diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Captcha.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Captcha.pm
index 63e4226c4..2b262d295 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Captcha.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Captcha.pm
@@ -72,12 +72,10 @@ sub saveSession {
id => $self->md5,
force => 1,
kind => "Captcha",
+ info =>
+ { _utime => time, code => $self->code, image => $self->image }
}
);
-
- $session->update(
- { _utime => time, code => $self->code, image => $self->image } );
-
}
sub getSession {
diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm
index 1e00cb285..64cb00504 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm
@@ -64,8 +64,10 @@ has 'error' => (
isa => 'Str|Undef',
);
+has info => ( is => 'rw' );
+
sub BUILD {
- my $self = shift;
+ my ($self) = @_;
# Load Apache::Session module
unless ( $self->storageModule->can('populate') ) {
@@ -107,6 +109,14 @@ sub BUILD {
$data->{_session_kind} = $self->kind;
}
+ if ( $self->{info} ) {
+ foreach ( keys %{ $self->{info} } ) {
+ $data->{$_} = $self->{info}->{$_}
+ if ( defined $self->{info}->{$_} );
+ }
+ delete $self->{info};
+ }
+
# Load session data into object
if ($data) {
$self->_save_data($data);
@@ -118,8 +128,8 @@ sub BUILD {
}
sub _tie_session {
- my $self = shift;
- my $options = shift || {};
+ my $self = $_[0];
+ my $options = $_[1] || {};
my %h;
@@ -154,9 +164,7 @@ sub _save_data {
}
sub update {
- my $self = shift;
- my $infos = shift;
- my $tieOptions = shift;
+ my ( $self, $infos, $tieOptions ) = @_;
unless ( ref $infos eq "HASH" ) {
$self->error("You need to provide a HASHREF");
@@ -186,8 +194,7 @@ sub update {
}
sub remove {
- my $self = shift;
- my $tieOptions = shift;
+ my ( $self, $tieOptions ) = @_;
my $data = $self->_tie_session($tieOptions);
diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
index b9e970e73..4405042d3 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
@@ -84,7 +84,7 @@ sub session {
}
sub getApacheSession {
- my ( $self, $mod, $id ) = @_;
+ my ( $self, $mod, $id, $info ) = @_;
my $apacheSession = Lemonldap::NG::Common::Session->new(
{
storageModule => $mod->{module},
@@ -95,6 +95,7 @@ sub getApacheSession {
Lemonldap::NG::Handler::PSGI::Main->tsv->{sessionCacheOptions},
id => $id,
kind => $mod->{kind},
+ ( $info ? ( info => $info ) : () ),
}
);
if ( $apacheSession->error ) {
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
index ffa38be3e..5c8075829 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
@@ -979,10 +979,6 @@ sub extractFormInfo {
# Keep initial SAML request data in memory in case of proxing
if ( $req->datas->{_proxiedSamlRequest} ) {
- my $samlSessionInfo = $self->getSamlSession();
-
- return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
-
my $infos;
$infos->{type} = 'proxy';
@@ -993,7 +989,9 @@ sub extractFormInfo {
$infos->{Artifact} = $req->datas->{_proxiedArtifact};
$infos->{ProxyID} = $samlID;
- $samlSessionInfo->update($infos);
+ my $samlSessionInfo = $self->getSamlSession(undef, $infos);
+
+ return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
$self->logger->debug(
"Keep initial SAML request data in memory for ID $samlID");
@@ -1182,10 +1180,6 @@ sub authFinish {
. $nameid->dump
. " and SessionIndex $session_index for session $id" );
- # Save SAML session
- my $samlSessionInfo = $self->getSamlSession();
-
- return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
my $infos;
$infos->{type} = 'saml'; # Session type
@@ -1194,7 +1188,10 @@ sub authFinish {
$infos->{_nameID} = $nameid->dump; # SAML NameID
