Check that RP is registered (#184)

2015-01-23 13:06:54 +00:00 · 2015-01-23 13:06:54 +00:00 · 2abb7fafde
commit 2abb7fafde
parent b203d6f343
2 changed files with 82 additions and 2 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
@ -16,9 +16,13 @@ use base qw(Lemonldap::NG::Portal::_OpenIDConnect);
 our $VERSION = '2.00';

 ## @method void issuerDBInit()
-# Do nothing
+# Get configuration data
 # @return Lemonldap::NG::Portal error code
 sub issuerDBInit {
+    my $self = shift;
+
+    return PE_ERROR unless $self->loadRPs;
+
    return PE_OK;
 }

@ -218,7 +222,25 @@ sub issuerForAuthUser {
                "Request from client id " . $oidc_request->{'client_id'},
                'debug' );

-            # TODO verify that client_id is registered in configuration
+            # Verify that client_id is registered in configuration
+            my $rp = $self->getRP( $oidc_request->{'client_id'} );
+
+            unless ($rp) {
+                $self->lmLog(
+                    "No registered Relaying Party found with client_id "
+                      . $oidc_request->{'client_id'},
+                    'error'
+                );
+                return PE_ERROR;
+            }
+            else {
+                $self->lmLog(
+                    "Cient id "
+                      . $oidc_request->{'client_id'}
+                      . " match RP $rp",
+                    'debug'
+                );
+            }

            # TODO obtain consent

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
@ -65,6 +65,36 @@ sub loadOPs {
    return 1;
 }

+## @method boolean loadRPs(boolean no_cache)
+# Load OpenID Connect Relaying Parties
+# @param no_cache Disable cache use
+# @return boolean result
+sub loadRPs {
+    my ( $self, $no_cache ) = splice @_;
+
+    # Check cache
+    unless ($no_cache) {
+        if ( $oidcCache->{_oidcRPList} ) {
+            $self->lmLog( "Load RPs from cache", 'debug' );
+            $self->{_oidcRPList} = $oidcCache->{_oidcRPList};
+            return 1;
+        }
+    }
+
+    # Check presence of at least one relaying party in configuration
+    unless ( $self->{oidcRPMetaDataOptions}
+        and keys %{ $self->{oidcRPMetaDataOptions} } )
+    {
+        $self->lmLog( "No OpenID Connect Relaying Party found in configuration",
+            'warn' );
+    }
+
+    $self->{_oidcRPList} = $self->{oidcRPMetaDataOptions};
+    $oidcCache->{_oidcRPList} = $self->{_oidcRPList} unless $no_cache;
+
+    return 1;
+}
+
 ## @method boolean refreshJWKSdata(boolean no_cache)
 # Refresh JWKS data if needed
 # @param no_cache Disable cache update
@ -136,6 +166,26 @@ sub refreshJWKSdata {
    return 1;
 }

+## @method String getRP(String client_id)
+# Get Relaying Party corresponding to a Client ID
+# @param client_id Client ID
+# @return String result
+sub getRP {
+    my ( $self, $client_id ) = splice @_;
+    my $rp;
+
+    foreach ( keys %{ $self->{_oidcRPList} } ) {
+        if ( $client_id eq
+            $self->{_oidcRPList}->{$_}->{oidcRPMetaDataOptionsClientID} )
+        {
+            $rp = $_;
+            last;
+        }
+    }
+
+    return $rp;
+}
+
 ## @method String getCallbackUri()
 # Compute callback URI
 # @return String Callback URI
@ -707,10 +757,18 @@ and user information loading

 Load OpenID Connect Providers and JWKS data

+=head2 loadRPs
+
+Load OpenID Connect Relaying Parties
+
 =head2 refreshJWKSdata

 Refresh JWKS data if needed

+=head2 getRP
+
+Get Relaying Party corresponding to a Client ID
+
 =head2 getCallbackUri

 Compute callback URI