Manage CAS logout and validate URL (#101)
This commit is contained in:
parent
a6acf86f4e
commit
2b1e09d09c
@ -59,14 +59,113 @@ sub issuerForUnAuthUser {
|
|||||||
|
|
||||||
# Gateway
|
# Gateway
|
||||||
# Authentication must use non-interactive mean
|
# Authentication must use non-interactive mean
|
||||||
# TODO
|
|
||||||
if ( $gateway eq 'true' ) {
|
if ( $gateway eq 'true' ) {
|
||||||
$self->lmLog( "Gateway authentication not managed", 'error' );
|
|
||||||
return PE_ERROR;
|
# TODO
|
||||||
|
$self->lmLog( "Gateway authentication not managed", 'warn' );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# 2. LOGOUT
|
||||||
|
if ( $url =~ /\Q$cas_logout_url\E/io ) {
|
||||||
|
|
||||||
|
$self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' );
|
||||||
|
|
||||||
|
# GET parameters
|
||||||
|
my $logout_url = $self->param('url');
|
||||||
|
|
||||||
|
if ($logout_url) {
|
||||||
|
|
||||||
|
# We should display a link to the provided URL
|
||||||
|
# TODO
|
||||||
|
$self->lmLog( "Return URL not managed", 'warn' );
|
||||||
|
}
|
||||||
|
|
||||||
|
return PE_LOGOUT_OK;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# 3. VALIDATE [CAS 1.0]
|
||||||
|
if ( $url =~ /\Q$cas_validate_url\E/io ) {
|
||||||
|
|
||||||
|
$self->lmLog( "URL $url detected as an CAS VALIDATE URL", 'debug' );
|
||||||
|
|
||||||
|
# GET parameters
|
||||||
|
my $service = $self->param('service');
|
||||||
|
my $ticket = $self->param('ticket');
|
||||||
|
my $renew = $self->param('renew');
|
||||||
|
|
||||||
|
# Required parameters: service and ticket
|
||||||
|
unless ( $service and $ticket ) {
|
||||||
|
$self->lmLog( "Service and Ticket parameters required", 'error' );
|
||||||
|
$self->returnCasValidateError();
|
||||||
|
}
|
||||||
|
|
||||||
|
# Get CAS session corresponding to ticket
|
||||||
|
$ticket =~ s/^ST-//;
|
||||||
|
|
||||||
|
my $casServiceSession = $self->getCasSession($ticket);
|
||||||
|
|
||||||
|
unless ($casServiceSession) {
|
||||||
|
$self->lmLog( "Service ticket session $ticket not found", 'error' );
|
||||||
|
untie %$casServiceSession;
|
||||||
|
$self->returnCasValidateError();
|
||||||
|
}
|
||||||
|
|
||||||
|
$self->lmLog( "Service ticket session $ticket found", 'debug' );
|
||||||
|
|
||||||
|
# Check service
|
||||||
|
unless ( $service eq $casServiceSession->{service} ) {
|
||||||
|
$self->lmLog(
|
||||||
|
"Submitted service $service does not match initial service "
|
||||||
|
. $casServiceSession->{service},
|
||||||
|
'error'
|
||||||
|
);
|
||||||
|
untie %$casServiceSession;
|
||||||
|
$self->returnCasValidateError();
|
||||||
|
}
|
||||||
|
|
||||||
|
$self->lmLog( "Submitted service $service math initial servce",
|
||||||
|
'debug' );
|
||||||
|
|
||||||
|
# Check renew
|
||||||
|
if ( $renew eq 'true' ) {
|
||||||
|
|
||||||
|
# We should check the ST was delivered with primary credentials
|
||||||
|
# TODO
|
||||||
|
$self->lmLog( "Renew parameter not managed", 'warn' );
|
||||||
|
}
|
||||||
|
|
||||||
|
# Open local session
|
||||||
|
my $localSession =
|
||||||
|
$self->getApacheSession( $casServiceSession->{id}, 1 );
|
||||||
|
|
||||||
|
unless ($localSession) {
|
||||||
|
$self->lmLog(
|
||||||
|
"Local session " . $casServiceSession->{id} . " notfound",
|
||||||
|
'error' );
|
||||||
|
untie %$casServiceSession;
|
||||||
|
$self->returnCasValidateError();
|
||||||
|
}
|
||||||
|
|
||||||
|
# Get username
|
||||||
|
my $username = $localSession->{ $self->{whatToTrace} };
|
||||||
|
|
||||||
