Improve SSL error reporting (#2110)
This commit is contained in:
Maxime Besson
parent
05a23480b0
commit
6447396888
|
|
@ -31,6 +31,13 @@ sub init {
|
|||
# @return Lemonldap::NG::Portal constant
|
||||
sub extractFormInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
# If this is the ajax query, allow response to contain HTML code
|
||||
# to update the portal error message
|
||||
if ( $req->wantJSON ) {
|
||||
$req->wantErrorRender(1);
|
||||
}
|
||||
|
||||
my $field = $self->conf->{SSLVar};
|
||||
if ( $req->env->{SSL_CLIENT_I_DN} ) {
|
||||
$self->logger->debug(
|
||||
|
|
@ -55,6 +62,12 @@ sub extractFormInfo {
|
|||
return PE_BADCERTIFICATE;
|
||||
}
|
||||
elsif ( $self->conf->{sslByAjax} and not $req->param('nossl') ) {
|
||||
|
||||
# If this is the AJAX query
|
||||
if ( $req->wantJSON ) {
|
||||
return PE_CERTIFICATEREQUIRED;
|
||||
}
|
||||
|
||||
$self->logger->debug( 'Append ' . $self->{Name} . ' init/script' );
|
||||
$req->data->{customScript} .= $self->{AjaxInitScript};
|
||||
$self->logger->debug(
|
||||
|
|
@ -68,6 +81,7 @@ sub extractFormInfo {
|
|||
$req->data->{customScript} .= $self->{AjaxInitScript};
|
||||
$self->logger->debug(
|
||||
"Send init/script -> " . $req->data->{customScript} );
|
||||
return PE_BADCERTIFICATE;
|
||||
}
|
||||
$self->userLogger->warn('No certificate found');
|
||||
return PE_CERTIFICATEREQUIRED;
|
||||
|
|
|
|||
|
|
@ -5,12 +5,9 @@ tryssl = () ->
|
|||
console.log 'path -> ', path
|
||||
console.log 'Call URL -> ', window.datas.sslHost
|
||||
$.ajax window.datas.sslHost,
|
||||
dataType: 'jsonp'
|
||||
# PE_BADCREDENTIALS
|
||||
statusCode:
|
||||
401: () ->
|
||||
$('#lform').submit()
|
||||
console.log 'Error code 401'
|
||||
dataType: 'json',
|
||||
xhrFields:
|
||||
withCredentials: true
|
||||
# If request succeed, cookie is set, posting form to get redirection
|
||||
# or menu
|
||||
success: (data) ->
|
||||
|
|
@ -18,9 +15,23 @@ tryssl = () ->
|
|||
console.log 'Success -> ', data
|
||||
# Case else, will display PE_BADCREDENTIALS or fallback to next auth
|
||||
# backend
|
||||
error: () ->
|
||||
sendUrl path
|
||||
console.log 'Error'
|
||||
error: (result) ->
|
||||
# If the AJAX query didn't fire at all, it's probably
|
||||
# a bad certificate
|
||||
if result.status == 0
|
||||
# We couldn't send the request.
|
||||
# if client verification is optional, this means
|
||||
# the certificate was rejected (or some network error)
|
||||
sendUrl path
|
||||
# For compatibility with earlier configs, handle PE9 by posting form
|
||||
if result.responseJSON && 'error' of result.responseJSON && result.responseJSON.error == "9"
|
||||
sendUrl path
|
||||
|
||||
# If the server sent a html error description, display it
|
||||
if result.responseJSON && 'html' of result.responseJSON
|
||||
$('#errormsg').html(result.responseJSON.html);
|
||||
$(window).trigger('load');
|
||||
console.log 'Error during AJAX SSL authentication', result
|
||||
false
|
||||
|
||||
sendUrl = (path) ->
|
||||
|
|
@ -34,4 +45,4 @@ sendUrl = (path) ->
|
|||
$('#lform').submit()
|
||||
|
||||
$(document).ready ->
|
||||
$('.sslclick').on 'click', tryssl
|
||||
$('.sslclick').on 'click', tryssl
|
||||
|
|
|
|||
|
|
@ -5,12 +5,9 @@ tryssl = () ->
|
|||
console.log 'path -> ', path
|
||||
console.log 'Call URL -> ', window.datas.sslHost
|
||||
$.ajax window.datas.sslHost,
|
||||
dataType: 'jsonp'
|
||||
# PE_BADCREDENTIALS
|
||||
statusCode:
|
||||
401: () ->
|
||||
$('#lformSSL').submit()
|
||||
console.log 'Error code 401'
|
||||
dataType: 'json',
|
||||
xhrFields:
|
||||
withCredentials: true
|
||||
# If request succeed, cookie is set, posting form to get redirection
|
||||
# or menu
|
||||
success: (data) ->
|
||||
|
|
@ -18,9 +15,23 @@ tryssl = () ->
|
|||
console.log 'Success -> ', data
|
||||
# Case else, will display PE_BADCREDENTIALS or fallback to next auth
|
||||
# backend
|
||||
error: () ->
|
||||
sendUrl path
|
||||
console.log 'Error'
