2016-04-07 23:31:56 +02:00
|
|
|
## @file
|
|
|
|
|
# Display functions for LemonLDAP::NG Portal
|
|
|
|
|
package Lemonldap::NG::Portal::Main::Display;
|
|
|
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
|
|
|
|
|
package Lemonldap::NG::Portal::Main;
|
|
|
|
|
use strict;
|
2017-09-18 22:40:01 +02:00
|
|
|
use Mouse;
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2016-08-09 14:08:49 +02:00
|
|
|
has skinRules => ( is => 'rw' );
|
|
|
|
|
|
|
|
|
|
sub displayInit {
|
|
|
|
|
my ($self) = @_;
|
|
|
|
|
$self->skinRules( [] );
|
|
|
|
|
if ( $self->conf->{portalSkinRules} ) {
|
|
|
|
|
foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) {
|
|
|
|
|
my $sub = HANDLER->buildSub( HANDLER->substitute($skinRule) );
|
|
|
|
|
if ($sub) {
|
|
|
|
|
push @{ $self->skinRules },
|
|
|
|
|
[ $self->conf->{portalSkinRules}->{$skinRule}, $sub ];
|
|
|
|
|
}
|
|
|
|
|
else {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error(
|
2016-08-09 14:08:49 +02:00
|
|
|
qq(Skin rule "$skinRule" returns an error: )
|
2017-02-15 07:41:50 +01:00
|
|
|
. HANDLER->tsv->{jail}->error );
|
2016-08-09 14:08:49 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-07 23:31:56 +02:00
|
|
|
# Call portal process and set template parameters
|
|
|
|
|
# @return template name and template parameters
|
|
|
|
|
sub display {
|
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
|
|
|
|
|
|
my $skin_dir = $self->conf->{templatesDir};
|
2016-05-24 07:05:51 +02:00
|
|
|
my ( $skinfile, %templateParams );
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 1. Authentication not complete
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 1.1 A notification has to be done (session is created but hidden and
|
2016-12-17 08:58:53 +01:00
|
|
|
# unusable until the user has accept the message)
|
2017-01-01 10:43:48 +01:00
|
|
|
if ( my $notif = $req->datas->{notification} ) {
|
2017-03-16 21:19:06 +01:00
|
|
|
$self->logger->debug('Display: notification detected');
|
2016-04-07 23:31:56 +02:00
|
|
|
$skinfile = 'notification';
|
|
|
|
|
%templateParams = (
|
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
|
|
|
|
NOTIFICATION => $notif,
|
2016-11-22 21:55:10 +01:00
|
|
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
2016-04-11 07:00:34 +02:00
|
|
|
AUTH_URL => $req->{datas}->{_url},
|
2016-04-07 23:31:56 +02:00
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2016-12-30 08:03:48 +01:00
|
|
|
CHOICE_VALUE => $req->datas->{_authChoice},
|
2017-04-06 13:33:12 +02:00
|
|
|
(
|
|
|
|
|
$req->datas->{customScript}
|
|
|
|
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
|
|
|
|
: ()
|
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 1.2 An authentication (or userDB) module needs to ask a question
|
2016-04-07 23:31:56 +02:00
|
|
|
# before processing to the request
|
|
|
|
|
elsif ( $req->{error} == PE_CONFIRM ) {
|
2017-03-16 21:19:06 +01:00
|
|
|
$self->logger->debug('Display: confirm detected');
|
2016-04-07 23:31:56 +02:00
|
|
|
$skinfile = 'confirm';
|
|
|
|
|
%templateParams = (
|
|
|
|
|
AUTH_ERROR => $req->error,
|
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