$infos->{_sessionIndex} = $session_index; # SAML SessionIndex
- $samlSessionInfo->update($infos);
+ # Save SAML session
+ my $samlSessionInfo = $self->getSamlSession(undef, $infos);
+
+ return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
my $session_id = $samlSessionInfo->id;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
index 32993422f..33dcebc24 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@@ -157,13 +157,6 @@ sub run {
$self->logger->debug(
"Create a CAS service ticket for service $service");
- my $casServiceSession = $self->getCasSession();
-
- unless ($casServiceSession) {
- $self->logger->error("Unable to create CAS session");
- return PE_ERROR;
- }
-
my $Sinfos;
$Sinfos->{type} = 'casService';
$Sinfos->{service} = $service;
@@ -171,7 +164,12 @@ sub run {
$Sinfos->{_cas_id} = $session_id;
$Sinfos->{_utime} = $time;
- $casServiceSession->update($Sinfos);
+ my $casServiceSession = $self->getCasSession( undef, $Sinfos );
+
+ unless ($casServiceSession) {
+ $self->logger->error("Unable to create CAS session");
+ return PE_ERROR;
+ }
my $casServiceSessionID = $casServiceSession->id;
$casServiceTicket = "ST-" . $casServiceSessionID;
@@ -524,30 +522,28 @@ sub _validate2 {
$self->logger->debug(
"Create a CAS proxy granting ticket for service $service");
- my $casProxyGrantingSession = $self->getCasSession();
+ my $PGinfos;
+
+ # PGT session
+ $PGinfos->{type} = 'casProxyGranting';
+ $PGinfos->{service} = $service;
+ $PGinfos->{_cas_id} = $casServiceSession->data->{_cas_id};
+ $PGinfos->{_utime} = $casServiceSession->data->{_utime};
+
+ # Trace proxies
+ $PGinfos->{proxies} = (
+ $proxies
+ ? $proxies . $self->{multiValuesSeparator} . $pgtUrl
+ : $pgtUrl
+ );
+
+ my $casProxyGrantingSession = $self->getCasSession( undef, $PGinfos );
if ($casProxyGrantingSession) {
- my $PGinfos;
-
- # PGT session
- $PGinfos->{type} = 'casProxyGranting';
- $PGinfos->{service} = $service;
- $PGinfos->{_cas_id} = $casServiceSession->data->{_cas_id};
- $PGinfos->{_utime} = $casServiceSession->data->{_utime};
-
- # Trace proxies
- $PGinfos->{proxies} = (
- $proxies
- ? $proxies . $self->{multiValuesSeparator} . $pgtUrl
- : $pgtUrl
- );
-
my $casProxyGrantingSessionID = $casProxyGrantingSession->id;
my $casProxyGrantingTicket = "PGT-" . $casProxyGrantingSessionID;
- $casProxyGrantingSession->update($PGinfos);
-
$self->logger->debug(
"CAS proxy granting session $casProxyGrantingSessionID created"
);
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
index 84cf73c0e..f5d7c9d65 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
@@ -504,14 +504,8 @@ qq'
The application $display_name would li
# Authorization Code Flow
if ( $flow eq "authorizationcode" ) {
- # Generate code
- my $codeSession = $self->getOpenIDConnectSession();
- my $code = $codeSession->id();
-
- $self->logger->debug("Generated code: $code");
-
# Store data in session
- $codeSession->update(
+ my $codeSession = $self->getOpenIDConnectSession(undef,
{
redirect_uri => $oidc_request->{'redirect_uri'},
scope => $oidc_request->{'scope'},
@@ -521,6 +515,11 @@ qq'The application $display_name would li
}
);
+ # Generate code
+ my $code = $codeSession->id();
+
+ $self->logger->debug("Generated code: $code");
+
# Build Response
my $response_url = $self->buildAuthorizationCodeAuthnResponse(
$oidc_request->{'redirect_uri'},
@@ -542,8 +541,16 @@ qq'The application $display_name would li
if ( $response_type =~ /\btoken\b/ ) {
+ # Store data in access token
# Generate access_token
- my $accessTokenSession = $self->getOpenIDConnectSession;
+ my $accessTokenSession = $self->getOpenIDConnectSession(undef,
