Check that RP is registered (#184)
This commit is contained in:
parent
b203d6f343
commit
2abb7fafde
|
@ -16,9 +16,13 @@ use base qw(Lemonldap::NG::Portal::_OpenIDConnect);
|
|||
our $VERSION = '2.00';
|
||||
|
||||
## @method void issuerDBInit()
|
||||
# Do nothing
|
||||
# Get configuration data
|
||||
# @return Lemonldap::NG::Portal error code
|
||||
sub issuerDBInit {
|
||||
my $self = shift;
|
||||
|
||||
return PE_ERROR unless $self->loadRPs;
|
||||
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
|
@ -218,7 +222,25 @@ sub issuerForAuthUser {
|
|||
"Request from client id " . $oidc_request->{'client_id'},
|
||||
'debug' );
|
||||
|
||||
# TODO verify that client_id is registered in configuration
|
||||
# Verify that client_id is registered in configuration
|
||||
my $rp = $self->getRP( $oidc_request->{'client_id'} );
|
||||
|
||||
unless ($rp) {
|
||||
$self->lmLog(
|
||||
"No registered Relaying Party found with client_id "
|
||||
. $oidc_request->{'client_id'},
|
||||
'error'
|
||||
);
|
||||
return PE_ERROR;
|
||||
}
|
||||
else {
|
||||
$self->lmLog(
|
||||
"Cient id "
|
||||
. $oidc_request->{'client_id'}
|
||||
. " match RP $rp",
|
||||
'debug'
|
||||
);
|
||||
}
|
||||
|
||||
# TODO obtain consent
|
||||
|
||||
|
|
|
@ -65,6 +65,36 @@ sub loadOPs {
|
|||
return 1;
|
||||
}
|
||||
|
||||
## @method boolean loadRPs(boolean no_cache)
|
||||
# Load OpenID Connect Relaying Parties
|
||||
# @param no_cache Disable cache use
|
||||
# @return boolean result
|
||||
sub loadRPs {
|
||||
my ( $self, $no_cache ) = splice @_;
|
||||
|
||||
# Check cache
|
||||
unless ($no_cache) {
|
||||
if ( $oidcCache->{_oidcRPList} ) {
|
||||
$self->lmLog( "Load RPs from cache", 'debug' );
|
||||
$self->{_oidcRPList} = $oidcCache->{_oidcRPList};
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
# Check presence of at least one relaying party in configuration
|
||||
unless ( $self->{oidcRPMetaDataOptions}
|
||||
and keys %{ $self->{oidcRPMetaDataOptions} } )
|
||||
{
|
||||
$self->lmLog( "No OpenID Connect Relaying Party found in configuration",
|
||||
'warn' );
|
||||
}
|
||||
|
||||
$self->{_oidcRPList} = $self->{oidcRPMetaDataOptions};
|
||||
$oidcCache->{_oidcRPList} = $self->{_oidcRPList} unless $no_cache;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
## @method boolean refreshJWKSdata(boolean no_cache)
|
||||
# Refresh JWKS data if needed
|
||||
# @param no_cache Disable cache update
|
||||
|
@ -136,6 +166,26 @@ sub refreshJWKSdata {
|
|||
return 1;
|
||||
}
|
||||
|
||||
## @method String getRP(String client_id)
|
||||
# Get Relaying Party corresponding to a Client ID
|
||||
# @param client_id Client ID
|
||||
# @return String result
|
||||
sub getRP {
|
||||
my ( $self, $client_id ) = splice @_;
|
||||
my $rp;
|
||||
|
||||
foreach ( keys %{ $self->{_oidcRPList} } ) {
|
||||
if ( $client_id eq
|
||||
$self->{_oidcRPList}->{$_}->{oidcRPMetaDataOptionsClientID} )
|
||||
{
|
||||
$rp = $_;
|
||||
last;
|
||||
}
|
||||
}
|
||||
|
||||
return $rp;
|
||||
}
|
||||
|
||||
## @method String getCallbackUri()
|
||||
# Compute callback URI
|
||||
# @return String Callback URI
|
||||
|
@ -707,10 +757,18 @@ and user information loading
|
|||
|
||||
Load OpenID Connect Providers and JWKS data
|
||||
|
||||
=head2 loadRPs
|
||||
|
||||
Load OpenID Connect Relaying Parties
|
||||
|
||||
=head2 refreshJWKSdata
|
||||
|
||||
Refresh JWKS data if needed
|
||||
|
||||
=head2 getRP
|
||||
|
||||
Get Relaying Party corresponding to a Client ID
|
||||
|
||||
=head2 getCallbackUri
|
||||
|
||||
Compute callback URI
|
||||
|
|
Loading…
Reference in New Issue
Block a user