* Portal error page merged with main portal script
* Option to use Redirect instead of Forbidden in Handler (#6)
This commit is contained in:
parent
7f3b69b8c9
commit
6147019e90
|
@ -316,7 +316,6 @@ install_portal_site: install_conf_dir
|
||||||
install -v -d $(RPORTALSKINSDIR)/$$skin; \
|
install -v -d $(RPORTALSKINSDIR)/$$skin; \
|
||||||
done
|
done
|
||||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/index_skin.pl ${RPORTALDIR}/index.pl
|
@cp -pR --remove-destination ${SRCPORTALDIR}/example/index_skin.pl ${RPORTALDIR}/index.pl
|
||||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/error.pl ${RPORTALDIR}
|
|
||||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/mail.pl ${RPORTALDIR}
|
@cp -pR --remove-destination ${SRCPORTALDIR}/example/mail.pl ${RPORTALDIR}
|
||||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/metadata.pl ${RPORTALDIR}
|
@cp -pR --remove-destination ${SRCPORTALDIR}/example/metadata.pl ${RPORTALDIR}
|
||||||
@cp -pR --remove-destination ${SRCPORTALDIR}/example/cdc.pl ${RPORTALDIR}
|
@cp -pR --remove-destination ${SRCPORTALDIR}/example/cdc.pl ${RPORTALDIR}
|
||||||
|
@ -566,7 +565,6 @@ debian-diff:
|
||||||
$(DIFF) -x 'jquery*' lemonldap-ng-portal/example/skins/$$i /usr/share/lemonldap-ng/portal-skins/$$i; \
|
$(DIFF) -x 'jquery*' lemonldap-ng-portal/example/skins/$$i /usr/share/lemonldap-ng/portal-skins/$$i; \
|
||||||
done ||true
|
done ||true
|
||||||
@$(DIFF) lemonldap-ng-portal/example/index_skin.pl /var/lib/lemonldap-ng/portal/index.pl ||true
|
@$(DIFF) lemonldap-ng-portal/example/index_skin.pl /var/lib/lemonldap-ng/portal/index.pl ||true
|
||||||
@$(DIFF) lemonldap-ng-portal/example/error.pl /var/lib/lemonldap-ng/portal/error.pl ||true
|
|
||||||
@$(DIFF) lemonldap-ng-portal/example/mail.pl /var/lib/lemonldap-ng/portal/mail.pl ||true
|
@$(DIFF) lemonldap-ng-portal/example/mail.pl /var/lib/lemonldap-ng/portal/mail.pl ||true
|
||||||
@$(DIFF) lemonldap-ng-portal/example/metadata.pl /var/lib/lemonldap-ng/portal/metadata.pl ||true
|
@$(DIFF) lemonldap-ng-portal/example/metadata.pl /var/lib/lemonldap-ng/portal/metadata.pl ||true
|
||||||
@$(DIFF) lemonldap-ng-portal/example/cdc.pl /var/lib/lemonldap-ng/portal/cdc.pl ||true
|
@$(DIFF) lemonldap-ng-portal/example/cdc.pl /var/lib/lemonldap-ng/portal/cdc.pl ||true
|
||||||
|
@ -593,7 +591,6 @@ default-diff:
|
||||||
@$(DIFF) lemonldap-ng-portal/example/scripts/buildPortalWSDL $(LMPREFIX)/bin/buildPortalWSDL ||true
|
@$(DIFF) lemonldap-ng-portal/example/scripts/buildPortalWSDL $(LMPREFIX)/bin/buildPortalWSDL ||true
|
||||||
@$(DIFF) lemonldap-ng-portal/example/skins $(LMPREFIX)/htdocs/portal/skins ||true
|
@$(DIFF) lemonldap-ng-portal/example/skins $(LMPREFIX)/htdocs/portal/skins ||true
|
||||||
@$(DIFF) lemonldap-ng-portal/example/index_skin.pl $(LMPREFIX)/htdocs/portal/index.pl ||true
|
