Repair LDAP + add register (#595)
This commit is contained in:
Xavier Guimard
parent
095c0cc8d7
commit
069d76051a
|
|
@ -27,7 +27,8 @@ sub authenticate {
|
|||
}
|
||||
|
||||
my $res =
|
||||
$self->userBind( $req->datas->{dn}, password => $req->datas->{password} );
|
||||
$self->userBind( $req, $req->datas->{dn},
|
||||
password => $req->datas->{password} );
|
||||
|
||||
# Remember password if password reset needed
|
||||
$req->datas->{oldpassword} = $self->{password}
|
||||
|
|
|
|||
|
|
@ -162,6 +162,7 @@ sub loadPP {
|
|||
# @return Lemonldap::NG portal error code
|
||||
sub userBind {
|
||||
my $self = shift;
|
||||
my $req = shift;
|
||||
|
||||
if ( $self->{conf}->{ldapPpolicyControl} ) {
|
||||
|
||||
|
|
@ -214,17 +215,11 @@ sub userBind {
|
|||
}
|
||||
|
||||
if ( $resp->time_before_expiration ) {
|
||||
die 'TODO: change this by JS conversion';
|
||||
$self->{portal}->info(
|
||||
$req,
|
||||
"<h3>"
|
||||
. sprintf(
|
||||
$self->{portal}->msg(PM_PP_EXP_WARNING),
|
||||
$self->{portal}
|
||||
->convertSec( $resp->time_before_expiration )
|
||||
)
|
||||
. "</h3>"
|
||||
);
|
||||
$self->{portal}->info( $req,
|
||||
'<h3 trspan="authRemaining,'
|
||||
. $self->{portal}
|
||||
->convertSec( $resp->time_before_expiration )
|
||||
. '"></h3>' );
|
||||
}
|
||||
|
||||
return PE_OK;
|
||||
|
|
|
|||
|
|
@ -43,4 +43,3 @@ sub createUser {
|
|||
}
|
||||
|
||||
1;
|
||||
|
||||
|
|
|
|||
107
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/LDAP.pm
Normal file
107
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/LDAP.pm
Normal file
|
|
@ -0,0 +1,107 @@
|
|||
package Lemonldap::NG::Portal::Register::LDAP;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Lib::LDAP;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_LDAPCONNECTFAILED
|
||||
PE_LDAPERROR
|
||||
PE_OK
|
||||
);
|
||||
|
||||
extends 'Lemonldap::NG::Portal::UserDB::LDAP';
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
# RUNNING METHODS
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
}
|
||||
|
||||
# Compute a login from register infos
|
||||
# @result Lemonldap::NG::Portal constant
|
||||
sub computeLogin {
|
||||
my ( $self, $req ) = @_;
|
||||
return PE_LDAPCONNECTFAILED unless $self->ldap and $self->bind();
|
||||
|
||||
# Get first letter of firstname and lastname
|
||||
my $login =
|
||||
substr( lc $req->datas->{registerInfo}->{firstname}, 0, 1 )
|
||||
. lc $req->datas->{registerInfo}->{lastname};
|
||||
|
||||
my $finalLogin = $login;
|
||||
|
||||
# The uid must be unique
|
||||
my $i = 0;
|
||||
while ( $self->isLoginUsed($finalLogin) ) {
|
||||
$i++;
|
||||
$finalLogin = $login . $i;
|
||||
}
|
||||
|
||||
$req->datas->{registerInfo}->{login} = $finalLogin;
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
## @method int createUser
|
||||
# Do nothing
|
||||
# @result Lemonldap::NG::Portal constant
|
||||
sub createUser {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
# LDAP connection has been verified by computeLogin
|
||||
my $mesg = $self->ldap->add(
|
||||
"uid=" . $req->datas->{registerInfo}->{login} . "," . $self->conf->{ldapBase},
|
||||
attrs => [
|
||||
objectClass => [qw/top person organizationalPerson inetOrgPerson/],
|
||||
uid => $req->datas->{registerInfo}->{login},
|
||||
cn => ucfirst $req->datas->{registerInfo}->{firstname} . " "
|
||||
. uc $req->datas->{registerInfo}->{lastname},
|
||||
sn => uc $req->datas->{registerInfo}->{lastname},
|
||||
givenName => ucfirst $req->datas->{registerInfo}->{firstname},
|
||||
userPassword => $req->datas->{registerInfo}->{password},
|
||||
mail => $req->datas->{registerInfo}->{mail},
|
||||
]
|
||||
);
|
||||
|
||||
if ( $mesg->is_error ) {
|
||||
$self->lmLog(
|
||||
"Can not create entry for " . $req->datas->{registerInfo}->{login},
|
||||
'error' );
|
||||
$self->lmLog( "LDAP error " . $mesg->error, 'error' );
|
||||
|
||||
$self->ldap->unbind();
|
||||
$self->{flags}->{ldapActive} = 0;
|
||||
|
||||
return PE_LDAPERROR;
|
||||
}
