#595 in progress
This commit is contained in:
parent
d3d6410646
commit
13051ce0af
|
@ -1,7 +1,7 @@
|
|||
##@class Lemonldap::NG::Portal::Main::Init
|
||||
# Initialization part of Lemonldap::NG portal
|
||||
#
|
||||
# 2 methods:
|
||||
# 2 public methods:
|
||||
# - init(): launch at startup. Load 'portal' section of lemonldap-ng.ini,
|
||||
# initialize default route and launch reloadConf()
|
||||
# - reloadConf(): (re)load configuration using localConf (ie 'portal' section
|
||||
|
@ -137,17 +137,48 @@ sub reloadConf {
|
|||
$self->_authentication->authnLevel(
|
||||
$self->conf->{ $self->conf->authentication . "AuthnLevel" } );
|
||||
|
||||
# Initialize trusted domain list
|
||||
$self->conf->{trustedDomains} ||= "";
|
||||
$self->conf->{trustedDomains} = "*"
|
||||
if ( $self->conf->{trustedDomains} =~ /(^|\s)\*(\s|$)/ );
|
||||
if ( $self->conf->{trustedDomains}
|
||||
and $self->conf->{trustedDomains} ne "*" )
|
||||
{
|
||||
$self->conf->{trustedDomains} =~ s#(^|\s+)\.#${1}[^/]+.#g;
|
||||
$self->conf->{trustedDomains} = '('
|
||||
. join( '|', split( /\s+/, $self->conf->{trustedDomains} ) ) . ')';
|
||||
$self->conf->{trustedDomains} =~ s/\./\\./g;
|
||||
# Initialize trusted domain regexp
|
||||
if ( $self->conf->{trustedDomains} =~ /^\s*\*\s*$/ ) {
|
||||
$self->trustedDomains(qr#^https?://#);
|
||||
}
|
||||
else {
|
||||
my $re = Regexp::Assemble->new();
|
||||
if ( my $td = $self->conf->{trustedDomains} ) {
|
||||
$td =~ s/^\s*(.*?)\s*/$1/;
|
||||
$self->lmLog( "Domain $_ added in trusted domains", 'debug' );
|
||||
foreach ( split( /\s+/, $td ) ) {
|
||||
s#^\.#([^/]+\.)?#;
|
||||
s/\./\\./;
|
||||
$re->add($_);
|
||||
}
|
||||
}
|
||||
foreach my $vhost ( keys %{ $self->conf->{locationRules} } ) {
|
||||
$self->lmLog( "Vhost $vhost added in trusted domains", 'debug' );
|
||||
$re->add( quotemeta($vhost) );
|
||||
if ( my $tmp =
|
||||
$self->conf->{vhostOptions}->{$vhost}->{vhostAliases} )
|
||||
{
|
||||
foreach my $alias ( split /\s+/, $tmp ) {
|
||||
$self->lmLog( "Alias $alias added in trusted domains",
|
||||
'debug' );
|
||||
$re->add( quotemeta($alias) );
|
||||
}
|
||||
}
|
||||
}
|
||||
my $tmp = 'https?://' . $re->as_string . '(?:/|$)';
|
||||
$self->trustedDomains(qr/$tmp/);
|
||||
}
|
||||
if ( my $td = $self->conf->{trustedDomains} ) {
|
||||
$td =~ s/^\s*(.*?)\s*/$1/;
|
||||
if ( $td eq '*' ) {
|
||||
$self->trustedDomains(qr#^https?://#);
|
||||
}
|
||||
else {
|
||||
my $tmp =
|
||||
join( '|', map { s#^\.#([^/]+\.)?# } split( /\s+/, $td ) );
|
||||
$tmp =~ s/\./\\./g;
|
||||
$self->trustedDomains(qr#^https?://$tmp(?:\d+)?(?:/|$)#);
|
||||
}
|
||||
}
|
||||
|
||||
# TODO: compile macros in _macros, groups in _groups
|
||||
|
|
|
@ -49,7 +49,9 @@ sub enabledPlugins {
|
|||
}
|
||||
}
|
||||
|
||||
# Simple plugins
|
||||
push @res, '::Plugins::GrantSession' if ( $self->conf->{grantSessionRule} );
|
||||
push @res, '::Plugins::CDA' if ( $self->conf->{cda} );
|
||||
|
||||
# TODO: Password
|
||||
|
||||
|
|
|
@ -62,7 +62,6 @@ sub pleaseAuth {
|
|||
return $self->sendJSONresponse( $req, { status => 0 } );
|
||||
}
|
||||
|
||||
|
||||
sub login {
|
||||
my ( $self, $req ) = @_;
|
||||
return $req->do(
|
||||
|
@ -156,4 +155,26 @@ sub getModule {
|
|||
}
|
||||
}
|
||||
|
||||
sub autoRedirect {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
# Set redirection URL if needed
|
||||
$req->datas->{urldc} ||= $self->conf->{portal} if ( $req->mustRedirect );
|
||||
|
||||
# Redirection should be made if urldc defined
|
||||
if ( $req->datas->{urldc} ) {
|
||||
return [ 302, [ Location => $req->datas->{urldc} ], [] ];
|
||||
}
|
||||
else {
|
||||
return $self->sendHtml( $req->template || 'menu' );
|
||||
}
|
||||
}
|
||||
|
||||
# Check if an URL's domain name is declared in LL::NG config or is declared as
|
||||
# trusted domain
|
||||
sub isTrustedUrl {
|
||||
my ( $self, $url ) = @_;
|
||||
return $url =~ $self->trustedDomains ? 1 : 0;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
32
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm
Normal file
32
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm
Normal file
|
@ -0,0 +1,32 @@
|
|||
package Lemonldap::NG::Portal::Plugins::CDA;
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Module';
|
||||
|
||||
sub afterDatas {
|
||||
return 'changeUrldc';
|
||||
}
|
||||
|
||||
sub changeUrldc {
|
||||
my ( $self, $req ) = @_;
|
||||
my $urldc = $req->datas->{urldc};
|
||||
if ( $req->id
|
||||
and $urldc !~ m#^https?://[^/]*$self->{conf}->{domain}(:\d+)?/#oi
|
||||
and $self->isTrustedUrl($urldc) )
|
||||
{
|
||||
my $ssl = $urldc =~ /^https/;
|
||||
$self->lmLog( 'CDA request', 'debug' );
|
||||
$req->datas->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
|
||||
. (
|
||||
( $self->conf->{securedCookie} < 2 or $ssl )
|
||||
? $self->conf->{cookieName} . "=" . $req->id
|
||||
: $self->conf->{cookieName} . "http="
|
||||
. $req->{sessionInfo}->{_httpSession}
|
||||
);
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in New Issue
Block a user