Restore old login history (#1656)
This commit is contained in:
Clément OUDOT
Xavier Guimard
parent
48b86bd224
commit
6740269cce
|
|
@ -57,9 +57,11 @@ sub handler {
|
|||
if ( $sp or %{ $req->pdata } ) {
|
||||
my %v = (
|
||||
name => $self->conf->{cookieName} . 'pdata',
|
||||
( %{ $req->pdata }
|
||||
(
|
||||
%{ $req->pdata }
|
||||
? ( value => uri_escape( JSON::to_json( $req->pdata ) ) )
|
||||
: ( value => '',
|
||||
: (
|
||||
value => '',
|
||||
expires => 'Wed, 21 Oct 2015 00:00:00 GMT'
|
||||
)
|
||||
)
|
||||
|
|
@ -93,7 +95,8 @@ sub login {
|
|||
my ( $self, $req ) = @_;
|
||||
return $self->do(
|
||||
$req,
|
||||
[ 'controlUrl', @{ $self->beforeAuth },
|
||||
[
|
||||
'controlUrl', @{ $self->beforeAuth },
|
||||
$self->authProcess, @{ $self->betweenAuthAndData },
|
||||
$self->sessionData, @{ $self->afterData },
|
||||
$self->validSession, @{ $self->endAuth },
|
||||
|
|
@ -105,7 +108,8 @@ sub postLogin {
|
|||
my ( $self, $req ) = @_;
|
||||
return $self->do(
|
||||
$req,
|
||||
[ 'restoreArgs', 'controlUrl',
|
||||
[
|
||||
'restoreArgs', 'controlUrl',
|
||||
@{ $self->beforeAuth }, $self->authProcess,
|
||||
@{ $self->betweenAuthAndData }, $self->sessionData,
|
||||
@{ $self->afterData }, $self->validSession,
|
||||
|
|
@ -118,7 +122,8 @@ sub authenticatedRequest {
|
|||
my ( $self, $req ) = @_;
|
||||
return $self->do(
|
||||
$req,
|
||||
[ 'importHandlerData', 'controlUrl',
|
||||
[
|
||||
'importHandlerData', 'controlUrl',
|
||||
'checkLogout', @{ $self->forAuthUser }
|
||||
]
|
||||
);
|
||||
|
|
@ -128,7 +133,8 @@ sub postAuthenticatedRequest {
|
|||
my ( $self, $req ) = @_;
|
||||
return $self->do(
|
||||
$req,
|
||||
[ 'importHandlerData', 'restoreArgs',
|
||||
[
|
||||
'importHandlerData', 'restoreArgs',
|
||||
'controlUrl', 'checkLogout',
|
||||
@{ $self->forAuthUser }
|
||||
]
|
||||
|
|
@ -145,8 +151,8 @@ sub refresh {
|
|||
foreach ( keys %data ) {
|
||||
delete $data{$_} unless ( /^_/ or /^(?:startTime)$/ );
|
||||
}
|
||||
$req->steps(
|
||||
[ 'getUser',
|
||||
$req->steps( [
|
||||
'getUser',
|
||||
@{ $self->betweenAuthAndData },
|
||||
'setAuthSessionInfo',
|
||||
'setSessionInfo',
|
||||
|
|
@ -164,8 +170,7 @@ sub refresh {
|
|||
if ($res) {
|
||||
$req->info(
|
||||
$self->loadTemplate(
|
||||
'simpleInfo',
|
||||
params => { trspan => 'rightsReloadNeedsLogout' }
|
||||
'simpleInfo', params => { trspan => 'rightsReloadNeedsLogout' }
|
||||
)
|
||||
);
|
||||
$req->urldc( $self->conf->{portal} );
|
||||
|
|
@ -178,7 +183,8 @@ sub logout {
|
|||
my ( $self, $req ) = @_;
|
||||
return $self->do(
|
||||
$req,
|
||||
[ 'controlUrl', @{ $self->beforeLogout },
|
||||
[
|
||||
'controlUrl', @{ $self->beforeLogout },
|
||||
'authLogout', 'deleteSession'
|
||||
]
|
||||
);
|
||||
|
|
@ -223,14 +229,16 @@ sub do {
|
|||
else {
|
||||
return $self->sendJSONresponse(
|
||||
$req,
|
||||
{ result => 1,
|
||||
{
|
||||
result => 1,
|
||||
code => $err
|
||||
}
|
||||
);
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ( $err
|
||||
if (
|
||||
$err
|
||||
and $err != PE_LOGOUT_OK
|
||||
and (
|
