Repair LDAP + add register (#595)
This commit is contained in:
parent
095c0cc8d7
commit
069d76051a
|
@ -27,7 +27,8 @@ sub authenticate {
|
||||||
}
|
}
|
||||||
|
|
||||||
my $res =
|
my $res =
|
||||||
$self->userBind( $req->datas->{dn}, password => $req->datas->{password} );
|
$self->userBind( $req, $req->datas->{dn},
|
||||||
|
password => $req->datas->{password} );
|
||||||
|
|
||||||
# Remember password if password reset needed
|
# Remember password if password reset needed
|
||||||
$req->datas->{oldpassword} = $self->{password}
|
$req->datas->{oldpassword} = $self->{password}
|
||||||
|
|
|
@ -162,6 +162,7 @@ sub loadPP {
|
||||||
# @return Lemonldap::NG portal error code
|
# @return Lemonldap::NG portal error code
|
||||||
sub userBind {
|
sub userBind {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
my $req = shift;
|
||||||
|
|
||||||
if ( $self->{conf}->{ldapPpolicyControl} ) {
|
if ( $self->{conf}->{ldapPpolicyControl} ) {
|
||||||
|
|
||||||
|
@ -214,17 +215,11 @@ sub userBind {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $resp->time_before_expiration ) {
|
if ( $resp->time_before_expiration ) {
|
||||||
die 'TODO: change this by JS conversion';
|
$self->{portal}->info( $req,
|
||||||
$self->{portal}->info(
|
'<h3 trspan="authRemaining,'
|
||||||
$req,
|
. $self->{portal}
|
||||||
"<h3>"
|
->convertSec( $resp->time_before_expiration )
|
||||||
. sprintf(
|
. '"></h3>' );
|
||||||
$self->{portal}->msg(PM_PP_EXP_WARNING),
|
|
||||||
$self->{portal}
|
|
||||||
->convertSec( $resp->time_before_expiration )
|
|
||||||
)
|
|
||||||
. "</h3>"
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
|
|
|
@ -43,4 +43,3 @@ sub createUser {
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
||||||
|
|
107
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/LDAP.pm
Normal file
107
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/LDAP.pm
Normal file
|
@ -0,0 +1,107 @@
|
||||||
|
package Lemonldap::NG::Portal::Register::LDAP;
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use Mouse;
|
||||||
|
use Lemonldap::NG::Portal::Lib::LDAP;
|
||||||
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||||
|
PE_LDAPCONNECTFAILED
|
||||||
|
PE_LDAPERROR
|
||||||
|
PE_OK
|
||||||
|
);
|
||||||
|
|
||||||
|
extends 'Lemonldap::NG::Portal::UserDB::LDAP';
|
||||||
|
|
||||||
|
our $VERSION = '2.0.0';
|
||||||
|
|
||||||
|
# RUNNING METHODS
|
||||||
|
|
||||||
|
sub init {
|
||||||
|
my ($self) = @_;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Compute a login from register infos
|
||||||
|
# @result Lemonldap::NG::Portal constant
|
||||||
|
sub computeLogin {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
|
return PE_LDAPCONNECTFAILED unless $self->ldap and $self->bind();
|
||||||
|
|
||||||
|
# Get first letter of firstname and lastname
|
||||||
|
my $login =
|
||||||
|
substr( lc $req->datas->{registerInfo}->{firstname}, 0, 1 )
|
||||||
|
. lc $req->datas->{registerInfo}->{lastname};
|
||||||
|
|
||||||
|
my $finalLogin = $login;
|
||||||
|
|
||||||
|
# The uid must be unique
|
||||||
|
my $i = 0;
|
||||||
|
while ( $self->isLoginUsed($finalLogin) ) {
|
||||||
|
$i++;
|
||||||
|
$finalLogin = $login . $i;
|
||||||
|
}
|
||||||
|
|
||||||
|
$req->datas->{registerInfo}->{login} = $finalLogin;
|
||||||
|
return PE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
## @method int createUser
|
||||||
|
# Do nothing
|
||||||
|
# @result Lemonldap::NG::Portal constant
|
||||||
|
sub createUser {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
|
# LDAP connection has been verified by computeLogin
|
