lemonldap-ng/doc/sources/admin/selfmadeapplication.rst

Protect your application
========================

Presentation
------------

Your application can know the connected user using:

-  REMOTE_USER environment variable (with local Handler or SetEnvIf
   trick)
-  HTTP header (in all cases)

To get more information on user (name, mail, etc.), you have to read
:ref:`HTTP headers<headers>`.


.. tip::

    If your application is based on `Perl CGI package
    <http://search.cpan.org/perldoc?CGI>`__, you can simply replace CGI by
    :ref:`Lemonldap::NG::Handler::CGI<selfmadeapplication-perl-auto-protected-cgi>`

Code snippet
------------

Examples with a :ref:`configured header<headers>` named
'Auth-User':

Perl
~~~~

.. code-block:: perl

   print "Connected user: ".$ENV{HTTP_AUTH_USER};

PHP
~~~

.. code-block:: php

   print "Connected user: ".$_SERVER["HTTP_AUTH_USER"];

.. _selfmadeapplication-perl-auto-protected-cgi:

Perl auto-protected CGI
-----------------------

LL::NG now uses FastCGI instead of CGI, but you still can write your own
protected CGI.

First create a PSGI module based on Lemonldap::NG::Handler:

.. code-block:: perl

   package My::PSGI;

   use base "Lemonldap::NG::Handler::PSGI"; # or Lemonldap::NG::Handler::PSGI::OAuth2, etc…

   sub init {
       my ($self,$args) = @_;
       $self->protection('manager');
       $self->SUPER::init($args) or return 0;
       $self->staticPrefix("/static");
       $self->templateDir("/usr/share/lemonldap-ng/portal/templates");
       # See Lemonldap::NG::Common::PSGI for more
       #...
       # Return a boolean. If false, then error message has to be stored in
       # $self->error
       return 1;
   }

   sub handler {
       my ( $self, $req ) = @_;

       # Will be called only if authorisated
       my $userId = $self->userId($req);
       #...

       # Return JSON
       # $self->sendJSONresponse(...);

       # or Return HTML
       $self->sendHtml($req, "myskin/mytemplate", ( params => { 'userId' => $userId }) );
   }

They create a FCGI script like this:

.. code-block:: perl

   #!/usr/bin/env perl

   use My::PSGI;
   use Plack::Handler::FCGI;

   Plack::Handler::FCGI->new->run( My::PSGI->run() );

See our LLNG Nginx/Apache configurations to see how to launch it or read
`PSGI/Plack documentation <https://plackperl.org/>`__.

The protection parameter must be set when calling the init() method:

-  ``none``: no protection
-  ``authenticate``: check authentication but do not manage
   authorization
-  ``manager``: rely on virtual host configuration in Manager
-  ``rule: xxx``: apply a specific rule
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`Protect your application`
			`========================`

			`Presentation`
			`------------`

			`Your application can know the connected user using:`

			`- REMOTE_USER environment variable (with local Handler or SetEnvIf`
			`trick)`
			`- HTTP header (in all cases)`

			`To get more information on user (name, mail, etc.), you have to read`
doc: fix formatting 2020-05-18 09:56:39 +02:00			:ref:`HTTP headers<headers>`.
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00

doc: fix formatting 2020-05-18 09:56:39 +02:00			`.. tip::`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
doc: fix markup 2020-05-20 15:44:46 +02:00			If your application is based on `Perl CGI package
			<http://search.cpan.org/perldoc?CGI>`__, you can simply replace CGI by
			:ref:`Lemonldap::NG::Handler::CGI<selfmadeapplication-perl-auto-protected-cgi>`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`Code snippet`
			`------------`

doc: fix formatting 2020-05-18 09:56:39 +02:00			Examples with a :ref:`configured header<headers>` named
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`'Auth-User':`

			`Perl`
			`~~~~`

doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: perl`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`print "Connected user: ".$ENV{HTTP_AUTH_USER};`

			`PHP`
			`~~~`

doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: php`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`print "Connected user: ".$_SERVER["HTTP_AUTH_USER"];`

doc: fix formatting 2020-05-18 09:56:39 +02:00			`.. _selfmadeapplication-perl-auto-protected-cgi:`

First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`Perl auto-protected CGI`
			`-----------------------`

			`LL::NG now uses FastCGI instead of CGI, but you still can write your own`
			`protected CGI.`

			`First create a PSGI module based on Lemonldap::NG::Handler:`

doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: perl`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`package My::PSGI;`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`use base "Lemonldap::NG::Handler::PSGI"; # or Lemonldap::NG::Handler::PSGI::OAuth2, etc…`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`sub init {`
			`my ($self,$args) = @_;`
			`$self->protection('manager');`
			`$self->SUPER::init($args) or return 0;`
			`$self->staticPrefix("/static");`
			`$self->templateDir("/usr/share/lemonldap-ng/portal/templates");`
			`# See Lemonldap::NG::Common::PSGI for more`
			`#...`
			`# Return a boolean. If false, then error message has to be stored in`
			`# $self->error`
			`return 1;`
			`}`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`sub handler {`
			`my ( $self, $req ) = @_;`

			`# Will be called only if authorisated`
			`my $userId = $self->userId($req);`
			`#...`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`# Return JSON`
			`# $self->sendJSONresponse(...);`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`# or Return HTML`
			`$self->sendHtml($req, "myskin/mytemplate", ( params => { 'userId' => $userId }) );`
			`}`

			`They create a FCGI script like this:`

doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: perl`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`#!/usr/bin/env perl`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`use My::PSGI;`
			`use Plack::Handler::FCGI;`

			`Plack::Handler::FCGI->new->run( My::PSGI->run() );`

			`See our LLNG Nginx/Apache configurations to see how to launch it or read`
			`PSGI/Plack documentation <https://plackperl.org/>`__.

			`The protection parameter must be set when calling the init() method:`

			- ``none``: no protection
			- ``authenticate``: check authentication but do not manage
			`authorization`
			- ``manager``: rely on virtual host configuration in Manager
			- ``rule: xxx``: apply a specific rule