|
||||
error: (result) ->
|
||||
# If the AJAX query didn't fire at all, it's probably
|
||||
# a bad certificate
|
||||
if result.status == 0
|
||||
# We couldn't send the request.
|
||||
# if client verification is optional, this means
|
||||
# the certificate was rejected (or some network error)
|
||||
sendUrl path
|
||||
# For compatibility with earlier configs, handle PE9 by posting form
|
||||
if result.responseJSON && 'error' of result.responseJSON && result.responseJSON.error == "9"
|
||||
sendUrl path
|
||||
|
||||
# If the server sent a html error description, display it
|
||||
if result.responseJSON && 'html' of result.responseJSON
|
||||
$('#errormsg').html(result.responseJSON.html);
|
||||
$(window).trigger('load');
|
||||
console.log 'Error during AJAX SSL authentication', result
|
||||
false
|
||||
|
||||
sendUrl = (path) ->
|
||||
|
|
@ -34,4 +45,4 @@ sendUrl = (path) ->
|
|||
$('#lformSSL').submit()
|
||||
|
||||
$(document).ready ->
|
||||
$('.sslclick').on 'click', tryssl
|
||||
$('.sslclick').on 'click', tryssl
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.7
|
||||
// Generated by CoffeeScript 1.12.8
|
||||
(function() {
|
||||
var sendUrl, tryssl;
|
||||
|
||||
|
|
@ -8,20 +8,26 @@
|
|||
console.log('path -> ', path);
|
||||
console.log('Call URL -> ', window.datas.sslHost);
|
||||
$.ajax(window.datas.sslHost, {
|
||||
dataType: 'jsonp',
|
||||
statusCode: {
|
||||
401: function() {
|
||||
$('#lform').submit();
|
||||
return console.log('Error code 401');
|
||||
}
|
||||
dataType: 'json',
|
||||
xhrFields: {
|
||||
withCredentials: true
|
||||
},
|
||||
success: function(data) {
|
||||
sendUrl(path);
|
||||
return console.log('Success -> ', data);
|
||||
},
|
||||
error: function() {
|
||||
sendUrl(path);
|
||||
return console.log('Error');
|
||||
error: function(result) {
|
||||
if (result.status === 0) {
|
||||
sendUrl(path);
|
||||
}
|
||||
if (result.responseJSON && 'error' in result.responseJSON && result.responseJSON.error === "9") {
|
||||
sendUrl(path);
|
||||
}
|
||||
if (result.responseJSON && 'html' in result.responseJSON) {
|
||||
$('#errormsg').html(result.responseJSON.html);
|
||||
$(window).trigger('load');
|
||||
}
|
||||
return console.log('Error during AJAX SSL authentication', result);
|
||||
}
|
||||
});
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
(function(){var t,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"jsonp",statusCode:{401:function(){return $("#lform").submit(),console.log("Error code 401")}},success:function(o){return t(n),console.log("Success -> ",o)},error:function(){return t(n),console.log("Error")}}),!1},t=function(o){var n;return(n=$("#lform").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lform").attr("action",n),$("#lform").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
|
||||
(function(){var r,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"json",xhrFields:{withCredentials:!0},success:function(o){return r(n),console.log("Success -> ",o)},error:function(o){return 0===o.status&&r(n),o.responseJSON&&"error"in o.responseJSON&&"9"===o.responseJSON.error&&r(n),o.responseJSON&&"html"in o.responseJSON&&($("#errormsg").html(o.responseJSON.html),$(window).trigger("load")),console.log("Error during AJAX SSL authentication",o)}}),!1},r=function(o){var n;return(n=$("#lform").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lform").attr("action",n),$("#lform").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
|
