WIP - checkUser plugin skeleton (#1658)
This commit is contained in:
parent
ac5007fd96
commit
697882bd45
|
@ -28,6 +28,7 @@ sub defaultValues {
|
|||
'casAccessControlPolicy' => 'none',
|
||||
'casAuthnLevel' => 1,
|
||||
'checkTime' => 600,
|
||||
'checkUser' => 1,
|
||||
'checkXSS' => 1,
|
||||
'confirmFormMethod' => 'post',
|
||||
'cookieName' => 'lemonldap',
|
||||
|
|
|
@ -767,6 +767,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => 600,
|
||||
'type' => 'int'
|
||||
},
|
||||
'checkUser' => {
|
||||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'checkXSS' => {
|
||||
'default' => 1,
|
||||
'type' => 'bool'
|
||||
|
|
|
@ -578,6 +578,12 @@ sub attributes {
|
|||
documentation => 'Enable Cross Domain Authentication',
|
||||
flags => 'hp',
|
||||
},
|
||||
checkUser => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
documentation => 'Enable Check user',
|
||||
flags => 'p',
|
||||
},
|
||||
checkXSS => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
|
|
|
@ -25,6 +25,7 @@ our @pList = (
|
|||
autoSigninRules => '::Plugins::AutoSignin',
|
||||
checkState => '::Plugins::CheckState',
|
||||
portalForceAuthn => '::Plugins::ForceAuthn',
|
||||
checkUser => '::Plugins::CheckUser',
|
||||
);
|
||||
|
||||
##@method list enabledPlugins
|
||||
|
|
111
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
Normal file
111
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
Normal file
|
@ -0,0 +1,111 @@
|
|||
package Lemonldap::NG::Portal::Plugins::CheckUser;
|
||||
|
||||
use Data::Dumper;
|
||||
use strict;
|
||||
use Mouse;
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_CONFIRM
|
||||
PE_OK
|
||||
PE_TOKENEXPIRED
|
||||
PE_USERNOTFOUND
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.3';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
has ott => (
|
||||
is => 'rw',
|
||||
lazy => 1,
|
||||
default => sub {
|
||||
my $ott = $_[0]->{p}
|
||||
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
||||
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
||||
return $ott;
|
||||
}
|
||||
);
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
$self->addAuthRoute( checkuser => 'check', [ 'GET', 'POST' ] );
|
||||
return 1;
|
||||
}
|
||||
|
||||
# RUNNING METHOD
|
||||
|
||||
sub check {
|
||||
my ( $self, $req ) = @_;
|
||||
my $hdrs = my $attrs = {};
|
||||
my $auth = 0;
|
||||
my $msg = 'checkUser';
|
||||
|
||||
## Check user attributes
|
||||
# Use submitted attribute if exists
|
||||
$req->{user} = $req->param('user') if ( $req->param('user') );
|
||||
$attrs = $self->_attributes($req);
|
||||
|
||||
if ( $req->error ) {
|
||||
$msg = 'PE' . $req->{error};
|
||||
$attrs = {};
|
||||
}
|
||||
|
||||
# Check if user is allowed to access submitted URL and compute headers
|
||||
if ( $req->param('url') ) {
|
||||
|
||||
# Return VirtualHost headers
|
||||
$hdrs = $self->_headers($req);
|
||||
|
||||
# User is allowed ?
|
||||
$auth = $self->_authorized($req);
|
||||
}
|
||||
|
||||
# Display form
|
||||
return $self->p->sendHtml(
|
||||
$req,
|
||||
'checkuser',
|
||||
params => {
|
||||
MAIN_LOGO => $self->conf->{portalMainLogo},
|
||||
LANGS => $self->conf->{showLanguages},
|
||||
MSG => $msg,
|
||||
HEADERS => %$hdrs,
|
||||
ATTRIBUTES => %$attrs,
|
||||
ALLOWED => $auth,
|
||||
PORTAL => $self->conf->{portal},
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
sub _attributes {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
# Search user in database
|
||||
$req->steps(
|
||||
[ 'getUser', 'setSessionInfo',
|
||||
'setMacros', 'setGroups',
|
||||
'setPersistentSessionInfo', 'setLocalGroups'
|
||||
]
|
||||
);
|
||||
if ( my $error = $self->p->process($req) ) {
|
||||
if ( $error == PE_USERNOTFOUND ) {
|
||||
$self->userLogger->warn( "Check asked for an unvalid user ("
|
||||
. $req->param('user')
|
||||
. ")" );
|
||||
}
|
||||
return $req->error($error);
|
||||
}
|
||||
return $req->{sessionInfo};
|
||||
}
|
||||
|
||||
sub _headers {
|
||||
my ( $self, $req ) = @_;
|
||||
return {};
|
||||
}
|
||||
|
||||
sub _authorized {
|
||||
my ( $self, $req ) = @_;
|
||||
return 1;
|
||||
}
|
||||
|
||||
1;
|
36
lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl
Normal file
36
lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl
Normal file
|
@ -0,0 +1,36 @@
|
|||
<TMPL_INCLUDE NAME="header.tpl">
|
||||
|
||||
<div id="errorcontent" class="container">
|
||||
<div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="MSG">"></span></div>
|
||||
|
||||
<form id="checkuser" action="/checkuser" method="post" class="password" role="form">
|
||||
<!--
|
||||
<input type="hidden" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">">
|
||||
<input type="hidden" name="url" value="<TMPL_VAR NAME="URL">">
|
||||
-->
|
||||
<div class="input-group mb-3">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-user"></i> </span>
|
||||
</div>
|
||||
<input name="user" type="text" class="form-control" value="<TMPL_VAR NAME="LOGIN">" trplaceholder="user" aria-required="true"/>
|
||||
</div>
|
||||
<div class="input-group mb-3">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-link"></i> </span>
|
||||
</div>
|
||||
<input name="url" type="text" class="form-control" trplaceholder="URL" aria-required="true"/>
|
||||
</div>
|
||||
<div class="buttons">
|
||||
<button type="submit" class="btn btn-success">
|
||||
<span class="fa fa-sign-in"></span>
|
||||
<span trspan="checkUser">Check user</span>
|
||||
</button>
|
||||
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
|
||||
<span class="fa fa-home"></span>
|
||||
<span trspan="goToPortal">Go to portal</span>
|
||||
</a>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
<TMPL_INCLUDE NAME="footer.tpl">
|
Loading…
Reference in New Issue
Block a user