Move "afterData" entry point before "buildCookie" and add "endAuth" entrypoint (#1497)
TODO: optimize notifications
This commit is contained in:
parent
d08776b0ca
commit
6278398060
|
@ -250,7 +250,7 @@ sub _choice {
|
||||||
$req,
|
$req,
|
||||||
[
|
[
|
||||||
sub { $res }, 'controlUrl',
|
sub { $res }, 'controlUrl',
|
||||||
'buildCookie', @{ $self->p->afterData },
|
'buildCookie', @{ $self->p->endAuth },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -173,10 +173,10 @@ sub getNotifBack {
|
||||||
|
|
||||||
# One pending notification has been found and not accepted,
|
# One pending notification has been found and not accepted,
|
||||||
# restart process to display pending notifications
|
# restart process to display pending notifications
|
||||||
# TODO: is it a good idea to launch all 'afterData' subs ?
|
# TODO: is it a good idea to launch all 'endAuth' subs ?
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
'Pending notification has been found and not accepted');
|
'Pending notification has been found and not accepted');
|
||||||
return $self->p->do( $req, $self->p->afterData );
|
return $self->p->do( $req, $self->p->endAuth );
|
||||||
}
|
}
|
||||||
|
|
||||||
# All pending notifications have been accepted, restore cookies and
|
# All pending notifications have been accepted, restore cookies and
|
||||||
|
|
|
@ -232,10 +232,10 @@ sub getNotifBack {
|
||||||
|
|
||||||
# One pending notification has been found and not accepted,
|
# One pending notification has been found and not accepted,
|
||||||
# restart process to display pending notifications
|
# restart process to display pending notifications
|
||||||
# TODO: is it a good idea to launch all 'afterData' subs ?
|
# TODO: is it a good idea to launch all 'endAuth' subs ?
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
'Pending notification has been found and not accepted');
|
'Pending notification has been found and not accepted');
|
||||||
return $self->p->do( $req, $self->p->afterData );
|
return $self->p->do( $req, $self->p->endAuth );
|
||||||
}
|
}
|
||||||
|
|
||||||
# All pending notifications have been accepted, restore cookies and
|
# All pending notifications have been accepted, restore cookies and
|
||||||
|
|
|
@ -24,12 +24,14 @@ has availableModules => ( is => 'rw', default => sub { {} } );
|
||||||
# to each enabled underlying auth modules
|
# to each enabled underlying auth modules
|
||||||
sub betweenAuthAndData { '_betweenAuthAndData' }
|
sub betweenAuthAndData { '_betweenAuthAndData' }
|
||||||
sub afterData { '_afterData' }
|
sub afterData { '_afterData' }
|
||||||
|
sub endAuth { '_endAuth' }
|
||||||
sub forAuthUser { '_forAuthUser' }
|
sub forAuthUser { '_forAuthUser' }
|
||||||
sub beforeLogout { '_beforeLogout' }
|
sub beforeLogout { '_beforeLogout' }
|
||||||
sub authCancel { '_authCancel' }
|
sub authCancel { '_authCancel' }
|
||||||
|
|
||||||
sub _betweenAuthAndData { _wrapEntryPoint( @_, 'betweenAuthAndData' ); }
|
sub _betweenAuthAndData { _wrapEntryPoint( @_, 'betweenAuthAndData' ); }
|
||||||
sub _afterData { _wrapEntryPoint( @_, 'afterData' ); }
|
sub _afterData { _wrapEntryPoint( @_, 'afterData' ); }
|
||||||
|
sub _endAuth { _wrapEntryPoint( @_, 'endAuth' ); }
|
||||||
sub _forAuthUser { _wrapEntryPoint( @_, 'forAuthUser', 1 ); }
|
sub _forAuthUser { _wrapEntryPoint( @_, 'forAuthUser', 1 ); }
|
||||||
sub _beforeLogout { _wrapEntryPoint( @_, 'beforeLogout', 1 ); }
|
sub _beforeLogout { _wrapEntryPoint( @_, 'beforeLogout', 1 ); }
|
||||||
sub _authCancel { _wrapEntryPoint( @_, 'authCancel' ); }
|
sub _authCancel { _wrapEntryPoint( @_, 'authCancel' ); }
|
||||||
|
|
|