+ {
+ scope => $oidc_request->{'scope'},
+ rp => $rp,
+ user_session_id => $req->id,
+ _utime => time,
+ }
+ );
unless ($accessTokenSession) {
$self->logger->error(
@@ -554,16 +561,6 @@ qq'The application $display_name would li
$oidc_request->{'state'}, 1 );
}
- # Store data in access token
- $accessTokenSession->update(
- {
- scope => $oidc_request->{'scope'},
- rp => $rp,
- user_session_id => $req->id,
- _utime => time,
- }
- );
-
$access_token = $accessTokenSession->id;
$self->logger->debug(
@@ -656,14 +653,8 @@ qq'The application $display_name would li
->{oidcRPMetaDataOptionsIDTokenSignAlg};
my ($hash_level) = ( $alg =~ /(?:\w{2})(\d{3})/ );
- # Generate code
- my $codeSession = $self->getOpenIDConnectSession();
- my $code = $codeSession->id();
-
- $self->logger->debug("Generated code: $code");
-
# Store data in session
- $codeSession->update(
+ my $codeSession = $self->getOpenIDConnectSession(undef,
{
redirect_uri => $oidc_request->{'redirect_uri'},
scope => $oidc_request->{'scope'},
@@ -673,13 +664,25 @@ qq'The application $display_name would li
}
);
+ # Generate code
+ my $code = $codeSession->id();
+
+ $self->logger->debug("Generated code: $code");
+
# Compute hash to store in c_hash
$c_hash = $self->createHash( $code, $hash_level );
if ( $response_type =~ /\btoken\b/ ) {
# Generate access_token
- my $accessTokenSession = $self->getOpenIDConnectSession;
+ my $accessTokenSession = $self->getOpenIDConnectSession(undef,
+ {
+ scope => $oidc_request->{'scope'},
+ rp => $rp,
+ user_session_id => $req->id,
+ _utime => time,
+ }
+ );
unless ($accessTokenSession) {
$self->logger->error(
@@ -690,16 +693,6 @@ qq'The application $display_name would li
$oidc_request->{'state'}, 1 );
}
- # Store data in access token
- $accessTokenSession->update(
- {
- scope => $oidc_request->{'scope'},
- rp => $rp,
- user_session_id => $req->id,
- _utime => time,
- }
- );
-
$access_token = $accessTokenSession->id;
$self->logger->debug(
@@ -902,17 +895,7 @@ sub token {
$self->logger->debug("Found corresponding user: $user_id");
# Generate access_token
- my $accessTokenSession = $self->getOpenIDConnectSession;
-
- unless ($accessTokenSession) {
- $self->userLogger->error(
- "Unable to create OIDC session for access_token");
- $codeSession->remove();
- $self->p->sendError( $req, "invalid_request", 400 );
- }
-
- # Store data in access token
- $accessTokenSession->update(
+ my $accessTokenSession = $self->getOpenIDConnectSession(undef,
{
scope => $codeSession->data->{scope},
rp => $rp,
@@ -921,6 +904,13 @@ sub token {
}
);
+ unless ($accessTokenSession) {
+ $self->userLogger->error(
+ "Unable to create OIDC session for access_token");
+ $codeSession->remove();
+ $self->p->sendError( $req, "invalid_request", 400 );
+ }
+
my $access_token = $accessTokenSession->id;
$self->logger->debug("Generated access token: $access_token");
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
index 2629c20d3..6d46b7374 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm
@@ -415,23 +415,23 @@ sub run {
# Force authentication if flag is on, or previous flag still active
if ($force_authn) {
-
- # Store flag for further requests
- $forceAuthnSessionInfo =
- $self->getSamlSession($forceAuthn_session);
- $forceAuthnSessionInfo->update( { $spConfKey => 1 } );
+ my $info = { $spConfKey => 1 };
unless ($forceAuthn_session) {
my $forceInfos;
- $forceInfos->{'_type'} = "forceAuthn";
- $forceInfos->{'_saml_id'} = $session_id;
- $forceInfos->{'_utime'} = $time;
- $forceAuthnSessionInfo->update($forceInfos);
- $forceAuthn_session = $forceAuthnSessionInfo->id;
