REST in progress (#970)

2017-01-10 16:09:28 +00:00 · 2017-01-10 16:09:28 +00:00 · 4d8c25460f
commit 4d8c25460f
parent 34460af4ee
6 changed files with 199 additions and 25 deletions
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@ -71,6 +71,7 @@ lib/Lemonldap/NG/Portal/Lib/OpenID/Server.pm
 lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm
 lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
 lib/Lemonldap/NG/Portal/Lib/Remote.pm
+lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm
 lib/Lemonldap/NG/Portal/Lib/SAML.pm
 lib/Lemonldap/NG/Portal/Lib/Slave.pm
 lib/Lemonldap/NG/Portal/Lib/SMTP.pm
@ -373,6 +374,7 @@ t/32-Auth-and-issuer-OIDC-authorization_code.t
 t/32-Auth-and-issuer-OIDC-hybrid.t
 t/32-Auth-and-issuer-OIDC-implicit.t
 t/33-Auth-and-issuer-OpenID2.t
+t/34-Auth-Proxy-and-REST-Server.t
 t/34-Auth-Proxy-and-SOAP-Server.t
 t/40-Notifications-DBI.t
 t/50-IssuerGet.t
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Proxy.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Proxy.pm
@ -13,12 +13,12 @@ extends 'Lemonldap::NG::Portal::Auth::_WebForm';
 sub init {
    my ($self) = @_;
    if ( $self->conf->{proxyUseSoap} ) {
-        extends 'Lemonldap::NG::Portal::Auth::_WebForm',
-          'Lemonldap::NG::Portal::Lib::SOAPProxy';
+        extends 'Lemonldap::NG::Portal::Lib::SOAPProxy',
+          'Lemonldap::NG::Portal::Auth::_WebForm';
    }
    else {
-        extends 'Lemonldap::NG::Portal::Auth::_WebForm',
-          'Lemonldap::NG::Portal::Lib::RESTProxy';
+        extends 'Lemonldap::NG::Portal::Lib::RESTProxy',
+          'Lemonldap::NG::Portal::Auth::_WebForm';
    }
    return $self->SUPER::init();
 }
@ -31,10 +31,6 @@ sub setAuthSessionInfo {
    PE_OK;
 }

-sub authLogout {
-    PE_OK;
-}
-
 sub getDisplayType {
    return "standardform";
 }
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm
@ -9,14 +9,7 @@ use Lemonldap::NG::Common::FormEncode;

 our $VERSION = '2.0.0';

-has ua => (
-    is      => 'rw',
-    default => sub {
-        my $ua = LWP::UserAgent->new;
-        $ua->default_header( Accept => 'application/json' );
-        return $ua;
-    }
-);
+has ua => ( is => 'rw' );

 # INITIALIZATION

@ -24,7 +17,10 @@ sub init {
    my ($self) = @_;
    $self->conf->{remoteCookieName} ||= $self->conf->{cookieName};
    $self->conf->{proxySessionService} ||=
-      $self->conf->{proxyAuthService} . '/mysession/';
+      $self->conf->{proxyAuthService} . '/mysession';
+    $self->conf->{proxySessionService} =~ s#/*$##;
+    $self->ua( LWP::UserAgent->new );
+    $self->ua->default_header( Accept => 'application/json' );

    unless ( defined $self->conf->{proxyAuthService} ) {
        $self->error("Missing proxyAuthService parameter");
@ -61,9 +57,10 @@ sub getUser {
        return PE_BADCREDENTIALS;
    }
    $req->sessionInfo->{_proxyCookies} = join '; ',
-      map { s/;.*$// } $resp->header('Set-Cookie');
+      map { s/;.*$//; $_ } $resp->header('Set-Cookie');
    $self->lmLog(
-        'Store cookies in session (' . $req->sessionInfo->{_proxyCookies} . ')',
+        'Store remote cookies in session ('
+          . $req->sessionInfo->{_proxyCookies} . ')',
        'debug'
    );
    PE_OK;
@ -73,10 +70,13 @@ sub setSessionInfo {
    my ( $self, $req ) = @_;
    return PE_OK if ( $req->datas->{_setSessionInfoDone} );
    my $q = HTTP::Request->new(
-        GET    => $self->conf->{proxySessionService},
-        Cookie => $req->sessionInfo->{_proxyCookies}
+        GET => $self->conf->{proxySessionService} . '/global',
+        [
+            Cookie => $req->sessionInfo->{_proxyCookies},
+            Accept => 'application/json'
+        ]
    );
-    my $resp = $self->ua->get($q);
+    my $resp = $self->ua->request($q);
    unless ( $resp->is_success ) {
        $self->lmLog( 'Unable to query session service: ' . $resp->status_line,
            'error' );
@ -95,5 +95,19 @@ sub setSessionInfo {
    PE_OK;
 }

+sub authLogout {
+    my ( $self, $req ) = @_;
+    $self->lmLog( 'Proxy ask logout to '. $self->conf->{proxyAuthService},'debug');
+    my $q = HTTP::Request->new(
+        GET => $self->conf->{proxyAuthService} . '?logout=1',
+        [
+            Cookie => $req->sessionInfo->{_proxyCookies},
+            Accept => 'application/json'
+        ]
+    );
+    my $resp = $self->ua->request($q);
+    return PE_OK;
+}
+
 1;

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm
@ -84,4 +84,8 @@ sub setSessionInfo {
    PE_OK;
 }

+sub authLogout {
+    PE_OK;
+}
+
 1;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
@ -103,6 +103,7 @@ sub init {
        [ 'GET', 'POST' ]
    );
    extends @parents if ($add);
+    $self->setTypes( $self->conf ) if ( $self->conf->{restSessionServer} );
    return 1;
 }