2016-04-11 07:00:34 +02:00
|
|
|
AUTH_URL => $req->{datas}->{_url},
|
2016-04-07 23:31:56 +02:00
|
|
|
MSG => $req->info,
|
2016-11-22 21:55:10 +01:00
|
|
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
2016-12-31 08:57:24 +01:00
|
|
|
ACTIVE_TIMER => $req->datas->{activeTimer},
|
2016-04-07 23:31:56 +02:00
|
|
|
FORM_METHOD => $self->conf->{confirmFormMethod},
|
|
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2016-12-30 08:03:48 +01:00
|
|
|
CHOICE_VALUE => $req->datas->{_authChoice},
|
2016-04-07 23:31:56 +02:00
|
|
|
CHECK_LOGINS => $self->conf->{portalCheckLogins}
|
2016-12-30 08:03:48 +01:00
|
|
|
&& $req->datas->{login},
|
2017-02-19 13:02:19 +01:00
|
|
|
ASK_LOGINS => $req->param('checkLogins') || 0,
|
2016-04-07 23:31:56 +02:00
|
|
|
CONFIRMKEY => $self->stamp(),
|
2017-03-03 18:25:03 +01:00
|
|
|
LIST => $req->datas->{list} || [],
|
2016-12-30 08:03:48 +01:00
|
|
|
REMEMBER => $req->datas->{confirmRemember},
|
2017-04-06 13:33:12 +02:00
|
|
|
(
|
|
|
|
|
$req->datas->{customScript}
|
|
|
|
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
|
|
|
|
: ()
|
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 1.3 There is a message to display
|
|
|
|
|
elsif ( my $info = $req->info ) {
|
2017-03-16 21:19:06 +01:00
|
|
|
$self->logger->debug('Display: info detected');
|
2016-04-07 23:31:56 +02:00
|
|
|
$skinfile = 'info';
|
|
|
|
|
%templateParams = (
|
|
|
|
|
AUTH_ERROR => $self->error,
|
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
|
|
|
|
MSG => $info,
|
|
|
|
|
URL => $req->{urldc},
|
2016-11-22 21:55:10 +01:00
|
|
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
2016-12-31 08:57:24 +01:00
|
|
|
ACTIVE_TIMER => $req->datas->{activeTimer},
|
2016-04-07 23:31:56 +02:00
|
|
|
FORM_METHOD => $self->conf->{infoFormMethod},
|
|
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2016-12-30 08:03:48 +01:00
|
|
|
CHOICE_VALUE => $req->datas->{_authChoice},
|
2017-04-06 13:33:12 +02:00
|
|
|
(
|
|
|
|
|
$req->datas->{customScript}
|
|
|
|
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
|
|
|
|
: ()
|
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 1.4 OpenID menu page
|
2016-04-07 23:31:56 +02:00
|
|
|
elsif ($req->{error} == PE_OPENID_EMPTY
|
|
|
|
|
or $req->{error} == PE_OPENID_BADID )
|
|
|
|
|
{
|
|
|
|
|
$skinfile = 'openid';
|
2017-01-05 22:45:34 +01:00
|
|
|
my $p = $self->conf->{portal} . $self->conf->{issuerDBOpenIDPath};
|
|
|
|
|
$p =~ s#(?<!:)/?\^?/#/#g;
|
2017-01-09 16:43:37 +01:00
|
|
|
my $id = $req->{sessionInfo}
|
|
|
|
|
->{ $self->conf->{openIdAttr} || $self->conf->{whatToTrace} };
|
2016-04-07 23:31:56 +02:00
|
|
|
%templateParams = (
|
|
|
|
|
AUTH_ERROR => $self->error,
|
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
|
|
|
|
PROVIDERURI => $p,
|
2017-01-09 16:43:37 +01:00
|
|
|
MSG => $req->info(),
|
2017-04-06 13:33:12 +02:00
|
|
|
(
|
|
|
|
|
$req->datas->{customScript}
|
|
|
|
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
|
|
|
|
: ()
|
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
2017-01-09 16:43:37 +01:00
|
|
|
$templateParams{ID} = $req->datas->{_openidPortal} . $id if ($id);
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