+ $info->{'_type'} = "forceAuthn";
+ $info->{'_saml_id'} = $session_id;
+ $info->{'_utime'} = $time;
$self->logger->debug(
"Create ForceAuthn session $forceAuthn_session");
}
+ # Store flag for further requests
+ $forceAuthnSessionInfo =
+ $self->getSamlSession( $forceAuthn_session, $info );
+ $forceAuthn_session = $forceAuthnSessionInfo->id
+ unless ($forceAuthn_session);
+
$self->logger->debug(
"Set ForceAuthn flag for SP $spConfKey in ForceAuthn session $forceAuthn_session"
);
@@ -454,8 +454,8 @@ sub run {
# Else remove flag
$forceAuthnSessionInfo =
- $self->getSamlSession($forceAuthn_session);
- $forceAuthnSessionInfo->update( { $spConfKey => 0 } );
+ $self->getSamlSession( $forceAuthn_session,
+ { $spConfKey => 0 } );
$self->logger->debug(
"Unset ForceAuthn flag for SP $spConfKey in ForceAuthn session $forceAuthn_session"
@@ -849,10 +849,6 @@ sub run {
. $nameid->dump
. " and SessionIndex $sessionIndex for session $session_id" );
- my $samlSessionInfo = $self->getSamlSession();
-
- return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
-
my $infos;
$infos->{type} = 'saml'; # Session type
@@ -861,7 +857,9 @@ sub run {
$infos->{_nameID} = $nameid->dump; # SAML NameID
$infos->{_sessionIndex} = $sessionIndex; # SAML SessionIndex
- $samlSessionInfo->update($infos);
+ my $samlSessionInfo = $self->getSamlSession( undef, $infos );
+
+ return PE_SAML_SESSION_ERROR unless $samlSessionInfo;
my $saml_session_id = $samlSessionInfo->id;
@@ -1333,10 +1331,10 @@ sub sloRelaySoap {
}
# Store success status for this SLO request
- my $sloStatusSessionInfos = $self->getSamlSession($relayState);
+ my $sloStatusSessionInfos =
+ $self->getSamlSession( $relayState, { $spConfKey => 1 } );
if ($sloStatusSessionInfos) {
- $sloStatusSessionInfos->update( { $spConfKey => 1 } );
$self->logger->debug(
"Store SLO status for $spConfKey in session $relayState");
}
@@ -1530,9 +1528,6 @@ sub sloServer {
$self->logger->debug("Set $relaystate in RelayState");
}
- # Create SLO status session and get ID
- my $sloStatusSessionInfo = $self->getSamlSession();
-
my $sloInfos;
$sloInfos->{type} = 'sloStatus';
$sloInfos->{_utime} = time;
@@ -1540,7 +1535,9 @@ sub sloServer {
$sloInfos->{_session} =
$logout->get_session() ? $logout->get_session()->dump : "";
$sloInfos->{_method} = $method;
- $sloStatusSessionInfo->update($sloInfos);
+
+ # Create SLO status session and get ID
+ my $sloStatusSessionInfo = $self->getSamlSession( undef, $sloInfos );
my $relayID = $sloStatusSessionInfo->id;
# Prepare logout on all others SP
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
index 265d73bd2..26d240b13 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
@@ -31,7 +31,7 @@ sub sendSoapResponse {
# Try to recover the CAS session corresponding to id and return session datas
# If id is set to undef, return a new session
sub getCasSession {
- my ( $self, $id ) = @_;
+ my ( $self, $id, $info ) = @_;
my $casSession = Lemonldap::NG::Common::Session->new(
{
@@ -41,6 +41,7 @@ sub getCasSession {
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
id => $id,
kind => "CAS",
+ ( $info ? ( info => $info ) : () ),
}
);
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm
index dedec622f..811bc9020 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm
@@ -15,9 +15,6 @@ has timeout => (
sub createToken {
my ( $self, $infos ) = @_;
- # Create a new session
- my $tsession = $self->p->getApacheSession();
-
# Set _utime for session autoremove
# Use default session timeout and register session timeout to compute it
my $time = time();
@@ -34,8 +31,8 @@ sub createToken {
