Use new Session module in SAML authentication (#671, #LEMONLDAP-700)

2014-04-17 10:24:31 +00:00 · 2014-04-17 10:24:31 +00:00 · 1cfdd9fb6e
commit 1cfdd9fb6e
parent e056a0427a
2 changed files with 29 additions and 30 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm
@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Simple;
 use Lemonldap::NG::Portal::_SAML;    #inherits
 use Lemonldap::NG::Common::Conf::SAML::Metadata;

-our $VERSION = '1.3.1';
+our $VERSION = '1.4.0';
 our @ISA     = qw(Lemonldap::NG::Portal::_SAML);

 ## @apmethod int authInit()
@ -322,10 +322,11 @@ sub extractFormInfo {

                my $samlSessionInfo = $self->getSamlSession($saml_session);

-                $self->{_proxiedRequest}    = $samlSessionInfo->{Request};
-                $self->{_proxiedMethod}     = $samlSessionInfo->{Method};
-                $self->{_proxiedRelayState} = $samlSessionInfo->{RelayState};
-                $self->{_proxiedArtifact}   = $samlSessionInfo->{Artifact};
+                $self->{_proxiedRequest} = $samlSessionInfo->data->{Request};
+                $self->{_proxiedMethod}  = $samlSessionInfo->data->{Method};
+                $self->{_proxiedRelayState} =
+                  $samlSessionInfo->data->{RelayState};
+                $self->{_proxiedArtifact} = $samlSessionInfo->data->{Artifact};

               # Save values in hidden fields in case of other user interactions
                $self->setHiddenFormValue( 'SAMLRequest',
@ -337,7 +338,7 @@ sub extractFormInfo {
                    $self->{_proxiedArtifact} );

                # Delete session
-                eval { tied(%$samlSessionInfo)->delete(); };
+                $samlSessionInfo->remove();
            }

            return PE_OK;
@ -557,7 +558,8 @@ sub extractFormInfo {
              # If session index is defined and not equal to SAML session index,
              # jump to next session
                    if ( defined $session_index
-                        and $session_index ne $sessionInfo->{_sessionIndex} )
+                        and $session_index ne
+                        $sessionInfo->data->{_sessionIndex} )
                    {
                        $self->lmLog(
 "Session $local_session has not the good session index, skipping",
@ -570,7 +572,7 @@ sub extractFormInfo {
                    else {

                        # Open real session
-                        my $real_session = $sessionInfo->{_saml_id};
+                        my $real_session = $sessionInfo->data->{_saml_id};

                        my $ssoSession =
                          $self->getApacheSession( $real_session, 1 );
@ -600,11 +602,7 @@ sub extractFormInfo {
                        $logout_error = 1 unless $del_real_result;

                        # Delete SAML session
-                        my $del_saml_result = 1;
-                        eval { tied(%$sessionInfo)->delete() };
-                        if ($@) {
-                            $del_saml_result = 0;
-                        }
+                        my $del_saml_result = $sessionInfo->remove();

                        $self->lmLog(
 "Delete SAML session $local_session result: $del_saml_result",
@ -970,15 +968,17 @@ sub extractFormInfo {

        return PE_SAML_SESSION_ERROR unless $samlSessionInfo;

-        $samlSessionInfo->{type}       = 'proxy';
-        $samlSessionInfo->{_utime}     = time;
-        $samlSessionInfo->{Request}    = $self->{_proxiedRequest};
-        $samlSessionInfo->{Method}     = $self->{_proxiedMethod};
-        $samlSessionInfo->{RelayState} = $self->{_proxiedRelayState};
-        $samlSessionInfo->{Artifact}   = $self->{_proxiedArtifact};
-        $samlSessionInfo->{ProxyID}    = $samlID;
+        my $infos;

-        untie %$samlSessionInfo;
+        $infos->{type}       = 'proxy';
+        $infos->{_utime}     = time;
+        $infos->{Request}    = $self->{_proxiedRequest};
+        $infos->{Method}     = $self->{_proxiedMethod};
+        $infos->{RelayState} = $self->{_proxiedRelayState};
+        $infos->{Artifact}   = $self->{_proxiedArtifact};
+        $infos->{ProxyID}    = $samlID;
+
+        $samlSessionInfo->update($infos);

        $self->lmLog( "Keep initial SAML request data in memory for ID $samlID",
            'debug' );
@ -1460,15 +1460,16 @@ sub authFinish {

    return PE_SAML_SESSION_ERROR unless $samlSessionInfo;

-    $samlSessionInfo->{type}          = 'saml';            # Session type
-    $samlSessionInfo->{_utime}        = $utime;            # Creation time
-    $samlSessionInfo->{_saml_id}      = $id;               # SSO session id
-    $samlSessionInfo->{_nameID}       = $nameid->dump;     # SAML NameID
-    $samlSessionInfo->{_sessionIndex} = $session_index;    # SAML SessionIndex
+    my $infos;
+    $infos->{type}          = 'saml';            # Session type
+    $infos->{_utime}        = $utime;            # Creation time
+    $infos->{_saml_id}      = $id;               # SSO session id
+    $infos->{_nameID}       = $nameid->dump;     # SAML NameID
+    $infos->{_sessionIndex} = $session_index;    # SAML SessionIndex

-    my $session_id = $samlSessionInfo->{_session_id};
+    $samlSessionInfo->update($infos);

-    untie %$samlSessionInfo;
+    my $session_id = $samlSessionInfo->id;

    $self->lmLog( "Link session $id to SAML session $session_id", 'debug' );

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
@ -1611,8 +1611,6 @@ sub storeReplayProtection {

    my $session_id = $samlSessionInfo->id;

-    untie %$samlSessionInfo;
-
    $self->lmLog( "Keep request ID $samlID in assertion session $session_id",
        'debug' );