2017-01-10 13:25:30 +01:00
|
|
|
package Lemonldap::NG::Portal::Lib::RESTProxy;
|
2017-01-10 07:04:40 +01:00
|
|
|
|
|
|
|
use strict;
|
|
|
|
use JSON;
|
|
|
|
use Mouse;
|
2017-02-15 16:08:23 +01:00
|
|
|
use Lemonldap::NG::Common::UserAgent;
|
2017-01-10 07:04:40 +01:00
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_BADCREDENTIALS);
|
|
|
|
use Lemonldap::NG::Common::FormEncode;
|
|
|
|
|
2019-02-12 18:21:38 +01:00
|
|
|
our $VERSION = '2.1.0';
|
2017-01-10 07:04:40 +01:00
|
|
|
|
2017-01-10 17:09:28 +01:00
|
|
|
has ua => ( is => 'rw' );
|
2017-01-10 07:04:40 +01:00
|
|
|
|
|
|
|
# INITIALIZATION
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
|
|
|
$self->conf->{remoteCookieName} ||= $self->conf->{cookieName};
|
2017-01-10 13:25:30 +01:00
|
|
|
$self->conf->{proxySessionService} ||=
|
2018-06-20 21:38:26 +02:00
|
|
|
$self->conf->{proxyAuthService} . '/session/my';
|
2017-01-10 17:09:28 +01:00
|
|
|
$self->conf->{proxySessionService} =~ s#/*$##;
|
2017-02-15 16:08:23 +01:00
|
|
|
$self->ua( Lemonldap::NG::Common::UserAgent->new( $self->conf ) );
|
2017-01-10 17:09:28 +01:00
|
|
|
$self->ua->default_header( Accept => 'application/json' );
|
2017-01-10 07:04:40 +01:00
|
|
|
|
|
|
|
unless ( defined $self->conf->{proxyAuthService} ) {
|
|
|
|
$self->error("Missing proxyAuthService parameter");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2017-01-10 13:25:30 +01:00
|
|
|
no warnings 'once';
|
|
|
|
*authenticate = \&getUser;
|
2017-01-10 07:04:40 +01:00
|
|
|
|
|
|
|
sub getUser {
|
|
|
|
my ( $self, $req ) = @_;
|
2018-07-05 22:56:16 +02:00
|
|
|
return PE_OK if ( $req->data->{_proxyQueryDone} );
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug(
|
|
|
|
'Proxy push auth to ' . $self->conf->{proxyAuthService} );
|
2017-01-10 07:04:40 +01:00
|
|
|
my $resp = $self->ua->post( $self->conf->{proxyAuthService},
|
2018-07-05 22:56:16 +02:00
|
|
|
{ user => $req->{user}, password => $req->data->{password} } );
|
2019-06-15 21:28:54 +02:00
|
|
|
unless ( $resp->is_success or $resp->code == 401 ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error(
|
|
|
|
'Unable to query authentication service: ' . $resp->status_line );
|
2017-01-10 07:04:40 +01:00
|
|
|
return PE_ERROR;
|
|
|
|
}
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug('Proxy gets a response');
|
2017-09-28 14:52:14 +02:00
|
|
|
my $res = eval { JSON::from_json( $resp->content, { allow_nonref => 1 } ) };
|
2017-01-10 07:04:40 +01:00
|
|
|
if ($@) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error("Bad content: $@");
|
2017-01-10 07:04:40 +01:00
|
|
|
return PE_ERROR;
|
|
|
|
}
|
2017-01-10 13:25:30 +01:00
|
|
|
$req->sessionInfo->{_proxyQueryDone}++;
|
|
|
|
unless ( $res->{result} ) {
|
2017-02-15 15:16:59 +01:00
|
|
|
$self->userLogger->notice("Authentication refused for $req->{user}");
|
2019-06-15 22:27:58 +02:00
|
|
|
|
|
|
|
# Eval required since UserDB::Proxy isn't a Auth::_WebForm child
|
