Ask token to use get_key_from_all_sessions (#595)

2017-01-23 22:04:24 +00:00 · 2017-01-23 22:04:24 +00:00 · 42c42562a6
commit 42c42562a6
parent 2e5882b27e
4 changed files with 60 additions and 11 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/SOAP.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/SOAP.pm
@ -235,8 +235,12 @@ sub get_key_from_all_sessions() {
    }
    die('proxy is required') unless ( $self->{proxy} );
    ( $user, $password ) = ( $args->{User}, $args->{Password} );
+
+    # Get token before query
+    my $token = Lemonldap::NG::Handler::Main->tsv->{cipher}
+      ->decrypt( $self->_soapCall('getCipheredToken') );
    if ( ref($data) eq 'CODE' ) {
-        my $r = $self->_soapCall( "get_key_from_all_sessions", $args );
+        my $r = $self->_soapCall( "get_key_from_all_sessions", $token );
        my $res;
        if ($r) {
            foreach my $k ( keys %$r ) {
@ -246,7 +250,7 @@ sub get_key_from_all_sessions() {
        }
    }
    else {
-        return $self->_soapCall( "get_key_from_all_sessions", $args, $data );
+        return $self->_soapCall( "get_key_from_all_sessions", $token, $data );
    }
 }

--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/SOAPService.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/SOAPService.pm
@ -31,7 +31,7 @@ sub AUTOLOAD {
    $AUTOLOAD =~ s/.*:://;
    if ( grep { $_ eq $AUTOLOAD } @{ $self->{func} } ) {
        my $tmp = $self->{obj}->$AUTOLOAD( $self->{req}, @_ );
-        unless ( ref($tmp) and ref($tmp) eq 'SOAP::Data' ) {
+        unless ( ref($tmp) and ref($tmp) =~ /^SOAP/ ) {
            $tmp = SOAP::Data->name( result => $tmp );
        }
        return $tmp;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
@ -93,7 +93,8 @@ sub unauthAdminSessions {
    return $self->dispatch_to(
        $req,
        qw(getCookies getAttributes isAuthorizedURI getMenuApplications
-          newSession setAttributes deleteSession get_key_from_all_sessions)
+          newSession setAttributes deleteSession getCipheredToken
+          get_key_from_all_sessions)
    );
 }

@ -321,18 +322,38 @@ sub deleteSession {

 # Returns key from all sessions

-sub get_key_from_all_sessions {
-    my $self = shift;
-    my $req  = shift;
+sub getCipheredToken {
+    my ( $self, $req ) = @_;
+    require Lemonldap::NG::Portal::Lib::OneTimeToken;
+    return $self->conf->{cipher}->encrypt(
+        Lemonldap::NG::Portal::Lib::OneTimeToken->new(
+            { p => $self->p, conf => $self->conf, timeout => 5 }
+        )->createToken()
+    );
+}

+sub get_key_from_all_sessions {
+    my $self  = shift;
+    my $req   = shift;
+    my $token = shift;
+
+    # Verify that token is valid (must be unciphered by client)
+    require Lemonldap::NG::Portal::Lib::OneTimeToken;
+    unless (
+        Lemonldap::NG::Portal::Lib::OneTimeToken->new(
+            { p => $self->p, conf => $self->conf }
+        )->getToken($token)
+      )
+    {
+        die SOAP::Fault->faultcode('Server.Custom')->faultstring('Bad token');
+    }
    my $moduleOptions = $self->conf->{globalStorageOptions} || {};
    $moduleOptions->{backend} = $self->conf->{globalStorage};
-    my $module = "Lemonldap::NG::Common::Apache::Session";
-
-    require $module;
+    require Lemonldap::NG::Common::Apache::Session;

    no strict 'refs';
-    return $module->get_key_from_all_sessions( $moduleOptions, @_ );
+    return Lemonldap::NG::Common::Apache::Session->get_key_from_all_sessions(
+        $moduleOptions, @_ );
 }

 # Check user's authorization for uri.
--- a/lemonldap-ng-portal/t/34-Auth-Proxy-and-SOAP-Server.t
+++ b/lemonldap-ng-portal/t/34-Auth-Proxy-and-SOAP-Server.t
@ -52,6 +52,28 @@ SKIP: {
    count(1);
    expectOK($res);

+    use_ok('Lemonldap::NG::Common::Apache::Session::SOAP');
+    ok(
+        $res =
+          Lemonldap::NG::Common::Apache::Session::SOAP
+          ->get_key_from_all_sessions(
+            {
+                proxy => 'http://auth.idp.com/adminSessions',
+                ns    => 'urn:Lemonldap/NG/Common/PSGI/SOAPService'
+            },
+            [ 'uid', 'cn' ],
+          ),
+        'Try get_key_from_all_sessions'
+    );
+    ok( defined $res->{$spId}, ' Found session' );
+    count(3);
+
+#my $soap = SOAP::Lite->new->proxy('http://auth.idp.com/adminSessions')->ns('urn:Lemonldap/NG/Common/PSGI/SOAPService');
+#my $token = $issuer->p->conf->{cipher}->decrypt($soap->getCipheredToken->result());
+#print STDERR Dumper($token);
+#print STDERR Dumper(
+#      $soap->get_key_from_all_sessions( $token, ['uid'] )->result());
+
    # Logout
    ok(
        $res = $sp->_get(
@ -91,6 +113,7 @@ sub LWP::UserAgent::request {
    my $res;
    my $s = $req->content;
    my $client = ( $host eq 'idp' ? $issuer : $sp );
+    switch ( $host eq 'idp' ? 'issuer' : 'sp' );
    ok(
        $res = $client->_post(
            $url,
@ -115,6 +138,7 @@ sub LWP::UserAgent::request {
    $httpResp->content( join( '', @{ $res->[2] } ) );
    pass(' @ END OF SOAP REQUEST @');
    count(4);
+    switch ( $host eq 'idp' ? 'sp' : 'issuer' );
    return $httpResp;
 }