||||
$err != PE_REDIRECT
|
||||
|
|
@ -257,7 +265,8 @@ sub do {
|
|||
|
||||
sub getModule {
|
||||
my ( $self, $req, $type ) = @_;
|
||||
if (my $mod = {
|
||||
if (
|
||||
my $mod = {
|
||||
auth => '_authentication',
|
||||
user => '_userDB',
|
||||
password => '_passwordDB'
|
||||
|
|
@ -269,8 +278,8 @@ sub getModule {
|
|||
}
|
||||
else {
|
||||
my $s = ref( $self->$mod );
|
||||
$s
|
||||
=~ s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//;
|
||||
$s =~
|
||||
s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//;
|
||||
return $s;
|
||||
}
|
||||
}
|
||||
|
|
@ -297,9 +306,8 @@ sub autoRedirect {
|
|||
$req->data->{redirectFormMethod} = "get";
|
||||
}
|
||||
else {
|
||||
return [
|
||||
302, [ Location => $req->{urldc}, @{ $req->respHeaders } ], []
|
||||
];
|
||||
return [ 302,
|
||||
[ Location => $req->{urldc}, @{ $req->respHeaders } ], [] ];
|
||||
}
|
||||
}
|
||||
my ( $tpl, $prms ) = $self->display($req);
|
||||
|
|
@ -319,8 +327,8 @@ sub getApacheSession {
|
|||
$self->logger->debug("Try to get a new $args{kind} session");
|
||||
}
|
||||
|
||||
my $as = Lemonldap::NG::Common::Session->new(
|
||||
{ storageModule => $self->conf->{globalStorage},
|
||||
my $as = Lemonldap::NG::Common::Session->new( {
|
||||
storageModule => $self->conf->{globalStorage},
|
||||
storageModuleOptions => $self->conf->{globalStorageOptions},
|
||||
cacheModule => $self->conf->{localSessionStorage},
|
||||
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
|
||||
|
|
@ -334,7 +342,8 @@ sub getApacheSession {
|
|||
if ( my $err = $as->error ) {
|
||||
$self->lmLog(
|
||||
$err,
|
||||
( $err =~ /(?:Object does not exist|Invalid session ID)/
|
||||
(
|
||||
$err =~ /(?:Object does not exist|Invalid session ID)/
|
||||
? 'notice'
|
||||
: 'error'
|
||||
)
|
||||
|
|
@ -351,14 +360,16 @@ sub getApacheSession {
|
|||
"Check session validity -> " . $self->conf->{timeoutActivity} . "s" )
|
||||
if ( $self->conf->{timeoutActivity} );
|
||||
my $now = time;
|
||||
if ( $id
|
||||
if (
|
||||
$id
|
||||
and defined $as->data->{_utime}
|
||||
and (
|
||||
( ( $now - $as->data->{_utime} ) > $self->conf->{timeout} )
|
||||
or ( $self->conf->{timeoutActivity}
|
||||
or (
|
||||
$self->conf->{timeoutActivity}
|
||||
and $as->data->{_lastSeen}
|
||||
and ( ( $now - $as->data->{_lastSeen} )
|
||||
> $self->conf->{timeoutActivity} )
|
||||
and ( ( $now - $as->data->{_lastSeen} ) >
|
||||
$self->conf->{timeoutActivity} )
|
||||
)
|
||||
)
|
||||
)
|
||||
|
|
@ -383,8 +394,8 @@ sub getPersistentSession {
|
|||
|
||||
$info->{_session_uid} = $uid;
|
||||
|
||||
my $ps = Lemonldap::NG::Common::Session->new(
|
||||
{ storageModule => $self->conf->{persistentStorage},
|
||||
my $ps = Lemonldap::NG::Common::Session->new( {
|
||||
storageModule => $self->conf->{persistentStorage},
|
||||
storageModuleOptions => $self->conf->{persistentStorageOptions},
|
||||
id => $pid,
|
||||
force => 1,
|
||||
|
|
@ -428,8 +439,7 @@ sub updatePersistentSession {
|
|||
|| $req->userData->{ $self->conf->{whatToTrace} };
|
||||
$self->logger->debug("Found 'whatToTrace' -> $uid");