@ -40,36 +40,32 @@ has _jsRedirect => ( is => 'rw' );
|
||||||
has trustedDomainsRe => ( is => 'rw' );
|
has trustedDomainsRe => ( is => 'rw' );
|
||||||
|
|
||||||
# Lists to store plugins entry-points
|
# Lists to store plugins entry-points
|
||||||
has beforeAuth => (
|
my @entryPoints;
|
||||||
is => 'rw',
|
|
||||||
isa => 'ArrayRef',
|
BEGIN {
|
||||||
default => sub { [] }
|
@entryPoints = (
|
||||||
);
|
|
||||||
has betweenAuthAndData => (
|
# Auth process entrypoints
|
||||||
is => 'rw',
|
qw(beforeAuth betweenAuthAndData afterData endAuth),
|
||||||
isa => 'ArrayRef',
|
|
||||||
default => sub { [] }
|
# Authenticated users entrypoint
|
||||||
);
|
'forAuthUser',
|
||||||
has afterData => (
|
|
||||||
is => 'rw',
|
# Logout entrypoint
|
||||||
isa => 'ArrayRef',
|
'beforeLogout',
|
||||||
default => sub { [] }
|
|
||||||
);
|
# Special endpoint
|
||||||
has authCancel => (
|
'authCancel', # Clean pdata when user click on "cancel"
|
||||||
is => 'rw',
|
);
|
||||||
isa => 'ArrayRef',
|
|
||||||
default => sub { [] }
|
foreach (@entryPoints) {
|
||||||
);
|
has $_ => (
|
||||||
has forAuthUser => (
|
is => 'rw',
|
||||||
is => 'rw',
|
isa => 'ArrayRef',
|
||||||
isa => 'ArrayRef',
|
default => sub { [] }
|
||||||
default => sub { [] }
|
);
|
||||||
);
|
}
|
||||||
has beforeLogout => (
|
}
|
||||||
is => 'rw',
|
|
||||||
isa => 'ArrayRef',
|
|
||||||
default => sub { [] }
|
|
||||||
);
|
|
||||||
|
|
||||||
has spRules => (
|
has spRules => (
|
||||||
is => 'rw',
|
is => 'rw',
|
||||||
|
@ -155,10 +151,7 @@ sub reloadConf {
|
||||||
%{ $self->{conf} } = %{ $self->localConfig };
|
%{ $self->{conf} } = %{ $self->localConfig };
|
||||||
|
|
||||||
# Reinitialize arrays
|
# Reinitialize arrays
|
||||||
foreach (
|
foreach ( qw(_macros _groups), @entryPoints) {
|
||||||
qw(_macros _groups beforeAuth betweenAuthAndData afterData authCancel forAuthUser beforeLogout)
|
|
||||||
)
|
|
||||||
{
|
|
||||||
$self->{$_} = [];
|
$self->{$_} = [];
|
||||||
}
|
}
|
||||||
$self->spRules( {} );
|
$self->spRules( {} );
|
||||||
|
@ -222,7 +215,8 @@ sub reloadConf {
|
||||||
$self->error("$type is not set");
|
$self->error("$type is not set");
|
||||||
return $self->fail;
|
return $self->fail;
|
||||||
}
|
}
|
||||||
$mod = $self->conf->{$type} unless ( $self->conf->{$type} eq 'Same' );
|
$mod = $self->conf->{$type}
|
||||||
|
unless ( $self->conf->{$type} eq 'Same' );
|
||||||
my $module = '::' . ucfirst($type) . '::' . $mod;
|
my $module = '::' . ucfirst($type) . '::' . $mod;
|
||||||
$module =~ s/Authentication/Auth/;
|
$module =~ s/Authentication/Auth/;
|
||||||
|
|
||||||
|
@ -312,7 +306,7 @@ sub reloadConf {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Clean $req->pdata after authentication
|
# Clean $req->pdata after authentication
|
||||||
push @{ $self->afterData }, sub {
|
push @{ $self->endAuth }, sub {
|
||||||
unless ( $_[0]->pdata->{keepPdata} ) {
|
unless ( $_[0]->pdata->{keepPdata} ) {
|
||||||
$self->logger->debug('Cleaning pdata');
|
$self->logger->debug('Cleaning pdata');
|
||||||
$_[0]->pdata( {} );
|
$_[0]->pdata( {} );
|
||||||
|
@ -348,10 +342,7 @@ sub findEP {
|
||||||
my ( $self, $plugin, $obj ) = @_;
|
my ( $self, $plugin, $obj ) = @_;
|
||||||
|
|
||||||
# Standards entry points
|
# Standards entry points
|
||||||
foreach my $sub (
|
foreach my $sub (@entryPoints) {
|
||||||
qw(beforeAuth betweenAuthAndData afterData authCancel forAuthUser beforeLogout)
|
|
||||||
)
|
|
||||||
{
|
|
||||||
if ( $obj->can($sub) ) {
|
if ( $obj->can($sub) ) {
|
||||||
$self->logger->debug(" Found $sub entry point:");
|
$self->logger->debug(" Found $sub entry point:");
|
||||||
if ( my $callback = $obj->$sub ) {