|
2017-01-01 10:43:48 +01:00
|
|
|
# 2. Good authentication
|
|
|
|
|
|
|
|
|
|
# 2.1 Redirection
|
|
|
|
|
elsif ( $req->{error} == PE_REDIRECT ) {
|
|
|
|
|
$skinfile = "redirect";
|
|
|
|
|
%templateParams = (
|
|
|
|
|
URL => $req->{urldc},
|
|
|
|
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
|
|
|
|
FORM_METHOD => $req->datas->{redirectFormMethod} || 'get',
|
2017-04-06 13:33:12 +02:00
|
|
|
(
|
|
|
|
|
$req->datas->{customScript}
|
|
|
|
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
|
|
|
|
: ()
|
|
|
|
|
),
|
2017-01-01 10:43:48 +01:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-19 08:17:37 +01:00
|
|
|
# 2.2 Case : display menu (with error or not)
|
2017-02-19 08:17:42 +01:00
|
|
|
elsif ( $req->error == PE_OK ) {
|
2017-01-01 10:43:48 +01:00
|
|
|
$skinfile = 'menu';
|
|
|
|
|
|
|
|
|
|
#utf8::decode($auth_user);
|
|
|
|
|
%templateParams = (
|
|
|
|
|
AUTH_USER => $req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
|
|
|
|
|
NEWWINDOW => $self->conf->{portalOpenLinkInNewWindow},
|
2017-05-24 19:45:42 +02:00
|
|
|
LOGOUT_URL => $self->conf->{portal} . "?logout=1",
|
2017-09-04 17:09:28 +02:00
|
|
|
APPSLIST_ORDER => $req->{sessionInfo}->{'_appsListOrder'},
|
2017-05-24 19:45:42 +02:00
|
|
|
PING => $self->conf->{portalPingInterval},
|
|
|
|
|
REQUIRE_OLDPASSWORD => $self->conf->{portalRequireOldPassword},
|
|
|
|
|
HIDE_OLDPASSWORD => 0,
|
2017-01-01 10:43:48 +01:00
|
|
|
$self->menu->params($req),
|
2017-04-06 13:33:12 +02:00
|
|
|
(
|
|
|
|
|
$req->datas->{customScript}
|
|
|
|
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
|
|
|
|
: ()
|
|
|
|
|
),
|
2017-01-01 10:43:48 +01:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-23 21:49:52 +01:00
|
|
|
elsif ( $req->error == PE_RENEWSESSION ) {
|
2017-03-27 18:51:18 +02:00
|
|
|
$skinfile = 'upgradesession';
|
2017-03-23 21:49:52 +01:00
|
|
|
%templateParams = (
|
|
|
|
|
MSG => 'askToRenew',
|
|
|
|
|
CONFIRMKEY => $self->stamp,
|
|
|
|
|
PORTAL => $self->conf->{portal},
|
|
|
|
|
URL => $req->datas->{_url},
|
2017-04-06 13:33:12 +02:00
|
|
|
(
|
|
|
|
|
$req->datas->{customScript}
|
|
|
|
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
|
|
|
|
: ()
|
|
|
|
|
),
|
2017-03-23 21:49:52 +01:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-19 08:17:42 +01:00
|
|
|
# 2.3 Case : user authenticated but an error was returned (bas url,...)
|
2018-02-20 22:58:20 +01:00
|
|
|
elsif (
|
|
|
|
|
$req->noLoginDisplay
|
|
|
|
|
or ( not $req->datas->{noerror}
|
|
|
|
|
and $req->userData
|
|
|
|
|
and %{ $req->userData } )
|
|
|
|
|
)
|
2017-03-27 18:51:18 +02:00
|
|
|
{
|
2017-02-19 08:17:42 +01:00
|
|
|
$skinfile = 'error';
|
|
|
|
|
%templateParams = (
|
|
|
|
|
AUTH_ERROR => $req->error,
|
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
2017-04-06 13:33:12 +02:00
|
|
|
(
|
|
|
|
|
$req->datas->{customScript}
|
|
|
|
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
|
|
|
|
: ()
|
|
|
|
|
),
|
2017-02-19 08:17:42 +01:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-19 08:17:37 +01:00
|
|
|
# 3 Authentication has been refused OR first access
|