||||||
|
my $mesg = $self->ldap->add(
|
||||||
|
"uid=" . $req->datas->{registerInfo}->{login} . "," . $self->conf->{ldapBase},
|
||||||
|
attrs => [
|
||||||
|
objectClass => [qw/top person organizationalPerson inetOrgPerson/],
|
||||||
|
uid => $req->datas->{registerInfo}->{login},
|
||||||
|
cn => ucfirst $req->datas->{registerInfo}->{firstname} . " "
|
||||||
|
. uc $req->datas->{registerInfo}->{lastname},
|
||||||
|
sn => uc $req->datas->{registerInfo}->{lastname},
|
||||||
|
givenName => ucfirst $req->datas->{registerInfo}->{firstname},
|
||||||
|
userPassword => $req->datas->{registerInfo}->{password},
|
||||||
|
mail => $req->datas->{registerInfo}->{mail},
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
if ( $mesg->is_error ) {
|
||||||
|
$self->lmLog(
|
||||||
|
"Can not create entry for " . $req->datas->{registerInfo}->{login},
|
||||||
|
'error' );
|
||||||
|
$self->lmLog( "LDAP error " . $mesg->error, 'error' );
|
||||||
|
|
||||||
|
$self->ldap->unbind();
|
||||||
|
$self->{flags}->{ldapActive} = 0;
|
||||||
|
|
||||||
|
return PE_LDAPERROR;
|
||||||
|
}
|
||||||
|
return PE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
# PRIVATE METHODS
|
||||||
|
|
||||||
|
# Search if login is already in use
|
||||||
|
sub isLoginUsed {
|
||||||
|
my ( $self, $login ) = @_;
|
||||||
|
|
||||||
|
my $mesg = $self->ldap->search(
|
||||||
|
base => $self->conf->{ldapBase},
|
||||||
|
filter => "(uid=$login)",
|
||||||
|
scope => "sub",
|
||||||
|
attrs => ['1.1'],
|
||||||
|
);
|
||||||
|
|
||||||
|
if ( $mesg->code() != 0 ) {
|
||||||
|
$self->lmLog( "LDAP Search error for $login: " . $mesg->error, 'warn' );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $mesg->count() > 0 ) {
|
||||||
|
$self->lmLog( "Login $login already used in LDAP", 'debug' );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
|
@ -114,7 +114,13 @@ sub bind {
|
||||||
{
|
{
|
||||||
$self->ldap( $self->newLdap );
|
$self->ldap( $self->newLdap );
|
||||||
}
|
}
|
||||||
return $self->ldap ? $self->ldap->bind(@_) : undef;
|
return undef unless($self->ldap);
|
||||||
|
my $msg = $self->ldap->bind(@_);
|
||||||
|
if ( $msg->code ) {
|
||||||
|
$self->lmLog( $msg->error, 'error' );
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
# RUNNING METHODS
|
# RUNNING METHODS
|
||||||
|
|
|
@ -83,7 +83,6 @@
|
||||||
"PM3":"The following sessions have been closed",
|
"PM3":"The following sessions have been closed",
|
||||||
"PM4":"Other active sessions",
|
"PM4":"Other active sessions",
|
||||||
"PM5":"Remove other sessions",
|
"PM5":"Remove other sessions",
|
||||||
"PM6":"authentications remaining, change your password!",
|
|
||||||
"PM7":"%d days, %d hours, %d minutes and %d seconds before password expiration, change it!",
|
"PM7":"%d days, %d hours, %d minutes and %d seconds before password expiration, change it!",
|
||||||
"PM8":"Select your Identity Provider",
|
"PM8":"Select your Identity Provider",
|
||||||
"PM10":"Remember my choice",
|
"PM10":"Remember my choice",
|
||||||
|
@ -100,6 +99,7 @@
|
||||||
"anotherInformation":"Another information:",
|
"anotherInformation":"Another information:",
|
||||||
"areYouSure":"Are you sure?",
|
"areYouSure":"Are you sure?",
|
||||||
"authPortal":"Authentication portal",
|
"authPortal":"Authentication portal",
|
||||||
|
"authRemaining":"%s authentications remaining, change your password!",
|
||||||
"autoAccept":"Automatically accept in 5 seconds",
|
"autoAccept":"Automatically accept in 5 seconds",
|
||||||
"autoMail":"This mail was sent automatically",
|