|
|
|
eval { $self->setSecurity($req) };
|
2017-01-10 13:25:30 +01:00
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
|
|
|
$req->sessionInfo->{_proxyCookies} = join '; ',
|
2017-01-10 17:09:28 +01:00
|
|
|
map { s/;.*$//; $_ } $resp->header('Set-Cookie');
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug( 'Store remote cookies in session ('
|
|
|
|
. $req->sessionInfo->{_proxyCookies}
|
|
|
|
. ')' );
|
2021-04-01 23:07:58 +02:00
|
|
|
|
|
|
|
return PE_OK;
|
2017-01-10 07:04:40 +01:00
|
|
|
}
|
|
|
|
|
2021-01-02 18:58:40 +01:00
|
|
|
sub findUser {
|
|
|
|
|
|
|
|
# Nothing to do here
|
2021-04-01 23:07:58 +02:00
|
|
|
return PE_OK;
|
2021-01-02 18:58:40 +01:00
|
|
|
}
|
|
|
|
|
2017-01-10 07:04:40 +01:00
|
|
|
sub setSessionInfo {
|
|
|
|
my ( $self, $req ) = @_;
|
2018-07-05 22:56:16 +02:00
|
|
|
return PE_OK if ( $req->data->{_setSessionInfoDone} );
|
2017-01-10 13:25:30 +01:00
|
|
|
my $q = HTTP::Request->new(
|
2017-01-10 17:09:28 +01:00
|
|
|
GET => $self->conf->{proxySessionService} . '/global',
|
|
|
|
[
|
|
|
|
Cookie => $req->sessionInfo->{_proxyCookies},
|
|
|
|
Accept => 'application/json'
|
|
|
|
]
|
2017-01-10 13:25:30 +01:00
|
|
|
);
|
2017-01-10 17:09:28 +01:00
|
|
|
my $resp = $self->ua->request($q);
|
2017-01-10 13:25:30 +01:00
|
|
|
unless ( $resp->is_success ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error(
|
|
|
|
'Unable to query session service: ' . $resp->status_line );
|
2017-01-10 13:25:30 +01:00
|
|
|
return PE_ERROR;
|
2017-01-10 07:04:40 +01:00
|
|
|
}
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug('Proxy gets a response');
|
2017-09-28 14:52:14 +02:00
|
|
|
my $res = eval { JSON::from_json( $resp->content, { allow_nonref => 1 } ) };
|
2017-01-10 13:25:30 +01:00
|
|
|
if ($@) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error("Bad content: $@");
|
2017-01-10 07:04:40 +01:00
|
|
|
return PE_ERROR;
|
|
|
|
}
|
2017-01-10 13:25:30 +01:00
|
|
|
foreach ( keys %$res ) {
|
|
|
|
$req->{sessionInfo}->{$_} ||= $res->{$_} unless (/^_/);
|
2017-01-10 07:04:40 +01:00
|
|
|
}
|
2018-07-05 22:56:16 +02:00
|
|
|
$req->data->{_setSessionInfoDone}++;
|
2021-04-01 23:07:58 +02:00
|
|
|
|
|
|
|
return PE_OK;
|
2017-01-10 07:04:40 +01:00
|
|
|
}
|
|
|
|
|
2017-01-10 17:09:28 +01:00
|
|
|
sub authLogout {
|
|
|
|
my ( $self, $req ) = @_;
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug(
|
|
|
|
'Proxy ask logout to ' . $self->conf->{proxyAuthService} );
|
2017-01-10 17:09:28 +01:00
|
|
|
my $q = HTTP::Request->new(
|
|
|
|
GET => $self->conf->{proxyAuthService} . '?logout=1',
|
|
|
|
[
|
|
|
|
Cookie => $req->sessionInfo->{_proxyCookies},
|
|
|
|
Accept => 'application/json'
|
|
|
|
]
|
|
|
|
);
|
|
|
|
my $resp = $self->ua->request($q);
|
2021-04-01 23:07:58 +02:00
|
|
|
|
2017-01-10 17:09:28 +01:00
|
|
|
return PE_OK;
|
|
|
|
}
|
|
|
|
|
2017-01-10 07:04:40 +01:00
|
|
|
1;
|
|
|
|
|