Apply CDA change to trunk (#173)
This commit is contained in:
Clément Oudot
parent
46e7e36070
commit
31cfbf8101
|
|
@ -79,15 +79,24 @@ sub run {
|
|||
my $uri = $class->unparsed_uri;
|
||||
my $cn = $class->tsv->{cookieName};
|
||||
if ( $class->tsv->{cda}
|
||||
and $uri =~ s/[\?&;]($cn(http)?=\w+)$//oi )
|
||||
and $uri =~ s/[\?&;]${cn}cda=(\w+)$//oi )
|
||||
{
|
||||
my $str = $1;
|
||||
$class->lmLog( 'CDA request', 'debug' );
|
||||
my $cdaid = $1;
|
||||
$class->lmLog( "CDA request with id $cdaid", 'debug' );
|
||||
|
||||
my $cdaInfos = $class->getCDAInfos($cdaid);
|
||||
unless ( $cdaInfos->{cookie_value} and $cdaInfos->{cookie_name} ) {
|
||||
$class->lmLog( "CDA request for id $cdaid is not valid", 'error' );
|
||||
return $class->FORBIDDEN;
|
||||
}
|
||||
|
||||
my $redirectUrl = $class->_buildUrl($uri);
|
||||
my $redirectHttps = ( $redirectUrl =~ m/^https/ );
|
||||
$class->set_header_out(
|
||||
'Location' => $redirectUrl,
|
||||
'Set-Cookie' => "$str; path=/"
|
||||
'Set-Cookie' => $cdaInfos->{cookie_name} . "="
|
||||
. $cdaInfos->{cookie_value}
|
||||
. "; path=/"
|
||||
. ( $redirectHttps ? "; secure" : "" )
|
||||
. ( $class->tsv->{httpOnly} ? "; HttpOnly" : "" )
|
||||
. (
|
||||
|
|
@ -452,6 +461,41 @@ sub retrieveSession {
|
|||
}
|
||||
}
|
||||
|
||||
## @rmethod protected hash getCDAInfos(id)
|
||||
# Tries to retrieve the CDA session, get infos and delete session
|
||||
# @return CDA session infos
|
||||
sub getCDAInfos {
|
||||
my ( $class, $id ) = @_;
|
||||
my $infos = {};
|
||||
|
||||
# Get the session
|
||||
my $cdaSession = Lemonldap::NG::Common::Session->new(
|
||||
{
|
||||
storageModule => $class->tsv->{sessionStorageModule},
|
||||
storageModuleOptions => $class->tsv->{sessionStorageOptions},
|
||||
cacheModule => $class->tsv->{sessionCacheModule},
|
||||
cacheModuleOptions => $class->tsv->{sessionCacheOptions},
|
||||
id => $id,
|
||||
kind => "CDA",
|
||||
}
|
||||
);
|
||||
|
||||
unless ( $cdaSession->error ) {
|
||||
$class->lmLog( "Get CDA session $id", 'debug' );
|
||||
|
||||
$infos->{cookie_value} = $cdaSession->data->{cookie_value};
|
||||
$infos->{cookie_name} = $cdaSession->data->{cookie_name};
|
||||
|
||||
$cdaSession->remove;
|
||||
}
|
||||
else {
|
||||
$class->lmLog( "CDA Session $id can't be retrieved", 'info' );
|
||||
$class->lmLog( $cdaSession->error, 'info' );
|
||||
}
|
||||
|
||||
return $infos;
|
||||
}
|
||||
|
||||
## @cmethod private string _buildUrl(string s)
|
||||
# Transform /<s> into http(s?)://<host>:<port>/s
|
||||
# @param $s path
|
||||
|
|
|
|||
|
|
@ -220,15 +220,17 @@ sub autoRedirect {
|
|||
# @param id session reference
|
||||
# @param noInfo do not set Apache REMOTE_USER
|
||||
# @param force Force session creation if it does not exist
|
||||
# @param kind Session kind
|
||||
# return Lemonldap::NG::Common::Session object
|
||||
sub getApacheSession {
|
||||
my ( $self, $id, $noInfo, $force ) = @_;
|
||||
my ( $self, $id, $noInfo, $force, $kind ) = @_;
|
||||
$kind ||= "SSO";
|
||||
|
||||
if ($id) {
|
||||
$self->lmLog( "Try to get session $id", 'debug' );
|
||||
$self->lmLog( "Try to get $kind session $id", 'debug' );
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Try to get a new session", 'debug' );
|
||||
$self->lmLog( "Try to get a new $kind session", 'debug' );
|
||||
}
|
||||
|
||||
my $as = Lemonldap::NG::Common::Session->new(
|
||||
|
|
@ -239,7 +241,7 @@ sub getApacheSession {
|
|||
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
|
||||
id => $id,
|
||||
force => $force,
|
||||
kind => "SSO",
|
||||
kind => $kind,
|
||||
}
|
||||
);
|
||||
|
||||
|
|
@ -249,7 +251,7 @@ sub getApacheSession {
|
|||
}
|
||||
|
||||
if ( $id and !$force and !$as->data ) {
|
||||
$self->lmLog( "Session $id not found", 'debug' );
|
||||
$self->lmLog( "Session $kind $id not found", 'debug' );
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -266,7 +268,7 @@ sub getApacheSession {
|
|||
)
|
||||
)
|
||||
{
|
||||
$self->lmLog( "Session $id expired", 'debug' );
|
||||
$self->lmLog( "Session $kind $id expired", 'debug' );
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -274,7 +276,7 @@ sub getApacheSession {
|
|||
$self->{id} = $as->id;
|
||||
}
|
||||
|
||||
$self->lmLog( "Return session " . $as->id, 'debug' );
|
||||
$self->lmLog( "Return $kind session " . $as->id, 'debug' );
|
||||
|
||||
return $as;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,13 +24,35 @@ sub changeUrldc {
|
|||
{
|
||||
my $ssl = $urldc =~ /^https/;
|
||||
$self->lmLog( 'CDA request', 'debug' );
|
||||
$req->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
|
||||
. (
|
||||
( $self->conf->{securedCookie} < 2 or $ssl )
|
||||
? $self->conf->{cookieName} . "=" . $req->id
|
||||
: $self->conf->{cookieName} . "http="
|
||||
. $req->{sessionInfo}->{_httpSession}
|
||||
);
|
||||
|
||||
# Create CDA session
|
||||
if ( my $cdaSession =
|
||||
$self->getApacheSession( undef, 1, undef, "CDA" ) )
|
||||
{
|
||||
my $cdaInfos = { '_utime' => time };
|
||||
if ( $self->{conf}->{securedCookie} < 2 or $ssl ) {
|
||||
$cdaInfos->{cookie_value} = $req->id;
|
||||
$cdaInfos->{cookie_name} = $self->{conf}->{cookieName};
|
||||
}
|
||||
else {
|
||||
$cdaInfos->{cookie_value} =
|
||||
$req->{sessionInfo}->{_httpSession};
|
||||
$cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";
|
||||
}
|
||||
|
||||
$self->updateSession( $cdaInfos, $cdaSession->id );
|
||||
|
||||
$req->{urldc} .=
|
||||
( $urldc =~ /\?/ ? '&' : '?' )
|
||||
. $self->{conf}->{cookieName} . "cda="
|
||||
. $cdaSession->id;
|
||||
|
||||
$self->lmLog( "CDA redirection to " . $req->{urldc}, 'debug' );
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Unable to create CDA session", 'error' );
|
||||
return PE_APACHESESSIONERROR;
|
||||
}
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user