diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST
index a881b9095..2e8ce07c4 100644
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -49,7 +49,6 @@ lib/Lemonldap/NG/Portal/AuthOpenID.pm
lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm
lib/Lemonldap/NG/Portal/AuthRadius.pm
lib/Lemonldap/NG/Portal/AuthSAML.pm
-lib/Lemonldap/NG/Portal/AuthSSL.pm
lib/Lemonldap/NG/Portal/AuthTwitter.pm
lib/Lemonldap/NG/Portal/AuthWebID.pm
lib/Lemonldap/NG/Portal/AuthYubikey.pm
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
deleted file mode 100644
index a49b3a41a..000000000
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
+++ /dev/null
@@ -1,208 +0,0 @@
-##@file
-# SSL authentication backend file
-
-##@class
-# SSL authentication backend class
-package Lemonldap::NG::Portal::AuthSSL;
-
-use strict;
-use Lemonldap::NG::Portal::Simple;
-use Lemonldap::NG::Portal::AuthNull;
-
-our $VERSION = '2.0.0';
-our @ISA = qw(Lemonldap::NG::Portal::AuthNull);
-
-## @apmethod int authInit()
-# Check if SSL environment variables are set.
-# @return Lemonldap::NG::Portal constant
-sub authInit {
- my $self = shift;
- $self->{SSLVar} ||= 'SSL_CLIENT_S_DN_Email';
- PE_OK;
-}
-
-## @apmethod int extractFormInfo()
-# Read username in SSL environment variables, or return an error
-# @return Lemonldap::NG::Portal constant
-sub extractFormInfo {
- my $self = shift;
- my $user = $self->https ? $ENV{ $self->{SSLVar} } : 0;
- if ($user) {
- $self->{user} = $user;
- return PE_OK;
- }
- elsif ( $ENV{SSL_CLIENT_S_DN} ) {
- $self->_sub( 'userError',
- "$self->{SSLVar} was not found in user certificate" );
- return PE_BADCERTIFICATE;
- }
- else {
- $self->_sub( 'userError', 'No certificate found' );
- return PE_CERTIFICATEREQUIRED;
- }
-}
-
-## @apmethod int setAuthSessionInfo()
-# Set _user and authenticationLevel.
-# @return Lemonldap::NG::Portal constant
-sub setAuthSessionInfo {
- my $self = shift;
-
- # Store user certificate login for basic rules
- $self->{sessionInfo}->{'_user'} = $self->{'user'};
-
- $self->{sessionInfo}->{authenticationLevel} = $self->{SSLAuthnLevel};
- PE_OK;
-}
-
-## @apmethod int authenticate()
-# Just test that SSL authentication has been done: job is done in
-# extractFormInfo()
-# @return Lemonldap::NG::Portal constant
-sub authenticate {
- my $self = shift;
- return ( $self->{user} and $ENV{ $self->{SSLVar} } )
- ? PE_OK
- : PE_ERROR;
-}
-
-## @method string getDisplayType
-# @return display type
-sub getDisplayType {
- return "logo";
-}
-
-1;
-
-__END__
-
-=head1 NAME
-
-=encoding utf8
-
-Lemonldap::NG::Portal::AuthSSL - Perl extension for building Lemonldap::NG
-compatible portals with SSL authentication.
-
-=head1 SYNOPSIS
-
-With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in
-configuration database.
-
-With Lemonldap::NG::Portal::Simple:
-
- use Lemonldap::NG::Portal::Simple;
- my $portal = new Lemonldap::NG::Portal::Simple(
- domain => 'example.com',
- globalStorage => 'Apache::Session::MySQL',
- globalStorageOptions => {
- DataSource => 'dbi:mysql:database',
- UserName => 'db_user',
- Password => 'db_password',
- TableName => 'sessions',
- },
- ldapServer => 'ldap.domaine.com',
- securedCookie => 1,
- authentication => 'SSL',
-
- # SSLVar: field to search in client certificate
- # default: SSL_CLIENT_S_DN_Email the mail address
- SSLVar => 'SSL_CLIENT_S_DN_CN',
- );
-
- if($portal->process()) {
- # Write here the menu with CGI methods. This page is displayed ONLY IF
- # the user was not redirected here.
- print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
- print "...";
-
- # or redirect the user to the menu
- print $portal->redirect( -uri => 'https://portal/menu');
- }
- else {
- # If the user enters here, IT MEANS THAT YOUR SSL PARAMETERS ARE BAD
- print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
- print "
Unable to work
";
- print "This server isn't well configured. Contact your administrator.";
- print "";
- }
-
-Modify your httpd.conf:
-
-
- SSLVerifyClient optional # or 'require' if login/password are disabled
- SSLOptions +StdEnvVars
-
-
-=head1 DESCRIPTION
-
-This library just overload few methods of Lemonldap::NG::Portal::Simple to use
-Apache SSLv3 mechanism: we've just to verify that
-C<$ENV{SSL_CLIENT_S_DN_Email}> exists. So remenber to export SSL variables
-to CGI.
