Move "afterData" entry point before "buildCookie" and add "endAuth" entrypoint (#1497)
TODO: optimize notifications
This commit is contained in:
Xavier Guimard
parent
d08776b0ca
commit
6278398060
|
|
@ -250,7 +250,7 @@ sub _choice {
|
|||
$req,
|
||||
[
|
||||
sub { $res }, 'controlUrl',
|
||||
'buildCookie', @{ $self->p->afterData },
|
||||
'buildCookie', @{ $self->p->endAuth },
|
||||
]
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -173,10 +173,10 @@ sub getNotifBack {
|
|||
|
||||
# One pending notification has been found and not accepted,
|
||||
# restart process to display pending notifications
|
||||
# TODO: is it a good idea to launch all 'afterData' subs ?
|
||||
# TODO: is it a good idea to launch all 'endAuth' subs ?
|
||||
$self->logger->debug(
|
||||
'Pending notification has been found and not accepted');
|
||||
return $self->p->do( $req, $self->p->afterData );
|
||||
return $self->p->do( $req, $self->p->endAuth );
|
||||
}
|
||||
|
||||
# All pending notifications have been accepted, restore cookies and
|
||||
|
|
|
|||
|
|
@ -232,10 +232,10 @@ sub getNotifBack {
|
|||
|
||||
# One pending notification has been found and not accepted,
|
||||
# restart process to display pending notifications
|
||||
# TODO: is it a good idea to launch all 'afterData' subs ?
|
||||
# TODO: is it a good idea to launch all 'endAuth' subs ?
|
||||
$self->logger->debug(
|
||||
'Pending notification has been found and not accepted');
|
||||
return $self->p->do( $req, $self->p->afterData );
|
||||
return $self->p->do( $req, $self->p->endAuth );
|
||||
}
|
||||
|
||||
# All pending notifications have been accepted, restore cookies and
|
||||
|
|
|
|||
|
|
@ -24,12 +24,14 @@ has availableModules => ( is => 'rw', default => sub { {} } );
|
|||
# to each enabled underlying auth modules
|
||||
sub betweenAuthAndData { '_betweenAuthAndData' }
|
||||
sub afterData { '_afterData' }
|
||||
sub endAuth { '_endAuth' }
|
||||
sub forAuthUser { '_forAuthUser' }
|
||||
sub beforeLogout { '_beforeLogout' }
|
||||
sub authCancel { '_authCancel' }
|
||||
|
||||
sub _betweenAuthAndData { _wrapEntryPoint( @_, 'betweenAuthAndData' ); }
|
||||
sub _afterData { _wrapEntryPoint( @_, 'afterData' ); }
|
||||
sub _endAuth { _wrapEntryPoint( @_, 'endAuth' ); }
|
||||
sub _forAuthUser { _wrapEntryPoint( @_, 'forAuthUser', 1 ); }
|
||||
sub _beforeLogout { _wrapEntryPoint( @_, 'beforeLogout', 1 ); }
|
||||
sub _authCancel { _wrapEntryPoint( @_, 'authCancel' ); }
|
||||
|
|
|
|||
|
|
@ -40,36 +40,32 @@ has _jsRedirect => ( is => 'rw' );
|
|||
has trustedDomainsRe => ( is => 'rw' );
|
||||
|
||||
# Lists to store plugins entry-points
|
||||
has beforeAuth => (
|
||||
is => 'rw',
|
||||
isa => 'ArrayRef',
|
||||
default => sub { [] }
|
||||
);
|
||||
has betweenAuthAndData => (
|
||||
is => 'rw',
|
||||
isa => 'ArrayRef',
|
||||
default => sub { [] }
|
||||
);
|
||||
has afterData => (
|
||||
is => 'rw',
|
||||
isa => 'ArrayRef',
|
||||
default => sub { [] }
|
||||
);
|
||||
has authCancel => (
|
||||
is => 'rw',
|
||||
isa => 'ArrayRef',
|
||||
default => sub { [] }
|
||||
);
|
||||
has forAuthUser => (
|
||||
is => 'rw',
|
||||
isa => 'ArrayRef',
|
||||
default => sub { [] }
|
||||
);
|
||||
has beforeLogout => (
|
||||
is => 'rw',
|
||||
isa => 'ArrayRef',
|
||||
default => sub { [] }
|
||||
);
|
||||
my @entryPoints;
|
||||
|
||||
BEGIN {
|
||||
@entryPoints = (
|
||||
|
||||
# Auth process entrypoints
|
||||
qw(beforeAuth betweenAuthAndData afterData endAuth),
|
||||
|
||||
# Authenticated users entrypoint
|
||||
'forAuthUser',
|
||||
|
||||
# Logout entrypoint
|
||||
