From 5d6239587b996ee9b4c81638e939bb986c4b1927 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Sat, 20 Jul 2013 08:35:13 +0000
Subject: [PATCH] Move assertion resolution in extractFormInfo to pass found
 user to a userDB module (#584)

---
 .../lib/Lemonldap/NG/Portal/AuthBrowserID.pm  | 146 +++++++++---------
 1 file changed, 73 insertions(+), 73 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthBrowserID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthBrowserID.pm
index 26b1bfae5..7a1814e2c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthBrowserID.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthBrowserID.pm
@@ -35,6 +35,7 @@ sub authInit {
 sub setAuthSessionInfo {
     my $self = shift;
 
+    $self->{sessionInfo}->{_user}               = $self->{user};
     $self->{sessionInfo}->{authenticationLevel} = $self->{browserIdAuthnLevel};
 
     PE_OK;
@@ -46,11 +47,81 @@ sub setAuthSessionInfo {
 sub extractFormInfo {
     my $self = shift;
 
-    # Assertion should be in POST browserIdAssertion parameter (ajax call)
+    # Assertion should be browserIdAssertion parameter
     if ( $self->{browserIdAssertion} = $self->param('browserIdAssertion') ) {
         $self->lmLog(
             "BrowserID Assertion found: " . $self->{browserIdAssertion},
             'debug' );
+
+        # Resolve assertion
+        my $ua = new LWP::UserAgent;
+        push @{ $ua->requests_redirectable }, 'POST';
+
+        my $postdata =
+            "assertion="
+          . $self->{browserIdAssertion}
+          . "&audience="
+          . $self->{portal};
+
+        $self->lmLog( "Send $postdata to " . $self->{browserIdVerificationURL},
+            'debug' );
+
+        my $request =
+          HTTP::Request->new( 'POST' => $self->{browserIdVerificationURL} );
+        $request->content_type('application/x-www-form-urlencoded');
+        $request->content($postdata);
+
+        my $answer = $ua->request($request);
+
+        $self->lmLog( "Verification response: " . $answer->as_string, 'debug' );
+
+        if ( $answer->code() == "200" ) {
+
+            # Get JSON answser
+            my $browserIdVerificationAnswer = $answer->content;
+            $self->lmLog(
+                "Received BrowserID answer: $browserIdVerificationAnswer",
+                'debug' );
+
+            my $json = new JSON();
+            $self->{browserIdAnswer} =
+              $json->decode($browserIdVerificationAnswer);
+
+            if ( $self->{browserIdAnswer}->{status} eq "okay" ) {
+                $self->{user} = $self->{browserIdAnswer}->{email};
+
+                $self->lmLog(
+                    "Found user "
+                      . $self->{user}
+                      . " in BrowserID verification answer",
+                    'debug'
+                );
+
+                # TODO - check audience
+                # TODO - adjust session duration with BrowserID expires field
+                # TODO - check SSL certificate
+
+                return PE_OK;
+            }
+            else {
+                $self->lmLog(
+                    "Assertion "
+                      . $self->{browserIdAssertion}
+                      . " not verified by BrowserID provider",
+                    'error'
+                );
+                return PE_ERROR;
+            }
+        }
+        else {
+            $self->lmLog(
+                "Fail to validate BrowserId assertion "
+                  . $self->{browserIdAssertion},
+                'error'
+            );
+            return PE_ERROR;
+        }
+
         return PE_OK;
     }
 
@@ -63,78 +134,7 @@ sub extractFormInfo {
 # Verify assertion and audience
 # @return Lemonldap::NG::Portal constant
 sub authenticate {
-    my $self = shift;
-
-    # Return unless BrowserID assertion
-    return PE_FIRSTACCESS unless ( $self->{browserIdAssertion} );
-
-    my $ua = new LWP::UserAgent;
-    push @{ $ua->requests_redirectable }, 'POST';
-
-    my $postdata =
-        "assertion="
-      . $self->{browserIdAssertion}
-      . "&audience="
-      . $self->{portal};
-
-    $self->lmLog( "Send $postdata to " . $self->{browserIdVerificationURL},
-        'debug' );
-
-    my $request =
-      HTTP::Request->new( 'POST' => $self->{browserIdVerificationURL} );
-    $request->content_type('application/x-www-form-urlencoded');
-    $request->content($postdata);
-
-    my $answer = $ua->request($request);
-
-    $self->lmLog( "Verification response: " . $answer->as_string, 'debug' );
-
-    if ( $answer->code() == "200" ) {
-
-        # Get JSON answser
-        my $browserIdVerificationAnswer = $answer->content;
-        $self->lmLog( "Received BrowserID answer: $browserIdVerificationAnswer",
-            'debug' );
-
-        my $json = new JSON();
-        $self->{browserIdAnswer} = $json->decode($browserIdVerificationAnswer);
-
-        if ( $self->{browserIdAnswer}->{status} eq "okay" ) {
-            $self->{_user} = $self->{browserIdAnswer}->{email};
-            $self->{sessionInfo}->{user} = $self->{_user};
-
-            $self->lmLog(
-                "Found user "
-                  . $self->{_user}
-                  . " in BrowserID verification answer",
-                'debug'
-            );
-
-            # TODO - check audience
-            # TODO - adjust session duration with BrowserID expires field
-            # TODO - check SSL certificate
-
-            return PE_OK;
-        }
-        else {
-            $self->lmLog(
-                "Assertion "
-                  . $self->{browserIdAssertion}
-                  . " not verified by BrowserID provider",
-                'error'
-            );
-            return PE_ERROR;
-        }
-    }
-    else {
-        $self->lmLog(
-            "Fail to validate BrowserId assertion "
-              . $self->{browserIdAssertion},
-            'error'
-        );
-        return PE_ERROR;
-    }
-
+    PE_OK;
 }
 
 ## @apmethod int authFinish()