-
-If SSL is used, authenticationLevel is set to 5. You can use this parameter in
-L rules to force users to use certificates in some
-applications:
-
- virtualHost1 => {
- 'default' => '$authenticationLevel > 5 and $uid = "jeff"',
- },
-
-Note that you can use Apache SSL environment variables in "exported variables".
-
-See L for usage and other methods.
-
-=head1 SEE ALSO
-
-L, L,
-L
-
-=head1 AUTHOR
-
-=over
-
-=item Clement Oudot, Eclem.oudot@gmail.comE
-
-=item François-Xavier Deltombe, Efxdeltombe@gmail.com.E
-
-=item Xavier Guimard, Ex.guimard@free.frE
-
-=back
-
-=head1 BUG REPORT
-
-Use OW2 system to report bug or ask for features:
-L
-
-=head1 DOWNLOAD
-
-Lemonldap::NG is available at
-L
-
-=head1 COPYRIGHT AND LICENSE
-
-=over
-
-=item Copyright (C) 2006-2010 by Xavier Guimard, Ex.guimard@free.frE
-
-=item Copyright (C) 2012-2013 by François-Xavier Deltombe, Efxdeltombe@gmail.com.E
-
-=item Copyright (C) 2006-2012 by Clement Oudot, Eclem.oudot@gmail.comE
-
-=back
-
-This library is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see L.
-
-=cut
-
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index 36c680d16..0e522fcde 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -7,6 +7,29 @@ our $VERSION = '2.0.0';
package Lemonldap::NG::Portal::Main;
use strict;
+has skinRules => ( is => 'rw' );
+
+sub displayInit {
+ my ($self) = @_;
+ $self->skinRules( [] );
+ if ( $self->conf->{portalSkinRules} ) {
+ foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) {
+ my $sub = HANDLER->buildSub( HANDLER->substitute($skinRule) );
+ if ($sub) {
+ push @{ $self->skinRules },
+ [ $self->conf->{portalSkinRules}->{$skinRule}, $sub ];
+ }
+ else {
+ $self->lmLog(
+ qq(Skin rule "$skinRule" returns an error: )
+ . HANDLER->tsv->{jail}->error,
+ 'error'
+ );
+ }
+ }
+ }
+}
+
# Call portal process and set template parameters
# @return template name and template parameters
sub display {
@@ -376,12 +399,10 @@ sub getSkin {
$req->{sessionInfo}->{ipAddr} ||= $req->remote_ip;
# Load specific skin from skinRules
- if ( $self->conf->{portalSkinRules} ) {
- foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) {
- if ( HANDLER->tsv->{jail}->reval($skinRule) ) {
- $skin = $self->conf->{portalSkinRules}->{$skinRule};
- $self->lmLog( "Skin $skin selected from skin rule", 'debug' );
- }
+ foreach my $rule ( @{ $self->skinRules } ) {
+ if ( $rule->[1]->( $req->sessionInfo ) ) {
+ $skin = $rule->[0];
+ $self->lmLog( "Skin $skin selected from skin rule", 'debug' );
}
}
@@ -433,7 +454,8 @@ sub mkSessionArray {
. 'Date | IP address | ';
$tmp .= "" . $self->conf->{sessionDataToRemember}->{$_} . " | "
foreach ( keys %{ $self->conf->{sessionDataToRemember} } );
- $tmp .= 'Error message | ' if ($displayError);
+ $tmp .= 'Error message | '
+ if ($displayError);
$tmp .= '';
foreach my $session (@$sessions) {
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
index 2a9b1b356..34bf85e23 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
@@ -251,6 +251,7 @@ sub reloadConf {
}
$self->menu( $self->loadPlugin('::Main::Menu') );
+ $self->displayInit;
1;
}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
index 9d5177a65..319bafe66 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
@@ -138,6 +138,7 @@ sub deleteSession {
'debug' );
}
+ # TODO
# Collect logout services and build hidden iFrames
#if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) {
@@ -267,9 +268,10 @@ sub setSessionInfo {
if $self->conf->{timeoutActivity};
}
- # Get environment variables matching exportedVars
+ # Get environment variables matching exportedVars (works only with HTTP_*
+ # and SSL_*: see Main/Request.pm)
foreach ( keys %{ $self->conf->{exportedVars} } ) {
- if ( my $tmp = $ENV{ $self->conf->{exportedVars}->{$_} } ) {
+ if ( my $tmp = $req->{ $self->conf->{exportedVars}->{$_} } ) {
$tmp =~ s/[\r\n]/ /gs;
$req->{sessionInfo}->{$_} = $tmp;
}