From 62e3ba159d9ebc5e61ab263b4495b0181fd0c8ae Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Tue, 10 Jan 2017 12:25:30 +0000 Subject: [PATCH] REST in progress (#970) --- .../lib/Lemonldap/NG/Manager/Attributes.pm | 3 + .../Lemonldap/NG/Manager/Build/Attributes.pm | 7 ++- .../site/static/languages/en.json | 3 +- .../site/static/languages/fr.json | 3 +- .../lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm | 56 ++++++++++++------- .../lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm | 8 ++- 6 files changed, 52 insertions(+), 28 deletions(-) diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index bdb6df175..814874611 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -1939,6 +1939,9 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- 'proxyAuthService' => { 'type' => 'text' }, + 'proxySessionService' => { + 'type' => 'text' + }, 'proxyUseSoap' => { 'default' => 0, 'type' => 'bool' diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 1347157fe..e035b9e70 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -2004,9 +2004,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: }, # Proxy - proxyAuthService => { type => 'text', }, - remoteCookieName => { type => 'text', }, - proxyUseSoap => { + proxyAuthService => { type => 'text', }, + proxySessionService => { type => 'text', }, + remoteCookieName => { type => 'text', }, + proxyUseSoap => { type => 'bool', default => 0, documentation => 'Use SOAP instead of REST', diff --git a/lemonldap-ng-manager/site/static/languages/en.json b/lemonldap-ng-manager/site/static/languages/en.json index 4e5da66cd..9c45f8f9a 100644 --- a/lemonldap-ng-manager/site/static/languages/en.json +++ b/lemonldap-ng-manager/site/static/languages/en.json @@ -520,7 +520,8 @@ "previous": "Previous", "privateKey": "Private key", "proxyAuthnLevel": "Authentication level", -"proxyAuthService": "Portal URL", +"proxyAuthService": "Internal portal URL", +"proxySessionService": "Session service URL", "proxyParams": "Proxy parameters", "proxyUseSoap": "Use SOAP instead of REST", "publicKey": "Public key", diff --git a/lemonldap-ng-manager/site/static/languages/fr.json b/lemonldap-ng-manager/site/static/languages/fr.json index dc24d7648..ea59e609e 100644 --- a/lemonldap-ng-manager/site/static/languages/fr.json +++ b/lemonldap-ng-manager/site/static/languages/fr.json @@ -520,7 +520,8 @@ "previous": "Précédente", "privateKey": "Clef privée", "proxyAuthnLevel": "Niveau d'authentification", -"proxyAuthService": "URL du portail", +"proxyAuthService": "URL du portail interne", +"proxySessionService": "URL du service de session", "proxyParams": "Paramètres Proxy", "proxyUseSoap": "Utiliser SOAP ai lieu de REST", "publicKey": "Clef publique", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm index 9a7880814..7cc4e2014 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm @@ -1,4 +1,4 @@ -package Lemonldap::NG::Portal::Lib::SOAPProxy; +package Lemonldap::NG::Portal::Lib::RESTProxy; use strict; use JSON; @@ -23,6 +23,8 @@ has ua => ( sub init { my ($self) = @_; $self->conf->{remoteCookieName} ||= $self->conf->{cookieName}; + $self->conf->{proxySessionService} ||= + $self->conf->{proxyAuthService} . '/mysession/'; unless ( defined $self->conf->{proxyAuthService} ) { $self->error("Missing proxyAuthService parameter"); @@ -31,11 +33,14 @@ sub init { return 1; } -*authenticate = *getUser; +no warnings 'once'; +*authenticate = \&getUser; sub getUser { my ( $self, $req ) = @_; return PE_OK if ( $req->datas->{_proxyQueryDone} ); + $self->lmLog( 'Proxy push auth to ' . $self->conf->{proxyAuthService}, + 'debug' ); my $resp = $self->ua->post( $self->conf->{proxyAuthService}, { user => $req->{user}, password => $req->datas->{password} } ); unless ( $resp->is_success ) { @@ -44,36 +49,47 @@ sub getUser { 'error' ); return PE_ERROR; } + $self->lmLog( 'Proxy gets a response', 'debug' ); my $res = eval { JSON::from_json( $resp->content ) }; if ($@) { $self->lmLog("Bad content: $@"); return PE_ERROR; } - $req->datas->{_proxyQueryDone}++; - return ( $res->{result} ? PE_OK : PE_BADCREDENTIALS ); + $req->sessionInfo->{_proxyQueryDone}++; + unless ( $res->{result} ) { + $self->p->userNotice("Authentication refused for $req->{user}"); + return PE_BADCREDENTIALS; + } + $req->sessionInfo->{_proxyCookies} = join '; ', + map { s/;.*$// } $resp->header('Set-Cookie'); + $self->lmLog( + 'Store cookies in session (' . $req->sessionInfo->{_proxyCookies} . ')', + 'debug' + ); + PE_OK; } sub setSessionInfo { my ( $self, $req ) = @_; return PE_OK if ( $req->datas->{_setSessionInfoDone} ); - my $soap = - SOAP::Lite->proxy( $self->conf->{proxyAuthService} ) - ->uri('urn:Lemonldap/NG/Common/PSGI/SOAPService'); - my $r = $soap->getAttributes( $req->datas->{_remoteId} ); - if ( $r->fault ) { - $self->lmLog( - "Unable to query authentication service" . $r->fault->{faultstring}, - 'error' - ); - } - my $res = $r->result(); - if ( $res->{error} ) { - $self->userError("Unable to get attributes for $self->{user} "); + my $q = HTTP::Request->new( + GET => $self->conf->{proxySessionService}, + Cookie => $req->sessionInfo->{_proxyCookies} + ); + my $resp = $self->ua->get($q); + unless ( $resp->is_success ) { + $self->lmLog( 'Unable to query session service: ' . $resp->status_line, + 'error' ); return PE_ERROR; } - foreach ( keys %{ $res->{attributes} } ) { - $req->{sessionInfo}->{$_} ||= $res->{attributes}->{$_} - unless (/^_/); + $self->lmLog( 'Proxy gets a response', 'debug' ); + my $res = eval { JSON::from_json( $resp->content ) }; + if ($@) { + $self->lmLog("Bad content: $@"); + return PE_ERROR; + } + foreach ( keys %$res ) { + $req->{sessionInfo}->{$_} ||= $res->{$_} unless (/^_/); } $req->datas->{_setSessionInfoDone}++; PE_OK; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm index c837719f8..ad0e0039a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm @@ -11,7 +11,8 @@ our $VERSION = '2.0.0'; sub init { my ($self) = @_; - $self->conf->{remoteCookieName} ||= $self->conf->{cookieName}; + $self->conf->{remoteCookieName} ||= $self->conf->{cookieName}; + $self->conf->{proxySessionService} ||= $self->conf->{proxyAuthService}; unless ( defined $self->conf->{proxyAuthService} ) { $self->error("Missing proxyAuthService parameter"); @@ -22,6 +23,8 @@ sub init { # RUNNING METHODS +no warnings 'once'; + *authenticate = *getUser; sub getUser { @@ -59,8 +62,7 @@ sub getUser { sub setSessionInfo { my ( $self, $req ) = @_; return PE_OK if ( $req->datas->{_setSessionInfoDone} ); - my $soap = - SOAP::Lite->proxy( $self->conf->{proxyAuthService} ) + my $soap = SOAP::Lite->proxy( $self->conf->{proxySessionService} ) ->uri('urn:Lemonldap/NG/Common/PSGI/SOAPService'); my $r = $soap->getAttributes( $req->datas->{_remoteId} ); if ( $r->fault ) {