2016-04-07 23:31:56 +02:00
|
|
|
else {
|
2016-04-10 09:20:54 +02:00
|
|
|
$skinfile = 'login';
|
|
|
|
|
my $login = $self->userId($req);
|
|
|
|
|
$login = '' if ( $login eq 'anonymous' );
|
2016-04-07 23:31:56 +02:00
|
|
|
%templateParams = (
|
|
|
|
|
AUTH_ERROR => $req->error,
|
|
|
|
|
AUTH_ERROR_TYPE => $req->error_type,
|
2016-04-11 07:00:34 +02:00
|
|
|
AUTH_URL => $req->{datas}->{_url},
|
2016-04-10 09:20:54 +02:00
|
|
|
LOGIN => $login,
|
2016-04-07 23:31:56 +02:00
|
|
|
CHECK_LOGINS => $self->conf->{portalCheckLogins},
|
2017-02-19 13:02:19 +01:00
|
|
|
ASK_LOGINS => $req->param('checkLogins') || 0,
|
2016-04-07 23:31:56 +02:00
|
|
|
DISPLAY_RESETPASSWORD => $self->conf->{portalDisplayResetPassword},
|
|
|
|
|
DISPLAY_REGISTER => $self->conf->{portalDisplayRegister},
|
|
|
|
|
MAIL_URL => $self->conf->{mailUrl},
|
|
|
|
|
REGISTER_URL => $self->conf->{registerUrl},
|
2016-11-22 21:55:10 +01:00
|
|
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
2017-03-08 22:09:21 +01:00
|
|
|
STAYCONNECTED => $self->conf->{stayConnected},
|
2017-04-06 13:33:12 +02:00
|
|
|
(
|
|
|
|
|
$req->datas->{customScript}
|
|
|
|
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
|
|
|
|
: ()
|
|
|
|
|
),
|
2016-04-07 23:31:56 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
# Display captcha if it's enabled
|
2017-01-25 12:11:48 +01:00
|
|
|
if ( $req->captcha ) {
|
2016-04-07 23:31:56 +02:00
|
|
|
%templateParams = (
|
|
|
|
|
%templateParams,
|
2017-01-25 12:11:48 +01:00
|
|
|
CAPTCHA_SRC => $req->captcha,
|
2017-01-26 18:53:14 +01:00
|
|
|
CAPTCHA_SIZE => $self->{conf}->{captcha_size} || 6
|
2017-01-25 12:11:48 +01:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
if ( $req->token ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
%templateParams = ( %templateParams, TOKEN => $req->token, );
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Show password form if password policy error
|
|
|
|
|
if (
|
|
|
|
|
|
|
|
|
|
$req->{error} == PE_PP_CHANGE_AFTER_RESET
|
|
|
|
|
or $req->{error} == PE_PP_MUST_SUPPLY_OLD_PASSWORD
|
|
|
|
|
or $req->{error} == PE_PP_INSUFFICIENT_PASSWORD_QUALITY
|
|
|
|
|
or $req->{error} == PE_PP_PASSWORD_TOO_SHORT
|
|
|
|
|
or $req->{error} == PE_PP_PASSWORD_TOO_YOUNG
|
|
|
|
|
or $req->{error} == PE_PP_PASSWORD_IN_HISTORY
|
|
|
|
|
or $req->{error} == PE_PASSWORD_MISMATCH
|
|
|
|
|
or $req->{error} == PE_BADOLDPASSWORD
|
|
|
|
|
or $req->{error} == PE_PASSWORDFORMEMPTY
|
2016-05-11 15:04:40 +02:00
|
|
|
or ( $req->{error} == PE_PP_PASSWORD_EXPIRED
|
|
|
|
|
and $self->conf->{ldapAllowResetExpiredPassword} )
|
2016-04-07 23:31:56 +02:00
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
%templateParams = (
|
|
|
|
|
%templateParams,
|
|
|
|
|
REQUIRE_OLDPASSWORD =>
|
|
|
|
|
1, # Old password is required to check user credentials
|
|
|
|
|
DISPLAY_FORM => 0,
|
|
|
|
|
DISPLAY_OPENID_FORM => 0,
|
|
|
|
|
DISPLAY_YUBIKEY_FORM => 0,
|
|
|
|
|
DISPLAY_PASSWORD => 1,
|
|
|
|
|
DISPLAY_RESETPASSWORD => 0,
|
|
|
|
|
AUTH_LOOP => [],
|
|
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2016-12-30 08:03:48 +01:00
|
|
|
CHOICE_VALUE => $req->datas->{_authChoice},
|