"autoMail":"This mail was sent automatically",
|
||||||
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
|
"back2CasUrl":"The application you just logged out of has provided a link it would like you to follow",
|
||||||
|
|
|
@ -83,7 +83,6 @@
|
||||||
"PM3":"Les sessions suivantes ont été fermées",
|
"PM3":"Les sessions suivantes ont été fermées",
|
||||||
"PM4":"Autres sessions ouvertes",
|
"PM4":"Autres sessions ouvertes",
|
||||||
"PM5":"Fermer les autres sessions",
|
"PM5":"Fermer les autres sessions",
|
||||||
"PM6":"authentifications restantes, changez votre mot de passe !",
|
|
||||||
"PM7":"%d jours, %d heures, %d minutes et %d secondes avant expiration de votre mot de passe, pensez à le changer !",
|
"PM7":"%d jours, %d heures, %d minutes et %d secondes avant expiration de votre mot de passe, pensez à le changer !",
|
||||||
"PM8":"Choisissez votre fournisseur d'identité",
|
"PM8":"Choisissez votre fournisseur d'identité",
|
||||||
"PM10":"Se souvenir de mon choix",
|
"PM10":"Se souvenir de mon choix",
|
||||||
|
@ -100,6 +99,7 @@
|
||||||
"anotherInformation":"Une autre information :",
|
"anotherInformation":"Une autre information :",
|
||||||
"areYouSure":"Êtes vous sûr ?",
|
"areYouSure":"Êtes vous sûr ?",
|
||||||
"authPortal":"Portail d'authentification",
|
"authPortal":"Portail d'authentification",
|
||||||
|
"authRemaining":"%s authentifications restantes, changez votre mot de passe !",
|
||||||
"autoAccept":"Acceptation automatique dans 5 secondes",
|
"autoAccept":"Acceptation automatique dans 5 secondes",
|
||||||
"autoMail":"Ceci est un message automatique",
|
"autoMail":"Ceci est un message automatique",
|
||||||
"back2CasUrl":"Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre",
|
"back2CasUrl":"Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre",
|
||||||
|
|
|
@ -16,6 +16,7 @@ SKIP: {
|
||||||
useSafeJail => 1,
|
useSafeJail => 1,
|
||||||
authentication => 'LDAP',
|
authentication => 'LDAP',
|
||||||
userDB => 'LDAP',
|
userDB => 'LDAP',
|
||||||
|
registerDB => 'LDAP',
|
||||||
LDAPFilter => $ENV{LDAPFILTER} || '(cn=$user)',
|
LDAPFilter => $ENV{LDAPFILTER} || '(cn=$user)',
|
||||||
ldapServer => $ENV{LDAPSERVER},
|
ldapServer => $ENV{LDAPSERVER},
|
||||||
ldapBase => $ENV{LDAPBASE},
|
ldapBase => $ENV{LDAPBASE},
|
||||||
|
|
|
@ -256,17 +256,17 @@ sub logout {
|
||||||
),
|
),
|
||||||
'Logout request'
|
'Logout request'
|
||||||
);
|
);
|
||||||
main::ok( $res->[0] == 200, 'Response is 200' )
|
main::ok( $res->[0] == 200, ' Response is 200' )
|
||||||
or explain( $res->[0], 200 );
|
or explain( $res->[0], 200 );
|
||||||
my $c;
|
my $c;
|
||||||
main::ok(
|
main::ok(
|
||||||
( defined( $c = main::getCookies($res)->{lemonldap} ) and not $c ),
|
( defined( $c = main::getCookies($res)->{lemonldap} ) and not $c ),
|
||||||
'Cookie is deleted' )
|
' Cookie is deleted' )
|
||||||
or main::explain( $res->[1], "Set-Cookie => 'lemonldap='" );
|
or main::explain( $res->[1], "Set-Cookie => 'lemonldap='" );
|
||||||
main::ok( $res = $self->_get( '/', cookie => "lemonldap=$id" ),
|
main::ok( $res = $self->_get( '/', cookie => "lemonldap=$id" ),
|
||||||
'Disconnect request' )
|
'Disconnect request' )
|
||||||
or explain( $res, '[<code>,<hdrs>,<content>]' );
|
or explain( $res, '[<code>,<hdrs>,<content>]' );
|
||||||
main::ok( $res->[0] == 401, 'Response is 401' )
|
main::ok( $res->[0] == 401, ' Response is 401' )
|
||||||
or main::explain( $res, 401 );
|
or main::explain( $res, 401 );
|
||||||
main::count(5);
|
main::count(5);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user