diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm index 0ce232de7..583efd48f 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm @@ -59,14 +59,113 @@ sub issuerForUnAuthUser { # Gateway # Authentication must use non-interactive mean - # TODO if ( $gateway eq 'true' ) { - $self->lmLog( "Gateway authentication not managed", 'error' ); - return PE_ERROR; + + # TODO + $self->lmLog( "Gateway authentication not managed", 'warn' ); + } } + # 2. LOGOUT + if ( $url =~ /\Q$cas_logout_url\E/io ) { + + $self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' ); + + # GET parameters + my $logout_url = $self->param('url'); + + if ($logout_url) { + + # We should display a link to the provided URL + # TODO + $self->lmLog( "Return URL not managed", 'warn' ); + } + + return PE_LOGOUT_OK; + + } + + # 3. VALIDATE [CAS 1.0] + if ( $url =~ /\Q$cas_validate_url\E/io ) { + + $self->lmLog( "URL $url detected as an CAS VALIDATE URL", 'debug' ); + + # GET parameters + my $service = $self->param('service'); + my $ticket = $self->param('ticket'); + my $renew = $self->param('renew'); + + # Required parameters: service and ticket + unless ( $service and $ticket ) { + $self->lmLog( "Service and Ticket parameters required", 'error' ); + $self->returnCasValidateError(); + } + + # Get CAS session corresponding to ticket + $ticket =~ s/^ST-//; + + my $casServiceSession = $self->getCasSession($ticket); + + unless ($casServiceSession) { + $self->lmLog( "Service ticket session $ticket not found", 'error' ); + untie %$casServiceSession; + $self->returnCasValidateError(); + } + + $self->lmLog( "Service ticket session $ticket found", 'debug' ); + + # Check service + unless ( $service eq $casServiceSession->{service} ) { + $self->lmLog( + "Submitted service $service does not match initial service " + . $casServiceSession->{service}, + 'error' + ); + untie %$casServiceSession; + $self->returnCasValidateError(); + } + + $self->lmLog( "Submitted service $service math initial servce", + 'debug' ); + + # Check renew + if ( $renew eq 'true' ) { + + # We should check the ST was delivered with primary credentials + # TODO + $self->lmLog( "Renew parameter not managed", 'warn' ); + } + + # Open local session + my $localSession = + $self->getApacheSession( $casServiceSession->{id}, 1 ); + + unless ($localSession) { + $self->lmLog( + "Local session " . $casServiceSession->{id} . " notfound", + 'error' ); + untie %$casServiceSession; + $self->returnCasValidateError(); + } + + # Get username + my $username = $localSession->{ $self->{whatToTrace} }; + + $self->lmLog( "Get username $username", 'debug' ); + + # Close sessions + untie %$casServiceSession; + untie %$localSession; + + # Return success message + $self->returnCasValidateSuccess($username); + + # We should not be there + return PE_ERROR; + } + PE_OK; } @@ -151,6 +250,47 @@ sub issuerForAuthUser { return $self->_subProcess(qw(autoRedirect)); } + # 2. LOGOUT + if ( $url =~ /\Q$cas_logout_url\E/io ) { + + $self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' ); + + # GET parameters + my $logout_url = $self->param('url'); + + if ($logout_url) { + + # We should display a link to the provided URL + # TODO + } + + # Delete linked CAS sessions + # TODO + + # Delete local session + unless ( + $self->_deleteSession( $self->getApacheSession( $session_id, 1 ) ) ) + { + $self->lmLog( "Fail to delete session $session_id ", 'error' ); + } + + return PE_LOGOUT_OK; + + } + + # 3. VALIDATE [CAS 1.0] + if ( $url =~ /\Q$cas_validate_url\E/io ) { + + $self->lmLog( "URL $url detected as an CAS VALIDATE URL", 'debug' ); + + # This URL is not called by authenticated users + $self->lmLog( + "CAS VALIDATE URL called by authenticated user, ignore it", + 'info' ); + + return PE_OK; + } + PE_OK; } diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm index 721fa0f11..617297ffe 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm @@ -35,6 +35,31 @@ sub getCasSession { return \%h; } +## @method void returnCasValidateError() +# Return an error for CAS VALIDATE request +# @return nothing +sub returnCasValidateError { + my ($self) = splice @_; + + print $self->header(); + print "no\n\n"; + + $self->quit(); +} + +## @method void returnCasValidateSuccess(string username) +# Return success for CAS VALIDATE request +# @param username User name +# @return nothing +sub returnCasValidateSuccess { + my ( $self, $username ) = splice @_; + + print $self->header(); + print "yes\n$username\n"; + + $self->quit(); +} + __END__ =head1 NAME @@ -58,6 +83,14 @@ This module contains common methods for CAS Try to recover the CAS session corresponding to id and return session datas If id is set to undef, return a new session +=head2 returnCasValidateError + +Return an error for CAS VALIDATE request + +=head2 returnCasValidateSuccess + +Return success for CAS VALIDATE request + =head1 SEE ALSO L,