2016-05-11 15:04:40 +02:00
|
|
|
OLDPASSWORD => $self->checkXSSAttack( 'oldpassword',
|
|
|
|
|
$req->datas->{oldpassword} )
|
2016-04-07 23:31:56 +02:00
|
|
|
? ""
|
2016-05-02 12:30:23 +02:00
|
|
|
: $req->datas->{oldpassword},
|
2016-04-07 23:31:56 +02:00
|
|
|
HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Disable all forms on:
|
|
|
|
|
# * Logout message
|
|
|
|
|
# * Bad URL error
|
|
|
|
|
elsif ($req->{error} == PE_LOGOUT_OK
|
|
|
|
|
or $req->{error} == PE_BADURL )
|
|
|
|
|
{
|
|
|
|
|
%templateParams = (
|
|
|
|
|
%templateParams,
|
|
|
|
|
DISPLAY_RESETPASSWORD => 0,
|
|
|
|
|
DISPLAY_FORM => 0,
|
|
|
|
|
DISPLAY_OPENID_FORM => 0,
|
|
|
|
|
DISPLAY_YUBIKEY_FORM => 0,
|
|
|
|
|
AUTH_LOOP => [],
|
|
|
|
|
MSG => $req->info(),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-07 07:21:23 +01:00
|
|
|
# Display authentication form
|
2016-04-07 23:31:56 +02:00
|
|
|
else {
|
|
|
|
|
|
|
|
|
|
# Authentication loop
|
2017-04-25 10:11:16 +02:00
|
|
|
if ( $self->conf->{authentication} eq 'Choice'
|
2016-07-03 09:28:08 +02:00
|
|
|
and my $authLoop = $self->_buildAuthLoop($req) )
|
|
|
|
|
{
|
2016-04-07 23:31:56 +02:00
|
|
|
%templateParams = (
|
|
|
|
|
%templateParams,
|
2016-07-02 21:09:45 +02:00
|
|
|
AUTH_LOOP => $authLoop,
|
2016-04-07 23:31:56 +02:00
|
|
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
2016-12-30 08:03:48 +01:00
|
|
|
CHOICE_VALUE => $req->datas->{_authChoice},
|
2016-04-07 23:31:56 +02:00
|
|
|
DISPLAY_FORM => 0,
|
|
|
|
|
DISPLAY_OPENID_FORM => 0,
|
|
|
|
|
DISPLAY_YUBIKEY_FORM => 0,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Choose what form to display if not in a loop
|
|
|
|
|
else {
|
|
|
|
|
|
2016-07-02 10:51:00 +02:00
|
|
|
my $displayType = $self->_authentication->getDisplayType($req);
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Display type $displayType ");
|
2016-04-07 23:31:56 +02:00
|
|
|
|
|
|
|
|
%templateParams = (
|
|
|
|
|
%templateParams,
|
2017-02-16 18:22:08 +01:00
|
|
|
DISPLAY_FORM => $displayType =~ /\bstandardform\b/ ? 1 : 0,
|
2017-02-19 08:17:37 +01:00
|
|
|
DISPLAY_OPENID_FORM => $displayType =~ /\bopenidform\b/ ? 1
|
|
|
|
|
: 0,
|
|
|
|
|
DISPLAY_YUBIKEY_FORM => $displayType =~ /\byubikeyform\b/
|
|
|
|
|
? 1
|
2016-04-07 23:31:56 +02:00
|
|
|
: 0,
|
2017-04-11 21:19:59 +02:00
|
|
|
DISPLAY_SSL_FORM => $displayType =~ /sslform/ ? 1 : 0,
|
|
|
|
|
DISPLAY_LOGO_FORM => $displayType eq "logo" ? 1 : 0,
|
|
|
|
|
module => $displayType eq "logo"
|
2016-05-23 23:52:32 +02:00
|
|
|
? $self->getModule( $req, 'auth' )
|
2016-04-07 23:31:56 +02:00
|
|
|
: "",
|
|
|
|
|
AUTH_LOOP => [],
|
|
|
|
|
PORTAL_URL =>
|
|
|
|
|
( $displayType eq "logo" ? $self->conf->{portal} : 0 ),
|
|
|
|
|
MSG => $req->info(),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-10 20:45:45 +02:00
|
|
|
# Additional $req param
|
2017-04-11 21:19:59 +02:00
|
|
|
%templateParams = ( %templateParams, %{ $req->{customParameters} // {} }, );
|
2016-04-07 23:31:56 +02:00
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Skin returned: $skinfile");
|
2016-04-13 23:06:04 +02:00
|
|
|
return ( $skinfile, \%templateParams );