|
||||
unless ($uid) {
|
||||
$self->logger->debug(
|
||||
'No uid found, skipping updatePersistentSession');
|
||||
$self->logger->debug('No uid found, skipping updatePersistentSession');
|
||||
return ();
|
||||
}
|
||||
$self->logger->debug("Update $uid persistent session");
|
||||
|
|
@ -471,14 +481,14 @@ sub updateSession {
|
|||
foreach ( keys %$infos ) {
|
||||
$self->logger->debug("Update sessionInfo $_");
|
||||
$self->_dump( $infos->{$_} );
|
||||
$req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_}
|
||||
= $infos->{$_};
|
||||
$req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_} =
|
||||
$infos->{$_};
|
||||
}
|
||||
|
||||
# Update session in global storage with _updateTime
|
||||
$infos->{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
|
||||
if ( my $apacheSession
|
||||
= $self->getApacheSession( $id, info => $infos ) )
|
||||
if ( my $apacheSession =
|
||||
$self->getApacheSession( $id, info => $infos ) )
|
||||
{
|
||||
if ( $apacheSession->error ) {
|
||||
$self->logger->error("Cannot update session $id");
|
||||
|
|
@ -561,8 +571,8 @@ sub isTrustedUrl {
|
|||
|
||||
sub stamp {
|
||||
my $self = shift;
|
||||
my $res
|
||||
= $self->conf->{cipher}
|
||||
my $res =
|
||||
$self->conf->{cipher}
|
||||
? $self->conf->{cipher}->encrypt( time() )
|
||||
: 1;
|
||||
$res =~ s/\+/%2B/g;
|
||||
|
|
@ -719,8 +729,8 @@ sub sendHtml {
|
|||
my ( $self, $req, $template, %args ) = @_;
|
||||
|
||||
$args{params}->{TROVER} = $self->trOver;
|
||||
$args{templateDir}
|
||||
= $self->conf->{templateDir} . '/' . $self->getSkin($req);
|
||||
$args{templateDir} =
|
||||
$self->conf->{templateDir} . '/' . $self->getSkin($req);
|
||||
my $tmpl = $args{templateDir} . "/$template.tpl";
|
||||
my $troverJson = $args{templateDir} . "/$template.json";
|
||||
unless ( -f $tmpl ) {
|
||||
|
|
@ -770,14 +780,13 @@ sub sendHtml {
|
|||
if ( defined $url ) {
|
||||
$self->logger->debug("Required Params URL : $url");
|
||||
if ( $url =~ s#(https?://[^/]+).*#$1# ) {
|
||||
$self->logger->debug(
|
||||
"Set CSP form-action with Params URL : $url");
|
||||
$self->logger->debug("Set CSP form-action with Params URL : $url");
|
||||
$csp .= " $url";
|
||||
}
|
||||
}
|
||||
if ( defined $req->{cspFormAction} ) {
|
||||
$self->logger->debug( "Set CSP form-action with request URL: "
|
||||
. $req->{cspFormAction} );
|
||||
$self->logger->debug(
|
||||
"Set CSP form-action with request URL: " . $req->{cspFormAction} );
|
||||
$csp .= " " . $req->{cspFormAction};
|
||||
}
|
||||
|
||||
|
|
@ -819,8 +828,8 @@ sub sendCss {
|
|||
my ( $self, $req ) = @_;
|
||||
my $s = '/* LL::NG Portal CSS */';
|
||||
if ( $self->conf->{portalSkinBackground} ) {
|
||||
$s
|
||||
.= 'html,body{background:url("'
|
||||
$s .=
|
||||
'html,body{background:url("'
|
||||
. $self->staticPrefix
|
||||
. '/common/backgrounds/'
|
||||
. $self->conf->{portalSkinBackground}
|
||||
|
|
@ -829,7 +838,8 @@ sub sendCss {
|
|||
}
|
||||
return [
|
||||
200,
|
||||
[ 'Content-Type' => 'text/css',
|
||||
[
|
||||
'Content-Type' => 'text/css',
