Use OTT (#1976)
This commit is contained in:
parent
02aafdeddd
commit
60ce68ce23
|
@ -4,14 +4,30 @@ use strict;
|
|||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_OK
|
||||
PE_NOTOKEN
|
||||
PE_TOKENEXPIRED
|
||||
PE_FIRSTACCESS
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.11';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
extends qw(
|
||||
Lemonldap::NG::Portal::Main::Plugin
|
||||
Lemonldap::NG::Portal::Lib::_tokenRule
|
||||
);
|
||||
|
||||
# INITIALIZATION
|
||||
has ott => (
|
||||
is => 'rw',
|
||||
lazy => 1,
|
||||
default => sub {
|
||||
my $ott =
|
||||
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
);
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
my $imp = grep /::Plugins::Impersonation$/, $self->p->enabledPlugins;
|
||||
|
@ -23,13 +39,33 @@ sub init {
|
|||
# RUNNING METHOD
|
||||
sub provideUser {
|
||||
my ( $self, $req ) = @_;
|
||||
my $error;
|
||||
|
||||
# Check token
|
||||
if ( $self->ottRule->( $req, {} ) ) {
|
||||
my $token = $req->param('token');
|
||||
unless ($token) {
|
||||
$self->userLogger->warn('FindUser called without token');
|
||||
$error = PE_NOTOKEN;
|
||||
}
|
||||
unless ( $self->ott->getToken($token) ) {
|
||||
$self->userLogger->warn(
|
||||
'FindUser called with an expired/bad token');
|
||||
$error = PE_TOKENEXPIRED;
|
||||
}
|
||||
}
|
||||
if ($error) {
|
||||
eval { $self->p->_authentication->setSecurity($req) };
|
||||
return $self->p->do( $req, [ sub { $error } ] );
|
||||
}
|
||||
|
||||
$req->steps( ['findUser'] );
|
||||
if ( my $error = $self->p->process($req) ) {
|
||||
if ( $error = $self->p->process($req) ) {
|
||||
$self->logger->debug("Process returned error: $error");
|
||||
return $req->error($error);
|
||||
}
|
||||
$req->mustRedirect(1);
|
||||
|
||||
$req->mustRedirect(0);
|
||||
return $self->sendJSONresponse(
|
||||
$req,
|
||||
{
|
||||
|
|
|
@ -50,7 +50,8 @@ sub findUser {
|
|||
my ( $self, $req, %args ) = @_;
|
||||
my $plugin =
|
||||
$self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"};
|
||||
my ( $searching, $excluding, $result ) = $plugin->retreiveFindUserParams($req);
|
||||
my ( $searching, $excluding ) = $plugin->retreiveFindUserParams($req);
|
||||
eval { $self->p->_authentication->setSecurity($req) };
|
||||
return PE_OK unless scalar @$searching;
|
||||
|
||||
my $table = $self->table;
|
||||
|
@ -78,21 +79,21 @@ sub findUser {
|
|||
$sth = $self->dbh->prepare($request);
|
||||
$sth->execute(@args);
|
||||
};
|
||||
eval { $self->p->_authentication->setSecurity($req) };
|
||||
|
||||
if ($@) {
|
||||
|
||||
# If connection isn't available, error is displayed by dbh()
|
||||
$self->logger->error("DBI error: $@") if ( $self->_dbh );
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
my $results = $sth->fetchall_arrayref();
|
||||
if ( $results->[0]->[0] ) {
|
||||
my $rank = rand( scalar @$results );
|
||||
$self->logger->debug(
|
||||
'DBI UserDB number of result(s): ' . scalar @$results );
|
||||
$self->logger->debug("Demo UserDB random rank: $rank");
|
||||
$self->userLogger->info("FindUser: DBI UserDB returns $results->[$rank]->[0]");
|
||||
$self->userLogger->info(
|
||||
"FindUser: DBI UserDB returns $results->[$rank]->[0]");
|
||||
$req->{findUser} = $results->[$rank]->[0];
|
||||
}
|
||||
|
||||
|
|
|
@ -77,6 +77,7 @@ sub findUser {
|
