diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm
index 29198b613..12cc52724 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm
@@ -110,6 +110,7 @@ sub authenticate {
# calculating remaining time before password expiration
my $remainingTime = $_pwdExpire - $timestamp;
$self->info(
+ $req,
""
. sprintf(
$self->msg(PM_PP_EXP_WARNING),
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
index 49a66192c..ed7824e7e 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
@@ -53,7 +53,7 @@ sub extractFormInfo {
my ( $self, $req ) = @_;
# Local URL
- my $local_url = $self->conf->{portal} . $req->uri;
+ my $local_url = $self->p->fullUrl($req);
# Add request state parameters
if ( $req->datas->{_url} ) {
@@ -82,7 +82,7 @@ sub extractFormInfo {
if ( $self->proxy ) {
$self->lmLog( "CAS: Proxy mode activated", 'debug' );
- my $proxy_url = $req->uri . '?casProxy=1';
+ my $proxy_url = $self->p->fullUrl($req) . '?casProxy=1';
if ( my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) {
$proxy_url .= '&' . $self->conf->{authChoiceParam} . "=$tmp";
@@ -198,7 +198,8 @@ sub authLogout {
my ( $self, $req ) = @_;
# Build CAS logout URL
- my $logout_url = $self->cas->getServerLogoutURL( $req->uri );
+ my $logout_url =
+ $self->cas->getServerLogoutURL( uri_escape( $self->p->fullUrl($req) ) );
$self->lmLog( "Build CAS logout URL: $logout_url", 'debug' );
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
index 04c33e37a..e79469fa0 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@@ -214,10 +214,11 @@ sub run {
# Display a link to the provided URL
$self->lmLog( "Logout URL $logout_url will be displayed", 'debug' );
- $self->info(
+ $self->info( $req,
'The application you just logged out of has provided a link it would like you to follow
'
);
- $self->info("
$logout_url
");
+ $self->info( $req,
+ "$logout_url
" );
$self->{activeTimer} = 0;
return PE_CONFIRM;
@@ -397,7 +398,8 @@ sub validate {
# Get username
my $username =
- $localSession->data->{ $self->conf->{casAttr} || $self->conf->{whatToTrace} };
+ $localSession->data->{ $self->conf->{casAttr}
+ || $self->conf->{whatToTrace} };
$self->lmLog( "Get username $username", 'debug' );
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
index e6fa0fa0a..579590319 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
@@ -79,6 +79,7 @@ qr/^($saml_slo_get_url|$saml_slo_get_url_ret|$saml_slo_post_url|$saml_slo_post_u
# Required to manage SLO in Proxy mode
and $self->loadIDPs()
);
+
# SOAP routes (access without authentication)
$self->addRouteFromMetaDataURL(
'samlIDPSSODescriptorArtifactResolutionServiceArtifact',
@@ -865,10 +866,9 @@ sub run {
. " width=\"0\" height=\"0\" frameborder=\"0\">"
. "";
- # TODO: replace this
- #$self->info( "" . $self->msg(PM_CDC_WRITER) . "
" );
-
- $self->info( $req, $cdc_iframe );
+ $self->info( $req,
+ 'Update Common Domain Cookie
'
+ . $cdc_iframe );
}
# HTTP-REDIRECT
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
index a1326a7cc..5018c5756 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
@@ -206,13 +206,17 @@ sub userBind {
if ( $resp->grace_authentications_remaining ) {
# TODO
- $self->{portal}->info( ""
- . $resp->grace_authentications_remaining . " "
- . $self->{portal}->msg(PM_PP_GRACE)
- . "
" );
+ $self->{portal}->info( $req,
+ ''
+ . $resp->grace_authentications_remaining
+ . ' authentications remaining, change your password!
'
+ );
}
+
if ( $resp->time_before_expiration ) {
+ die 'TODO: change this by JS conversion';
$self->{portal}->info(
+ $req,
""
. sprintf(
$self->{portal}->msg(PM_PP_EXP_WARNING),
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
index 3665e18ea..723438c8a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
@@ -8,7 +8,6 @@ use constant {
# Portal errors
# Developers warning, do not use PE_INFO, it's reserved to autoRedirect.
- # If you want to send an information, use $self->info('text').
