diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm index 27f2545a2..99d2ca74c 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm @@ -241,13 +241,7 @@ sub sendHtml { $args{code} ||= 200; $args{headers} ||= $req->respHeaders || []; my $htpl; - my $tmpl = $template; $template = ( $args{templateDir} // $self->templateDir ) . "/$template.tpl"; - unless (-f $template){ - $self->logger->debug("$template NOT found!!!"); - $template = $self->conf->{templateDir} . '/bootstrap/' . "$tmpl.tpl"; - $self->logger->debug("-> Try to load $template"); - } return $self->sendError( $req, "Unable to read $template", 500 ) unless ( -r $template and -f $template ); eval { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 5a6c55ed4..636715f21 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -17,11 +17,11 @@ use strict; use URI::Escape; # List constants -sub authProcess { qw(extractFormInfo getUser authenticate) } +sub authProcess {qw(extractFormInfo getUser authenticate)} sub sessionData { qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo - setLocalGroups store secondFactor); + setLocalGroups store secondFactor); } sub validSession { @@ -56,11 +56,9 @@ sub handler { if ( $sp or %{ $req->pdata } ) { my %v = ( name => $self->conf->{cookieName} . 'pdata', - ( - %{ $req->pdata } + ( %{ $req->pdata } ? ( value => uri_escape( JSON::to_json( $req->pdata ) ) ) - : ( - value => '', + : ( value => '', expires => 'Wed, 21 Oct 2015 00:00:00 GMT' ) ) @@ -94,8 +92,7 @@ sub login { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'controlUrl', @{ $self->beforeAuth }, + [ 'controlUrl', @{ $self->beforeAuth }, $self->authProcess, @{ $self->betweenAuthAndData }, $self->sessionData, @{ $self->afterData }, $self->validSession, @{ $self->endAuth }, @@ -107,8 +104,7 @@ sub postLogin { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'restoreArgs', 'controlUrl', + [ 'restoreArgs', 'controlUrl', @{ $self->beforeAuth }, $self->authProcess, @{ $self->betweenAuthAndData }, $self->sessionData, @{ $self->afterData }, $self->validSession, @@ -121,8 +117,7 @@ sub authenticatedRequest { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'importHandlerData', 'controlUrl', + [ 'importHandlerData', 'controlUrl', 'checkLogout', @{ $self->forAuthUser } ] ); @@ -132,8 +127,7 @@ sub postAuthenticatedRequest { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'importHandlerData', 'restoreArgs', + [ 'importHandlerData', 'restoreArgs', 'controlUrl', 'checkLogout', @{ $self->forAuthUser } ] @@ -150,8 +144,8 @@ sub refresh { foreach ( keys %data ) { delete $data{$_} unless ( /^_/ or /^(?:startTime)$/ ); } - $req->steps( [ - 'getUser', + $req->steps( + [ 'getUser', @{ $self->betweenAuthAndData }, 'setAuthSessionInfo', 'setSessionInfo', @@ -169,21 +163,21 @@ sub refresh { if ($res) { $req->info( $self->loadTemplate( - 'simpleInfo', params => { trspan => 'rightsReloadNeedsLogout' } + 'simpleInfo', + params => { trspan => 'rightsReloadNeedsLogout' } ) ); $req->urldc( $self->conf->{portal} ); - return $self->do( $req, [ sub { PE_INFO } ] ); + return $self->do( $req, [ sub {PE_INFO} ] ); } - return $self->do( $req, [ sub { PE_OK } ] ); + return $self->do( $req, [ sub {PE_OK} ] ); } sub logout { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'controlUrl', @{ $self->beforeLogout }, + [ 'controlUrl', @{ $self->beforeLogout }, 'authLogout', 'deleteSession' ] ); @@ -200,9 +194,9 @@ sub do { # Update status if ( my $p = $self->HANDLER->tsv->{statusPipe} ) { - $p->print( ( $req->user ? $req->user : $req->address ) . ' => ' - . $req->uri - . " $err\n" ); + $p->print(( $req->user ? $req->user : $req->address ) . ' => ' + . $req->uri + . " $err\n" ); } # Update history @@ -228,16 +222,14 @@ sub do { else { return $self->sendJSONresponse( $req, - { - result => 1, + { result => 1, code => $err } ); } } else { - if ( - $err + if ( $err and $err != PE_LOGOUT_OK and ( $err != PE_REDIRECT @@ -246,7 +238,7 @@ sub do { and $req->data->{redirectFormMethod} eq 'post' ) or $req->info ) - ) + ) { my ( $tpl, $prms ) = $self->display($req); $self->logger->debug("Calling sendHtml with template $tpl"); @@ -264,21 +256,20 @@ sub do { sub getModule { my ( $self, $req, $type ) = @_; - if ( - my $mod = { + if (my $mod = { auth => '_authentication', user => '_userDB', password => '_passwordDB' }->{$type} - ) + ) { if ( my $sub = $self->$mod->can('name') ) { return $sub->( $self->$mod, $req, $type ); } else { my $s = ref( $self->$mod ); - $s =~ -s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//; + $s + =~ s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//; return $s; } } @@ -295,7 +286,7 @@ sub autoRedirect { # Set redirection URL if needed $req->{urldc} ||= $self->conf->{portal} - if ( $req->mustRedirect and not( $req->info ) ); + if ( $req->mustRedirect and not( $req->info ) ); # Redirection should be made if urldc defined if ( $req->{urldc} ) { @@ -305,8 +296,9 @@ sub autoRedirect { $req->data->{redirectFormMethod} = "get"; } else { - return [ 302, - [ Location => $req->{urldc}, @{ $req->respHeaders } ], [] ]; + return [ + 302, [ Location => $req->{urldc}, @{ $req->respHeaders } ], [] + ]; } } my ( $tpl, $prms ) = $self->display($req); @@ -326,8 +318,8 @@ sub getApacheSession { $self->logger->debug("Try to get a new $args{kind} session"); } - my $as = Lemonldap::NG::Common::Session->new( { - storageModule => $self->conf->{globalStorage}, + my $as = Lemonldap::NG::Common::Session->new( + { storageModule => $self->conf->{globalStorage}, storageModuleOptions => $self->conf->{globalStorageOptions}, cacheModule => $self->conf->{localSessionStorage}, cacheModuleOptions => $self->conf->{localSessionStorageOptions}, @@ -341,8 +333,7 @@ sub getApacheSession { if ( my $err = $as->error ) { $self->lmLog( $err, - ( - $err =~ /(?:Object does not exist|Invalid session ID)/ + ( $err =~ /(?:Object does not exist|Invalid session ID)/ ? 'notice' : 'error' ) @@ -357,21 +348,19 @@ sub getApacheSession { $self->logger->debug("Get session $id from Portal::Main::Run") if ($id); $self->logger->debug( "Check session validity -> " . $self->conf->{timeoutActivity} . "s" ) - if ( $self->conf->{timeoutActivity} ); + if ( $self->conf->{timeoutActivity} ); my $now = time; - if ( - $id + if ( $id and defined $as->data->{_utime} and ( ( ( $now - $as->data->{_utime} ) > $self->conf->{timeout} ) - or ( - $self->conf->{timeoutActivity} + or ( $self->conf->{timeoutActivity} and $as->data->{_lastSeen} - and ( ( $now - $as->data->{_lastSeen} ) > - $self->conf->{timeoutActivity} ) + and ( ( $now - $as->data->{_lastSeen} ) + > $self->conf->{timeoutActivity} ) ) ) - ) + ) { $self->logger->debug("Session $args{kind} $id expired"); return; @@ -393,8 +382,8 @@ sub getPersistentSession { $info->{_session_uid} = $uid; - my $ps = Lemonldap::NG::Common::Session->new( { - storageModule => $self->conf->{persistentStorage}, + my $ps = Lemonldap::NG::Common::Session->new( + { storageModule => $self->conf->{persistentStorage}, storageModuleOptions => $self->conf->{persistentStorageOptions}, id => $pid, force => 1, @@ -435,10 +424,11 @@ sub updatePersistentSession { # Return if no infos to update return () unless ( ref $infos eq 'HASH' and %$infos ); $uid ||= $req->{sessionInfo}->{ $self->conf->{whatToTrace} } - || $req->userData->{ $self->conf->{whatToTrace} }; + || $req->userData->{ $self->conf->{whatToTrace} }; $self->logger->debug("Found 'whatToTrace' -> $uid"); unless ($uid) { - $self->logger->debug('No uid found, skipping updatePersistentSession'); + $self->logger->debug( + 'No uid found, skipping updatePersistentSession'); return (); } $self->logger->debug("Update $uid persistent session"); @@ -480,14 +470,14 @@ sub updateSession { foreach ( keys %$infos ) { $self->logger->debug( "Update sessionInfo $_ with " . $infos->{$_} ); - $req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_} = - $infos->{$_}; + $req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_} + = $infos->{$_}; } # Update session in global storage with _updateTime $infos->{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() ); - if ( my $apacheSession = - $self->getApacheSession( $id, info => $infos ) ) + if ( my $apacheSession + = $self->getApacheSession( $id, info => $infos ) ) { if ( $apacheSession->error ) { $self->logger->error("Cannot update session $id"); @@ -570,10 +560,10 @@ sub isTrustedUrl { sub stamp { my $self = shift; - my $res = - $self->conf->{cipher} - ? $self->conf->{cipher}->encrypt( time() ) - : 1; + my $res + = $self->conf->{cipher} + ? $self->conf->{cipher}->encrypt( time() ) + : 1; $res =~ s/\+/%2B/g; return $res; } @@ -705,7 +695,7 @@ sub cookie { $h{path} ||= '/'; $h{HttpOnly} //= $self->conf->{httpOnly}; $h{max_age} //= $self->conf->{cookieExpiration} - if ( $self->conf->{cookieExpiration} ); + if ( $self->conf->{cookieExpiration} ); foreach (qw(domain path expires max_age HttpOnly)) { my $f = $_; $f =~ s/_/-/g; @@ -726,16 +716,24 @@ sub _dump { sub sendHtml { my ( $self, $req, $template, %args ) = @_; + $args{params}->{TROVER} = $self->trOver; - $args{templateDir} = - $self->conf->{templateDir} . '/' . $self->getSkin($req); + $args{templateDir} + = $self->conf->{templateDir} . '/' . $self->getSkin($req); + my $tmpl = $args{templateDir} . "/$template.tpl"; + unless ( -f $tmpl ) { + $self->logger->debug("Template : $tmpl NOT found!!!"); + $args{templateDir} = $self->conf->{templateDir} . '/bootstrap'; + $tmpl = $args{templateDir} . "/$template.tpl"; + $self->logger->debug("-> Trying to load $tmpl"); + } my $res = $self->SUPER::sendHtml( $req, $template, %args ); push @{ $res->[1] }, - 'X-XSS-Protection' => '1; mode=block', - 'X-Content-Type-Options' => 'nosniff', - 'Cache-Control' => 'no-cache, no-store, must-revalidate',# HTTP 1.1 - 'Pragma' => 'no-cache', # HTTP 1.0 - 'Expires' => '0'; # Proxies + 'X-XSS-Protection' => '1; mode=block', + 'X-Content-Type-Options' => 'nosniff', + 'Cache-Control' => 'no-cache, no-store, must-revalidate', # HTTP 1.1 + 'Pragma' => 'no-cache', # HTTP 1.0 + 'Expires' => '0'; # Proxies # Set authorized URL for POST my $csp = $self->csp . "form-action " . $self->conf->{cspFormAction}; @@ -749,13 +747,14 @@ sub sendHtml { if ( defined $url ) { $self->logger->debug("Required Params URL : $url"); if ( $url =~ s#(https?://[^/]+).*#$1# ) { - $self->logger->debug("Set CSP form-action with Params URL : $url"); + $self->logger->debug( + "Set CSP form-action with Params URL : $url"); $csp .= " $url"; } } if ( defined $req->{cspFormAction} ) { - $self->logger->debug( - "Set CSP form-action with request URL: " . $req->{cspFormAction} ); + $self->logger->debug( "Set CSP form-action with request URL: " + . $req->{cspFormAction} ); $csp .= " " . $req->{cspFormAction}; } @@ -781,7 +780,7 @@ sub sendHtml { my @url; if ( $req->info ) { @url = map { s#https?://([^/]+).*#$1#; $_ } - ( $req->info =~ /info =~ /conf->{portalSkinBackground} ) { - $s .