Append url AuthnLevel option (#1988)
This commit is contained in:
Christophe Maudoux
parent
0ef23c70f0
commit
04428af556
|
|
@ -10,7 +10,6 @@ use Lemonldap::NG::Common::Crypto;
|
|||
use Lemonldap::NG::Common::Safelib; #link protected safe Safe object
|
||||
use Lemonldap::NG::Handler::Main::Jail;
|
||||
use Scalar::Util qw(weaken);
|
||||
use Data::Dumper;
|
||||
|
||||
use constant UNPROTECT => 1;
|
||||
use constant SKIP => 2;
|
||||
|
|
@ -282,10 +281,10 @@ sub locationRulesInit {
|
|||
$class->tsv->{locationProtection}->{$vhost} = [];
|
||||
$class->tsv->{locationRegexp}->{$vhost} = [];
|
||||
$class->tsv->{locationConditionText}->{$vhost} = [];
|
||||
$class->tsv->{locationAuthnLevel}->{$vhost} = [];
|
||||
|
||||
foreach my $url ( sort keys %{$rules} ) {
|
||||
my ( $cond, $prot ) = $class->conditionSub( $rules->{$url} );
|
||||
$class->logger->debug("+++ " . $cond);
|
||||
unless ($cond) {
|
||||
$class->tsv->{maintenance}->{$vhost} = 1;
|
||||
$class->logger->error(
|
||||
|
|
@ -302,15 +301,18 @@ sub locationRulesInit {
|
|||
push @{ $class->tsv->{locationCondition}->{$vhost} }, $cond;
|
||||
push @{ $class->tsv->{locationProtection}->{$vhost} }, $prot;
|
||||
push @{ $class->tsv->{locationRegexp}->{$vhost} }, qr/$url/;
|
||||
push @{ $class->tsv->{locationAuthnLevel}->{$vhost} },
|
||||
$url =~ /\(\?#AuthnLevel=(-?\d+)\)/
|
||||
? $1
|
||||
: undef;
|
||||
push @{ $class->tsv->{locationConditionText}->{$vhost} },
|
||||
$url =~ /^\(\?#(.*?)\)/ ? $1
|
||||
: $url =~ /^(.*?)##(.+)$/ ? $2
|
||||
: $url;
|
||||
: $url;
|
||||
$class->tsv->{locationCount}->{$vhost}++;
|
||||
}
|
||||
}
|
||||
$class->logger->debug("**** " . Data::Dumper::Dumper($class->tsv));
|
||||
|
||||
|
||||
# Default policy set to 'accept'
|
||||
unless ( $class->tsv->{defaultCondition}->{$vhost} ) {
|
||||
$class->tsv->{defaultCondition}->{$vhost} = sub { 1 };
|
||||
|
|
|
|||
|
|
@ -267,10 +267,29 @@ sub checkMaintenanceMode {
|
|||
# @return True if the user is granted to access to the current URL
|
||||
sub grant {
|
||||
my ( $class, $req, $session, $uri, $cond, $vhost ) = @_;
|
||||
my $level;
|
||||
|
||||
return $cond->( $req, $session ) if ($cond);
|
||||
|
||||
$vhost ||= $class->resolveAlias($req);
|
||||
if ( my $level = $class->tsv->{authnLevel}->{$vhost} ) {
|
||||
for (
|
||||
my $i = 0 ;
|
||||
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ;
|
||||
$i++
|
||||
)
|
||||
{
|
||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
||||
$level = $class->tsv->{locationAuthnLevel}->{$vhost}->[$i];
|
||||
$class->logger->debug( 'Found AuthnLevel='
|
||||
. $level
|
||||
. ' for "'
|
||||
. "$vhost/$class->tsv->{locationConditionText}->{$vhost}->[$i]"
|
||||
. '"' );
|
||||
last;
|
||||
}
|
||||
}
|
||||
|
||||
if ( $level ||= $class->tsv->{authnLevel}->{$vhost} ) {
|
||||
if ( $session->{authenticationLevel} < $level ) {
|
||||
$class->logger->debug(
|
||||
"User authentication level = $session->{authenticationLevel}");
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
<input type="number" class="form-control" ng-model="s.level"/>
|
||||
</td>
|
||||
<td ng-if="s.re=='default'">
|
||||
<p><strong><span trspan="defaultVHLevel"></span></strong></p>
|
||||
<input class="form-control" placeholder="defaultLevel" readonly/>
|
||||
</td>
|
||||
<td>
|
||||
<span ng-if="s.re!='default'" class="link text-danger glyphicon glyphicon-minus-sign" ng-click="del(currentNode.nodes,$index)"/>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user