2016-12-19 22:34:52 +01:00
|
|
|
package Lemonldap::NG::Portal::Lib::CAS;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Mouse;
|
2017-02-15 16:08:23 +01:00
|
|
|
use Lemonldap::NG::Common::UserAgent;
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
|
|
|
# PROPERTIES
|
|
|
|
|
|
|
|
# return LWP::UserAgent object
|
|
|
|
has ua => (
|
|
|
|
is => 'rw',
|
|
|
|
lazy => 1,
|
|
|
|
builder => sub {
|
|
|
|
|
|
|
|
# TODO : LWP options to use a proxy for example
|
2017-02-15 16:08:23 +01:00
|
|
|
my $ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->{conf} );
|
2016-12-19 22:34:52 +01:00
|
|
|
$ua->env_proxy();
|
|
|
|
return $ua;
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
# INITIALIZATION
|
|
|
|
|
|
|
|
sub sendSoapResponse {
|
|
|
|
my ( $self, $req, $s ) = @_;
|
2016-12-21 23:39:12 +01:00
|
|
|
return [ 200, [ 'Content-Length' => length($s) ], [$s] ];
|
2016-12-19 22:34:52 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Try to recover the CAS session corresponding to id and return session datas
|
|
|
|
# If id is set to undef, return a new session
|
|
|
|
sub getCasSession {
|
2017-02-20 22:00:05 +01:00
|
|
|
my ( $self, $id, $info ) = @_;
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
my $casSession = Lemonldap::NG::Common::Session->new(
|
|
|
|
{
|
|
|
|
storageModule => $self->conf->{casStorage},
|
|
|
|
storageModuleOptions => $self->conf->{casStorageOptions},
|
|
|
|
cacheModule => $self->conf->{localSessionStorage},
|
|
|
|
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
|
|
|
|
id => $id,
|
|
|
|
kind => "CAS",
|
2017-02-20 22:00:05 +01:00
|
|
|
( $info ? ( info => $info ) : () ),
|
2016-12-19 22:34:52 +01:00
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
if ( $casSession->error ) {
|
|
|
|
if ($id) {
|
2017-02-15 15:16:59 +01:00
|
|
|
$self->userLogger->notice("CAS session $id isn't yet available");
|
2016-12-19 22:34:52 +01:00
|
|
|
}
|
|
|
|
else {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error("Unable to create new CAS session");
|
|
|
|
$self->logger->error( $casSession->error );
|
2016-12-19 22:34:52 +01:00
|
|
|
}
|
|
|
|
return undef;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $casSession;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Return an error for CAS VALIDATE request
|
|
|
|
sub returnCasValidateError {
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Return CAS validate error");
|
2016-12-19 22:34:52 +01:00
|
|
|
|
2016-12-21 23:39:12 +01:00
|
|
|
return [ 200, [ 'Content-Length' => 4 ], ["no\n\n"] ];
|
2016-12-19 22:34:52 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Return success for CAS VALIDATE request
|
|
|
|
sub returnCasValidateSuccess {
|
|
|
|
my ( $self, $req, $username ) = @_;
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Return CAS validate success with username $username");
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
return $self->sendSoapResponse( $req, "yes\n$username\n" );
|
|
|
|
}
|
|
|
|
|
|
|
|
# Return an error for CAS SERVICE VALIDATE request
|
|
|
|
sub returnCasServiceValidateError {
|
|
|
|
my ( $self, $req, $code, $text ) = @_;
|
|
|
|
|
|
|
|
$code ||= 'INTERNAL_ERROR';
|
|
|
|
$text ||= 'No description provided';
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Return CAS service validate error $code ($text)");
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
return $self->sendSoapResponse(
|
|
|
|
$req, "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
|
|
|
|
\t<cas:authenticationFailure code=\"$code\">
|
|
|
|
\t\t$text
|
|
|
|
\t</cas:authenticationFailure>
|
|
|
|
</cas:serviceResponse>\n"
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
# Return success for CAS SERVICE VALIDATE request
|
|
|
|
sub returnCasServiceValidateSuccess {
|
|
|
|
