{combinationForms} );
    my ( $nb, $stack ) = (
        $req->data->{dataKeep}->{combinationTry},
        $req->data->{combinationStack}
    );
    my ( $res, $name ) = $stack->[$nb]->[0]->( 'getDisplayType', $req );
    return $res;
}

sub authLogout {
    my ( $self, $req ) = @_;
    $self->getStack( $req, 'extractFormInfo' ) or return PE_ERROR;

    # Avoid warning msg at first access
    $req->userData->{_combinationTry} ||= '';
    my ( $res, $name ) =
      $req->data->{combinationStack}->[ $req->userData->{_combinationTry} ]
      ->[0]->( 'authLogout', $req );
    $self->logger->debug(qq'User disconnected using scheme "$name"');
    return $res;
}

sub getStack {
    my ( $self, $req, @steps ) = @_;
    return $req->data->{combinationStack}
      if ( $req->data->{combinationStack} );
    my $stack = $req->data->{combinationStack} = $self->stackSub->( $req->env );
    unless ($stack) {
        $self->logger->error('No authentication scheme for this user');
    }
    @{ $req->data->{combinationSteps} } = ( @steps, @{ $req->steps } );
    $req->data->{dataKeep}->{combinationTry} ||= 0;
    return $stack;
}

# Main running method: launch the next scheme if the current fails
sub try {
    my ( $self, $type, $subname, $req ) = @_;

    # Get available authentication schemes for this user if not done
    unless ( defined $req->data->{combinationStack} ) {
        $self->getStack( $req, $subname ) or return PE_ERROR;
    }
    my ( $nb, $stack ) = (
        $req->data->{dataKeep}->{combinationTry},
        $req->data->{combinationStack}
    );

    # If more than 1 scheme is available
    my ( $res, $name );
    if ( $nb < @$stack - 1 ) {

        # TODO: change logLevel for userLog()
        ( $res, $name ) = $stack->[$nb]->[$type]->( $subname, $req );

        # On error, restart authentication with next scheme
        if ( $res > PE_OK ) {
            $self->logger->info(qq'Scheme "$name" returned $res, trying next');
            $req->data->{dataKeep}->{combinationTry}++;
            $req->steps( [ @{ $req->data->{combinationSteps} } ] );
            $req->continue(1);
            return PE_OK;
        }
    }
    else {
        ( $res, $name ) = $stack->[$nb]->[$type]->( $subname, $req );
    }
    $req->sessionInfo->{ [ '_auth', '_userDB' ]->[$type] } = $name;
    $req->sessionInfo->{_combinationTry} =
      $req->data->{dataKeep}->{combinationTry};
    if ( $res > 0 ) {
        $self->userLogger->warn( 'All schemes failed'
              . ( $req->user ? ' for user ' . $req->user : '' ) );
    }
    return $res;
}

# try() stores real Auth/UserDB module in sessionInfo
# This method reads them. It is called by getModule()
# (see Main::Run)
sub name {
    my ( $self, $req, $type ) = @_;
    return $req->sessionInfo->{ ( $type eq 'auth' ? '_auth' : '_userDB' ) }
      || 'Combination';
}

package Lemonldap::NG::Portal::Lib::Combination::UserLogger;

# This logger rewrite "warn" to "notice"

sub new {
    my ( $class, $realLogger ) = @_;
    return bless { logger => $realLogger }, $class;
}

sub warn {
    my ($auth) = caller(0);
    $_[0]->{logger}->notice("Combination ($auth): $_[1]");
}

sub AUTOLOAD {
    no strict;
    return $_[0]->{logger}->$AUTOLOAD( $_[1] )
      if ( $AUTOLOAD =~ /^(?:notice|debug|error|info)$/ );
}