@$(DIFF) lemonldap-ng-portal/example/index_skin.pl $(LMPREFIX)/htdocs/portal/index.pl ||true
|
||||||
@$(DIFF) lemonldap-ng-portal/example/error.pl $(LMPREFIX)/htdocs/portal/error.pl ||true
|
|
||||||
@$(DIFF) lemonldap-ng-portal/example/mail.pl $(LMPREFIX)/htdocs/portal/mail.pl ||true
|
@$(DIFF) lemonldap-ng-portal/example/mail.pl $(LMPREFIX)/htdocs/portal/mail.pl ||true
|
||||||
@$(DIFF) lemonldap-ng-portal/example/metadata.pl $(LMPREFIX)/htdocs/portal/metadata.pl ||true
|
@$(DIFF) lemonldap-ng-portal/example/metadata.pl $(LMPREFIX)/htdocs/portal/metadata.pl ||true
|
||||||
@$(DIFF) lemonldap-ng-portal/example/cdc.pl $(LMPREFIX)/htdocs/portal/cdc.pl ||true
|
@$(DIFF) lemonldap-ng-portal/example/cdc.pl $(LMPREFIX)/htdocs/portal/cdc.pl ||true
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
PerlRequire __HANDLER__
|
PerlRequire __HANDLER__
|
||||||
|
|
||||||
# Common error page and security parameters
|
# Common error page and security parameters
|
||||||
ErrorDocument 403 http://auth.__DNSDOMAIN__/error.pl?error=403
|
ErrorDocument 403 http://auth.__DNSDOMAIN__/?lmError=403
|
||||||
ErrorDocument 500 http://auth.__DNSDOMAIN__/error.pl?error=500
|
ErrorDocument 500 http://auth.__DNSDOMAIN__/?lmError=500
|
||||||
|
|
||||||
# Sample application
|
# Sample application
|
||||||
<VirtualHost __VHOSTLISTEN__>
|
<VirtualHost __VHOSTLISTEN__>
|
||||||
|
|
|
@ -10,8 +10,8 @@ PerlOptions +GlobalRequest
|
||||||
PerlRequire __HANDLER__
|
PerlRequire __HANDLER__
|
||||||
|
|
||||||
# Common error page and security parameters
|
# Common error page and security parameters
|
||||||
ErrorDocument 403 http://auth.__DNSDOMAIN__/error.pl?error=403
|
ErrorDocument 403 http://auth.__DNSDOMAIN__/?lmError=403
|
||||||
ErrorDocument 500 http://auth.__DNSDOMAIN__/error.pl?error=500
|
ErrorDocument 500 http://auth.__DNSDOMAIN__/?lmError=500
|
||||||
|
|
||||||
# Sample application
|
# Sample application
|
||||||
<VirtualHost __VHOSTLISTEN__>
|
<VirtualHost __VHOSTLISTEN__>
|
||||||
|
|
|
@ -181,6 +181,9 @@ localStorageOptions={ 'namespace' => 'MyNamespace', 'default_expires_in' => 600,
|
||||||
# Set status to 1 if you want to have the report of activity (used for
|
# Set status to 1 if you want to have the report of activity (used for
|
||||||
# example to inform MRTG)
|
# example to inform MRTG)
|
||||||
status = 0
|
status = 0
|
||||||
|
# Set useRedirectOnForbidden to 1 if you want to use REDIRECT and not FORBIDDEN
|
||||||
|
# when a user is not allowed by Handler
|
||||||
|
;useRedirectOnForbidden = 1
|
||||||
|
|
||||||
# Zimbra Handler parameters
|
# Zimbra Handler parameters
|
||||||
;zimbraPreAuthKey = XXXX
|
;zimbraPreAuthKey = XXXX
|
||||||
|
|
|
@ -46,7 +46,7 @@ our (
|
||||||
$port, $statusPipe, $statusOut,
|
$port, $statusPipe, $statusOut,
|
||||||
$customFunctions, $transform, $cda,
|
$customFunctions, $transform, $cda,
|
||||||
$childInitDone, $httpOnly, $cookieExpiration,