# Store type
$infos->{_type} ||= "token";
- # Update session
- $tsession->update($infos);
+ # Create a new session
+ my $tsession = $self->p->getApacheSession( undef, info => $infos );
return $tsession->id;
}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
index 27687af22..450faefa1 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
@@ -258,8 +258,7 @@ sub buildAuthorizationCodeAuthnRequest {
my $nonce;
if ($use_nonce) {
- my $nonceSession = $self->getOpenIDConnectSession();
- $nonceSession->update( { '_utime' => time } );
+ my $nonceSession = $self->getOpenIDConnectSession( undef, { '_utime' => time });
$nonce = $nonceSession->id;
}
@@ -631,7 +630,7 @@ sub decodeJSON {
# If id is set to undef, return a new session
# @return Lemonldap::NG::Common::Session object
sub getOpenIDConnectSession {
- my ( $self, $id ) = @_;
+ my ( $self, $id, $info ) = @_;
my $oidcSession = Lemonldap::NG::Common::Session->new(
{
@@ -641,6 +640,7 @@ sub getOpenIDConnectSession {
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
id => $id,
kind => "OpenIDConnect",
+ ($info ? (info => $info):()),
}
);
@@ -673,10 +673,6 @@ sub storeState {
}
return unless ($infos);
- # Create state session
- my $stateSession = $self->getOpenIDConnectSession();
-
- return unless $stateSession;
# Session type
$infos->{_type} = "state";
@@ -689,8 +685,9 @@ sub storeState {
$infos->{_utime} = $time + ( $stateTimeout - $timeout );
- # Store infos in state session
- $stateSession->update($infos);
+ # Create state session and store infos
+ my $stateSession = $self->getOpenIDConnectSession( undef, $infos);
+ return unless $stateSession;
# Return session ID
return $stateSession->id;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
index be7ddf431..ea8a6f62e 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@@ -1101,11 +1101,6 @@ sub storeRelayState {
}
return unless ($infos);
- # Create relaystate session
- my $samlSessionInfo = $self->getSamlSession();
-
- return unless $samlSessionInfo;
-
# Session type
$infos->{_type} = "relaystate";
@@ -1118,8 +1113,9 @@ sub storeRelayState {
$infos->{_utime} = $time + ( $samlRelayStateTimeout - $timeout );
- # Store infos in relaystate session
- $samlSessionInfo->update($infos);
+ # Create relaystate session and store infos in relaystate session
+ my $samlSessionInfo = $self->getSamlSession( undef, $infos )
+ or return undef;
# Session ID
my $relaystate_id = $samlSessionInfo->id;
@@ -1567,22 +1563,18 @@ sub buildLogoutResponseMsg {
# @return result
sub storeReplayProtection {
my ( $self, $samlID, $samlData ) = @_;
-
- my $samlSessionInfo = $self->getSamlSession();
-
- return 0 unless $samlSessionInfo;
-
- my $infos;
-
- $infos->{type} = 'assertion'; # Session type
- $infos->{_utime} = time(); # Creation time
- $infos->{_assert_id} = $samlID;
+ my $infos = {
+ type => 'assertion', # Session type
+ _utime => time(), # Creation time
+ _assert_id => $samlID,
+ };
if ( defined $samlData && $samlData ) {
$infos->{data} = $samlData;
}
- $samlSessionInfo->update($infos);
+ my $samlSessionInfo = $self->getSamlSession( undef, $infos );
+ return 0 unless $samlSessionInfo;
my $session_id = $samlSessionInfo->id;
@@ -1700,19 +1692,16 @@ sub resolveArtifact {
sub storeArtifact {
my ( $self, $id, $message, $session_id ) = @_;
- my $samlSessionInfo = $self->getSamlSession();
-
- return 0 unless $samlSessionInfo;
-
- my $infos;
-
- $infos->{type} = 'artifact'; # Session type
- $infos->{_utime} = time(); # Creation time
- $infos->{_art_id} = $id;
- $infos->{message} = $message;
+ my $infos = {
+ type => 'artifact', # Session type