|
$self->lmLog( "Get username $username", 'debug' );
|
||||||
|
|
||||||
|
# Close sessions
|
||||||
|
untie %$casServiceSession;
|
||||||
|
untie %$localSession;
|
||||||
|
|
||||||
|
# Return success message
|
||||||
|
$self->returnCasValidateSuccess($username);
|
||||||
|
|
||||||
|
# We should not be there
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -151,6 +250,47 @@ sub issuerForAuthUser {
|
|||||||
return $self->_subProcess(qw(autoRedirect));
|
return $self->_subProcess(qw(autoRedirect));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# 2. LOGOUT
|
||||||
|
if ( $url =~ /\Q$cas_logout_url\E/io ) {
|
||||||
|
|
||||||
|
$self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' );
|
||||||
|
|
||||||
|
# GET parameters
|
||||||
|
my $logout_url = $self->param('url');
|
||||||
|
|
||||||
|
if ($logout_url) {
|
||||||
|
|
||||||
|
# We should display a link to the provided URL
|
||||||
|
# TODO
|
||||||
|
}
|
||||||
|
|
||||||
|
# Delete linked CAS sessions
|
||||||
|
# TODO
|
||||||
|
|
||||||
|
# Delete local session
|
||||||
|
unless (
|
||||||
|
$self->_deleteSession( $self->getApacheSession( $session_id, 1 ) ) )
|
||||||
|
{
|
||||||
|
$self->lmLog( "Fail to delete session $session_id ", 'error' );
|
||||||
|
}
|
||||||
|
|
||||||
|
return PE_LOGOUT_OK;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# 3. VALIDATE [CAS 1.0]
|
||||||
|
if ( $url =~ /\Q$cas_validate_url\E/io ) {
|
||||||
|
|
||||||
|
$self->lmLog( "URL $url detected as an CAS VALIDATE URL", 'debug' );
|
||||||
|
|
||||||
|
# This URL is not called by authenticated users
|
||||||
|
$self->lmLog(
|
||||||
|
"CAS VALIDATE URL called by authenticated user, ignore it",
|
||||||
|
'info' );
|
||||||
|
|
||||||
|
return PE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -35,6 +35,31 @@ sub getCasSession {
|
|||||||
return \%h;
|
return \%h;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## @method void returnCasValidateError()
|
||||||
|
# Return an error for CAS VALIDATE request
|
||||||
|
# @return nothing
|
||||||
|
sub returnCasValidateError {
|
||||||
|
my ($self) = splice @_;
|
||||||
|
|
||||||
|
print $self->header();
|
||||||
|
print "no\n\n";
|
||||||
|
|
||||||
|
$self->quit();
|
||||||
|
}
|
||||||
|
|
||||||
|
## @method void returnCasValidateSuccess(string username)
|
||||||
|
# Return success for CAS VALIDATE request
|
||||||
|
# @param username User name
|
||||||
|
# @return nothing
|
||||||
|
sub returnCasValidateSuccess {
|
||||||
|
my ( $self, $username ) = splice @_;
|
||||||
|
|
||||||
|
print $self->header();
|
||||||
|
print "yes\n$username\n";
|
||||||
|
|
||||||
|
$self->quit();
|
||||||
|
}
|
||||||
|
|
||||||
__END__
|
__END__
|
||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
@ -58,6 +83,14 @@ This module contains common methods for CAS
|
|||||||
Try to recover the CAS session corresponding to id and return session datas
|
Try to recover the CAS session corresponding to id and return session datas
|
||||||
If id is set to undef, return a new session
|
If id is set to undef, return a new session
|
||||||
|
|
||||||
|
=head2 returnCasValidateError
|
||||||
|
|
||||||
|
Return an error for CAS VALIDATE request
|
||||||
|
|
||||||
|
=head2 returnCasValidateSuccess
|
||||||
|
|
||||||
|
Return success for CAS VALIDATE request
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
L<Lemonldap::NG::Portal::IssuerDBCAS>,
|
L<Lemonldap::NG::Portal::IssuerDBCAS>,
|
||||||
|
Loading…
Reference in New Issue
Block a user