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
# PRIVATE METHODS
|
||||
|
||||
# Search if login is already in use
|
||||
sub isLoginUsed {
|
||||
my ( $self, $login ) = @_;
|
||||
|
||||
my $mesg = $self->ldap->search(
|
||||
base => $self->conf->{ldapBase},
|
||||
filter => "(uid=$login)",
|
||||
scope => "sub",
|
||||
attrs => ['1.1'],
|
||||
);
|
||||
|
||||
if ( $mesg->code() != 0 ) {
|
||||
$self->lmLog( "LDAP Search error for $login: " . $mesg->error, 'warn' );
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( $mesg->count() > 0 ) {
|
||||
$self->lmLog( "Login $login already used in LDAP", 'debug' );
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
@ -114,7 +114,13 @@ sub bind {
|
|||
{
|
||||
$self->ldap( $self->newLdap );
|
||||
}
|
||||
return $self->ldap ? $self->ldap->bind(@_) : undef;
|
||||
return undef unless($self->ldap);
|
||||
my $msg = $self->ldap->bind(@_);
|
||||
if ( $msg->code ) {
|
||||
$self->lmLog( $msg->error, 'error' );
|
||||
return undef;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
# RUNNING METHODS
|
||||
|
|
|
|||
|
|
@ -83,7 +83,6 @@
|
|||
"PM3":"The following sessions have been closed",
|
||||
"PM4":"Other active sessions",
|
||||
"PM5":"Remove other sessions",
|
||||
"PM6":"authentications remaining, change your password!",
|
||||
"PM7":"%d days, %d hours, %d minutes and %d seconds before password expiration, change it!",
|
||||
"PM8":"Select your Identity Provider",
|
||||
"PM10":"Remember my choice",
|
||||
|
|
@ -100,6 +99,7 @@
|
|||
"anotherInformation":"Another information:",
|
||||
"areYouSure":"Are you sure?",
|
||||
"authPortal":"Authentication portal",
|
||||
"authRemaining":"%s authentications remaining, change your password!",
|
||||
"autoAccept":"Automatically accept in 5 seconds",
|
||||
"autoMail":"This mail was sent automatically",
|
||||
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
|
||||
|
|
|
|||
|
|
@ -83,7 +83,6 @@
|
|||
"PM3":"Les sessions suivantes ont été fermées",
|
||||
"PM4":"Autres sessions ouvertes",
|
||||
"PM5":"Fermer les autres sessions",
|
||||
"PM6":"authentifications restantes, changez votre mot de passe !",
|
||||
"PM7":"%d jours, %d heures, %d minutes et %d secondes avant expiration de votre mot de passe, pensez à le changer !",
|
||||
"PM8":"Choisissez votre fournisseur d'identité",
|
||||
"PM10":"Se souvenir de mon choix",
|
||||
|
|
@ -100,6 +99,7 @@
|
|||
"anotherInformation":"Une autre information :",
|
||||
"areYouSure":"Êtes vous sûr ?",
|
||||
"authPortal":"Portail d'authentification",
|
||||
"authRemaining":"%s authentifications restantes, changez votre mot de passe !",
|
||||
"autoAccept":"Acceptation automatique dans 5 secondes",
|
||||
"autoMail":"Ceci est un message automatique",
|
||||
"back2CasUrl":"Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre",
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ SKIP: {
|
|||
useSafeJail => 1,
|
||||
authentication => 'LDAP',
|
||||
userDB => 'LDAP',
|
||||
registerDB => 'LDAP',
|
||||
LDAPFilter => $ENV{LDAPFILTER} || '(cn=$user)',
|
||||
ldapServer => $ENV{LDAPSERVER},
|
||||
ldapBase => $ENV{LDAPBASE},
|
||||
|
|
|
|||
|
|
@ -256,17 +256,17 @@ sub logout {
|
|||
),
|
||||
'Logout request'
|
||||
);
|
||||
main::ok( $res->[0] == 200, 'Response is 200' )
|
||||
main::ok( $res->[0] == 200, ' Response is 200' )
|
||||
or explain( $res->[0], 200 );
|
||||
my $c;
|
||||
main::ok(
|
||||
( defined( $c = main::getCookies($res)->{lemonldap} ) and not $c ),
|
||||
'Cookie is deleted' )
|
||||
' Cookie is deleted' )
|
||||
or main::explain( $res->[1], "Set-Cookie => 'lemonldap='" );
|
||||
main::ok( $res = $self->_get( '/', cookie => "lemonldap=$id" ),
|
||||
'Disconnect request' )
|
||||
or explain( $res, '[<code>,<hdrs>,<content>]' );
|
||||
main::ok( $res->[0] == 401, 'Response is 401' )
|
||||
main::ok( $res->[0] == 401, ' Response is 401' )
|
||||
or main::explain( $res, 401 );
|
||||
main::count(5);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user