= - 'html,body{background:url("' - . $self->staticPrefix - . '/common/backgrounds/' - . $self->conf->{portalSkinBackground} - . '") no-repeat center fixed;' - . 'background-size:cover;}'; + $s + .= 'html,body{background:url("' + . $self->staticPrefix + . '/common/backgrounds/' + . $self->conf->{portalSkinBackground} + . '") no-repeat center fixed;' + . 'background-size:cover;}'; } return [ 200, - [ - 'Content-Type' => 'text/css', + [ 'Content-Type' => 'text/css', 'Content-Length' => length($s), 'Cache-Control' => 'public,max-age=3600', ], @@ -832,16 +830,16 @@ sub lmError { # Error code $templateParams{"ERROR$_"} = ( $httpError == $_ ? 1 : 0 ) - foreach ( 403, 404, 500, 502, 503 ); + foreach ( 403, 404, 500, 502, 503 ); return $self->sendHtml( $req, 'error', params => \%templateParams ); } sub rebuildCookies { my ( $self, $req ) = @_; my @tmp; - for ( my $i = 0 ; $i < @{ $req->{respHeaders} } ; $i += 2 ) { + for ( my $i = 0; $i < @{ $req->{respHeaders} }; $i += 2 ) { push @tmp, $req->respHeaders->[0], $req->respHeaders->[1] - unless ( $req->respHeaders->[0] eq 'Set-Cookie' ); + unless ( $req->respHeaders->[0] eq 'Set-Cookie' ); } $req->{respHeaders} = \@tmp; $self->buildCookie($req); @@ -856,8 +854,8 @@ sub tplParams { $portalPath =~ s#[^/]+\.fcgi$##; for my $session_key ( keys %{ $req->{sessionInfo} } ) { - $templateParams{ "session_" . $session_key } = - $req->{sessionInfo}->{$session_key}; + $templateParams{ "session_" . $session_key } + = $req->{sessionInfo}->{$session_key}; } for my $env_key ( keys %{ $req->env } ) { @@ -878,7 +876,7 @@ sub tplParams { sub registerLogin { my ( $self, $req ) = @_; return - unless ( $self->conf->{loginHistoryEnabled} + unless ( $self->conf->{loginHistoryEnabled} and defined $req->authResult ); my $history = $req->sessionInfo->{_loginHistory} ||= {}; my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login'; @@ -888,17 +886,18 @@ sub registerLogin { # Gather current login's parameters my $login = $self->_sumUpSession( $req->{sessionInfo}, 1 ); $login->{error} = $self->error( $req->authResult ) - if ( $req->authResult ); + if ( $req->authResult ); $self->logger->debug( " Current login -> " . $login->{error} ) - if ( $login->{error} ); + if ( $login->{error} ); # Add current login into history unshift @{ $history->{$type} }, $login; # Forget oldest logins splice @{ $history->{$type} }, $self->conf->{ $type . "Number" } - if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } ); + if ( + scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } ); # Save into persistent session $self->updatePersistentSession( $req, { _loginHistory => $history, } ); @@ -911,12 +910,12 @@ sub registerLogin { # @return hashref sub _sumUpSession { my ( $self, $session, $withoutUser ) = @_; - my $res = - $withoutUser - ? {} - : { user => $session->{ $self->conf->{whatToTrace} } }; + my $res + = $withoutUser + ? {} + : { user => $session->{ $self->conf->{whatToTrace} } }; $res->{$_} = $session->{$_} - foreach ( "_utime", "ipAddr", + foreach ( "_utime", "ipAddr", keys %{ $self->conf->{sessionDataToRemember} } ); return $res; } @@ -925,12 +924,12 @@ sub _sumUpSession { sub loadTemplate { my ( $self, $name, %prm ) = @_; $name .= '.tpl'; - my $file = - $self->conf->{templateDir} . '/' - . $self->conf->{portalSkin} . '/' - . $name; + my $file + = $self->conf->{templateDir} . '/' + . $self->conf->{portalSkin} . '/' + . $name; $file = $self->conf->{templateDir} . '/common/' . $name - unless ( -e $file ); + unless ( -e $file ); unless ( -e $file ) { die "Unable to find $name in $self->conf->{templateDir}"; }