|
$childInitDone, $httpOnly, $cookieExpiration,
|
||||||
$timeoutActivity, $datasUpdate,
|
$timeoutActivity, $datasUpdate, $useRedirectOnForbidden,
|
||||||
);
|
);
|
||||||
|
|
||||||
##########################################
|
##########################################
|
||||||
|
@ -73,7 +73,9 @@ BEGIN {
|
||||||
)
|
)
|
||||||
],
|
],
|
||||||
traces => [qw( $whatToTrace $statusPipe $statusOut)],
|
traces => [qw( $whatToTrace $statusPipe $statusOut)],
|
||||||
apache => [qw( MP OK REDIRECT FORBIDDEN DONE DECLINED SERVER_ERROR )],
|
apache => [
|
||||||
|
qw( MP OK REDIRECT FORBIDDEN DONE DECLINED SERVER_ERROR useRedirectOnForbidden )
|
||||||
|
],
|
||||||
post => [qw($transform)],
|
post => [qw($transform)],
|
||||||
cda => ['$cda'],
|
cda => ['$cda'],
|
||||||
cookie => [qw($cookieName $https $httpOnly $cookieExpiration)],
|
cookie => [qw($cookieName $https $httpOnly $cookieExpiration)],
|
||||||
|
@ -137,6 +139,7 @@ BEGIN {
|
||||||
threads::shared::share($statusPipe);
|
threads::shared::share($statusPipe);
|
||||||
threads::shared::share($statusOut);
|
threads::shared::share($statusOut);
|
||||||
threads::shared::share($timeoutActivity);
|
threads::shared::share($timeoutActivity);
|
||||||
|
threads::shared::share($useRedirectOnForbidden);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
elsif ( MP() == 1 ) {
|
elsif ( MP() == 1 ) {
|
||||||
|
@ -643,6 +646,10 @@ sub defaultValuesInit {
|
||||||
$httpOnly = defined($httpOnly) ? $httpOnly : $args->{httpOnly};
|
$httpOnly = defined($httpOnly) ? $httpOnly : $args->{httpOnly};
|
||||||
$cookieExpiration = $args->{cookieExpiration} || $cookieExpiration;
|
$cookieExpiration = $args->{cookieExpiration} || $cookieExpiration;
|
||||||
$timeoutActivity = $args->{timeoutActivity} || $timeoutActivity || 0;
|
$timeoutActivity = $args->{timeoutActivity} || $timeoutActivity || 0;
|
||||||
|
$useRedirectOnForbidden =
|
||||||
|
defined($useRedirectOnForbidden)
|
||||||
|
? $useRedirectOnForbidden
|
||||||
|
: $args->{useRedirectOnForbidden};
|
||||||
1;
|
1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -825,8 +832,9 @@ sub isProtected {
|
||||||
return $defaultProtection;
|
return $defaultProtection;
|
||||||
}
|
}
|
||||||
|
|
||||||
## @rmethod protected boolean grant()
|
## @rmethod protected boolean grant(string uri)
|
||||||
# Grant or refuse client using compiled regexp and functions
|
# Grant or refuse client using compiled regexp and functions
|
||||||
|
# @param uri URI requested
|
||||||
# @return True if the user is granted to access to the current URL
|
# @return True if the user is granted to access to the current URL
|
||||||
sub grant {
|
sub grant {
|
||||||
my ( $class, $uri ) = splice @_;
|
my ( $class, $uri ) = splice @_;
|
||||||
|
@ -837,10 +845,11 @@ sub grant {
|
||||||
return &$defaultCondition($datas);
|
return &$defaultCondition($datas);
