* Portal error page merged with main portal script
* Option to use Redirect instead of Forbidden in Handler (#6)
This commit is contained in:
parent
7f3b69b8c9
commit
6147019e90
|
@ -316,7 +316,6 @@ install_portal_site: install_conf_dir
|
|||
install -v -d $(RPORTALSKINSDIR)/$$skin; \
|
||||
done
|
||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/index_skin.pl ${RPORTALDIR}/index.pl
|
||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/error.pl ${RPORTALDIR}
|
||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/mail.pl ${RPORTALDIR}
|
||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/metadata.pl ${RPORTALDIR}
|
||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/cdc.pl ${RPORTALDIR}
|
||||
|
@ -566,7 +565,6 @@ debian-diff:
|
|||
$(DIFF) -x 'jquery*' lemonldap-ng-portal/example/skins/$$i /usr/share/lemonldap-ng/portal-skins/$$i; \
|
||||
done ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/index_skin.pl /var/lib/lemonldap-ng/portal/index.pl ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/error.pl /var/lib/lemonldap-ng/portal/error.pl ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/mail.pl /var/lib/lemonldap-ng/portal/mail.pl ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/metadata.pl /var/lib/lemonldap-ng/portal/metadata.pl ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/cdc.pl /var/lib/lemonldap-ng/portal/cdc.pl ||true
|
||||
|
@ -593,7 +591,6 @@ default-diff:
|
|||
@$(DIFF) lemonldap-ng-portal/example/scripts/buildPortalWSDL $(LMPREFIX)/bin/buildPortalWSDL ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/skins $(LMPREFIX)/htdocs/portal/skins ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/index_skin.pl $(LMPREFIX)/htdocs/portal/index.pl ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/error.pl $(LMPREFIX)/htdocs/portal/error.pl ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/mail.pl $(LMPREFIX)/htdocs/portal/mail.pl ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/metadata.pl $(LMPREFIX)/htdocs/portal/metadata.pl ||true
|
||||
@$(DIFF) lemonldap-ng-portal/example/cdc.pl $(LMPREFIX)/htdocs/portal/cdc.pl ||true
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
PerlRequire __HANDLER__
|
||||
|
||||
# Common error page and security parameters
|
||||
ErrorDocument 403 http://auth.__DNSDOMAIN__/error.pl?error=403
|
||||
ErrorDocument 500 http://auth.__DNSDOMAIN__/error.pl?error=500
|
||||
ErrorDocument 403 http://auth.__DNSDOMAIN__/?lmError=403
|
||||
ErrorDocument 500 http://auth.__DNSDOMAIN__/?lmError=500
|
||||
|
||||
# Sample application
|
||||
<VirtualHost __VHOSTLISTEN__>
|
||||
|
|
|
@ -10,8 +10,8 @@ PerlOptions +GlobalRequest
|
|||
PerlRequire __HANDLER__
|
||||
|
||||
# Common error page and security parameters
|
||||
ErrorDocument 403 http://auth.__DNSDOMAIN__/error.pl?error=403
|
||||
ErrorDocument 500 http://auth.__DNSDOMAIN__/error.pl?error=500
|
||||
ErrorDocument 403 http://auth.__DNSDOMAIN__/?lmError=403
|
||||
ErrorDocument 500 http://auth.__DNSDOMAIN__/?lmError=500
|
||||
|
||||
# Sample application
|
||||
<VirtualHost __VHOSTLISTEN__>
|
||||
|
|
|
@ -181,6 +181,9 @@ localStorageOptions={ 'namespace' => 'MyNamespace', 'default_expires_in' => 600,
|
|||
# Set status to 1 if you want to have the report of activity (used for
|
||||
# example to inform MRTG)
|
||||
status = 0
|
||||
# Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN
|
||||
# when a user is not allowed by Handler
|
||||
;useRedirectOnForbidden = 1
|
||||
|
||||
# Zimbra Handler parameters
|
||||
;zimbraPreAuthKey = XXXX
|
||||
|
|
|
@ -46,7 +46,7 @@ our (
|
|||
$port, $statusPipe, $statusOut,
|
||||
$customFunctions, $transform, $cda,
|
||||
$childInitDone, $httpOnly, $cookieExpiration,
|
||||
$timeoutActivity, $datasUpdate,
|
||||
$timeoutActivity, $datasUpdate, $useRedirectOnForbidden,
|
||||
);
|
||||
|
||||
##########################################
|
||||
|
@ -73,7 +73,9 @@ BEGIN {
|
|||
)
|
||||
],
|
||||
traces => [qw( $whatToTrace $statusPipe $statusOut)],
|
||||
apache => [qw( MP OK REDIRECT FORBIDDEN DONE DECLINED SERVER_ERROR )],
|
||||
apache => [
|
||||
qw( MP OK REDIRECT FORBIDDEN DONE DECLINED SERVER_ERROR useRedirectOnForbidden )
|
||||
],
|
||||
post => [qw($transform)],
|
||||
cda => ['$cda'],
|
||||
cookie => [qw($cookieName $https $httpOnly $cookieExpiration)],
|
||||
|
@ -137,6 +139,7 @@ BEGIN {
|
|||
threads::shared::share($statusPipe);
|
||||
threads::shared::share($statusOut);
|
||||
threads::shared::share($timeoutActivity);
