From 13051ce0af81c8046cc2f4d53759654b6186ed1a Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Sun, 3 Apr 2016 08:44:58 +0000 Subject: [PATCH] #595 in progress --- .../lib/Lemonldap/NG/Portal/Main/Init.pm | 55 +++++++++++++++---- .../lib/Lemonldap/NG/Portal/Main/Plugins.pm | 2 + .../lib/Lemonldap/NG/Portal/Main/Run.pm | 23 +++++++- .../lib/Lemonldap/NG/Portal/Plugins/CDA.pm | 32 +++++++++++ 4 files changed, 99 insertions(+), 13 deletions(-) create mode 100644 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm index f90166517..485d24095 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm @@ -1,7 +1,7 @@ ##@class Lemonldap::NG::Portal::Main::Init # Initialization part of Lemonldap::NG portal # -# 2 methods: +# 2 public methods: # - init(): launch at startup. Load 'portal' section of lemonldap-ng.ini, # initialize default route and launch reloadConf() # - reloadConf(): (re)load configuration using localConf (ie 'portal' section @@ -137,17 +137,48 @@ sub reloadConf { $self->_authentication->authnLevel( $self->conf->{ $self->conf->authentication . "AuthnLevel" } ); - # Initialize trusted domain list - $self->conf->{trustedDomains} ||= ""; - $self->conf->{trustedDomains} = "*" - if ( $self->conf->{trustedDomains} =~ /(^|\s)\*(\s|$)/ ); - if ( $self->conf->{trustedDomains} - and $self->conf->{trustedDomains} ne "*" ) - { - $self->conf->{trustedDomains} =~ s#(^|\s+)\.#${1}[^/]+.#g; - $self->conf->{trustedDomains} = '(' - . join( '|', split( /\s+/, $self->conf->{trustedDomains} ) ) . ')'; - $self->conf->{trustedDomains} =~ s/\./\\./g; + # Initialize trusted domain regexp + if ( $self->conf->{trustedDomains} =~ /^\s*\*\s*$/ ) { + $self->trustedDomains(qr#^https?://#); + } + else { + my $re = Regexp::Assemble->new(); + if ( my $td = $self->conf->{trustedDomains} ) { + $td =~ s/^\s*(.*?)\s*/$1/; + $self->lmLog( "Domain $_ added in trusted domains", 'debug' ); + foreach ( split( /\s+/, $td ) ) { + s#^\.#([^/]+\.)?#; + s/\./\\./; + $re->add($_); + } + } + foreach my $vhost ( keys %{ $self->conf->{locationRules} } ) { + $self->lmLog( "Vhost $vhost added in trusted domains", 'debug' ); + $re->add( quotemeta($vhost) ); + if ( my $tmp = + $self->conf->{vhostOptions}->{$vhost}->{vhostAliases} ) + { + foreach my $alias ( split /\s+/, $tmp ) { + $self->lmLog( "Alias $alias added in trusted domains", + 'debug' ); + $re->add( quotemeta($alias) ); + } + } + } + my $tmp = 'https?://' . $re->as_string . '(?:/|$)'; + $self->trustedDomains(qr/$tmp/); + } + if ( my $td = $self->conf->{trustedDomains} ) { + $td =~ s/^\s*(.*?)\s*/$1/; + if ( $td eq '*' ) { + $self->trustedDomains(qr#^https?://#); + } + else { + my $tmp = + join( '|', map { s#^\.#([^/]+\.)?# } split( /\s+/, $td ) ); + $tmp =~ s/\./\\./g; + $self->trustedDomains(qr#^https?://$tmp(?:\d+)?(?:/|$)#); + } } # TODO: compile macros in _macros, groups in _groups diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm index 0826921b6..12dec8e85 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm @@ -49,7 +49,9 @@ sub enabledPlugins { } } + # Simple plugins push @res, '::Plugins::GrantSession' if ( $self->conf->{grantSessionRule} ); + push @res, '::Plugins::CDA' if ( $self->conf->{cda} ); # TODO: Password diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 2283b3cf1..4d0466e3a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -62,7 +62,6 @@ sub pleaseAuth { return $self->sendJSONresponse( $req, { status => 0 } ); } - sub login { my ( $self, $req ) = @_; return $req->do( @@ -156,4 +155,26 @@ sub getModule { } } +sub autoRedirect { + my ( $self, $req ) = @_; + + # Set redirection URL if needed + $req->datas->{urldc} ||= $self->conf->{portal} if ( $req->mustRedirect ); + + # Redirection should be made if urldc defined + if ( $req->datas->{urldc} ) { + return [ 302, [ Location => $req->datas->{urldc} ], [] ]; + } + else { + return $self->sendHtml( $req->template || 'menu' ); + } +} + +# Check if an URL's domain name is declared in LL::NG config or is declared as +# trusted domain +sub isTrustedUrl { + my ( $self, $url ) = @_; + return $url =~ $self->trustedDomains ? 1 : 0; +} + 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm new file mode 100644 index 000000000..73b63b2f8 --- /dev/null +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm @@ -0,0 +1,32 @@ +package Lemonldap::NG::Portal::Plugins::CDA; + +use strict; +use Mouse; + +extends 'Lemonldap::NG::Portal::Main::Module'; + +sub afterDatas { + return 'changeUrldc'; +} + +sub changeUrldc { + my ( $self, $req ) = @_; + my $urldc = $req->datas->{urldc}; + if ( $req->id + and $urldc !~ m#^https?://[^/]*$self->{conf}->{domain}(:\d+)?/#oi + and $self->isTrustedUrl($urldc) ) + { + my $ssl = $urldc =~ /^https/; + $self->lmLog( 'CDA request', 'debug' ); + $req->datas->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' ) + . ( + ( $self->conf->{securedCookie} < 2 or $ssl ) + ? $self->conf->{cookieName} . "=" . $req->id + : $self->conf->{cookieName} . "http=" + . $req->{sessionInfo}->{_httpSession} + ); + } + PE_OK; +} + +1;