1;
Combination in progress (#1151) 2017-02-05 14:11:14 +01:00			`package Lemonldap::NG::Portal::Auth::Combination;`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00
			`use strict;`
			`use Mouse;`
			`use Lemonldap::NG::Common::Combination::Parser;`
			`use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR);`
Fix loadPlugin/loadModule issues in Choice (#1500) 2018-10-03 22:31:28 +02:00			`use Scalar::Util 'weaken';`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00
Update versions 2019-02-05 18:44:31 +01:00			`our $VERSION = '2.0.2';`
Missing versions (#595) 2017-02-28 21:53:19 +01:00
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`# TODO: See Lib::Wrapper`
Move Auth::Base to Main::Auth 2018-02-19 22:11:43 +01:00			`extends 'Lemonldap::NG::Portal::Main::Auth';`
Factor loadPlugin override (#1500) 2018-10-03 21:48:57 +02:00			`with 'Lemonldap::NG::Portal::Lib::OverConf';`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00
			`# PROPERTIES`

			`has stackSub => ( is => 'rw' );`

Replace userLogger object in Combination 2017-02-15 15:16:53 +01:00			`has wrapUserLogger => (`
			`is => 'rw',`
Mark some properties "lazy" to be sure conf is intialized (#595) 2017-03-27 18:51:18 +02:00			`lazy => 1,`
Replace userLogger object in Combination 2017-02-15 15:16:53 +01:00			`default => sub {`
Better userLogger (fix: #857) 2017-02-15 15:17:02 +01:00			`Lemonldap::NG::Portal::Lib::Combination::UserLogger->new(`
Fix some missing "lazy" (#1545) 2018-11-16 17:30:57 +01:00			`$_[0]->userLogger );`
Replace userLogger object in Combination 2017-02-15 15:16:53 +01:00			`}`
			`);`

Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`# INITIALIZATION`

			`sub init {`
			`my ($self) = @_;`
Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00
			`# Check if expression exists`
Combination in progress (#1151) 2017-02-05 14:11:14 +01:00			`unless ( $self->conf->{combination} ) {`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`$self->error('No combination found');`
			`return 0;`
			`}`
Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00
			`# Load all declared modules`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`my %mods;`
Update combModules key (#1151) 2017-02-06 13:36:27 +01:00			`foreach my $key ( keys %{ $self->conf->{combModules} } ) {`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`my @tmp = ( undef, undef );`
Update combModules key (#1151) 2017-02-06 13:36:27 +01:00			`my $mod = $self->conf->{combModules}->{$key};`

			`unless ( $mod->{type} and defined $mod->{for} ) {`
			`$self->error("Malformed combination module $key");`
			`return 0;`
			`}`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00
Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00			`# Override parameters`

			`# "for" key can have 3 values:`
			`# 0: this module will be used for Auth and UserDB`
Fix typo 2018-08-29 18:51:20 +02:00			`# 1: this module will be used for Auth only`
			`# 2: this module will be used for UserDB only`
Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00
			`# Load Auth module`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`if ( $mod->{for} < 2 ) {`
Update combModules key (#1151) 2017-02-06 13:36:27 +01:00			`$tmp[0] = $self->loadPlugin( "::Auth::$mod->{type}", $mod->{over} );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`unless ( $tmp[0] ) {`
			`$self->error("Unable to load Auth::$mod->{type}");`
			`return 0;`
			`}`
Fix loadPlugin/loadModule issues in Choice (#1500) 2018-10-03 22:31:28 +02:00			`$tmp[0]->{userLogger} = $self->wrapUserLogger;`
			`weaken $tmp[0]->{userLogger};`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`
Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00
			`# Load UserDB module`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`unless ( $mod->{for} == 1 ) {`
Update combModules key (#1151) 2017-02-06 13:36:27 +01:00			`$tmp[1] =`
			`$self->loadPlugin( "::UserDB::$mod->{type}", $mod->{over} );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`unless ( $tmp[1] ) {`
			`$self->error("Unable to load UserDB::$mod->{type}");`
			`return 0;`
			`}`
Fix loadPlugin/loadModule issues in Choice (#1500) 2018-10-03 22:31:28 +02:00			`$tmp[1]->{userLogger} = $self->wrapUserLogger;`
			`weaken $tmp[1]->{userLogger};`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`
Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00
			`# Store modules as array`
Update combModules key (#1151) 2017-02-06 13:36:27 +01:00			`$mods{$key} = \@tmp;`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`
Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00
			`# Compile expression`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`eval {`
			`$self->stackSub(`
			`Lemonldap::NG::Common::Combination::Parser->parse(`
Combination in progress (#1151) 2017-02-05 14:11:14 +01:00			`\%mods, $self->conf->{combination}`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`)`
			`);`
			`};`
			`if ($@) {`
			`$self->error("Bad combination: $@");`
			`return 0;`
			`}`
			`return 1;`
			`}`

Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00			`# Each first method must call getStack() to get the auth scheme available for`
			`# the current user`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`sub extractFormInfo {`
			`my ( $self, $req ) = @_;`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`return $self->try( 0, 'extractFormInfo', $req );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`

Fix typo 2018-08-29 18:51:20 +02:00			`# Note that UserDB::Combination uses the same object.`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`sub getUser {`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`return $_[0]->try( 1, 'getUser', $_[1] );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`

			`sub authenticate {`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`return $_[0]->try( 0, 'authenticate', $_[1] );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`

			`sub setAuthSessionInfo {`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`return $_[0]->try( 0, 'setAuthSessionInfo', $_[1] );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`

			`sub setSessionInfo {`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`return $_[0]->try( 1, 'setSessionInfo', $_[1] );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`

			`sub setGroups {`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`return $_[0]->try( 1, 'setGroups', $_[1] );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`

			`sub getDisplayType {`
Add test for combination (#1151) 2017-02-07 07:21:23 +01:00			`my ( $self, $req ) = @_;`
Add authLogout sub (#1151) 2017-02-16 18:22:03 +01:00			`return $self->conf->{combinationForms}`
			`if ( $self->conf->{combinationForms} );`
Keep combination state with stay connected (#1131) 2017-03-08 21:56:45 +01:00			`my ( $nb, $stack ) = (`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`$req->data->{dataKeep}->{combinationTry},`
			`$req->data->{combinationStack}`
Keep combination state with stay connected (#1131) 2017-03-08 21:56:45 +01:00			`);`
Add test for combination (#1151) 2017-02-07 07:21:23 +01:00			`my ( $res, $name ) = $stack->[$nb]->[0]->( 'getDisplayType', $req );`
			`return $res;`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`

Add authLogout sub (#1151) 2017-02-16 18:22:03 +01:00			`sub authLogout {`
			`my ( $self, $req ) = @_;`
			`$self->getStack( $req, 'extractFormInfo' ) or return PE_ERROR;`
Tidy 2019-02-05 23:12:17 +01:00
Fix warning mgs 2019-02-03 20:05:14 +01:00			`# Avoid warning msg at first access`
			`$req->userData->{_combinationTry} \|\|= '';`
Add authLogout sub (#1151) 2017-02-16 18:22:03 +01:00			`my ( $res, $name ) =`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`$req->data->{combinationStack}->[ $req->userData->{_combinationTry} ]`
Add authLogout sub (#1151) 2017-02-16 18:22:03 +01:00			`->[0]->( 'authLogout', $req );`
			`$self->logger->debug(qq'User disconnected using scheme "$name"');`
			`return $res;`
			`}`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00
			`sub getStack {`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`my ( $self, $req, @steps ) = @_;`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`return $req->data->{combinationStack}`
			`if ( $req->data->{combinationStack} );`
make tidy 2018-07-05 23:00:40 +02:00			`my $stack = $req->data->{combinationStack} = $self->stackSub->( $req->env );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`unless ($stack) {`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$self->logger->error('No authentication scheme for this user');`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`@{ $req->data->{combinationSteps} } = ( @steps, @{ $req->steps } );`
			`$req->data->{dataKeep}->{combinationTry} \|\|= 0;`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`return $stack;`
			`}`

Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00			`# Main running method: launch the next scheme if the current fails`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`sub try {`
			`my ( $self, $type, $subname, $req ) = @_;`
Keep combination state when used with StayConnected (#1131) 2017-03-08 21:56:47 +01:00
			`# Get available authentication schemes for this user if not done`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`unless ( defined $req->data->{combinationStack} ) {`
Keep combination state when used with StayConnected (#1131) 2017-03-08 21:56:47 +01:00			`$self->getStack( $req, $subname ) or return PE_ERROR;`
			`}`
Keep combination state with stay connected (#1131) 2017-03-08 21:56:45 +01:00			`my ( $nb, $stack ) = (`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`$req->data->{dataKeep}->{combinationTry},`
			`$req->data->{combinationStack}`
Keep combination state with stay connected (#1131) 2017-03-08 21:56:45 +01:00			`);`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00
			`# If more than 1 scheme is available`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`my ( $res, $name );`
More combination tests (#1151) 2017-02-05 22:12:06 +01:00			`if ( $nb < @$stack - 1 ) {`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00
			`# TODO: change logLevel for userLog()`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`( $res, $name ) = $stack->[$nb]->[$type]->( $subname, $req );`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00
			`# On error, restart authentication with next scheme`
			`if ( $res > PE_OK ) {`
Tidy 2018-03-13 07:14:01 +01:00			`$self->logger->info(qq'Scheme "$name" returned $res, trying next');`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`$req->data->{dataKeep}->{combinationTry}++;`
			`$req->steps( [ @{ $req->data->{combinationSteps} } ] );`
Avoid warning (#1151) 2017-03-22 19:11:40 +01:00			`$req->continue(1);`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`return PE_OK;`
			`}`
			`}`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`else {`
More combination tests (#1151) 2017-02-05 22:12:06 +01:00			`( $res, $name ) = $stack->[$nb]->[$type]->( $subname, $req );`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`}`
			`$req->sessionInfo->{ [ '_auth', '_userDB' ]->[$type] } = $name;`
Keep combination state with stay connected (#1131) 2017-03-08 21:56:45 +01:00			`$req->sessionInfo->{_combinationTry} =`
s/datas/data datas => des données data => les données 2018-07-05 22:56:16 +02:00			`$req->data->{dataKeep}->{combinationTry};`
Replace userLogger object in Combination 2017-02-15 15:16:53 +01:00			`if ( $res > 0 ) {`
			`$self->userLogger->warn( 'All schemes failed'`
			`. ( $req->user ? ' for user ' . $req->user : '' ) );`
			`}`
Combination in progress (#1151) 2017-02-05 18:05:33 +01:00			`return $res;`
Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`}`

Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00			`# try() stores real Auth/UserDB module in sessionInfo`
			`# This method reads them. It is called by getModule()`
			`# (see Main::Run)`
			`sub name {`
			`my ( $self, $req, $type ) = @_;`
			`return $req->sessionInfo->{ ( $type eq 'auth' ? '_auth' : '_userDB' ) }`
			`\|\| 'Combination';`
			`}`

Better userLogger (fix: #857) 2017-02-15 15:17:02 +01:00			`package Lemonldap::NG::Portal::Lib::Combination::UserLogger;`
Replace userLogger object in Combination 2017-02-15 15:16:53 +01:00
			`# This logger rewrite "warn" to "notice"`

			`sub new {`
			`my ( $class, $realLogger ) = @_;`
			`return bless { logger => $realLogger }, $class;`
			`}`

			`sub warn {`
			`my ($auth) = caller(0);`
			`$_[0]->{logger}->notice("Combination ($auth): $_[1]");`
Combination override conf (#1151) TODO: lot of job in the manager... 2017-02-06 00:04:28 +01:00			`}`

Better userLogger (fix: #857) 2017-02-15 15:17:02 +01:00			`sub AUTOLOAD {`
			`no strict;`
			`return $_[0]->{logger}->$AUTOLOAD( $_[1] )`
			`if ( $AUTOLOAD =~ /^(?:notice\|debug\|error\|info)$/ );`
			`}`

Combination skeleton (#1151) 2017-02-05 13:24:26 +01:00			`1;`