|
||||
threads::shared::share($useRedirectOnForbidden);
|
||||
};
|
||||
}
|
||||
elsif ( MP() == 1 ) {
|
||||
|
@ -643,6 +646,10 @@ sub defaultValuesInit {
|
|||
$httpOnly = defined($httpOnly) ? $httpOnly : $args->{httpOnly};
|
||||
$cookieExpiration = $args->{cookieExpiration} || $cookieExpiration;
|
||||
$timeoutActivity = $args->{timeoutActivity} || $timeoutActivity || 0;
|
||||
$useRedirectOnForbidden =
|
||||
defined($useRedirectOnForbidden)
|
||||
? $useRedirectOnForbidden
|
||||
: $args->{useRedirectOnForbidden};
|
||||
1;
|
||||
}
|
||||
|
||||
|
@ -825,8 +832,9 @@ sub isProtected {
|
|||
return $defaultProtection;
|
||||
}
|
||||
|
||||
## @rmethod protected boolean grant()
|
||||
## @rmethod protected boolean grant(string uri)
|
||||
# Grant or refuse client using compiled regexp and functions
|
||||
# @param uri URI requested
|
||||
# @return True if the user is granted to access to the current URL
|
||||
sub grant {
|
||||
my ( $class, $uri ) = splice @_;
|
||||
|
@ -837,10 +845,11 @@ sub grant {
|
|||
return &$defaultCondition($datas);
|
||||
}
|
||||
|
||||
## @rmethod protected int forbidden()
|
||||
## @rmethod protected int forbidden(string uri)
|
||||
# Used to reject non authorizated requests.
|
||||
# Inform the status processus and call logForbidden().
|
||||
# @return Apache2::Const::FORBIDDEN
|
||||
# @param uri URI requested
|
||||
# @return Apache2::Const::REDIRECT or Apache2::Const::FORBIDDEN
|
||||
sub forbidden {
|
||||
my ( $class, $uri ) = splice @_;
|
||||
if ( $datas->{_logout} ) {
|
||||
|
@ -853,7 +862,16 @@ sub forbidden {
|
|||
$apacheRequest->push_handlers(
|
||||
PerlLogHandler => sub { $class->logForbidden( $uri, $datas ); DECLINED }
|
||||
);
|
||||
|
||||
# Redirect or Forbidden?
|
||||
if ($useRedirectOnForbidden) {
|
||||
$class->lmLog( "Use redirect for forbidden access", 'debug' );
|
||||
return $class->goToPortal( $uri, 'lmError=403' );
|
||||
}
|
||||
else {
|
||||
$class->lmLog( "Return forbidden access", 'debug' );
|
||||
return FORBIDDEN;
|
||||
}
|
||||
}
|
||||
|
||||
## @rmethod protected void logForbidden(string uri,hashref datas)
|
||||
|
|
|
@ -686,9 +686,10 @@ sub struct {
|
|||
},
|
||||
|
||||
redirection => {
|
||||
_nodes => [qw(https port)],
|
||||
_nodes => [qw(https port useRedirectOnForbidden)],
|
||||
https => 'bool:/https',
|
||||
port => 'int:/port',
|
||||
useRedirectOnForbidden => 'bool:/useRedirectOnForbidden',
|
||||
},
|
||||
|
||||
specialHandlers => {
|
||||
|
@ -1338,6 +1339,7 @@ sub testStruct {
|
|||
test => qr/^[a-zA-Z][\w\:]*$/,
|
||||
msgFail => 'Bad module name',
|
||||
},
|
||||
useRedirectOnForbidden => $boolean,
|
||||
useXForwardedForIP => $boolean,
|
||||
variables => $testNotDefined,
|
||||
whatToTrace => {
|
||||
|
@ -1612,6 +1614,7 @@ sub defaultConf {
|
|||
userControl => '^[\w\.\-@]+$',
|
||||
userDB => 'LDAP',
|
||||
passwordDB => 'LDAP',
|
||||
useRedirectOnForbidden => '0',
|
||||
useXForwardedForIP => '0',
|
||||
whatToTrace => '$_whatToTrace',
|
||||
########
|
||||
|
|
|
@ -270,6 +270,7 @@ sub en {
|
|||
userDB => 'Users module',
|
||||
userControl => 'Username control',
|
||||
userPivot => 'Login field name in user table',
|
||||
useRedirectOnForbidden => 'Redirect on forbidden',
|
||||
useXForwardedForIP => "Use X-Forwarded-For header address",
|
||||
variables => "Variables",
|
||||
virtualHosts => 'Virtual Hosts',
|
||||
|
@ -628,6 +629,7 @@ sub fr {
|
|||
userDB => "Module d'utilisateurs",
|
||||
userControl => "Contrôle du nom d'utilisateur",
|
||||
userPivot => 'Champ identifiant dans la table des utilisateurs',
|
||||
useRedirectOnForbidden => 'Redirection pour les accès interdits',
|
||||
useXForwardedForIP =>
|
||||
"Utiliser l'adresse IP de l'en-tête X-Forwarded-For",
|
||||
variables => "Variables",
|
||||
|
|
|
@ -35,7 +35,6 @@ example/AuthLA/tpl/themes/federid/sso.css
|
|||
example/AuthLA/tpl/themes/federid/wui.css
|
||||
example/cas.pl
|
||||
example/cdc.pl
|
||||
example/error.pl
|
||||
example/index.pl
|
||||
example/index_simple.pl
|
||||
example/index_skin.pl
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
use HTML::Template;
|
||||
|
||||
my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
||||
|
||||
# PORTAL CUSTOMIZATION
|
||||
# Skin
|
||||
#portalSkin => 'pastel',
|
||||
);
|
||||
|
||||
my $skin = $portal->{portalSkin};
|
||||
my $skin_dir = $ENV{DOCUMENT_ROOT} . "/skins";
|
||||
my $portal_url = $portal->{portal};
|
||||
my $logout_url = "$portal_url?logout=1";