'beforeLogout',
|
||||
|
||||
# Special endpoint
|
||||
'authCancel', # Clean pdata when user click on "cancel"
|
||||
);
|
||||
|
||||
foreach (@entryPoints) {
|
||||
has $_ => (
|
||||
is => 'rw',
|
||||
isa => 'ArrayRef',
|
||||
default => sub { [] }
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
has spRules => (
|
||||
is => 'rw',
|
||||
|
|
@ -155,10 +151,7 @@ sub reloadConf {
|
|||
%{ $self->{conf} } = %{ $self->localConfig };
|
||||
|
||||
# Reinitialize arrays
|
||||
foreach (
|
||||
qw(_macros _groups beforeAuth betweenAuthAndData afterData authCancel forAuthUser beforeLogout)
|
||||
)
|
||||
{
|
||||
foreach ( qw(_macros _groups), @entryPoints) {
|
||||
$self->{$_} = [];
|
||||
}
|
||||
$self->spRules( {} );
|
||||
|
|
@ -222,7 +215,8 @@ sub reloadConf {
|
|||
$self->error("$type is not set");
|
||||
return $self->fail;
|
||||
}
|
||||
$mod = $self->conf->{$type} unless ( $self->conf->{$type} eq 'Same' );
|
||||
$mod = $self->conf->{$type}
|
||||
unless ( $self->conf->{$type} eq 'Same' );
|
||||
my $module = '::' . ucfirst($type) . '::' . $mod;
|
||||
$module =~ s/Authentication/Auth/;
|
||||
|
||||
|
|
@ -312,7 +306,7 @@ sub reloadConf {
|
|||
}
|
||||
|
||||
# Clean $req->pdata after authentication
|
||||
push @{ $self->afterData }, sub {
|
||||
push @{ $self->endAuth }, sub {
|
||||
unless ( $_[0]->pdata->{keepPdata} ) {
|
||||
$self->logger->debug('Cleaning pdata');
|
||||
$_[0]->pdata( {} );
|
||||
|
|
@ -348,10 +342,7 @@ sub findEP {
|
|||
my ( $self, $plugin, $obj ) = @_;
|
||||
|
||||
# Standards entry points
|
||||
foreach my $sub (
|
||||
qw(beforeAuth betweenAuthAndData afterData authCancel forAuthUser beforeLogout)
|
||||
)
|
||||
{
|
||||
foreach my $sub (@entryPoints) {
|
||||
if ( $obj->can($sub) ) {
|
||||
$self->logger->debug(" Found $sub entry point:");
|
||||
if ( my $callback = $obj->$sub ) {
|
||||
|
|
@ -412,8 +403,8 @@ sub fail {
|
|||
|
||||
sub displayError {
|
||||
my ( $self, $req ) = @_;
|
||||
return $self->sendError( $req, 'Portal error, contact your administrator',
|
||||
500 );
|
||||
return $self->sendError( $req,
|
||||
'Portal error, contact your administrator', 500 );
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -102,6 +102,8 @@ sub _redirect {
|
|||
@{ $self->p->betweenAuthAndData },
|
||||
$self->p->sessionData,
|
||||
@{ $self->p->afterData },
|
||||
$self->p->validSession,
|
||||
@{ $self->p->endAuth },
|
||||
(
|
||||
$restore
|
||||
? sub {
|
||||
|
|
|
|||
|
|
@ -161,6 +161,8 @@ setting C<sessionInfo> provisionning
|
|||
=item C<afterData>: method called after C<sessionInfo> provisionning
|
||||
I<(macros, groups,...)>
|
||||
|
||||
=item C<endAuth>: method called when session is validated (after cookie build)
|
||||
|
||||
=item C<authCancel>: method called when user click on "cancel" during auth
|
||||
process
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ sub authProcess { qw(extractFormInfo getUser authenticate) }
|
|||
|
||||
sub sessionData {
|
||||
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
|
||||
setLocalGroups store secondFactor storeHistory buildCookie);
|
||||
setLocalGroups store secondFactor);
|
||||
}
|
||||
|
||||
sub validSession {
|
||||
qw(storeHistory buildCookie);
|
||||
}
|
||||
|
||||
# RESPONSE HANDLER
|
||||
|
|
@ -88,9 +92,10 @@ sub login {
|
|||
return $self->do(
|
||||
$req,
|
||||
[
|
||||
'controlUrl', @{ $self->beforeAuth },
|
||||
$self->authProcess, @{ $self->betweenAuthAndData },
|
||||
$self->sessionData, @{ $self->afterData },
|
||||
'controlUrl', @{ $self->beforeAuth },
|
||||
$self->authProcess, @{ $self->betweenAuthAndData },