||||
|
|
@ -1 +1 @@
|
|||
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","statusCode","401","submit","success","data","error","form_url","attr","match","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EAqBJ,OApBAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,QACVC,WAAY,CACVC,IAAK,WAEH,OADAJ,EAAE,UAAUK,SACLT,QAAQC,IAAI,oBAGvBS,QAAS,SAASC,GAEhB,OADAjB,EAAQE,GACDI,QAAQC,IAAI,cAAeU,IAEpCC,MAAO,WAEL,OADAlB,EAAQE,GACDI,QAAQC,IAAI,aAGhB,GAGTP,EAAU,SAASE,GACjB,IAAIiB,EASJ,OARAA,EAAWT,EAAE,UAAUU,KAAK,WACfC,MAAM,OACjBF,EAAWjB,EAEXiB,GAAsBjB,EAExBI,QAAQC,IAAI,sBAAuBY,GACnCT,EAAE,UAAUU,KAAK,SAAUD,GACpBT,EAAE,UAAUK,UAGrBL,EAAEY,UAAUC,MAAM,WAChB,OAAOb,EAAE,aAAac,GAAG,QAASvB,OAGnCwB,KAAKC"}
|
||||
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","xhrFields","withCredentials","success","data","error","result","status","responseJSON","html","trigger","form_url","attr","match","submit","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EA2BJ,OA1BAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,OACVC,UAAW,CACTC,iBAAiB,GAEnBC,QAAS,SAASC,GAEhB,OADAhB,EAAQE,GACDI,QAAQC,IAAI,cAAeS,IAEpCC,MAAO,SAASC,GAWd,OAVsB,IAAlBA,EAAOC,QACTnB,EAAQE,GAENgB,EAAOE,cAAgB,UAAWF,EAAOE,cAA8C,MAA9BF,EAAOE,aAAaH,OAC/EjB,EAAQE,GAENgB,EAAOE,cAAgB,SAAUF,EAAOE,eAC1CV,EAAE,aAAaW,KAAKH,EAAOE,aAAaC,MACxCX,EAAEP,QAAQmB,QAAQ,SAEbhB,QAAQC,IAAI,uCAAwCW,OAGxD,GAGTlB,EAAU,SAASE,GACjB,IAAIqB,EASJ,OARAA,EAAWb,EAAE,UAAUc,KAAK,WACfC,MAAM,OACjBF,EAAWrB,EAEXqB,GAAsBrB,EAExBI,QAAQC,IAAI,sBAAuBgB,GACnCb,EAAE,UAAUc,KAAK,SAAUD,GACpBb,EAAE,UAAUgB,UAGrBhB,EAAEiB,UAAUC,MAAM,WAChB,OAAOlB,EAAE,aAAamB,GAAG,QAAS5B,OAGnC6B,KAAKC"}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
// Generated by CoffeeScript 1.12.7
|
||||
// Generated by CoffeeScript 1.12.8
|
||||
(function() {
|
||||
var sendUrl, tryssl;
|
||||
|
||||
|
|
@ -8,20 +8,26 @@
|
|||
console.log('path -> ', path);
|
||||
console.log('Call URL -> ', window.datas.sslHost);
|
||||
$.ajax(window.datas.sslHost, {
|
||||
dataType: 'jsonp',
|
||||
statusCode: {
|
||||
401: function() {
|
||||
$('#lformSSL').submit();
|
||||
return console.log('Error code 401');
|
||||
}
|
||||
dataType: 'json',
|
||||
xhrFields: {
|
||||
withCredentials: true
|
||||
},
|
||||
success: function(data) {
|
||||
sendUrl(path);
|
||||
return console.log('Success -> ', data);
|
||||
},
|
||||
error: function() {
|
||||
sendUrl(path);
|
||||
return console.log('Error');
|
||||
error: function(result) {
|
||||
if (result.status === 0) {
|
||||
sendUrl(path);
|
||||
}
|
||||
if (result.responseJSON && 'error' in result.responseJSON && result.responseJSON.error === "9") {
|
||||
sendUrl(path);
|
||||
}
|
||||
if (result.responseJSON && 'html' in result.responseJSON) {
|
||||
$('#errormsg').html(result.responseJSON.html);
|
||||
$(window).trigger('load');
|
||||
}
|
||||
return console.log('Error during AJAX SSL authentication', result);
|
||||
}
|
||||
});
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
(function(){var t,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"jsonp",statusCode:{401:function(){return $("#lformSSL").submit(),console.log("Error code 401")}},success:function(o){return t(n),console.log("Success -> ",o)},error:function(){return t(n),console.log("Error")}}),!1},t=function(o){var n;return(n=$("#lformSSL").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lformSSL").attr("action",n),$("#lformSSL").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
|
||||
