From 8a85dfe0c5a655ea3ca711816a6753d72b1ba88c Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Wed, 8 Mar 2017 19:37:31 +0000
Subject: [PATCH] StayConnected plugin ready (#1131)

TODO: stayconnected parameter in login.tpl, that's all !
---
 .../NG/Portal/Plugins/StayConnected.pm        | 94 ++++++++++++++-----
 .../site/templates/common/registerBrowser.tpl |  2 +-
 2 files changed, 74 insertions(+), 22 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm
index ddbc1a494..e7e77f257 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/StayConnected.pm
@@ -32,6 +32,14 @@ has ott => (
     }
 );
 
+# Default timeout: 1 month
+has timeout => (
+    is      => 'rw',
+    default => sub {
+        $_[0]->{conf}->{stayConnectedTimeout} || 2678400;
+    }
+);
+
 sub init {
     my ($self) = @_;
     $self->addAuthRoute( registerbrowser => 'storeBrowser', ['POST'] );
@@ -40,6 +48,8 @@ sub init {
 
 # RUNNING METHODS
 
+# Registration: detect if user wants to stay connected. Then ask for
+#               fingerprint
 sub newDevice {
     my ( $self, $req ) = @_;
 
@@ -49,15 +59,14 @@ sub newDevice {
                 name => $req->sessionInfo->{ $self->conf->{whatToTrace} }
             }
         );
-        print STDERR Data::Dumper::Dumper($token);
-        use Data::Dumper;
         $req->response(
             $self->p->sendHtml(
                 $req,
                 '../common/registerBrowser',
                 params => {
-                    URL   => $req->urldc,
-                    TOKEN => $token,
+                    URL    => $req->urldc,
+                    TOKEN  => $token,
+                    ACTION => '/registerbrowser',
                 }
             )
         );
@@ -66,6 +75,7 @@ sub newDevice {
     return PE_OK;
 }
 
+# Store datas in a long-time session
 sub storeBrowser {
     my ( $self, $req ) = @_;
     $req->urldc( $req->param('url') );
@@ -76,14 +86,16 @@ sub storeBrowser {
             if ( $tmp->{name} eq $uid ) {
                 if ( my $fg = $req->param('fg') ) {
                     my $ps = Lemonldap::NG::Common::Session->new(
-                        storageModule => $self->conf->{persistentStorage},
+                        storageModule => $self->conf->{globalStorage},
                         storageModuleOptions =>
-                          $self->conf->{persistentStorageOptions},
-                        kind => "Persistent",
+                          $self->conf->{globalStorageOptions},
+                        kind => "SSO",
                         info => {
+                            _utime          => time + $self->timeout,
                             _session_uid    => $uid,
                             _connectedSince => time,
                             dataKeep        => $req->datas->{dataToKeep},
+                            fingerprint     => $fg,
                         },
                     );
                     $req->addCookie(
@@ -115,27 +127,67 @@ sub storeBrowser {
     return $self->p->do( $req, [ sub { PE_OK } ] );
 }
 
+# Check for:
+#  - persistent connection cookie
+#  - valid session
+#  - uniq id is kept
+# Then delete authentication methods from "steps" array.
 sub check {
     my ( $self, $req ) = @_;
     if ( my $cid = $req->cookies->{llngconnexion} ) {
         my $ps = Lemonldap::NG::Common::Session->new(
-            storageModule        => $self->conf->{persistentStorage},
-            storageModuleOptions => $self->conf->{persistentStorageOptions},
-            kind                 => "Persistent",
+            storageModule        => $self->conf->{globalStorage},
+            storageModuleOptions => $self->conf->{globalStorageOptions},
+            kind                 => "SSO",
             id                   => $cid,
         );
-        # TODO: verify fingerprint
-        if ( $ps and my $uid = $ps->data->{uid} ) {
-            $req->user($uid);
-            if ( $ps->data->{dataKeep} ) {
-                $req->data( $ps->data->{dataKeep} ) :;
+        if ( $ps and my $uid = $ps->data->{_session_uid} ) {
+            $self->logger->debug('Persistent connection found');
+            if (    my $fg = $req->param('fg')
+                and my $token = $req->param('token') )
+            {
+                if ( my $prm = $self->ott->getToken($token) ) {
+                    for my $k ( keys %{ $prm->{dataKeep} || {} } ) {
+                        $self->logger->debug("Restore $k");
+                        $req->set_param( $k, $prm->{$k} );
+                    }
+                    $self->logger->debug('Persistent connection found');
+                    $req->user($uid);
+                    if ( $ps->data->{dataKeep} ) {
+                        $req->data( $ps->data->{dataKeep} );
+                    }
+                    my @steps =
+                      grep {
+                        !ref $_
+                          and $_ !~ /^(?:extractFormInfo|authenticate)$/
+                      } @{ $req->steps };
+                    $req->steps( \@steps );
+                    $self->userLogger->notice(
+                        "$uid connected by StayConnected cookie");
+                    return PE_OK;
+                }
+                else {
+                    $self->userLogger->notice(
+                        "StayConnected: expired token for $uid");
+                }
             }
-            my @steps =
-              grep { !ref $_ or $_ !~ /^(?:extractFormInfo|authenticate)$/ }
-              @{ $req->steps };
-            $req->steps( \@steps );
-            $self->userLogger->notice("$uid connected by StayConnected cookie");
-            return PE_OK;
+            else {
+                my $token = $self->ott->createToken( $req->parameters );
+                $req->response(
+                    $self->p->sendHtml(
+                        $req,
+                        '../common/registerBrowser',
+                        params => {
+                            TOKEN  => $token,
+                            ACTION => '#',
+                        }
+                    )
+                );
+                return PE_SENDRESPONSE;
+            }
+        }
+        else {
+            $self->userLogger->notice('Persistent connection expired');
         }
     }
     return PE_OK;
diff --git a/lemonldap-ng-portal/site/templates/common/registerBrowser.tpl b/lemonldap-ng-portal/site/templates/common/registerBrowser.tpl
index 687422da0..d68905e17 100644
--- a/lemonldap-ng-portal/site/templates/common/registerBrowser.tpl
+++ b/lemonldap-ng-portal/site/templates/common/registerBrowser.tpl
@@ -5,7 +5,7 @@
 </head>
 <body>
  <p>Please wait...</p>
- <form id="form" method="post" action="/registerbrowser">
+ <form id="form" method="post" action="<TMPL_VAR NAME="ACTION">">
   <input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
   <input type="hidden" name="url" value="<TMPL_VAR NAME="URL">" />
   <input type="hidden" name="fg" id="fg" value="" />