2014-07-02 16:22:17 +02:00
|
|
|
# Auto-protected CGI mechanism
|
2013-02-05 13:26:04 +01:00
|
|
|
package Lemonldap::NG::Handler::CGI;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
|
|
|
use Lemonldap::NG::Common::CGI;
|
2014-05-21 19:44:24 +02:00
|
|
|
use Lemonldap::NG::Handler::SharedConf qw(:all);
|
2014-07-02 16:22:17 +02:00
|
|
|
use base qw(Lemonldap::NG::Common::CGI Lemonldap::NG::Handler::SharedConf);
|
2013-02-05 13:26:04 +01:00
|
|
|
|
2014-05-22 17:08:18 +02:00
|
|
|
our $VERSION = '1.4.0';
|
2013-02-05 13:26:04 +01:00
|
|
|
|
|
|
|
## @cmethod Lemonldap::NG::Handler::CGI new(hashRef args)
|
|
|
|
# Constructor.
|
2014-07-02 16:22:17 +02:00
|
|
|
# @param $args configuration parameters
|
2013-02-05 13:26:04 +01:00
|
|
|
# @return new object
|
|
|
|
sub new {
|
2014-07-02 16:22:17 +02:00
|
|
|
my ( $class, $args ) = @_;
|
2013-02-05 13:26:04 +01:00
|
|
|
my $self = $class->SUPER::new() or $class->abort("Unable to build CGI");
|
2014-07-02 16:22:17 +02:00
|
|
|
Lemonldap::NG::Handler::SharedConf->init($args);
|
|
|
|
|
|
|
|
# Get access control rule
|
2015-04-05 20:07:47 +02:00
|
|
|
my $rule = $self->{protection} || $localConfig->{protection};
|
2014-07-02 16:22:17 +02:00
|
|
|
$rule =~ s/^rule\s*:?\s*//;
|
2015-04-05 20:07:49 +02:00
|
|
|
return $self if ( $rule eq "none" );
|
2014-07-24 17:48:32 +02:00
|
|
|
$rule =
|
2015-04-05 20:07:49 +02:00
|
|
|
$rule eq "authenticate" ? "accept"
|
2014-07-24 17:48:32 +02:00
|
|
|
: $rule eq "manager" ? ""
|
|
|
|
: $rule;
|
2014-07-02 16:22:17 +02:00
|
|
|
|
|
|
|
my $request = {};
|
|
|
|
Lemonldap::NG::Handler::API->newRequest($request);
|
|
|
|
my $res = $self->run($rule);
|
|
|
|
|
2014-07-24 17:48:32 +02:00
|
|
|
if ( $res == 403 ) {
|
|
|
|
$self->abort( 'Forbidden',
|
|
|
|
"You don't have rights to access this page" );
|
|
|
|
}
|
|
|
|
elsif ($res) {
|
2014-07-02 16:22:17 +02:00
|
|
|
print $self->header( -status => $res, %{ $request->{respHeaders} } );
|
|
|
|
$self->quit;
|
2014-07-24 17:48:32 +02:00
|
|
|
}
|
|
|
|
else {
|
2014-07-02 16:22:17 +02:00
|
|
|
return $self;
|
2013-02-05 13:26:04 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
## @method hashRef user()
|
|
|
|
# @return hash of user datas
|
|
|
|
sub user {
|
|
|
|
return $datas;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @method boolean group(string group)
|
|
|
|
# @param $group name of the Lemonldap::NG group to test
|
|
|
|
# @return boolean : true if user is in this group
|
|
|
|
sub group {
|
|
|
|
my ( $self, $group ) = splice @_;
|
|
|
|
return ( $datas->{groups} =~ /\b$group\b/ );
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|
|
|
|
__END__
|
|
|
|
|
2007-04-14 15:12:11 +02:00
|
|
|
=head1 NAME
|
|
|
|
|
2010-01-03 09:09:59 +01:00
|
|
|
=encoding utf8
|
|
|
|
|
2007-04-14 15:12:11 +02:00
|
|
|
Lemonldap::NG::Handler::CGI - Perl extension for using Lemonldap::NG
|
|
|
|
authentication in Perl CGI without using Lemonldap::NG::Handler
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
use Lemonldap::NG::Handler::CGI;
|
|
|
|
my $cgi = Lemonldap::NG::Handler::CGI->new ( {
|
|
|
|
# Local storage used for sessions and configuration
|
2008-11-11 16:21:31 +01:00
|
|
|
localStorage => "Cache::FileCache",
