From 03d4855485c51ab5d3aa908b3cdc1a8204370345 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= <clement@oodo.net>
Date: Mon, 22 Apr 2019 18:02:14 +0200
Subject: [PATCH] OAuth2 Handler (#1146)

---
 lemonldap-ng-handler/MANIFEST                 |  3 +
 .../Lemonldap/NG/Handler/ApacheMP2/OAuth2.pm  | 13 ++++
 .../lib/Lemonldap/NG/Handler/Lib/OAuth2.pm    | 63 +++++++++++++++++++
 .../lib/Lemonldap/NG/Handler/Server/OAuth2.pm | 13 ++++
 4 files changed, 92 insertions(+)
 create mode 100644 lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/OAuth2.pm
 create mode 100644 lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm
 create mode 100644 lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/OAuth2.pm

diff --git a/lemonldap-ng-handler/MANIFEST b/lemonldap-ng-handler/MANIFEST
index e6e149e85..953607fc9 100644
--- a/lemonldap-ng-handler/MANIFEST
+++ b/lemonldap-ng-handler/MANIFEST
@@ -12,6 +12,7 @@ lib/Lemonldap/NG/Handler/ApacheMP2/DevOpsST.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/FCGIClient.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/Menu.pm
+lib/Lemonldap/NG/Handler/ApacheMP2/OAuth2.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/Request.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/SecureToken.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/ServiceToken.pm
@@ -19,6 +20,7 @@ lib/Lemonldap/NG/Handler/ApacheMP2/ZimbraPreAuth.pm
 lib/Lemonldap/NG/Handler/Lib/AuthBasic.pm
 lib/Lemonldap/NG/Handler/Lib/CDA.pm
 lib/Lemonldap/NG/Handler/Lib/DevOps.pm
+lib/Lemonldap/NG/Handler/Lib/OAuth2.pm
 lib/Lemonldap/NG/Handler/Lib/PSGI.pm
 lib/Lemonldap/NG/Handler/Lib/SecureToken.pm
 lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm
@@ -44,6 +46,7 @@ lib/Lemonldap/NG/Handler/Server/DevOps.pm
 lib/Lemonldap/NG/Handler/Server/DevOpsST.pm
 lib/Lemonldap/NG/Handler/Server/Main.pm
 lib/Lemonldap/NG/Handler/Server/Nginx.pm
+lib/Lemonldap/NG/Handler/Server/OAuth2.pm
 lib/Lemonldap/NG/Handler/Server/SecureToken.pm
 lib/Lemonldap/NG/Handler/Server/ServiceToken.pm
 lib/Lemonldap/NG/Handler/Server/ZimbraPreAuth.pm
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/OAuth2.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/OAuth2.pm
new file mode 100644
index 000000000..c01a77218
--- /dev/null
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/OAuth2.pm
@@ -0,0 +1,13 @@
+# LLNG wrapper class to enable OAuth2 handler with Apache-2/ModPerl-2
+#
+# See https://lemonldap-ng.org/documentation/latest/handlerarch
+package Lemonldap::NG::Handler::ApacheMP2::OAuth2;
+
+use strict;
+
+use base 'Lemonldap::NG::Handler::Lib::OAuth2',
+  'Lemonldap::NG::Handler::ApacheMP2::Main';
+
+our $VERSION = '2.0.4';
+
+1;
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm
new file mode 100644
index 000000000..30d152769
--- /dev/null
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm
@@ -0,0 +1,63 @@
+package Lemonldap::NG::Handler::Lib::OAuth2;
+
+use strict;
+
+our $VERSION = '2.0.4';
+
+sub fetchId {
+    my ( $class, $req ) = @_;
+
+    my $access_token;
+    my $authorization = $req->{env}->{HTTP_AUTHORIZATION};
+
+    if ( $authorization
+        and ( ($access_token) = ( $authorization =~ /^Bearer (.+)$/i ) ) )
+    {
+        $class->logger->debug( 'Found OAuth2 access token ' . $access_token );
+    }
+    else {
+        return $class->Lemonldap::NG::Handler::Main::fetchId($req);
+    }
+
+    # Get access token session
+    if ( my $infos = $class->getOIDCInfos($access_token) ) {
+        my $_session_id = $infos->{user_session_id};
+        $class->logger->debug( 'Get user session id ' . $_session_id );
+        return $_session_id;
+    }
+
+    return $class->Lemonldap::NG::Handler::Main::fetchId($req);
+}
+
+## @rmethod protected hash getOIDCInfos(id)
+# Tries to retrieve the OIDC session, get infos
+# @return OIDC session infos
+sub getOIDCInfos {
+    my ( $class, $id ) = @_;
+    my $infos = {};
+
+    # Get the session
+    my $oidcSession = Lemonldap::NG::Common::Session->new( {
+            storageModule        => $class->tsv->{oidcStorageModule},
+            storageModuleOptions => $class->tsv->{oidcStorageOptions},
+            cacheModule          => $class->tsv->{sessionCacheModule},
+            cacheModuleOptions   => $class->tsv->{sessionCacheOptions},
+            id                   => $id,
+            kind                 => "OIDCI",
+        }
+    );
+
+    unless ( $oidcSession->error ) {
+        $class->logger->debug("Get OIDC session $id");
+
+        $infos->{user_session_id} = $oidcSession->data->{user_session_id};
+    }
+    else {
+        $class->logger->info("OIDC Session $id can't be retrieved");
+        $class->logger->info( $oidcSession->error );
+    }
+
+    return $infos;
+}
+
+1;
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/OAuth2.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/OAuth2.pm
new file mode 100644
index 000000000..abcd95caf
--- /dev/null
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/OAuth2.pm
@@ -0,0 +1,13 @@
+# LLNG wrapper class to enable OAuth2 handler with FastCGI handler
+#
+# See https://lemonldap-ng.org/documentation/latest/handlerarch
+package Lemonldap::NG::Handler::Server::OAuth2;
+
+use strict;
+
+use base 'Lemonldap::NG::Handler::Lib::OAuth2',
+  'Lemonldap::NG::Handler::Server::Main';
+
+our $VERSION = '2.0.4';
+
+1;