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##@method public void printImage(string file, string type)
|
|
|
|
|
# Print image to STDOUT
|
|
|
|
|
# @param $file The path to the file to print
|
|
|
|
|
# @param $type The content-type to use (ie: image/png)
|
|
|
|
|
# @return void
|
|
|
|
|
sub staticFile {
|
2016-12-17 08:58:53 +01:00
|
|
|
my ( $self, $req, $file, $type ) = @_;
|
2016-04-07 23:31:56 +02:00
|
|
|
require Plack::Util;
|
|
|
|
|
require Cwd;
|
|
|
|
|
require HTTP::Date;
|
|
|
|
|
open my $fh, '<:raw', $self->conf->{templatesDir} . "/$file"
|
2016-12-17 08:58:53 +01:00
|
|
|
or return $self->sendError( $req, $!, 403 );
|
2016-04-07 23:31:56 +02:00
|
|
|
my @stat = stat $file;
|
|
|
|
|
Plack::Util::set_io_path( $fh, Cwd::realpath($file) );
|
|
|
|
|
return [
|
|
|
|
|
200,
|
|
|
|
|
[
|
|
|
|
|
'Content-Type' => $type,
|
|
|
|
|
'Content-Length' => $stat[7],
|
|
|
|
|
'Last-Modified' => HTTP::Date::time2str( $stat[9] )
|
|
|
|
|
],
|
|
|
|
|
$fh,
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub buildHiddenForm {
|
2016-11-22 21:55:10 +01:00
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
|
my @keys = keys %{ $req->{portalHiddenFormValues} };
|
|
|
|
|
my $val = '';
|
2016-04-07 23:31:56 +02:00
|
|
|
|
|
|
|
|
foreach (@keys) {
|
|
|
|
|
|
|
|
|
|
# Check XSS attacks
|
|
|
|
|
next
|
2016-11-22 21:55:10 +01:00
|
|
|
if $self->checkXSSAttack( $_, $req->{portalHiddenFormValues}->{$_} );
|
2016-04-07 23:31:56 +02:00
|
|
|
|
|
|
|
|
# Build hidden input HTML code
|
|
|
|
|
$val .= qq{<input type="hidden" name="$_" id="$_" value="}
|
2016-11-25 12:11:39 +01:00
|
|
|
. $req->{portalHiddenFormValues}->{$_} . '" />';
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $val;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Return skin name
|
|
|
|
|
# @return skin name
|
2016-08-02 15:52:29 +02:00
|
|
|
# TODO: create property for skinRule
|
2016-04-07 23:31:56 +02:00
|
|
|
sub getSkin {
|
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
|
|
|
|
|
|
my $skin = $self->conf->{portalSkin};
|
|
|
|
|
|
|
|
|
|
# Fill sessionInfo to eval rule if empty (unauthenticated user)
|
|
|
|
|
$req->{sessionInfo}->{_url} ||= $req->{urldc};
|
2017-01-04 17:36:54 +01:00
|
|
|
$req->{sessionInfo}->{ipAddr} ||= $req->address;
|
2016-04-07 23:31:56 +02:00
|
|
|
|
|
|
|
|
# Load specific skin from skinRules
|
2017-12-20 22:48:12 +01:00
|
|
|
foreach my $rule ( @{ $self->{skinRules} } ) {
|
2017-03-28 23:07:49 +02:00
|
|
|
if ( $rule->[1]->( $req, $req->sessionInfo ) ) {
|
2017-12-20 22:48:12 +01:00
|
|
|
if ( -d $self->conf->{templateDir} . '/' . $rule->[0] ) {
|
|
|
|
|
$skin = $rule->[0];
|
|
|
|
|
$self->logger->debug("Skin $skin selected from skin rule");
|
|
|
|
|
last;
|
|
|
|
|
}
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Check skin GET/POST parameter
|
|
|
|
|
my $skinParam = $req->param('skin');
|
2017-12-20 22:52:52 +01:00
|
|
|
if ( defined $skinParam ) {
|
2018-01-24 22:29:09 +01:00
|
|
|
if ( $skinParam =~ /^[\w\-]+$/ ) {
|
2017-12-20 22:52:52 +01:00
|
|
|
if ( -d $self->conf->{templateDir} . '/' . $skinParam ) {
|
|
|
|
|
$skin = $skinParam;
|
|
|
|
|
$self->logger->debug(