+ _utime => time(), # Creation time
+ _art_id => $id,
+ message => $message,
+ };
$infos->{_saml_id} = $session_id if $session_id;
- $samlSessionInfo->update($infos);
+ my $samlSessionInfo = $self->getSamlSession( undef, $infos ) or return 0;
+ return 0 unless $samlSessionInfo;
my $art_session_id = $samlSessionInfo->id;
@@ -2491,9 +2480,6 @@ sub sendLogoutRequestToProvider {
$self->logger->debug("Build POST relay logout request to $providerID");
- # Create a new relay session
- my $relayInfos = $self->getSamlSession();
-
my $infos;
# Store infos
@@ -2503,7 +2489,8 @@ sub sendLogoutRequestToProvider {
$infos->{body} = $logout->msg_body;
$infos->{relayState} = $logout->msg_relayState;
- $relayInfos->update($infos);
+ # Create a new relay session
+ my $relayInfos = $self->getSamlSession( undef, $infos );
my $relayID = $relayInfos->id;
@@ -2528,9 +2515,6 @@ sub sendLogoutRequestToProvider {
$self->logger->debug(
"Build SOAP relay logout request for $providerID");
- # Create a new relay session
- my $relayInfos = $self->getSamlSession();
-
my $infos;
$infos->{type} = 'relay';
$infos->{_utime} = time;
@@ -2541,7 +2525,8 @@ sub sendLogoutRequestToProvider {
$infos->{_providerID} = $providerID;
$infos->{_relayState} = $logout->msg_relayState;
- $relayInfos->update($infos);
+ # Create a new relay session
+ my $relayInfos = $self->getSamlSession( undef, $infos );
my $relayID = $relayInfos->id;
@@ -2756,7 +2741,7 @@ sub checkDestination {
# @param id session reference
# @return Lemonldap::NG::Common::Session object
sub getSamlSession {
- my ( $self, $id ) = @_;
+ my ( $self, $id, $info ) = @_;
my $samlSession = Lemonldap::NG::Common::Session->new(
{
@@ -2766,6 +2751,7 @@ sub getSamlSession {
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
id => $id,
kind => "SAML",
+ ( $info ? ( info => $info ) : () ),
}
);
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
index 9cea41c55..12182e1fb 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
@@ -398,22 +398,15 @@ sub store {
# Create second session for unsecure cookie
if ( $self->conf->{securedCookie} == 2 ) {
- my $session2 = $self->getApacheSession(undef);
my %infos = %{ $req->{sessionInfo} };
$infos{_httpSessionType} = 1;
- $session2->update( \%infos );
+ my $session2 = $self->getApacheSession( undef, info => \%infos );
$req->{sessionInfo}->{_httpSession} = $session2->id;
}
- # Main session
- my $session =
- $self->getApacheSession( $req->{id}, force => $req->{force} );
- return PE_APACHESESSIONERROR unless ($session);
- $req->id( $session->{id} );
-
# Compute unsecure cookie value if needed
if ( $self->conf->{securedCookie} == 3 ) {
$req->{sessionInfo}->{_httpSession} =
@@ -434,7 +427,15 @@ sub store {
$self->_dump($displayValue) if ref($displayValue);
$infos->{$k} = $req->{sessionInfo}->{$k};
}
- $session->update($infos);
+
+ # Main session
+ my $session = $self->getApacheSession(
+ $req->{id},
+ force => $req->{force},
+ info => $infos
+ );
+ return PE_APACHESESSIONERROR unless ($session);
+ $req->id( $session->{id} );
PE_OK;
}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 5fb37d1d3..1969c3806 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -294,12 +294,19 @@ sub getApacheSession {
id => $id,
force => $args{force},
kind => $args{kind},
+ ( $args{info} ? ( info => $args{info} ) : () ),
}
);
if ( my $err = $as->error ) {
- $self->lmLog( $err,
- ( $err =~ /(?:Object does not exist|Invalid session ID)/ ? 'notice' : 'error' ) );
+ $self->lmLog(
+ $err,
+ (
+ $err =~ /(?:Object does not exist|Invalid session ID)/
+ ? 'notice'
+ : 'error'
+ )
+ );
return;