|
||||||
}
|
}
|
||||||
|
|
||||||
## @rmethod protected int forbidden()
|
## @rmethod protected int forbidden(string uri)
|
||||||
# Used to reject non authorizated requests.
|
# Used to reject non authorizated requests.
|
||||||
# Inform the status processus and call logForbidden().
|
# Inform the status processus and call logForbidden().
|
||||||
# @return Apache2::Const::FORBIDDEN
|
# @param uri URI requested
|
||||||
|
# @return Apache2::Const::REDIRECT or Apache2::Const::FORBIDDEN
|
||||||
sub forbidden {
|
sub forbidden {
|
||||||
my ( $class, $uri ) = splice @_;
|
my ( $class, $uri ) = splice @_;
|
||||||
if ( $datas->{_logout} ) {
|
if ( $datas->{_logout} ) {
|
||||||
|
@ -853,7 +862,16 @@ sub forbidden {
|
||||||
$apacheRequest->push_handlers(
|
$apacheRequest->push_handlers(
|
||||||
PerlLogHandler => sub { $class->logForbidden( $uri, $datas ); DECLINED }
|
PerlLogHandler => sub { $class->logForbidden( $uri, $datas ); DECLINED }
|
||||||
);
|
);
|
||||||
|
|
||||||
|
# Redirect or Forbidden?
|
||||||
|
if ($useRedirectOnForbidden) {
|
||||||
|
$class->lmLog( "Use redirect for forbidden access", 'debug' );
|
||||||
|
return $class->goToPortal( $uri, 'lmError=403' );
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$class->lmLog( "Return forbidden access", 'debug' );
|
||||||
return FORBIDDEN;
|
return FORBIDDEN;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
## @rmethod protected void logForbidden(string uri,hashref datas)
|
## @rmethod protected void logForbidden(string uri,hashref datas)
|
||||||
|
|
|
@ -686,9 +686,10 @@ sub struct {
|
||||||
},
|
},
|
||||||
|
|
||||||
redirection => {
|
redirection => {
|
||||||
_nodes => [qw(https port)],
|
_nodes => [qw(https port useRedirectOnForbidden)],
|
||||||
https => 'bool:/https',
|
https => 'bool:/https',
|
||||||
port => 'int:/port',
|
port => 'int:/port',
|
||||||
|
useRedirectOnForbidden => 'bool:/useRedirectOnForbidden',
|
||||||
},
|
},
|
||||||
|
|
||||||
specialHandlers => {
|
specialHandlers => {
|
||||||
|
@ -1338,6 +1339,7 @@ sub testStruct {
|
||||||
test => qr/^[a-zA-Z][\w\:]*$/,
|
test => qr/^[a-zA-Z][\w\:]*$/,
|
||||||
msgFail => 'Bad module name',
|
msgFail => 'Bad module name',
|
||||||
},
|
},
|
||||||
|
useRedirectOnForbidden => $boolean,
|
||||||
useXForwardedForIP => $boolean,
|
useXForwardedForIP => $boolean,
|
||||||
variables => $testNotDefined,
|
variables => $testNotDefined,
|
||||||
whatToTrace => {
|
whatToTrace => {
|
||||||
|
@ -1612,6 +1614,7 @@ sub defaultConf {
|
||||||
userControl => '^[\w\.\-@]+$',
|
userControl => '^[\w\.\-@]+$',
|
||||||
userDB => 'LDAP',
|
userDB => 'LDAP',
|
||||||
passwordDB => 'LDAP',
|
passwordDB => 'LDAP',
|
||||||
|
useRedirectOnForbidden => '0',
|
||||||
useXForwardedForIP => '0',
|
useXForwardedForIP => '0',
|
||||||
whatToTrace => '$_whatToTrace',
|
whatToTrace => '$_whatToTrace',
|
||||||
########
|
########
|
||||||
|
|
|
@ -270,6 +270,7 @@ sub en {
|
||||||
userDB => 'Users module',
|
userDB => 'Users module',
|