|
|
|
|
|
"Skin $skin selected from GET/POST parameter");
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$self->userLogger->error(
|
|
|
|
|
"User tries to access to unexistent skin dir $skinParam");
|
|
|
|
|
}
|
2017-12-20 22:48:12 +01:00
|
|
|
}
|
|
|
|
|
else {
|
2017-12-20 22:52:52 +01:00
|
|
|
$self->userLogger->error("Strange skin parameter: $skinParam");
|
2017-12-20 22:48:12 +01:00
|
|
|
}
|
2016-04-07 23:31:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $skin;
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-13 23:06:04 +02:00
|
|
|
# Build an HTML array to display sessions
|
|
|
|
|
# @param $sessions Array ref of hash ref containing sessions datas
|
|
|
|
|
# @param $title Title of the array
|
|
|
|
|
# @param $displayUser To display "User" column
|
|
|
|
|
# @param $displaError To display "Error" column
|
|
|
|
|
# @return HTML string
|
|
|
|
|
sub mkSessionArray {
|
|
|
|
|
my ( $self, $sessions, $title, $displayUser, $displayError ) = @_;
|
|
|
|
|
|
|
|
|
|
return "" unless ( ref $sessions eq "ARRAY" and @$sessions );
|
|
|
|
|
|
2017-10-10 13:04:40 +02:00
|
|
|
my @fields = sort keys %{ $self->conf->{sessionDataToRemember} };
|
|
|
|
|
return $self->loadTemplate(
|
|
|
|
|
'sessionArray',
|
|
|
|
|
params => {
|
|
|
|
|
title => $title,
|
|
|
|
|
displayUser => $displayUser,
|
|
|
|
|
displayError => $displayError,
|
|
|
|
|
fields => [
|
|
|
|
|
map { { name => $self->conf->{sessionDataToRemember}->{$_} } }
|
|
|
|
|
@fields
|
|
|
|
|
],
|
|
|
|
|
sessions => [
|
|
|
|
|
map {
|
|
|
|
|
my $session = $_;
|
|
|
|
|
{
|
|
|
|
|
user => $session->{user},
|
|
|
|
|
utime => $session->{_utime},
|
|
|
|
|
ip => $session->{ipAddr},
|
|
|
|
|
values => [ map { { v => $session->{$_} } } @fields ],
|
|
|
|
|
error => $session->{error},
|
|
|
|
|
}
|
|
|
|
|
} @$sessions
|
|
|
|
|
],
|
|
|
|
|
}
|
|
|
|
|
);
|
2016-04-13 23:06:04 +02:00
|
|
|
}
|
|
|
|
|
|
2017-09-15 14:31:42 +02:00
|
|
|
sub mkOidcConsent {
|
|
|
|
|
my ( $self, $session ) = @_;
|
2018-06-16 20:58:51 +02:00
|
|
|
|
|
|
|
|
if ( $self->conf->{oidcRPMetaDataOptions} ) {
|
|
|
|
|
foreach my $oidc ( keys %{ $self->conf->{oidcRPMetaDataOptions} } ) {
|
2018-06-16 21:05:21 +02:00
|
|
|
$self->conf->{oidcRPMetaDataOptions}->{$oidc}->{oidcRPMetaDataOptionsDisplayName} ||= $oidc;
|
2018-06-16 20:58:51 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-10 13:04:40 +02:00
|
|
|
return $self->loadTemplate(
|
|
|
|
|
'oidcConsents',
|
|
|
|
|
params => {
|
|
|
|
|
partners => [
|
2017-10-31 07:11:32 +01:00
|
|
|
map {
|
|
|
|
|
$self->conf->{oidcRPMetaDataOptions}
|
|
|
|
|
and $self->conf->{oidcRPMetaDataOptions}->{$_}
|
|
|
|
|
? {
|
|
|
|
|
name => $_,
|
|
|
|
|
displayName =>
|
2018-06-16 19:53:06 +02:00
|
|
|
$self->conf->{oidcRPMetaDataOptions}->{$_}->{oidcRPMetaDataOptionsDisplayName},
|
2017-10-31 07:11:32 +01:00
|
|
|
}
|
|
|
|
|
: ()
|
|
|
|
|
} ( split /,/, $session->{_oidcConnectedRP} )
|
2017-10-10 13:04:40 +02:00
|
|
|
],
|
|
|
|
|
consents => $session->{_oidcConnectedRP},
|
|
|
|
|
}
|
|
|
|
|
);
|
2017-09-15 14:31:42 +02:00
|
|
|
}
|
|
|
|
|
|
2016-04-07 23:31:56 +02:00
|
|
|
1;
|
