Use new Session module in CAS Issuer (#671)
This commit is contained in:
Clément Oudot
parent
76c1ba75b9
commit
929c704343
|
|
@ -129,7 +129,7 @@ sub issuerForUnAuthUser {
|
|||
|
||||
my $casServiceSession = $self->getCasSession($ticket);
|
||||
|
||||
unless ($casServiceSession) {
|
||||
unless ( $casServiceSession->data ) {
|
||||
$self->lmLog( "Service ticket session $ticket not found", 'error' );
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
|
|
@ -137,13 +137,12 @@ sub issuerForUnAuthUser {
|
|||
$self->lmLog( "Service ticket session $ticket found", 'debug' );
|
||||
|
||||
# Check service
|
||||
unless ( $service eq $casServiceSession->{service} ) {
|
||||
unless ( $service eq $casServiceSession->data->{service} ) {
|
||||
$self->lmLog(
|
||||
"Submitted service $service does not match initial service "
|
||||
. $casServiceSession->{service},
|
||||
. $casServiceSession->data->{service},
|
||||
'error'
|
||||
);
|
||||
untie %$casServiceSession;
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
|
||||
|
|
@ -156,23 +155,24 @@ sub issuerForUnAuthUser {
|
|||
# We should check the ST was delivered with primary credentials
|
||||
$self->lmLog( "Renew flag detected ", 'debug' );
|
||||
|
||||
unless ( $casServiceSession->{renew} ) {
|
||||
unless ( $casServiceSession->data->{renew} ) {
|
||||
$self->lmLog(
|
||||
"Authentication renew requested, but not done in former authentication process",
|
||||
'error'
|
||||
);
|
||||
untie %$casServiceSession;
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
}
|
||||
|
||||
# Open local session
|
||||
my $localSession =
|
||||
$self->getApacheSession( $casServiceSession->{_cas_id}, 1 );
|
||||
$self->getApacheSession( $casServiceSession->data->{_cas_id}, 1 );
|
||||
|
||||
unless ( $localSession->data ) {
|
||||
$self->lmLog(
|
||||
"Local session " . $casServiceSession->{_cas_id} . " notfound",
|
||||
"Local session "
|
||||
. $casServiceSession->data->{_cas_id}
|
||||
. " notfound",
|
||||
'error'
|
||||
);
|
||||
$self->returnCasValidateError();
|
||||
|
|
@ -184,9 +184,6 @@ sub issuerForUnAuthUser {
|
|||
|
||||
$self->lmLog( "Get username $username", 'debug' );
|
||||
|
||||
# Close sessions
|
||||
untie %$casServiceSession;
|
||||
|
||||
# Return success message
|
||||
$self->returnCasValidateSuccess($username);
|
||||
|
||||
|
|
@ -249,7 +246,7 @@ sub issuerForUnAuthUser {
|
|||
|
||||
my $casServiceSession = $self->getCasSession($ticket);
|
||||
|
||||
unless ($casServiceSession) {
|
||||
unless ( $casServiceSession->data ) {
|
||||
$self->lmLog( "$urlType ticket session $ticket not found",
|
||||
'error' );
|
||||
$self->returnCasServiceValidateError( 'INVALID_TICKET',
|
||||
|
|
@ -259,10 +256,10 @@ sub issuerForUnAuthUser {
|
|||
$self->lmLog( "$urlType ticket session $ticket found", 'debug' );
|
||||
|
||||
# Check service
|
||||
unless ( $service eq $casServiceSession->{service} ) {
|
||||
unless ( $service eq $casServiceSession->data->{service} ) {
|
||||
$self->lmLog(
|
||||
"Submitted service $service does not match initial service "
|
||||
. $casServiceSession->{service},
|
||||
. $casServiceSession->data->{service},
|
||||
'error'
|
||||
);
|
||||
|
||||
|
|
@ -282,19 +279,18 @@ sub issuerForUnAuthUser {
|
|||