||||||
userControl => 'Username control',
|
userControl => 'Username control',
|
||||||
userPivot => 'Login field name in user table',
|
userPivot => 'Login field name in user table',
|
||||||
|
useRedirectOnForbidden => 'Redirect on forbidden',
|
||||||
useXForwardedForIP => "Use X-Forwarded-For header address",
|
useXForwardedForIP => "Use X-Forwarded-For header address",
|
||||||
variables => "Variables",
|
variables => "Variables",
|
||||||
virtualHosts => 'Virtual Hosts',
|
virtualHosts => 'Virtual Hosts',
|
||||||
|
@ -628,6 +629,7 @@ sub fr {
|
||||||
userDB => "Module d'utilisateurs",
|
userDB => "Module d'utilisateurs",
|
||||||
userControl => "Contrôle du nom d'utilisateur",
|
userControl => "Contrôle du nom d'utilisateur",
|
||||||
userPivot => 'Champ identifiant dans la table des utilisateurs',
|
userPivot => 'Champ identifiant dans la table des utilisateurs',
|
||||||
|
useRedirectOnForbidden => 'Redirection pour les accès interdits',
|
||||||
useXForwardedForIP =>
|
useXForwardedForIP =>
|
||||||
"Utiliser l'adresse IP de l'en-tête X-Forwarded-For",
|
"Utiliser l'adresse IP de l'en-tête X-Forwarded-For",
|
||||||
variables => "Variables",
|
variables => "Variables",
|
||||||
|
|
|
@ -35,7 +35,6 @@ example/AuthLA/tpl/themes/federid/sso.css
|
||||||
example/AuthLA/tpl/themes/federid/wui.css
|
example/AuthLA/tpl/themes/federid/wui.css
|
||||||
example/cas.pl
|
example/cas.pl
|
||||||
example/cdc.pl
|
example/cdc.pl
|
||||||
example/error.pl
|
|
||||||
example/index.pl
|
example/index.pl
|
||||||
example/index_simple.pl
|
example/index_simple.pl
|
||||||
example/index_skin.pl
|
example/index_skin.pl
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
#!/usr/bin/perl
|
|
||||||
use HTML::Template;
|
|
||||||
|
|
||||||
my $portal = Lemonldap::NG::Portal::SharedConf->new(
|
|
||||||
|
|
||||||
# PORTAL CUSTOMIZATION
|
|
||||||
# Skin
|
|
||||||
#portalSkin => 'pastel',
|
|
||||||
);
|
|
||||||
|
|
||||||
my $skin = $portal->{portalSkin};
|
|
||||||
my $skin_dir = $ENV{DOCUMENT_ROOT} . "/skins";
|
|
||||||
my $portal_url = $portal->{portal};
|
|
||||||
my $logout_url = "$portal_url?logout=1";
|
|
||||||
|
|
||||||
# Which HTTP error?
|
|
||||||
my $http_error = $portal->param('error');
|
|
||||||
|
|
||||||
my $error500 = 1 if ( $http_error eq "500" );
|
|
||||||
my $error403 = 1 if ( $http_error eq "403" or !$error500 );
|
|
||||||
|
|
||||||
my $template = HTML::Template->new(
|
|
||||||
filename => "$skin_dir/$skin/error.tpl",
|
|
||||||
die_on_bad_params => 0,
|
|
||||||
cache => 0,
|
|
||||||
filter => sub { $portal->translate_template(@_) }
|
|
||||||
);
|
|
||||||
|
|
||||||
$template->param( PORTAL_URL => "$portal_url" );
|
|
||||||
$template->param( LOGOUT_URL => "$logout_url" );
|
|
||||||
$template->param( SKIN => "$skin" );
|
|
||||||
$template->param( ERROR403 => "$error403" );
|
|
||||||
$template->param( ERROR500 => "$error500" );
|
|
||||||
|
|
||||||
print $portal->header('text/html; charset=utf8');
|
|
||||||
print $template->output;