|
if ( my $callback = $obj->$sub ) {
|
||||||
|
@ -412,8 +403,8 @@ sub fail {
|
||||||
|
|
||||||
sub displayError {
|
sub displayError {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return $self->sendError( $req, 'Portal error, contact your administrator',
|
return $self->sendError( $req,
|
||||||
500 );
|
'Portal error, contact your administrator', 500 );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -102,6 +102,8 @@ sub _redirect {
|
||||||
@{ $self->p->betweenAuthAndData },
|
@{ $self->p->betweenAuthAndData },
|
||||||
$self->p->sessionData,
|
$self->p->sessionData,
|
||||||
@{ $self->p->afterData },
|
@{ $self->p->afterData },
|
||||||
|
$self->p->validSession,
|
||||||
|
@{ $self->p->endAuth },
|
||||||
(
|
(
|
||||||
$restore
|
$restore
|
||||||
? sub {
|
? sub {
|
||||||
|
|
|
@ -161,6 +161,8 @@ setting C<sessionInfo> provisionning
|
||||||
=item C<afterData>: method called after C<sessionInfo> provisionning
|
=item C<afterData>: method called after C<sessionInfo> provisionning
|
||||||
I<(macros, groups,...)>
|
I<(macros, groups,...)>
|
||||||
|
|
||||||
|
=item C<endAuth>: method called when session is validated (after cookie build)
|
||||||
|
|
||||||
=item C<authCancel>: method called when user click on "cancel" during auth
|
=item C<authCancel>: method called when user click on "cancel" during auth
|
||||||
process
|
process
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,11 @@ sub authProcess { qw(extractFormInfo getUser authenticate) }
|
||||||
|
|
||||||
sub sessionData {
|
sub sessionData {
|
||||||
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
|
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
|
||||||
setLocalGroups store secondFactor storeHistory buildCookie);
|
setLocalGroups store secondFactor);
|
||||||
|
}
|
||||||
|
|
||||||
|
sub validSession {
|
||||||
|
qw(storeHistory buildCookie);
|
||||||
}
|
}
|
||||||
|
|
||||||
# RESPONSE HANDLER
|
# RESPONSE HANDLER
|
||||||
|
@ -88,9 +92,10 @@ sub login {
|
||||||
return $self->do(
|
return $self->do(
|
||||||
$req,
|
$req,
|
||||||
[
|
[
|
||||||
'controlUrl', @{ $self->beforeAuth },
|
'controlUrl', @{ $self->beforeAuth },
|
||||||
$self->authProcess, @{ $self->betweenAuthAndData },
|
$self->authProcess, @{ $self->betweenAuthAndData },
|
||||||
$self->sessionData, @{ $self->afterData },
|
$self->sessionData, @{ $self->afterData },
|
||||||
|
$self->validSession, @{ $self->endAuth },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -103,7 +108,8 @@ sub postLogin {
|
||||||
'restoreArgs', 'controlUrl',
|
'restoreArgs', 'controlUrl',
|
||||||
@{ $self->beforeAuth }, $self->authProcess,
|
@{ $self->beforeAuth }, $self->authProcess,
|
||||||
@{ $self->betweenAuthAndData }, $self->sessionData,
|
@{ $self->betweenAuthAndData }, $self->sessionData,
|
||||||
@{ $self->afterData },
|
@{ $self->afterData }, $self->validSession,
|
||||||
|
@{ $self->endAuth },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,7 +95,7 @@ sub _verify {
|
||||||
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
||||||
$self->p->updateSession( $req, { authenticationLevel => $l } );
|
$self->p->updateSession( $req, { authenticationLevel => $l } );
|
||||||
}
|
}
|
||||||
return $self->p->do( $req, [ @{ $self->p->afterData }, sub { PE_OK } ] );
|
return $self->p->do( $req, [ @{ $self->p->endAuth }, sub { PE_OK } ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -13,7 +13,7 @@ extends 'Lemonldap::NG::Common::Module';
|
||||||
|
|
||||||
# INTERFACE
|
# INTERFACE
|
||||||
|
|
||||||
use constant afterData => 'changeUrldc';
|
use constant endAuth => 'changeUrldc';
|
||||||
use constant forAuthUser => 'changeUrldc';