my ( $self, $req, $username, $pgtIou, $proxies, $attributes ) = @_;
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug(
|
|
|
|
"Return CAS service validate success with username $username");
|
2016-12-19 22:34:52 +01:00
|
|
|
|
2016-12-22 06:57:44 +01:00
|
|
|
my $s = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
|
2016-12-19 22:34:52 +01:00
|
|
|
\t<cas:authenticationSuccess>
|
|
|
|
\t\t<cas:user>$username</cas:user>\n";
|
|
|
|
if ( defined $attributes ) {
|
|
|
|
$s .= "\t\t<cas:attributes>\n";
|
|
|
|
foreach my $attribute ( keys %$attributes ) {
|
|
|
|
foreach my $value (
|
|
|
|
split(
|
2016-12-22 06:57:44 +01:00
|
|
|
$self->conf->{multiValuesSeparator},
|
2016-12-19 22:34:52 +01:00
|
|
|
$attributes->{$attribute}
|
|
|
|
)
|
|
|
|
)
|
|
|
|
{
|
|
|
|
$s .= "\t\t\t<cas:$attribute>$value</cas:$attribute>\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$s .= "\t\t</cas:attributes>\n";
|
|
|
|
}
|
|
|
|
if ( defined $pgtIou ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Add proxy granting ticket $pgtIou in response");
|
2016-12-19 22:34:52 +01:00
|
|
|
$s .=
|
|
|
|
"\t\t<cas:proxyGrantingTicket>$pgtIou</cas:proxyGrantingTicket>\n";
|
|
|
|
}
|
|
|
|
if ($proxies) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Add proxies $proxies in response");
|
2016-12-19 22:34:52 +01:00
|
|
|
$s .= "\t\t<cas:proxies>\n\t\t\t<cas:proxy>$_</cas:proxy>\n"
|
|
|
|
foreach ( split( /$self->{multiValuesSeparator}/, $proxies ) );
|
|
|
|
$s .= "\t\t</cas:proxies>\n";
|
|
|
|
}
|
|
|
|
$s .= "\t</cas:authenticationSuccess>\n</cas:serviceResponse>\n";
|
|
|
|
|
|
|
|
return $self->sendSoapResponse( $req, $s );
|
|
|
|
}
|
|
|
|
|
|
|
|
# Return an error for CAS PROXY request
|
|
|
|
sub returnCasProxyError {
|
|
|
|
my ( $self, $req, $code, $text ) = @_;
|
|
|
|
|
|
|
|
$code ||= 'INTERNAL_ERROR';
|
|
|
|
$text ||= 'No description provided';
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Return CAS proxy error $code ($text)");
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
return $self->sendSoapResponse(
|
|
|
|
$req, "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
|
|
|
|
\t<cas:proxyFailure code=\"$code\">
|
|
|
|
\t\t$text
|
|
|
|
\t</cas:proxyFailure>
|
|
|
|
</cas:serviceResponse>\n"
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
# Return success for CAS PROXY request
|
|
|
|
sub returnCasProxySuccess {
|
|
|
|
my ( $self, $req, $ticket ) = @_;
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Return CAS proxy success with ticket $ticket");
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
return $self->sendSoapResponse(
|
|
|
|
$req, "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
|
|
|
|
\t<cas:proxySuccess>
|
|
|
|
\t\t<cas:proxyTicket>$ticket</cas:proxyTicket>
|
|
|
|
\t</cas:proxySuccess>
|
|
|
|
</cas:serviceResponse>\n"
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
# Find and delete CAS sessions bounded to a primary session
|
|
|
|
sub deleteCasSecondarySessions {
|
|
|
|
my ( $self, $session_id ) = @_;
|
|
|
|
my $result = 1;
|
|
|
|
|
|
|
|
# Find CAS sessions
|
|
|
|
my $moduleOptions = $self->conf->{casStorageOptions} || {};
|
|
|
|
$moduleOptions->{backend} = $self->conf->{casStorage};
|
|
|
|
my $module = "Lemonldap::NG::Common::Apache::Session";
|
|
|
|
|
|
|
|
my $cas_sessions =
|
|
|
|
$module->searchOn( $moduleOptions, "_cas_id", $session_id );
|
|
|
|
|
|
|
|
if ( my @cas_sessions_keys = keys %$cas_sessions ) {
|
|
|
|
|
|
|
|
foreach my $cas_session (@cas_sessions_keys) {
|
|
|
|
|
|
|
|
# Get session
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Retrieve CAS session $cas_session");
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
my $casSession = $self->getCasSession($cas_session);
|
|
|
|
|
|
|
|
# Delete session
|
|
|
|