# We should check the ST was delivered with primary credentials
|
||||
$self->lmLog( "Renew flag detected ", 'debug' );
|
||||
|
||||
unless ( $casServiceSession->{renew} ) {
|
||||
unless ( $casServiceSession->data->{renew} ) {
|
||||
$self->lmLog(
|
||||
"Authentication renew requested, but not done in former authentication process",
|
||||
'error'
|
||||
);
|
||||
untie %$casServiceSession;
|
||||
$self->returnCasValidateError();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# Proxies (for PROXY VALIDATE only)
|
||||
my $proxies = $casServiceSession->{proxies};
|
||||
my $proxies = $casServiceSession->data->{proxies};
|
||||
|
||||
# Proxy granting ticket
|
||||
if ($pgtUrl) {
|
||||
|
|
@ -308,27 +304,26 @@ sub issuerForUnAuthUser {
|
|||
|
||||
if ($casProxyGrantingSession) {
|
||||
|
||||
my $PGinfos;
|
||||
|
||||
# PGT session
|
||||
$casProxyGrantingSession->{type} = 'casProxyGranting';
|
||||
$casProxyGrantingSession->{service} = $service;
|
||||
$casProxyGrantingSession->{_cas_id} =
|
||||
$casServiceSession->{_cas_id};
|
||||
$casProxyGrantingSession->{_utime} =
|
||||
$casServiceSession->{_utime};
|
||||
$PGinfos->{type} = 'casProxyGranting';
|
||||
$PGinfos->{service} = $service;
|
||||
$PGinfos->{_cas_id} = $casServiceSession->data->{_cas_id};
|
||||
$PGinfos->{_utime} = $casServiceSession->data->{_utime};
|
||||
|
||||
# Trace proxies
|
||||
$casProxyGrantingSession->{proxies} = (
|
||||
$PGinfos->{proxies} = (
|
||||
$proxies
|
||||
? $proxies . $self->{multiValuesSeparator} . $pgtUrl
|
||||
: $pgtUrl
|
||||
);
|
||||
|
||||
my $casProxyGrantingSessionID =
|
||||
$casProxyGrantingSession->{_session_id};
|
||||
my $casProxyGrantingSessionID = $casProxyGrantingSession->id;
|
||||
my $casProxyGrantingTicket =
|
||||
"PGT-" . $casProxyGrantingSessionID;
|
||||
|
||||
untie %$casProxyGrantingSession;
|
||||
$casProxyGrantingSession->update($PGinfos);
|
||||
|
||||
$self->lmLog(
|
||||
"CAS proxy granting session $casProxyGrantingSessionID created",
|
||||
|
|
@ -340,8 +335,7 @@ sub issuerForUnAuthUser {
|
|||
|
||||
if ($tmpCasSession) {
|
||||
|
||||
$casProxyGrantingTicketIOU =
|
||||
"PGTIOU-" . $tmpCasSession->{_session_id};
|
||||
$casProxyGrantingTicketIOU = "PGTIOU-" . $tmpCasSession->id;
|
||||
$self->deleteCasSession($tmpCasSession);
|
||||
$self->lmLog(
|
||||
"Generate proxy granting ticket IOU $casProxyGrantingTicketIOU",
|
||||
|
|
@ -379,11 +373,13 @@ sub issuerForUnAuthUser {
|
|||
|
||||
# Open local session
|
||||
my $localSession =
|
||||
$self->getApacheSession( $casServiceSession->{_cas_id}, 1 );
|
||||
$self->getApacheSession( $casServiceSession->data->{_cas_id}, 1 );
|
||||
|
||||
unless ( $localSession->data ) {
|
||||
$self->lmLog(
|
||||
"Local session " . $casServiceSession->{_cas_id} . " notfound",
|
||||
"Local session "
|
||||
. $casServiceSession->data->{_cas_id}
|
||||
. " notfound",
|
||||
'error'
|
||||
);
|
||||
$self->returnCasServiceValidateError( 'INTERNAL_ERROR',
|
||||
|
|
@ -396,9 +392,6 @@ sub issuerForUnAuthUser {
|
|||
|
||||
$self->lmLog( "Get username $username", 'debug' );
|
||||
|
||||
# Close sessions
|
||||
untie %$casServiceSession;
|
||||
|
||||
# Return success message
|
||||
$self->returnCasServiceValidateSuccess( $username,