|
use constant forAuthUser => 'changeUrldc';
|
||||||
|
|
||||||
sub init { 1 }
|
sub init { 1 }
|
||||||
|
|
|
@ -53,9 +53,9 @@ sub check {
|
||||||
'authenticate',
|
'authenticate',
|
||||||
@{ $self->p->betweenAuthAndData },
|
@{ $self->p->betweenAuthAndData },
|
||||||
qw( setAuthSessionInfo setSessionInfo setMacros setGroups
|
qw( setAuthSessionInfo setSessionInfo setMacros setGroups
|
||||||
setPersistentSessionInfo setLocalGroups store secondFactor
|
setPersistentSessionInfo setLocalGroups store secondFactor),
|
||||||
storeHistory),
|
@{ $self->p->afterData }, 'storeHistory',
|
||||||
@{ $self->p->afterData }
|
@{ $self->p->endAuth }
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
if ( $res = $self->p->process( $req, ) ) {
|
if ( $res = $self->p->process( $req, ) ) {
|
||||||
|
|
|
@ -11,7 +11,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||||
|
|
||||||
# INITIALIZATION
|
# INITIALIZATION
|
||||||
|
|
||||||
sub afterData { 'run' }
|
use constant endAuth => 'run';
|
||||||
|
|
||||||
sub init { 1 }
|
sub init { 1 }
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
# INTERFACE
|
# INTERFACE
|
||||||
|
|
||||||
# Declare additional process steps
|
# Declare additional process steps
|
||||||
sub afterData { 'checkNotifDuringAuth' }
|
use constant endAuth => 'checkNotifDuringAuth';
|
||||||
|
|
||||||
# For now, notifications are done only during authentication process
|
# For now, notifications are done only during authentication process
|
||||||
#sub forAuthUser { 'checkNotifForAuthUser' }
|
#sub forAuthUser { 'checkNotifForAuthUser' }
|
||||||
|
|
|
@ -238,6 +238,8 @@ sub newAuthSession {
|
||||||
@{ $self->p->betweenAuthAndData },
|
@{ $self->p->betweenAuthAndData },
|
||||||
$self->p->sessionData,
|
$self->p->sessionData,
|
||||||
@{ $self->p->afterData },
|
@{ $self->p->afterData },
|
||||||
|
$self->p->validSession,
|
||||||
|
@{ $self->p->endAuth },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
$req->{error} = $self->p->process($req);
|
$req->{error} = $self->p->process($req);
|
||||||
|
|
|
@ -180,6 +180,8 @@ sub getCookies {
|
||||||
@{ $self->p->betweenAuthAndData },
|
@{ $self->p->betweenAuthAndData },
|
||||||
$self->p->sessionData,
|
$self->p->sessionData,
|
||||||
@{ $self->p->afterData },
|
@{ $self->p->afterData },
|
||||||
|
$self->p->validSession,
|
||||||
|
@{ $self->p->endAuth },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
$req->{error} = $self->p->process($req);
|
$req->{error} = $self->p->process($req);
|
||||||
|
|
|
@ -9,7 +9,7 @@ our $VERSION = '2.0.0';
|
||||||
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||||
'Lemonldap::NG::Portal::Lib::OtherSessions';
|
'Lemonldap::NG::Portal::Lib::OtherSessions';
|
||||||
|
|
||||||
sub afterData { 'run' }
|
use constant endAuth => 'run';
|
||||||
|
|
||||||
sub init { 1 }
|
sub init { 1 }
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
|
|
||||||
# INTERFACE
|
# INTERFACE
|
||||||
|
|
||||||
use constant afterData => 'newDevice';
|
use constant endAuth => 'newDevice';
|
||||||
|
|
||||||
use constant beforeAuth => 'check';
|
use constant beforeAuth => 'check';
|
||||||
|
|
||||||
|
|
|
@ -31,6 +31,10 @@ ok(
|
||||||
count(1);
|
count(1);
|
||||||
expectReject($res);
|
expectReject($res);
|
||||||
|
|
||||||
|
my $c = getCookies($res);
|
||||||
|
ok( not(%$c), 'No cookie' );
|
||||||
|
count(1);
|
||||||
|
|
||||||
&Lemonldap::NG::Handler::Main::cfgNum( 0, 0 );
|
&Lemonldap::NG::Handler::Main::cfgNum( 0, 0 );
|
||||||
$client = LLNG::Manager::Test->new(
|
$client = LLNG::Manager::Test->new(
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue
Block a user