$result = $self->deleteCasSession($casSession);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("No CAS session found for session $session_id ");
|
2016-12-19 22:34:52 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
# Delete an opened CAS session
|
|
|
|
sub deleteCasSession {
|
|
|
|
my ( $self, $session ) = @_;
|
|
|
|
|
|
|
|
# Check session object
|
|
|
|
unless ( $session && $session->data ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error("No session to delete");
|
2016-12-19 22:34:52 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Get session_id
|
|
|
|
my $session_id = $session->id;
|
|
|
|
|
|
|
|
# Delete session
|
|
|
|
unless ( $session->remove ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error( $session->error );
|
2016-12-19 22:34:52 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("CAS session $session_id deleted");
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Call proxy granting URL on CAS client
|
|
|
|
sub callPgtUrl {
|
|
|
|
my ( $self, $pgtUrl, $pgtIou, $pgtId ) = @_;
|
|
|
|
|
|
|
|
# Build URL
|
|
|
|
my $url =
|
|
|
|
$pgtUrl . ( $pgtUrl =~ /\?/ ? '&' : '?' ) . "pgtIou=$pgtIou&pgtId=$pgtId";
|
|
|
|
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug("Call URL $url");
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
# GET URL
|
|
|
|
my $response = $self->ua->get($url);
|
|
|
|
|
|
|
|
# Return result
|
|
|
|
return $response->is_success();
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
=encoding utf8
|
|
|
|
|
2017-02-11 21:07:12 +01:00
|
|
|
Lemonldap::NG::Portal::Lib::CAS - Common CAS functions
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
2017-02-11 21:07:12 +01:00
|
|
|
use Lemonldap::NG::Portal::Lib::CAS;
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
This module contains common methods for CAS
|
|
|
|
|
|
|
|
=head1 METHODS
|
|
|
|
|
|
|
|
=head2 getCasSession
|
|
|
|
|
|
|
|
Try to recover the CAS session corresponding to id and return session datas
|
|
|
|
If id is set to undef, return a new session
|
|
|
|
|
|
|
|
=head2 returnCasValidateError
|
|
|
|
|
|
|
|
Return an error for CAS VALIDATE request
|
|
|
|
|
|
|
|
=head2 returnCasValidateSuccess
|
|
|
|
|
|
|
|
Return success for CAS VALIDATE request
|
|
|
|
|
|
|
|
=head2 deleteCasSecondarySessions
|
|
|
|
|
|
|
|
Find and delete CAS sessions bounded to a primary session
|
|
|
|
|
|
|
|
=head2 returnCasServiceValidateError
|
|
|
|
|
|
|
|
Return an error for CAS SERVICE VALIDATE request
|
|
|
|
|
|
|
|
=head2 returnCasServiceValidateSuccess
|
|
|
|
|
|
|
|
Return success for CAS SERVICE VALIDATE request
|
|
|
|
|
|
|
|
=head2 returnCasProxyError
|
|
|
|
|
|
|
|
Return an error for CAS PROXY request
|
|
|
|
|
|
|
|
=head2 returnCasProxySuccess
|
|
|
|
|
|
|
|
Return success for CAS PROXY request
|
|
|
|
|
|
|
|
=head2 deleteCasSession
|
|
|
|
|
|
|
|
Delete an opened CAS session
|
|
|
|
|
|
|
|
=head2 callPgtUrl
|
|
|
|
|
|
|
|
Call proxy granting URL on CAS client
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<Lemonldap::NG::Portal::IssuerDBCAS>
|
|
|
|
|
2017-01-04 21:51:46 +01:00
|
|
|
=head1 AUTHORS
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
=over
|
|
|
|
|
2017-01-04 21:51:46 +01:00
|
|
|
=item LemonLDAP::NG team L<http://lemonldap-ng.org/team>
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 BUG REPORT
|
|
|
|
|
|
|
|
Use OW2 system to report bug or ask for features:
|
|
|
|
L<http://jira.ow2.org>
|
|
|
|
|
|
|
|
=head1 DOWNLOAD
|
|
|
|
|
|
|
|
Lemonldap::NG is available at
|
|
|
|
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
2017-01-04 21:51:46 +01:00
|
|
|
See COPYING file for details.
|
2016-12-19 22:34:52 +01:00
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
|
|
any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
=cut
|