|
2007-04-14 15:12:11 +02:00
|
|
|
localStorageOptions => {...},
|
|
|
|
# How to get my configuration
|
|
|
|
configStorage => {
|
|
|
|
type => "DBI",
|
|
|
|
dbiChain => "DBI:mysql:database=lemondb;host=$hostname",
|
|
|
|
dbiUser => "lemonldap",
|
|
|
|
dbiPassword => "password",
|
|
|
|
},
|
|
|
|
https => 0,
|
2010-01-03 09:09:59 +01:00
|
|
|
# Optional
|
2008-11-11 16:21:31 +01:00
|
|
|
protection => 'rule: $uid eq "admin"',
|
|
|
|
# Or to use rules from manager
|
|
|
|
protection => 'manager',
|
|
|
|
# Or just to authenticate without managing authorization
|
|
|
|
protection => 'authenticate',
|
2007-04-14 15:12:11 +02:00
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
# See CGI(3) for more about writing HTML pages
|
|
|
|
print $cgi->header;
|
|
|
|
print $cgi->start_html;
|
|
|
|
|
|
|
|
# Since authentication phase, you can use user attributes and macros
|
|
|
|
my $name = $cgi->user->{cn};
|
|
|
|
|
|
|
|
# Instead of using "$cgi->user->{groups} =~ /\badmin\b/", you can use
|
|
|
|
if( $cgi->group('admin') ) {
|
|
|
|
# special html code for admins
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
# another HTML code
|
|
|
|
}
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
Lemonldap::NG::Handler provides the protection part of Lemonldap::NG web-SSO
|
|
|
|
system. It can be used with any system used with Apache (PHP or JSP pages for
|
|
|
|
example). If you need to protect only few Perl CGI, you can use this library
|
|
|
|
instead.
|
|
|
|
|
|
|
|
Warning, this module must not be used in a Lemonldap::NG::Handler protected
|
|
|
|
area because it hides Lemonldap::NG cookies.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
2010-10-26 08:08:16 +02:00
|
|
|
L<http://lemonldap-ng.org/>
|
2007-04-14 15:12:11 +02:00
|
|
|
L<CGI>, L<Lemonldap::NG::Handler>, L<Lemonldap::NG::Manager>,
|
|
|
|
L<Lemonldap::NG::Portal>
|
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
2013-01-31 06:33:10 +01:00
|
|
|
=over
|
|
|
|
|
|
|
|
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
|
|
|
|
|
|
|
=item Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
|
|
|
=item Sandro Cazzaniga, E<lt>cazzaniga.sandro@gmail.comE<gt>
|
|
|
|
|
|
|
|
=back
|
2007-04-14 15:12:11 +02:00
|
|
|
|
|
|
|
=head1 BUG REPORT
|
|
|
|
|
|
|
|
Use OW2 system to report bug or ask for features:
|
2010-10-26 08:08:16 +02:00
|
|
|
L<http://jira.ow2.org>
|
2007-04-14 15:12:11 +02:00
|
|
|
|
|
|
|
=head1 DOWNLOAD
|
|
|
|
|
|
|
|
Lemonldap::NG is available at
|
|
|
|
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
2013-01-31 06:33:10 +01:00
|
|
|
=over
|
|
|
|
|
|
|
|
=item Copyright (C) 2007, 2008, 2009, 2010, 2012 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
|
|
|
=item Copyright (C) 2012 by Sandro Cazzaniga, E<lt>cazzaniga.sandro@gmail.comE<gt>
|
|
|
|
|
|
|
|
=item Copyright (C) 2010, 2011, 2012 by Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
|
|
|
|
|
|
|
=back
|
2007-04-14 15:12:11 +02:00
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
2013-01-31 06:33:10 +01:00
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
|
|
any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
2007-04-14 15:12:11 +02:00
|
|
|
|
|
|
|
=cut
|