lemonldap-ng/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm

package Lemonldap::NG::Handler::Lib::ServiceToken;

use strict;

our $VERSION = '2.1.0';

sub fetchId {
    my ( $class, $req ) = @_;
    my $token = $req->{env}->{HTTP_X_LLNG_TOKEN};
    return $class->Lemonldap::NG::Handler::Main::fetchId($req) unless ($token);
    $class->logger->debug('Found token header');

    # Decrypt token
    my $s = $class->tsv->{cipher}->decrypt($token);

    # Token format:
    # time:_session_id:vhost1:vhost2,...
    my ( $t, $_session_id, @vhosts ) = split /:/, $s;

    # At least one vhost
    unless (@vhosts) {
        $class->userLogger->error('Bad service token');
        return 0;
    }

    # Is token in good interval ?
    unless ( $t <= time and $t > time - 30 ) {
        $class->userLogger->warn('Expired service token');
        return 0;
    }

    # Is vhost listed in token ?
    my $vh = $class->resolveAlias($req);
    unless ( grep { $_ eq $vh } @vhosts ) {
        $class->userLogger->error(
            "$vh not authorizated in token (" . join( ', ', @vhosts ) . ')' );
        return 0;
    }
    return $_session_id;
}

1;
Service token in progress (#971) 2017-03-03 07:29:50 +01:00			`package Lemonldap::NG::Handler::Lib::ServiceToken;`

			`use strict;`

Set master version to 2.1.0 2019-02-12 18:21:38 +01:00			`our $VERSION = '2.1.0';`
Service token in progress (#971) 2017-03-03 07:29:50 +01:00
			`sub fetchId {`
Replace request management in handler (#1044) Note: this is a big change, more tests needed 2017-03-28 23:07:49 +02:00			`my ( $class, $req ) = @_;`
			`my $token = $req->{env}->{HTTP_X_LLNG_TOKEN};`
			`return $class->Lemonldap::NG::Handler::Main::fetchId($req) unless ($token);`
Service token in progress (#971) 2017-03-03 07:29:50 +01:00			`$class->logger->debug('Found token header');`
Some comments 2018-04-22 16:08:34 +02:00
			`# Decrypt token`
Clean repo 2017-03-03 18:25:03 +01:00			`my $s = $class->tsv->{cipher}->decrypt($token);`
Some comments 2018-04-22 16:08:34 +02:00
			`# Token format:`
			`# time:_session_id:vhost1:vhost2,...`
Clean repo 2017-03-03 18:25:03 +01:00			`my ( $t, $_session_id, @vhosts ) = split /:/, $s;`
Some comments 2018-04-22 16:08:34 +02:00
			`# At least one vhost`
Clean repo 2017-03-03 18:25:03 +01:00			`unless (@vhosts) {`
Some comments 2018-04-22 16:08:34 +02:00			`$class->userLogger->error('Bad service token');`
Service token in progress (#971) 2017-03-03 07:29:50 +01:00			`return 0;`
			`}`
Some comments 2018-04-22 16:08:34 +02:00
			`# Is token in good interval ?`
Add #971 doc 2017-03-04 15:38:41 +01:00			`unless ( $t <= time and $t > time - 30 ) {`
Some comments 2018-04-22 16:08:34 +02:00			`$class->userLogger->warn('Expired service token');`
Service token in progress (#971) 2017-03-03 07:29:50 +01:00			`return 0;`
			`}`
Some comments 2018-04-22 16:08:34 +02:00
			`# Is vhost listed in token ?`
Replace request management in handler (#1044) Note: this is a big change, more tests needed 2017-03-28 23:07:49 +02:00			`my $vh = $class->resolveAlias($req);`
Simple token system as discuss in #971 2017-03-04 13:24:56 +01:00			`unless ( grep { $_ eq $vh } @vhosts ) {`
			`$class->userLogger->error(`
			`"$vh not authorizated in token (" . join( ', ', @vhosts ) . ')' );`
			`return 0;`
			`}`
Service token in progress (#971) 2017-03-03 07:29:50 +01:00			`return $_session_id;`
			`}`

			`1;`