Check that RP is registered (#184)
This commit is contained in:
parent
b203d6f343
commit
2abb7fafde
@ -16,9 +16,13 @@ use base qw(Lemonldap::NG::Portal::_OpenIDConnect);
|
|||||||
our $VERSION = '2.00';
|
our $VERSION = '2.00';
|
||||||
|
|
||||||
## @method void issuerDBInit()
|
## @method void issuerDBInit()
|
||||||
# Do nothing
|
# Get configuration data
|
||||||
# @return Lemonldap::NG::Portal error code
|
# @return Lemonldap::NG::Portal error code
|
||||||
sub issuerDBInit {
|
sub issuerDBInit {
|
||||||
|
my $self = shift;
|
||||||
|
|
||||||
|
return PE_ERROR unless $self->loadRPs;
|
||||||
|
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -218,7 +222,25 @@ sub issuerForAuthUser {
|
|||||||
"Request from client id " . $oidc_request->{'client_id'},
|
"Request from client id " . $oidc_request->{'client_id'},
|
||||||
'debug' );
|
'debug' );
|
||||||
|
|
||||||
# TODO verify that client_id is registered in configuration
|
# Verify that client_id is registered in configuration
|
||||||
|
my $rp = $self->getRP( $oidc_request->{'client_id'} );
|
||||||
|
|
||||||
|
unless ($rp) {
|
||||||
|
$self->lmLog(
|
||||||
|
"No registered Relaying Party found with client_id "
|
||||||
|
. $oidc_request->{'client_id'},
|
||||||
|
'error'
|
||||||
|
);
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog(
|
||||||
|
"Cient id "
|
||||||
|
. $oidc_request->{'client_id'}
|
||||||
|
. " match RP $rp",
|
||||||
|
'debug'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
# TODO obtain consent
|
# TODO obtain consent
|
||||||
|
|
||||||
|
@ -65,6 +65,36 @@ sub loadOPs {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## @method boolean loadRPs(boolean no_cache)
|
||||||
|
# Load OpenID Connect Relaying Parties
|
||||||
|
# @param no_cache Disable cache use
|
||||||
|
# @return boolean result
|
||||||
|
sub loadRPs {
|
||||||
|
my ( $self, $no_cache ) = splice @_;
|
||||||
|
|
||||||
|
# Check cache
|
||||||
|
unless ($no_cache) {
|
||||||
|
if ( $oidcCache->{_oidcRPList} ) {
|
||||||
|
$self->lmLog( "Load RPs from cache", 'debug' );
|
||||||
|
$self->{_oidcRPList} = $oidcCache->{_oidcRPList};
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check presence of at least one relaying party in configuration
|
||||||
|
unless ( $self->{oidcRPMetaDataOptions}
|
||||||
|
and keys %{ $self->{oidcRPMetaDataOptions} } )
|
||||||
|
{
|
||||||
|
$self->lmLog( "No OpenID Connect Relaying Party found in configuration",
|
||||||
|
'warn' );
|
||||||
|
}
|
||||||
|
|
||||||
|
$self->{_oidcRPList} = $self->{oidcRPMetaDataOptions};
|
||||||
|
$oidcCache->{_oidcRPList} = $self->{_oidcRPList} unless $no_cache;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
## @method boolean refreshJWKSdata(boolean no_cache)
|
## @method boolean refreshJWKSdata(boolean no_cache)
|
||||||
# Refresh JWKS data if needed
|
# Refresh JWKS data if needed
|
||||||
# @param no_cache Disable cache update
|
# @param no_cache Disable cache update
|
||||||
@ -136,6 +166,26 @@ sub refreshJWKSdata {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## @method String getRP(String client_id)
|
||||||
|
# Get Relaying Party corresponding to a Client ID
|
||||||
|
# @param client_id Client ID
|
||||||
|
# @return String result
|
||||||
|
sub getRP {
|
||||||
|
my ( $self, $client_id ) = splice @_;
|
||||||
|
my $rp;
|
||||||
|
|
||||||
|
foreach ( keys %{ $self->{_oidcRPList} } ) {
|
||||||
|
if ( $client_id eq
|
||||||
|
$self->{_oidcRPList}->{$_}->{oidcRPMetaDataOptionsClientID} )
|
||||||
|
{
|
||||||
|
$rp = $_;
|
||||||
|
last;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $rp;
|
||||||
|
}
|
||||||
|
|
||||||
## @method String getCallbackUri()
|
## @method String getCallbackUri()
|
||||||
# Compute callback URI
|
# Compute callback URI
|
||||||
# @return String Callback URI
|
# @return String Callback URI
|
||||||
@ -707,10 +757,18 @@ and user information loading
|
|||||||
|
|
||||||
Load OpenID Connect Providers and JWKS data
|
Load OpenID Connect Providers and JWKS data
|
||||||
|
|
||||||
|
=head2 loadRPs
|
||||||
|
|
||||||
|
Load OpenID Connect Relaying Parties
|
||||||
|
|
||||||
=head2 refreshJWKSdata
|
=head2 refreshJWKSdata
|
||||||
|
|
||||||
Refresh JWKS data if needed
|
Refresh JWKS data if needed
|
||||||
|
|
||||||
|
=head2 getRP
|
||||||
|
|
||||||
|
Get Relaying Party corresponding to a Client ID
|
||||||
|
|
||||||
=head2 getCallbackUri
|
=head2 getCallbackUri
|
||||||
|
|
||||||
Compute callback URI
|
Compute callback URI
|
||||||
|
Loading…
Reference in New Issue
Block a user