|
||||
$casProxyGrantingTicketIOU, $proxies );
|
||||
|
|
@ -439,7 +432,7 @@ sub issuerForUnAuthUser {
|
|||
|
||||
my $casProxyGrantingSession = $self->getCasSession($pgt);
|
||||
|
||||
unless ($casProxyGrantingSession) {
|
||||
unless ( $casProxyGrantingSession->data ) {
|
||||
$self->lmLog( "Proxy granting ticket session $pgt not found",
|
||||
'error' );
|
||||
$self->returnCasProxyError( 'BAD_PGT', 'Ticket not found' );
|
||||
|
|
@ -453,25 +446,24 @@ sub issuerForUnAuthUser {
|
|||
|
||||
my $casProxySession = $self->getCasSession();
|
||||
|
||||
unless ($casProxySession) {
|
||||
unless ( $casProxySession->data ) {
|
||||
$self->lmLog( "Unable to create CAS proxy session", 'error' );
|
||||
$self->returnCasProxyError( 'INTERNAL_ERROR',
|
||||
'Error in proxy session management' );
|
||||
}
|
||||
|
||||
$casProxySession->{type} = 'casProxy';
|
||||
$casProxySession->{service} = $targetService;
|
||||
$casProxySession->{_cas_id} = $casProxyGrantingSession->{_cas_id};
|
||||
$casProxySession->{_utime} = $casProxyGrantingSession->{_utime};
|
||||
$casProxySession->{proxies} = $casProxyGrantingSession->{proxies};
|
||||
my $Pinfos;
|
||||
$Pinfos->{type} = 'casProxy';
|
||||
$Pinfos->{service} = $targetService;
|
||||
$Pinfos->{_cas_id} = $casProxyGrantingSession->data->{_cas_id};
|
||||
$Pinfos->{_utime} = $casProxyGrantingSession->data->{_utime};
|
||||
$Pinfos->{proxies} = $casProxyGrantingSession->data->{proxies};
|
||||
|
||||
my $casProxySessionID = $casProxySession->{_session_id};
|
||||
$casProxySession->update($Pinfos);
|
||||
|
||||
my $casProxySessionID = $casProxySession->id;
|
||||
my $casProxyTicket = "PT-" . $casProxySessionID;
|
||||
|
||||
# Close sessions
|
||||
untie %$casProxySession;
|
||||
untie %$casProxyGrantingSession;
|
||||
|
||||
$self->lmLog( "CAS proxy session $casProxySessionID created", 'debug' );
|
||||
|
||||
# Return success message
|
||||
|
|
@ -604,22 +596,23 @@ sub issuerForAuthUser {
|
|||
|
||||
my $casServiceSession = $self->getCasSession();
|
||||
|
||||
unless ($casServiceSession) {
|
||||
unless ( $casServiceSession->data ) {
|
||||
$self->lmLog( "Unable to create CAS session", 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
$casServiceSession->{type} = 'casService';
|
||||
$casServiceSession->{service} = $service;
|
||||
$casServiceSession->{renew} = $casRenewFlag;
|
||||
$casServiceSession->{_cas_id} = $session_id;
|
||||
$casServiceSession->{_utime} = $time;
|
||||
my $Sinfos;
|
||||
$Sinfos->{type} = 'casService';
|
||||
$Sinfos->{service} = $service;
|
||||
$Sinfos->{renew} = $casRenewFlag;
|
||||
$Sinfos->{_cas_id} = $session_id;
|
||||
$Sinfos->{_utime} = $time;
|
||||
|
||||
my $casServiceSessionID = $casServiceSession->{_session_id};
|
||||
$casServiceSession->update($Sinfos);
|
||||
|
||||
my $casServiceSessionID = $casServiceSession->id;
|
||||
$casServiceTicket = "ST-" . $casServiceSessionID;
|
||||
|
||||
untie %$casServiceSession;
|
||||
|
||||
$self->lmLog( "CAS service session $casServiceSessionID created",
|
||||
'debug' );
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,34 +7,41 @@ package Lemonldap::NG::Portal::_CAS;
|
|||
|
||||
use strict;
|
||||
use Lemonldap::NG::Portal::_Browser;
|
||||