PE_SENDRESPONSE => -4,
PE_INFO => -3,
PE_REDIRECT => -2,
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
index 7a8843464..107212449 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
@@ -145,7 +145,7 @@ sub deleteSession {
$self->lmLog( "Create iFrames to forward logout to services", 'debug' );
- $self->info('');
+ $self->info( $req, '' );
foreach ( keys %{ $req->datas->{logoutServices} } ) {
my $logoutServiceName = $_;
@@ -153,7 +153,7 @@ sub deleteSession {
$req->datas->{logoutServices}->{$logoutServiceName};
$self->lmLog(
- "Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
+ "Find logout service $logoutServiceName ($logoutServiceUrl)",
'debug'
);
@@ -165,11 +165,12 @@ sub deleteSession {
. " width=\"0\" height=\"0\" frameborder=\"0\">"
. "";
- $self->info($iframe);
+ $self->info( $req, $iframe );
}
# Redirect on logout page if no other target defined
if ( !$req->urldc and !$req->postUrl ) {
+ $self->lmLog('No other target defined, redirect on logout','debug');
$req->urldc( $req->scriptname . "?logout=1" );
}
}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 3317f0867..e04b0d795 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -164,6 +164,7 @@ sub do {
or ( $err == PE_REDIRECT
and $req->datas->{redirectFormMethod}
and $req->datas->{redirectFormMethod} eq 'post' )
+ or ( $err == PE_REDIRECT and $req->info )
)
)
{
@@ -590,4 +591,11 @@ sub info {
return $req->info($info);
}
+sub fullUrl {
+ my ( $self, $req ) = @_;
+ my $pHost = $self->conf->{portal};
+ $pHost =~ s#^(https?://[^/]+)(?:/.*)?$#$1#;
+ return $pHost . $req->uri;
+}
+
1;
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/en.json b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
index 81164747d..4b2ef12fe 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
@@ -167,6 +167,7 @@
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSSOSession":"Open your SSO session",
"password": "Password",
+"ppGrace": "authentications remaining, change your password!",
"pwdChanged":"Your password was changed.",
"pwdChange":"Password change",
"pwdIs":"Your password is",
@@ -188,6 +189,7 @@
"serviceProvidedBy":"Service provided by",
"SSOSessionInactive":"SSO session inactive",
"submit":"Submit",
+"updateCdc": "Update Common Domain Cookie",
"user":"User",
"useYubikey":"use your Yubikey",
"wait":"Wait",
diff --git a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
index 1d1482a8a..6bdec436b 100644
--- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
@@ -167,6 +167,7 @@
"openSessionSpace":"Cet espace vous permet d'ouvrir une session SSO. Celle-ci vous aidera à accéder de manière totalement sécurisée à l'ensemble des applications autorisées par votre profil utilisateur.",
"openSSOSession":"Ouvrir une session SSO",
"password": "Mot-de-passe",
+"ppGrace": "authentifications restantes, changez votre mot de passe !",
"pwdChange":"Changement de mot de passe",
"pwdChanged":"Votre mot de passe a été changé.",
"pwdIs":"Votre mot de passe est",
@@ -188,6 +189,7 @@
"serviceProvidedBy":"Ce service est fourni par",
"SSOSessionInactive":"Session SSO inactive",
"submit":"Envoyer",
+"updateCdc": "Mise à jour du cookie de domaine commun",
"user":"Utilisateur",
"useYubikey":"utilisez votre Yubikey",
"wait":"Attendre",
diff --git a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS.t b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS.t
index 744bdcf6a..b8f1d3f66 100644
--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS.t
@@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
-my $maintests = 14;
+my $maintests = 19;
my $debug = 'debug';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
@@ -95,8 +95,28 @@ SKIP: {
switch ('sp');
ok( $res = $sp->_get( '/', query => $query, accept => 'text/html' ),
'Query SP with ticket' );
+ $cookies = $sp->getCookies($res);
+ my $spId;
+ ok( $spId = $cookies->{lemonldap}, 'Get cookie' )
+ or explain( $res, 'Set-Cookie: something' );
- #print STDERR Dumper($res);
+ # Test authentication
+ ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
+ ok( $res->[0] == 200, 'User is authentified' ) or explain( $res->[0], 200 );
+ ok( $sp->getUser($res) eq 'dwho', 'User is identified as dwho' )
+ or explain( $res->[1], 'Lm-Remote-User: dwho' );
+
+ # Logout initiated by SP
+ ok(
+ $res = $sp->_get(
+ '/',
+ query => 'logout',
+ cookie => "lemonldap=$spId",
+ accept => 'text/html'
+ ),
+ 'Query SP for logout'
+ );
+ print STDERR Dumper($res);
}
count($maintests);