|||
my $plugin =
|
||||
$self->p->loadedModules->{"Lemonldap::NG::Portal::Plugins::FindUser"};
|
||||
my ( $searching, $excluding ) = $plugin->retreiveFindUserParams($req);
|
||||
eval { $self->p->_authentication->setSecurity($req) };
|
||||
return PE_OK unless scalar @$searching;
|
||||
|
||||
my $cond = '';
|
||||
|
@ -105,7 +106,6 @@ sub findUser {
|
|||
$self->userLogger->info("FindUser: Demo UserDB returns $results[$rank]");
|
||||
$req->{findUser} = $results[$rank];
|
||||
|
||||
eval { $self->p->_authentication->setSecurity($req) };
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,23 +1,26 @@
|
|||
<TMPL_IF NAME="FINDUSER">
|
||||
<br>
|
||||
<div class="card">
|
||||
<br>
|
||||
<form action="/finduser" method="post" role="form" class="login">
|
||||
<div class="form">
|
||||
<TMPL_LOOP NAME="FIELDS">
|
||||
<div class="input-group mb-3">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><label for="<TMPL_VAR NAME="key">" class="mb-0"><i class="fa fa-user"></i></label></span>
|
||||
<br>
|
||||
<div class="card">
|
||||
<br>
|
||||
<form action="/finduser" method="post" role="form" class="login">
|
||||
<div class="form">
|
||||
<TMPL_IF NAME="TOKEN">
|
||||
<input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
|
||||
</TMPL_IF>
|
||||
<TMPL_LOOP NAME="FIELDS">
|
||||
<div class="input-group mb-3">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><label for="<TMPL_VAR NAME="key">" class="mb-0"><i class="fa fa-user"></i></label></span>
|
||||
</div>
|
||||
<input id="findUser<TMPL_VAR NAME="key">" name="<TMPL_VAR NAME="key">" type="text" autocomplete="off" class="form-control" placeholder="<TMPL_VAR NAME="value">" />
|
||||
</div>
|
||||
<input id="findUser<TMPL_VAR NAME="key">" name="<TMPL_VAR NAME="key">" type="text" autocomplete="off" class="form-control" placeholder="<TMPL_VAR NAME="value">" />
|
||||
</div>
|
||||
</TMPL_LOOP>
|
||||
<button type="submit" class="btn btn-info" >
|
||||
<span class="fa fa-eye"></span>
|
||||
<span trspan="searchAccount">Search an account</span>
|
||||
</button>
|
||||
</div>
|
||||
<br>
|
||||
</form>
|
||||
</div>
|
||||
</TMPL_LOOP>
|
||||
<button type="submit" class="btn btn-info" >
|
||||
<span class="fa fa-eye"></span>
|
||||
<span trspan="searchAccount">Search for an account</span>
|
||||
</button>
|
||||
</div>
|
||||
</form>
|
||||
<br>
|
||||
</div>
|
||||
</TMPL_IF>
|
||||
|
|
|
@ -52,7 +52,7 @@ SKIP: {
|
|||
dbiAuthPasswordHash => '',
|
||||
dbiDynamicHashEnabled => 0,
|
||||
passwordDB => 'DBI',
|
||||
requireToken => 1,
|
||||
requireToken => 0,
|
||||
findUser => 1,
|
||||
impersonationRule => 1,
|
||||
findUserSearchingAttributes =>
|
||||
|
@ -65,7 +65,7 @@ SKIP: {
|
|||
## Simple access
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId', 'token' );
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
|
||||
$request = 'user=dwho';
|
||||
ok(
|
||||
|
@ -77,7 +77,7 @@ SKIP: {
|
|||
'Post FindFuser request'
|
||||
);
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId', 'token' );
|
||||
expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
|
||||
ok( $res->[2]->[0] =~ m%value="dwho"%, 'value="dwho"' )
|
||||
or explain( $res->[2]->[0], 'value="dwho"' );
|
||||
ok( $res->[2]->[0] =~ m%autocomplete="off"%, 'autocomplete="off"' )
|
||||
|
|
Loading…
Reference in New Issue
Block a user