|
||||
$self->sessionData, @{ $self->afterData },
|
||||
$self->validSession, @{ $self->endAuth },
|
||||
]
|
||||
);
|
||||
}
|
||||
|
|
@ -103,7 +108,8 @@ sub postLogin {
|
|||
'restoreArgs', 'controlUrl',
|
||||
@{ $self->beforeAuth }, $self->authProcess,
|
||||
@{ $self->betweenAuthAndData }, $self->sessionData,
|
||||
@{ $self->afterData },
|
||||
@{ $self->afterData }, $self->validSession,
|
||||
@{ $self->endAuth },
|
||||
]
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ sub _verify {
|
|||
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
||||
$self->p->updateSession( $req, { authenticationLevel => $l } );
|
||||
}
|
||||
return $self->p->do( $req, [ @{ $self->p->afterData }, sub { PE_OK } ] );
|
||||
return $self->p->do( $req, [ @{ $self->p->endAuth }, sub { PE_OK } ] );
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ extends 'Lemonldap::NG::Common::Module';
|
|||
|
||||
# INTERFACE
|
||||
|
||||
use constant afterData => 'changeUrldc';
|
||||
use constant endAuth => 'changeUrldc';
|
||||
use constant forAuthUser => 'changeUrldc';
|
||||
|
||||
sub init { 1 }
|
||||
|
|
|
|||
|
|
@ -53,9 +53,9 @@ sub check {
|
|||
'authenticate',
|
||||
@{ $self->p->betweenAuthAndData },
|
||||
qw( setAuthSessionInfo setSessionInfo setMacros setGroups
|
||||
setPersistentSessionInfo setLocalGroups store secondFactor
|
||||
storeHistory),
|
||||
@{ $self->p->afterData }
|
||||
setPersistentSessionInfo setLocalGroups store secondFactor),
|
||||
@{ $self->p->afterData }, 'storeHistory',
|
||||
@{ $self->p->endAuth }
|
||||
]
|
||||
);
|
||||
if ( $res = $self->p->process( $req, ) ) {
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin',
|
|||
|
||||
# INITIALIZATION
|
||||
|
||||
sub afterData { 'run' }
|
||||
use constant endAuth => 'run';
|
||||
|
||||
sub init { 1 }
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|||
# INTERFACE
|
||||
|
||||
# Declare additional process steps
|
||||
sub afterData { 'checkNotifDuringAuth' }
|
||||
use constant endAuth => 'checkNotifDuringAuth';
|
||||
|
||||
# For now, notifications are done only during authentication process
|
||||
#sub forAuthUser { 'checkNotifForAuthUser' }
|
||||
|
|
|
|||
|
|
@ -238,6 +238,8 @@ sub newAuthSession {
|
|||
@{ $self->p->betweenAuthAndData },
|
||||
$self->p->sessionData,
|
||||
@{ $self->p->afterData },
|
||||
$self->p->validSession,
|
||||
@{ $self->p->endAuth },
|
||||
]
|
||||
);
|
||||
$req->{error} = $self->p->process($req);
|
||||
|
|
|
|||
|
|
@ -180,6 +180,8 @@ sub getCookies {
|
|||
@{ $self->p->betweenAuthAndData },
|
||||
$self->p->sessionData,
|
||||
@{ $self->p->afterData },
|
||||
$self->p->validSession,
|
||||
@{ $self->p->endAuth },
|
||||
]
|
||||
);
|
||||
$req->{error} = $self->p->process($req);
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ our $VERSION = '2.0.0';
|
|||
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||
'Lemonldap::NG::Portal::Lib::OtherSessions';
|
||||
|
||||
sub afterData { 'run' }
|
||||
use constant endAuth => 'run';
|
||||
|
||||
sub init { 1 }
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|||
|
||||
# INTERFACE
|
||||
|
||||
use constant afterData => 'newDevice';
|
||||
use constant endAuth => 'newDevice';
|
||||
|
||||
use constant beforeAuth => 'check';
|
||||
|
||||
|
|
|
|||
|
|
@ -31,6 +31,10 @@ ok(
|
|||
count(1);
|
||||
expectReject($res);
|
||||
|
||||
my $c = getCookies($res);
|
||||
ok( not(%$c), 'No cookie' );
|
||||
count(1);
|
||||
|
||||
&Lemonldap::NG::Handler::Main::cfgNum( 0, 0 );
|
||||
$client = LLNG::Manager::Test->new(
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user