|
|
|
@ -14,6 +14,12 @@
|
||||||
<TMPL_IF ERROR500>
|
<TMPL_IF ERROR500>
|
||||||
<h3><lang en="Error occurs on the server" fr="Une erreur est survenue sur le serveur" /></h3>
|
<h3><lang en="Error occurs on the server" fr="Une erreur est survenue sur le serveur" /></h3>
|
||||||
</TMPL_IF>
|
</TMPL_IF>
|
||||||
|
<TMPL_IF URL>
|
||||||
|
<h3>
|
||||||
|
<lang en="You were redirect from " fr="Vous avez été redirigé depuis " />
|
||||||
|
<a href="<TMPL_VAR NAME="URL">"><TMPL_VAR NAME="URL"></a>
|
||||||
|
</h3>
|
||||||
|
</TMPL_IF>
|
||||||
</div>
|
</div>
|
||||||
<div class="panel-buttons">
|
<div class="panel-buttons">
|
||||||
<button type="button" class="positive" tabindex="1" onclick="location.href='<TMPL_VAR NAME="PORTAL_URL">';return false;">
|
<button type="button" class="positive" tabindex="1" onclick="location.href='<TMPL_VAR NAME="PORTAL_URL">';return false;">
|
||||||
|
|
|
@ -14,6 +14,14 @@
|
||||||
|
|
||||||
<div id="error">
|
<div id="error">
|
||||||
|
|
||||||
|
|
||||||
|
<TMPL_IF URL>
|
||||||
|
<h3>
|
||||||
|
<lang en="You were redirect from " fr="Vous avez été redirigé depuis " />
|
||||||
|
<a href="<TMPL_VAR NAME="URL">"><TMPL_VAR NAME="URL"></a>
|
||||||
|
</h3>
|
||||||
|
</TMPL_IF>
|
||||||
|
|
||||||
<div class="buttons">
|
<div class="buttons">
|
||||||
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="positive">
|
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="positive">
|
||||||
<img src="/skins/common/accept.png" alt="" />
|
<img src="/skins/common/accept.png" alt="" />
|
||||||
|
|
|
@ -19,10 +19,33 @@ sub display {
|
||||||
my $skin = $self->{portalSkin};
|
my $skin = $self->{portalSkin};
|
||||||
my $skin_dir = $ENV{DOCUMENT_ROOT} . "/skins";
|
my $skin_dir = $ENV{DOCUMENT_ROOT} . "/skins";
|
||||||
my ( $skinfile, %templateParams );
|
my ( $skinfile, %templateParams );
|
||||||
|
my $http_error = $self->param('lmError');
|
||||||
|
|
||||||
|
# 0. Display error page
|
||||||
|
if ($http_error) {
|
||||||
|
|
||||||
|
$skinfile = 'error.tpl';
|
||||||
|
|
||||||
|
# Error code
|
||||||
|
my $error500 = 1 if ( $http_error eq "500" );
|
||||||
|
my $error403 = 1 if ( $http_error eq "403" );
|
||||||
|
|
||||||
|
# Check URL
|
||||||
|
$self->_sub('controlUrlOrigin');
|
||||||
|
|
||||||
|
%templateParams = (
|
||||||
|
PORTAL_URL => $self->{portal},
|
||||||
|
LOGOUT_URL => $self->{portal} . "?logout=1",
|
||||||
|
URL => $self->{urldc},
|
||||||
|
SKIN => $self->{portalSkin},
|
||||||
|
ERROR403 => $error403,
|
||||||
|
ERROR500 => $error500,
|
||||||
|
);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
# 1. Good authentication
|
# 1. Good authentication
|
||||||
|
elsif ( $self->process() ) {
|
||||||
if ( $self->process() ) {
|
|
||||||
|
|
||||||
# 1.1 Image mode
|
# 1.1 Image mode
|
||||||
if ( $self->{error} == PE_IMG_OK || $self->{error} == PE_IMG_NOK ) {
|
if ( $self->{error} == PE_IMG_OK || $self->{error} == PE_IMG_NOK ) {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user