|
||||
|
||||
# Which HTTP error?
|
||||
my $http_error = $portal->param('error');
|
||||
|
||||
my $error500 = 1 if ( $http_error eq "500" );
|
||||
my $error403 = 1 if ( $http_error eq "403" or !$error500 );
|
||||
|
||||
my $template = HTML::Template->new(
|
||||
filename => "$skin_dir/$skin/error.tpl",
|
||||
die_on_bad_params => 0,
|
||||
cache => 0,
|
||||
filter => sub { $portal->translate_template(@_) }
|
||||
);
|
||||
|
||||
$template->param( PORTAL_URL => "$portal_url" );
|
||||
$template->param( LOGOUT_URL => "$logout_url" );
|
||||
$template->param( SKIN => "$skin" );
|
||||
$template->param( ERROR403 => "$error403" );
|
||||
$template->param( ERROR500 => "$error500" );
|
||||
|
||||
print $portal->header('text/html; charset=utf8');
|
||||
print $template->output;
|
|
@ -14,6 +14,12 @@
|
|||
<TMPL_IF ERROR500>
|
||||
<h3><lang en="Error occurs on the server" fr="Une erreur est survenue sur le serveur" /></h3>
|
||||
</TMPL_IF>
|
||||
<TMPL_IF URL>
|
||||
<h3>
|
||||
<lang en="You were redirect from " fr="Vous avez été redirigé depuis " />
|
||||
<a href="<TMPL_VAR NAME="URL">"><TMPL_VAR NAME="URL"></a>
|
||||
</h3>
|
||||
</TMPL_IF>
|
||||
</div>
|
||||
<div class="panel-buttons">
|
||||
<button type="button" class="positive" tabindex="1" onclick="location.href='<TMPL_VAR NAME="PORTAL_URL">';return false;">
|
||||
|
|
|
@ -14,6 +14,14 @@
|
|||
|
||||
<div id="error">
|
||||
|
||||
|
||||
<TMPL_IF URL>
|
||||
<h3>
|
||||
<lang en="You were redirect from " fr="Vous avez été redirigé depuis " />
|
||||
<a href="<TMPL_VAR NAME="URL">"><TMPL_VAR NAME="URL"></a>
|
||||
</h3>
|
||||
</TMPL_IF>
|
||||
|
||||
<div class="buttons">
|
||||
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="positive">
|
||||
<img src="/skins/common/accept.png" alt="" />
|
||||
|
|
|
@ -19,10 +19,33 @@ sub display {
|
|||
my $skin = $self->{portalSkin};
|
||||
my $skin_dir = $ENV{DOCUMENT_ROOT} . "/skins";
|
||||
my ( $skinfile, %templateParams );
|
||||
my $http_error = $self->param('lmError');
|
||||
|
||||
# 0. Display error page
|
||||
if ($http_error) {
|
||||
|
||||
$skinfile = 'error.tpl';
|
||||
|
||||
# Error code
|
||||
my $error500 = 1 if ( $http_error eq "500" );
|
||||
my $error403 = 1 if ( $http_error eq "403" );
|
||||
|
||||
# Check URL
|
||||
$self->_sub('controlUrlOrigin');
|
||||
|
||||
%templateParams = (
|
||||
PORTAL_URL => $self->{portal},
|
||||
LOGOUT_URL => $self->{portal} . "?logout=1",
|
||||
URL => $self->{urldc},
|
||||
SKIN => $self->{portalSkin},
|
||||
ERROR403 => $error403,
|
||||
ERROR500 => $error500,
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
# 1. Good authentication
|
||||
|
||||
if ( $self->process() ) {
|
||||
elsif ( $self->process() ) {
|
||||
|
||||
# 1.1 Image mode
|
||||
if ( $self->{error} == PE_IMG_OK || $self->{error} == PE_IMG_NOK ) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user