(function(){var r,o;o=function(){var n;return n=window.location.pathname,console.log("path -> ",n),console.log("Call URL -> ",window.datas.sslHost),$.ajax(window.datas.sslHost,{dataType:"json",xhrFields:{withCredentials:!0},success:function(o){return r(n),console.log("Success -> ",o)},error:function(o){return 0===o.status&&r(n),o.responseJSON&&"error"in o.responseJSON&&"9"===o.responseJSON.error&&r(n),o.responseJSON&&"html"in o.responseJSON&&($("#errormsg").html(o.responseJSON.html),$(window).trigger("load")),console.log("Error during AJAX SSL authentication",o)}}),!1},r=function(o){var n;return(n=$("#lformSSL").attr("action")).match(/^#$/)?n=o:n+=o,console.log("form action URL -> ",n),$("#lformSSL").attr("action",n),$("#lformSSL").submit()},$(document).ready(function(){return $(".sslclick").on("click",o)})}).call(this);
|
||||
|
|
@ -1 +1 @@
|
|||
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","statusCode","401","submit","success","data","error","form_url","attr","match","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EAqBJ,OApBAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,QACVC,WAAY,CACVC,IAAK,WAEH,OADAJ,EAAE,aAAaK,SACRT,QAAQC,IAAI,oBAGvBS,QAAS,SAASC,GAEhB,OADAjB,EAAQE,GACDI,QAAQC,IAAI,cAAeU,IAEpCC,MAAO,WAEL,OADAlB,EAAQE,GACDI,QAAQC,IAAI,aAGhB,GAGTP,EAAU,SAASE,GACjB,IAAIiB,EASJ,OARAA,EAAWT,EAAE,aAAaU,KAAK,WAClBC,MAAM,OACjBF,EAAWjB,EAEXiB,GAAsBjB,EAExBI,QAAQC,IAAI,sBAAuBY,GACnCT,EAAE,aAAaU,KAAK,SAAUD,GACvBT,EAAE,aAAaK,UAGxBL,EAAEY,UAAUC,MAAM,WAChB,OAAOb,EAAE,aAAac,GAAG,QAASvB,OAGnCwB,KAAKC"}
|
||||
{"version":3,"sources":["lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js"],"names":["sendUrl","tryssl","path","window","location","pathname","console","log","datas","sslHost","$","ajax","dataType","xhrFields","withCredentials","success","data","error","result","status","responseJSON","html","trigger","form_url","attr","match","submit","document","ready","on","call","this"],"mappings":"CACA,WACE,IAAIA,EAASC,EAEbA,EAAS,WACP,IAAIC,EA2BJ,OA1BAA,EAAOC,OAAOC,SAASC,SACvBC,QAAQC,IAAI,WAAYL,GACxBI,QAAQC,IAAI,eAAgBJ,OAAOK,MAAMC,SACzCC,EAAEC,KAAKR,OAAOK,MAAMC,QAAS,CAC3BG,SAAU,OACVC,UAAW,CACTC,iBAAiB,GAEnBC,QAAS,SAASC,GAEhB,OADAhB,EAAQE,GACDI,QAAQC,IAAI,cAAeS,IAEpCC,MAAO,SAASC,GAWd,OAVsB,IAAlBA,EAAOC,QACTnB,EAAQE,GAENgB,EAAOE,cAAgB,UAAWF,EAAOE,cAA8C,MAA9BF,EAAOE,aAAaH,OAC/EjB,EAAQE,GAENgB,EAAOE,cAAgB,SAAUF,EAAOE,eAC1CV,EAAE,aAAaW,KAAKH,EAAOE,aAAaC,MACxCX,EAAEP,QAAQmB,QAAQ,SAEbhB,QAAQC,IAAI,uCAAwCW,OAGxD,GAGTlB,EAAU,SAASE,GACjB,IAAIqB,EASJ,OARAA,EAAWb,EAAE,aAAac,KAAK,WAClBC,MAAM,OACjBF,EAAWrB,EAEXqB,GAAsBrB,EAExBI,QAAQC,IAAI,sBAAuBgB,GACnCb,EAAE,aAAac,KAAK,SAAUD,GACvBb,EAAE,aAAagB,UAGxBhB,EAAEiB,UAAUC,MAAM,WAChB,OAAOlB,EAAE,aAAamB,GAAG,QAAS5B,OAGnC6B,KAAKC"}
|
||||
|
|
@ -4,13 +4,15 @@
|
|||
|
||||
<TMPL_INCLUDE NAME="customLoginHeader.tpl">
|
||||
|
||||
<TMPL_IF NAME="AUTH_ERROR">
|
||||
<div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span>
|
||||
<TMPL_IF LOCKTIME>
|
||||
<TMPL_VAR NAME="LOCKTIME"> <span trspan="seconds">seconds</span>.
|
||||
</TMPL_IF>
|
||||
</div>
|
||||
</TMPL_IF>
|
||||
<div id="errormsg">
|
||||
<TMPL_IF NAME="AUTH_ERROR">
|
||||
<div class="message message-<TMPL_VAR NAME="AUTH_ERROR_TYPE"> alert"><span trmsg="<TMPL_VAR NAME="AUTH_ERROR">"></span>
|
||||
<TMPL_IF LOCKTIME>
|
||||
<TMPL_VAR NAME="LOCKTIME"> <span trspan="seconds">seconds</span>.
|
||||
</TMPL_IF>
|
||||
</div>
|
||||
</TMPL_IF>
|
||||
</div>
|
||||
|
||||
<TMPL_IF AUTH_LOOP>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user