}
@@ -332,7 +339,7 @@ sub getApacheSession {
# Try to recover the persistent session corresponding to uid and return session datas.
sub getPersistentSession {
- my ( $self, $uid ) = @_;
+ my ( $self, $uid, $info ) = @_;
return unless defined $uid;
@@ -346,6 +353,7 @@ sub getPersistentSession {
id => $pid,
force => 1,
kind => "Persistent",
+ ( $info ? ( info => $info ) : () ),
}
);
@@ -390,9 +398,7 @@ sub updatePersistentSession {
# Update current session
$self->updateSession( $req, $infos, $id );
- my $persistentSession = $self->getPersistentSession($uid);
-
- $persistentSession->update($infos);
+ my $persistentSession = $self->getPersistentSession( $uid, $infos );
if ( $persistentSession->error ) {
$self->logger->error(
@@ -429,15 +435,11 @@ sub updateSession {
$req->{sessionInfo}->{$_} = $infos->{$_};
}
- # Update session in global storage
- if ( my $apacheSession = $self->getApacheSession($id) ) {
-
- # Store updateTime
- $infos->{updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
-
- # Store/update session values
- $apacheSession->update($infos);
-
+ # Update session in global storage with updateTime
+ $infos->{updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
+ if ( my $apacheSession =
+ $self->getApacheSession( $id, info => $infos ) )
+ {
if ( $apacheSession->error ) {
$self->logger->error("Cannot update session $id");
$self->logger->error( $apacheSession->error );
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailReset.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailReset.pm
index 9b5c220ee..5e2771486 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailReset.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailReset.pm
@@ -202,8 +202,6 @@ sub _reset {
my $infos = {};
- $mailSession = $self->p->getApacheSession();
-
# Set _utime for session autoremove
# Use default session timeout and mail session timeout to compute it
my $time = time();
@@ -229,8 +227,9 @@ sub _reset {
# Store type
$infos->{_type} = "mail";
- # Update session
- $mailSession->update($infos);
+ # create session
+ $mailSession = $self->p->getApacheSession(undef,info=>$infos);
+
$req->id( $mailSession->id );
}
elsif ($mailSession) {
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
index 3960122b1..2b1874c9b 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
@@ -146,12 +146,10 @@ sub newSession {
or return $self->p->sendError( $req, undef, 400 );
$infos->{_utime} = time();
- my $session = $self->getApacheSession($mod);
+ my $session = $self->getApacheSession($mod, undef, $infos);
return $self->p->sendError( $req, 'Unable to create session', 500 )
unless ($session);
- $session->update($infos);
-
$self->logger->debug(
"SOAP request create a new session (" . $session->id . ")" );
@@ -161,21 +159,19 @@ sub newSession {
sub updateSession {
my ( $self, $req, $id ) = @_;
+ $self->logger->debug("REST request to update session $id");
my $mod = $self->getMod($req)
or return $self->p->sendError( $req, undef, 400 );
return $self->p->sendError( $req, 'ID is required', 400 ) unless ($id);
- # Get session
- my $session = $self->getApacheSession( $mod, $id )
- or return $self->p->sendError( $req, 'Session id does not exists', 400 );
-
# Get new info
my $infos = $req->jsonBodyToObj
or return $self->p->sendError( $req, undef, 400 );
- # Store them
- $self->logger->debug("REST request to update session $id");
- $session->update($infos);
+ # Get session and store info
+ my $session = $self->getApacheSession( $mod, $id, $infos )
+ or return $self->p->sendError( $req, 'Session id does not exists', 400 );
+
return $self->p->sendJSONresponse( $req, { result => 1 } );
}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
index c68635383..c352424ed 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
@@ -243,7 +243,10 @@ sub setAttributes {
my ( $self, $req, $id, $args ) = @_;
die 'id is required' unless ($id);
- my $session = $self->p->getApacheSession($id);
+ my $infos = {};
+ %$infos = %$args;
+
+ my $session = $self->p->getApacheSession($id, info => $infos);
unless ($session) {
$self->logger->warn("Session $id does not exists ($@)");
@@ -252,11 +255,6 @@ sub setAttributes {
$self->logger->debug("SOAP request to update session $id");
- my $infos = {};
- %$infos = %$args;
-
- $session->update($infos);
-
return 1;
}
@@ -285,19 +283,17 @@ sub lastCfg {
sub newSession {
my ( $self, $req, $args ) = @_;
- my $session = $self->p->getApacheSession();
-
- unless ($session) {
- $self->logger->error("Unable to create session");
- return 0;
- }
-
$args ||= {};
my $infos = {};
%$infos = %$args;
$infos->{_utime} = time();
- $session->update($infos);
+ my $session = $self->p->getApacheSession(undef, info => $infos);
+
+ unless ($session) {
+ $self->logger->error("Unable to create session");
+ return 0;
+ }
$self->logger->debug(
"SOAP request create a new session (" . $session->id . ")" );