use Lemonldap::NG::Common::Session;
|
||||
|
||||
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
|
||||
our $VERSION = '1.3.0';
|
||||
our $VERSION = '1.4.0';
|
||||
|
||||
## @method hashref getCasSession(string id)
|
||||
# Try to recover the CAS session corresponding to id and return session datas
|
||||
# If id is set to undef, return a new session
|
||||
# @param id session reference
|
||||
# @return session datas
|
||||
# @return CAS session object
|
||||
sub getCasSession {
|
||||
my ( $self, $id ) = splice @_;
|
||||
my %h;
|
||||
|
||||
# Trying to recover session from CAS session storage
|
||||
eval { tie %h, $self->{casStorage}, $id, $self->{casStorageOptions}; };
|
||||
if ( $@ or not tied(%h) ) {
|
||||
my $casSession = Lemonldap::NG::Common::Session->new(
|
||||
{
|
||||
storageModule => $self->{casStorage},
|
||||
storageModuleOptions => $self->{casStorageOptions},
|
||||
cacheModule => $self->{localSessionStorage},
|
||||
cacheModuleOptions => $self->{localSessionStorageOptions},
|
||||
id => $id,
|
||||
kind => "CAS",
|
||||
}
|
||||
);
|
||||
|
||||
# Session not available
|
||||
unless ($casSession->data) {
|
||||
if ($id) {
|
||||
$self->_sub( 'userInfo', "CAS session $id isn't yet available" );
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Unable to create new CAS session: $@", 'error' );
|
||||
$self->lmLog( "Unable to create new CAS session", 'error' );
|
||||
}
|
||||
return 0;
|
||||
return undef;
|
||||
}
|
||||
|
||||
return \%h;
|
||||
return $casSession;
|
||||
}
|
||||
|
||||
## @method void returnCasValidateError()
|
||||
|
|
@ -189,10 +196,10 @@ sub deleteCasSecondarySessions {
|
|||
# Get session
|
||||
$self->lmLog( "Retrieve CAS session $cas_session", 'debug' );
|
||||
|
||||
my $casSessionInfo = $self->getCasSession($cas_session);
|
||||
my $casSession = $self->getCasSession($cas_session);
|
||||
|
||||
# Delete session
|
||||
$result = $self->deleteCasSession($casSessionInfo);
|
||||
$result = $self->deleteCasSession($casSession);
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
|
@ -204,29 +211,24 @@ sub deleteCasSecondarySessions {
|
|||
|
||||
}
|
||||
|
||||
## @method boolean deleteCasSession(hashref session)
|
||||
## @method boolean deleteCasSession(Lemonldap::NG::Common::Session session)
|
||||
# Delete an opened CAS session
|
||||
# @param session Tied session object
|
||||
# @param session object
|
||||
# @return result
|
||||
sub deleteCasSession {
|
||||
my ( $self, $session ) = splice @_;
|
||||
|
||||
# Check session object
|
||||
unless ( ref($session) eq 'HASH' ) {
|
||||
$self->lmLog( "Provided session is not a HASH reference", 'error' );
|
||||
unless ( $session && $session->data ) {
|
||||
$self->lmLog( "No session to delete", 'error' );
|
||||
return 0;
|
||||
}
|
||||
|
||||
# Get session_id
|
||||
my $session_id = $session->{_session_id};
|
||||
my $session_id = $session->id;
|
||||
|
||||
# Delete session
|
||||
eval { tied(%$session)->delete() };
|
||||
|
||||
if ($@) {
|
||||
$self->lmLog( "Unable to delete CAS session $session_id: $@", 'error' );
|
||||
return 0;
|
||||
}
|
||||
$session->remove;
|
||||
|
||||
$self->lmLog( "CAS session $session_id deleted", 'debug' );
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user