Manage CAS logout and validate URL (#101)
This commit is contained in:
parent
a6acf86f4e
commit
2b1e09d09c
@ -59,14 +59,113 @@ sub issuerForUnAuthUser {
|
||||
|
||||
# Gateway
|
||||
# Authentication must use non-interactive mean
|
||||
# TODO
|
||||
if ( $gateway eq 'true' ) {
|
||||
$self->lmLog( "Gateway authentication not managed", 'error' );
|
||||
return PE_ERROR;
|
||||
|
||||
# TODO
|
||||
$self->lmLog( "Gateway authentication not managed", 'warn' );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# 2. LOGOUT
|
||||
if ( $url =~ /\Q$cas_logout_url\E/io ) {
|
||||
|
||||
$self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' );
|
||||
|
||||
# GET parameters
|
||||
my $logout_url = $self->param('url');
|
||||
|
||||
if ($logout_url) {
|
||||
|
||||
# We should display a link to the provided URL
|
||||
# TODO
|
||||
$self->lmLog( "Return URL not managed", 'warn' );
|
||||
}
|
||||
|
||||
return PE_LOGOUT_OK;
|
||||
|
||||
}
|
||||
|
||||
# 3. VALIDATE [CAS 1.0]
|
||||
if ( $url =~ /\Q$cas_validate_url\E/io ) {
|
||||
|
||||
$self->lmLog( "URL $url detected as an CAS VALIDATE URL", 'debug' );
|
||||
|
||||
# GET parameters
|
||||
my $service = $self->param('service');
|
||||
my $ticket = $self->param('ticket');
|
||||
my $renew = $self->param('renew');
|
||||
|
||||
# Required parameters: service and ticket
|
||||
unless ( $service and $ticket ) {
|
||||
$self->lmLog( "Service and Ticket parameters required", 'error' );
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
|
||||
# Get CAS session corresponding to ticket
|
||||
$ticket =~ s/^ST-//;
|
||||
|
||||
my $casServiceSession = $self->getCasSession($ticket);
|
||||
|
||||
unless ($casServiceSession) {
|
||||
$self->lmLog( "Service ticket session $ticket not found", 'error' );
|
||||
untie %$casServiceSession;
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
|
||||
$self->lmLog( "Service ticket session $ticket found", 'debug' );
|
||||
|
||||
# Check service
|
||||
unless ( $service eq $casServiceSession->{service} ) {
|
||||
$self->lmLog(
|
||||
"Submitted service $service does not match initial service "
|
||||
. $casServiceSession->{service},
|
||||
'error'
|
||||
);
|
||||
untie %$casServiceSession;
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
|
||||
$self->lmLog( "Submitted service $service math initial servce",
|
||||
'debug' );
|
||||
|
||||
# Check renew
|
||||
if ( $renew eq 'true' ) {
|
||||
|
||||
# We should check the ST was delivered with primary credentials
|
||||
# TODO
|
||||
$self->lmLog( "Renew parameter not managed", 'warn' );
|
||||
}
|
||||
|
||||
# Open local session
|
||||
my $localSession =
|
||||
$self->getApacheSession( $casServiceSession->{id}, 1 );
|
||||
|
||||
unless ($localSession) {
|
||||
$self->lmLog(
|
||||
"Local session " . $casServiceSession->{id} . " notfound",
|
||||
'error' );
|
||||
untie %$casServiceSession;
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
|
||||
# Get username
|
||||
my $username = $localSession->{ $self->{whatToTrace} };
|
||||
|
||||
$self->lmLog( "Get username $username", 'debug' );
|
||||
|
||||
# Close sessions
|
||||
untie %$casServiceSession;
|
||||
untie %$localSession;
|
||||
|
||||
# Return success message
|
||||
$self->returnCasValidateSuccess($username);
|
||||
|
||||
# We should not be there
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
@ -151,6 +250,47 @@ sub issuerForAuthUser {
|
||||
return $self->_subProcess(qw(autoRedirect));
|
||||
}
|
||||
|
||||
# 2. LOGOUT
|
||||
if ( $url =~ /\Q$cas_logout_url\E/io ) {
|
||||
|
||||
$self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' );
|
||||
|
||||
# GET parameters
|
||||
my $logout_url = $self->param('url');
|
||||
|
||||
if ($logout_url) {
|
||||
|
||||
# We should display a link to the provided URL
|
||||
# TODO
|
||||
}
|
||||
|
||||
# Delete linked CAS sessions
|
||||
# TODO
|
||||
|
||||
# Delete local session
|
||||
unless (
|
||||
$self->_deleteSession( $self->getApacheSession( $session_id, 1 ) ) )
|
||||
{
|
||||
$self->lmLog( "Fail to delete session $session_id ", 'error' );
|
||||
}
|
||||
|
||||
return PE_LOGOUT_OK;
|
||||
|
||||
}
|
||||
|
||||
# 3. VALIDATE [CAS 1.0]
|
||||
if ( $url =~ /\Q$cas_validate_url\E/io ) {
|
||||
|
||||
$self->lmLog( "URL $url detected as an CAS VALIDATE URL", 'debug' );
|
||||
|
||||
# This URL is not called by authenticated users
|
||||
$self->lmLog(
|
||||
"CAS VALIDATE URL called by authenticated user, ignore it",
|
||||
'info' );
|
||||
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
@ -35,6 +35,31 @@ sub getCasSession {
|
||||
return \%h;
|
||||
}
|
||||
|
||||
## @method void returnCasValidateError()
|
||||
# Return an error for CAS VALIDATE request
|
||||
# @return nothing
|
||||
sub returnCasValidateError {
|
||||
my ($self) = splice @_;
|
||||
|
||||
print $self->header();
|
||||
print "no\n\n";
|
||||
|
||||
$self->quit();
|
||||
}
|
||||
|
||||
## @method void returnCasValidateSuccess(string username)
|
||||
# Return success for CAS VALIDATE request
|
||||
# @param username User name
|
||||
# @return nothing
|
||||
sub returnCasValidateSuccess {
|
||||
my ( $self, $username ) = splice @_;
|
||||
|
||||
print $self->header();
|
||||
print "yes\n$username\n";
|
||||
|
||||
$self->quit();
|
||||
}
|
||||
|
||||
__END__
|
||||
|
||||
=head1 NAME
|
||||
@ -58,6 +83,14 @@ This module contains common methods for CAS
|
||||
Try to recover the CAS session corresponding to id and return session datas
|
||||
If id is set to undef, return a new session
|
||||
|
||||
=head2 returnCasValidateError
|
||||
|
||||
Return an error for CAS VALIDATE request
|
||||
|
||||
=head2 returnCasValidateSuccess
|
||||
|
||||
Return success for CAS VALIDATE request
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::Portal::IssuerDBCAS>,
|
||||
|
Loading…
Reference in New Issue
Block a user