|
||||
'Content-Length' => length($s),
|
||||
'Cache-Control' => 'public,max-age=3600',
|
||||
],
|
||||
|
|
@ -877,8 +887,8 @@ sub tplParams {
|
|||
$portalPath =~ s#[^/]+\.fcgi$##;
|
||||
|
||||
for my $session_key ( keys %{ $req->{sessionInfo} } ) {
|
||||
$templateParams{ "session_" . $session_key }
|
||||
= $req->{sessionInfo}->{$session_key};
|
||||
$templateParams{ "session_" . $session_key } =
|
||||
$req->{sessionInfo}->{$session_key};
|
||||
}
|
||||
|
||||
for my $env_key ( keys %{ $req->env } ) {
|
||||
|
|
@ -901,6 +911,36 @@ sub registerLogin {
|
|||
return
|
||||
unless ( $self->conf->{loginHistoryEnabled}
|
||||
and defined $req->authResult );
|
||||
|
||||
# Check old login history
|
||||
if ( $req->sessionInfo->{loginHistory} ) {
|
||||
|
||||
if ( !$req->sessionInfo->{_loginHistory} ) {
|
||||
$self->logger->debug("Restore old login history");
|
||||
|
||||
# Restore success login
|
||||
$req->sessionInfo->{_loginHistory}->{successLogin} =
|
||||
$req->sessionInfo->{loginHistory}->{successLogin};
|
||||
|
||||
# Restore failed login, with generic error
|
||||
if ( $req->sessionInfo->{loginHistory}->{failedLogin} ) {
|
||||
$self->logger->debug("Restore old failed logins");
|
||||
$req->sessionInfo->{_loginHistory}->{failedLogin} = [];
|
||||
foreach (
|
||||
@{ $req->sessionInfo->{loginHistory}->{failedLogin} } )
|
||||
{
|
||||
$self->logger->debug(
|
||||
"Replace old failed login error " . $_->{error} );
|
||||
$_->{error} = 5;
|
||||
push @{ $req->sessionInfo->{_loginHistory}->{failedLogin} },
|
||||
$_;
|
||||
}
|
||||
}
|
||||
}
|
||||
$self->updatePersistentSession( $req, { 'loginHistory' => undef } );
|
||||
delete $req->sessionInfo->{loginHistory};
|
||||
}
|
||||
|
||||
my $history = $req->sessionInfo->{_loginHistory} ||= {};
|
||||
my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
|
||||
$history->{$type} ||= [];
|
||||
|
|
@ -919,8 +959,7 @@ sub registerLogin {
|
|||
|
||||
# Forget oldest logins
|
||||
splice @{ $history->{$type} }, $self->conf->{ $type . "Number" }
|
||||
if (
|
||||
scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
|
||||
if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
|
||||
|
||||
# Save into persistent session
|
||||
$self->updatePersistentSession( $req, { _loginHistory => $history, } );
|
||||
|
|
@ -933,8 +972,8 @@ sub registerLogin {
|
|||
# @return hashref
|
||||
sub _sumUpSession {
|
||||
my ( $self, $session, $withoutUser ) = @_;
|
||||
my $res
|
||||
= $withoutUser
|
||||
my $res =
|
||||
$withoutUser
|
||||
? {}
|
||||
: { user => $session->{ $self->conf->{whatToTrace} } };
|
||||
$res->{$_} = $session->{$_}
|
||||
|
|
@ -947,8 +986,8 @@ sub _sumUpSession {
|
|||
sub loadTemplate {
|
||||
my ( $self, $name, %prm ) = @_;
|
||||
$name .= '.tpl';
|
||||
my $file
|
||||
= $self->conf->{templateDir} . '/'
|
||||
my $file =
|
||||
$self->conf->{templateDir} . '/'
|
||||
. $self->conf->{portalSkin} . '/'
|
||||
. $name;
|
||||
$file = $self->conf->{templateDir} . '/common/' . $name
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user