@ -167,7 +168,7 @@ sub delSession {

 sub delMySession {
    my ( $self, $req, $id ) = @_;
-    return $self->delSession( $req, $req->id );
+    return $self->delSession( $req, $req->userData->{_session_id} );
 }

 sub mysession {
@ -176,7 +177,7 @@ sub mysession {
    # 1. whoami
    if ( defined $req->param('whoami') ) {
        return $self->p->sendJSONresponse( $req,
-            { result => $req->sessionInfo->{ $self->conf->{whatToTrace} } } );
+            { result => $req->userData->{ $self->conf->{whatToTrace} } } );
    }

    # Verify authorizationfor arg
@ -209,7 +210,8 @@ sub mysession {

 sub getMyKey {
    my ( $self, $req, $key ) = @_;
-    return $self->session( $req, $req->id, $key );
+    $self->lmLog( 'Request to get personal session info', 'debug' );
+    return $self->session( $req, $req->userData->{_session_id}, $key );
 }

 1;
--- a/lemonldap-ng-portal/t/34-Auth-Proxy-and-REST-Server.t
+++ b/lemonldap-ng-portal/t/34-Auth-Proxy-and-REST-Server.t
@ -0,0 +1,156 @@
+use Test::More;
+use strict;
+use IO::String;
+
+BEGIN {
+    require 't/test-lib.pm';
+}
+
+my $debug = 'error';
+my ( $issuer, $sp, $res );
+my %handlerOR = ( issuer => [], sp => [] );
+
+ok( $issuer = issuer(), 'Issuer portal' );
+$handlerOR{issuer} = \@Lemonldap::NG::Handler::Main::Reload::_onReload;
+switch ('sp');
+
+ok( $sp = sp(), 'SP portal' );
+$handlerOR{sp} = \@Lemonldap::NG::Handler::Main::Reload::_onReload;
+
+# Simple SP access
+ok(
+    $res = $sp->_get(
+        '/', accept => 'text/html',
+    ),
+    'Unauth SP request'
+);
+expectOK($res);
+
+# Try to auth
+ok(
+    $res = $sp->_post(
+        '/', IO::String->new('user=dwho&password=dwho'),
+        length => 23,
+        accept => 'text/html'
+    ),
+    'Post user/password'
+);
+expectRedirection( $res, 'http://auth.sp.com' );
+my $spId = expectCookie($res);
+
+# Logout
+ok(
+    $res = $sp->_get(
+        '/',
+        query  => 'logout',
+        accept => 'text/html',
+        cookie => "lemonldap=$spId"
+    ),
+    'Ask for logout'
+);
+count(1);
+expectOK($res);
+
+# Test if logout is done
+ok(
+    $res = $sp->_get(
+        '/', cookie => "lemonldap=$spId",
+    ),
+    'Test if user is reject on IdP'
+);
+count(1);
+expectReject($res);
+
+count(4);
+clean_sessions();
+done_testing( count() );
+
+# Redefine LWP methods for tests
+no warnings 'redefine';
+
+sub LWP::UserAgent::request {
+    my ( $self, $req ) = @_;
+    ok( $req->uri =~ m#http://auth.idp.com(.*)#, " REST request (uri: $1)" );
+    count(1);
+    my $url = $1;
+    my $res;
+    my $s = $req->content;
+    if ( $req->method =~ /^post$/i ) {
+        my $s = $req->content;
+        ok(
+            $res = $issuer->_post(
+                $url,
+                IO::String->new($s),
+                length => length($s),
+                type   => $req->header('Content-Type'),
+            ),
+            ' Post request'
+        );
+        count(1);
+        expectOK($res);
+        expectCookie($res);
+    }
+    else {
+        ok(
+            $res = $issuer->_get(
+                $url,
+                accept => $req->header('Accept'),
+                cookie => $req->header('Cookie')
+            ),
+            ' Execute request'
+        );
+        count(1);
+        expectOK($res);
+    }
+    ok( getHeader( $res, 'Content-Type' ) =~ m#^(?:text|application)/json#,
+        'Content is JSON' )
+      or explain( $res->[1], 'Content-Type => application/json' );
+    count(1);
+    my $httpResp;
+    $httpResp = HTTP::Response->new( $res->[0], 'OK' );
+
+    while ( my $name = shift @{ $res->[1] } ) {
+        $httpResp->header( $name, shift( @{ $res->[1] } ) );
+    }
+    $httpResp->content( join( '', @{ $res->[2] } ) );
+    return $httpResp;
+}
+
+sub switch {
+    my $type = shift;
+    @Lemonldap::NG::Handler::Main::Reload::_onReload = @{
+        $handlerOR{$type};
+    };
+}
+
+sub issuer {
+    return LLNG::Manager::Test->new(
+        {
+            ini => {
+                logLevel          => $debug,
+                templatesDir      => 'site/htdocs/static',
+                domain            => 'idp.com',
+                portal            => 'http://auth.idp.com',
+                authentication    => 'Demo',
+                userDB            => 'Demo',
+                restSessionServer => 1,
+            }
+        }
+    );
+}
+
+sub sp {
+    return LLNG::Manager::Test->new(
+        {
+            ini => {
+                logLevel         => $debug,
+                domain           => 'sp.com',
+                portal           => 'http://auth.sp.com',
+                authentication   => 'Proxy',
+                userDB           => 'Proxy',
+                proxyAuthService => 'http://auth.idp.com',
+                proxyUseSoap     => 0,
+            },
+        }
+    );
+}