From 929c7043439acd51095414c10ff328a2ce0c3f27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Wed, 16 Apr 2014 15:19:59 +0000 Subject: [PATCH] Use new Session module in CAS Issuer (#671) --- .../lib/Lemonldap/NG/Portal/IssuerDBCAS.pm | 103 ++++++++---------- .../lib/Lemonldap/NG/Portal/_CAS.pm | 48 ++++---- 2 files changed, 73 insertions(+), 78 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm index d5091e869..99c68670f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm @@ -129,7 +129,7 @@ sub issuerForUnAuthUser { my $casServiceSession = $self->getCasSession($ticket); - unless ($casServiceSession) { + unless ( $casServiceSession->data ) { $self->lmLog( "Service ticket session $ticket not found", 'error' ); $self->returnCasValidateError(); } @@ -137,13 +137,12 @@ sub issuerForUnAuthUser { $self->lmLog( "Service ticket session $ticket found", 'debug' ); # Check service - unless ( $service eq $casServiceSession->{service} ) { + unless ( $service eq $casServiceSession->data->{service} ) { $self->lmLog( "Submitted service $service does not match initial service " - . $casServiceSession->{service}, + . $casServiceSession->data->{service}, 'error' ); - untie %$casServiceSession; $self->returnCasValidateError(); } @@ -156,23 +155,24 @@ sub issuerForUnAuthUser { # We should check the ST was delivered with primary credentials $self->lmLog( "Renew flag detected ", 'debug' ); - unless ( $casServiceSession->{renew} ) { + unless ( $casServiceSession->data->{renew} ) { $self->lmLog( "Authentication renew requested, but not done in former authentication process", 'error' ); - untie %$casServiceSession; $self->returnCasValidateError(); } } # Open local session my $localSession = - $self->getApacheSession( $casServiceSession->{_cas_id}, 1 ); + $self->getApacheSession( $casServiceSession->data->{_cas_id}, 1 ); unless ( $localSession->data ) { $self->lmLog( - "Local session " . $casServiceSession->{_cas_id} . " notfound", + "Local session " + . $casServiceSession->data->{_cas_id} + . " notfound", 'error' ); $self->returnCasValidateError(); @@ -184,9 +184,6 @@ sub issuerForUnAuthUser { $self->lmLog( "Get username $username", 'debug' ); - # Close sessions - untie %$casServiceSession; - # Return success message $self->returnCasValidateSuccess($username); @@ -249,7 +246,7 @@ sub issuerForUnAuthUser { my $casServiceSession = $self->getCasSession($ticket); - unless ($casServiceSession) { + unless ( $casServiceSession->data ) { $self->lmLog( "$urlType ticket session $ticket not found", 'error' ); $self->returnCasServiceValidateError( 'INVALID_TICKET', @@ -259,10 +256,10 @@ sub issuerForUnAuthUser { $self->lmLog( "$urlType ticket session $ticket found", 'debug' ); # Check service - unless ( $service eq $casServiceSession->{service} ) { + unless ( $service eq $casServiceSession->data->{service} ) { $self->lmLog( "Submitted service $service does not match initial service " - . $casServiceSession->{service}, + . $casServiceSession->data->{service}, 'error' ); @@ -282,19 +279,18 @@ sub issuerForUnAuthUser { # We should check the ST was delivered with primary credentials $self->lmLog( "Renew flag detected ", 'debug' ); - unless ( $casServiceSession->{renew} ) { + unless ( $casServiceSession->data->{renew} ) { $self->lmLog( "Authentication renew requested, but not done in former authentication process", 'error' ); - untie %$casServiceSession; $self->returnCasValidateError(); } } # Proxies (for PROXY VALIDATE only) - my $proxies = $casServiceSession->{proxies}; + my $proxies = $casServiceSession->data->{proxies}; # Proxy granting ticket if ($pgtUrl) { @@ -308,27 +304,26 @@ sub issuerForUnAuthUser { if ($casProxyGrantingSession) { + my $PGinfos; + # PGT session - $casProxyGrantingSession->{type} = 'casProxyGranting'; - $casProxyGrantingSession->{service} = $service; - $casProxyGrantingSession->{_cas_id} = - $casServiceSession->{_cas_id}; - $casProxyGrantingSession->{_utime} = - $casServiceSession->{_utime}; + $PGinfos->{type} = 'casProxyGranting'; + $PGinfos->{service} = $service; + $PGinfos->{_cas_id} = $casServiceSession->data->{_cas_id}; + $PGinfos->{_utime} = $casServiceSession->data->{_utime}; # Trace proxies - $casProxyGrantingSession->{proxies} = ( + $PGinfos->{proxies} = ( $proxies ? $proxies . $self->{multiValuesSeparator} . $pgtUrl : $pgtUrl ); - my $casProxyGrantingSessionID = - $casProxyGrantingSession->{_session_id}; + my $casProxyGrantingSessionID = $casProxyGrantingSession->id; my $casProxyGrantingTicket = "PGT-" . $casProxyGrantingSessionID; - untie %$casProxyGrantingSession; + $casProxyGrantingSession->update($PGinfos); $self->lmLog( "CAS proxy granting session $casProxyGrantingSessionID created", @@ -340,8 +335,7 @@ sub issuerForUnAuthUser { if ($tmpCasSession) { - $casProxyGrantingTicketIOU = - "PGTIOU-" . $tmpCasSession->{_session_id}; + $casProxyGrantingTicketIOU = "PGTIOU-" . $tmpCasSession->id; $self->deleteCasSession($tmpCasSession); $self->lmLog( "Generate proxy granting ticket IOU $casProxyGrantingTicketIOU", @@ -379,11 +373,13 @@ sub issuerForUnAuthUser { # Open local session my $localSession = - $self->getApacheSession( $casServiceSession->{_cas_id}, 1 ); + $self->getApacheSession( $casServiceSession->data->{_cas_id}, 1 ); unless ( $localSession->data ) { $self->lmLog( - "Local session " . $casServiceSession->{_cas_id} . " notfound", + "Local session " + . $casServiceSession->data->{_cas_id} + . " notfound", 'error' ); $self->returnCasServiceValidateError( 'INTERNAL_ERROR', @@ -396,9 +392,6 @@ sub issuerForUnAuthUser { $self->lmLog( "Get username $username", 'debug' ); - # Close sessions - untie %$casServiceSession; - # Return success message $self->returnCasServiceValidateSuccess( $username, $casProxyGrantingTicketIOU, $proxies ); @@ -439,7 +432,7 @@ sub issuerForUnAuthUser { my $casProxyGrantingSession = $self->getCasSession($pgt); - unless ($casProxyGrantingSession) { + unless ( $casProxyGrantingSession->data ) { $self->lmLog( "Proxy granting ticket session $pgt not found", 'error' ); $self->returnCasProxyError( 'BAD_PGT', 'Ticket not found' ); @@ -453,25 +446,24 @@ sub issuerForUnAuthUser { my $casProxySession = $self->getCasSession(); - unless ($casProxySession) { + unless ( $casProxySession->data ) { $self->lmLog( "Unable to create CAS proxy session", 'error' ); $self->returnCasProxyError( 'INTERNAL_ERROR', 'Error in proxy session management' ); } - $casProxySession->{type} = 'casProxy'; - $casProxySession->{service} = $targetService; - $casProxySession->{_cas_id} = $casProxyGrantingSession->{_cas_id}; - $casProxySession->{_utime} = $casProxyGrantingSession->{_utime}; - $casProxySession->{proxies} = $casProxyGrantingSession->{proxies}; + my $Pinfos; + $Pinfos->{type} = 'casProxy'; + $Pinfos->{service} = $targetService; + $Pinfos->{_cas_id} = $casProxyGrantingSession->data->{_cas_id}; + $Pinfos->{_utime} = $casProxyGrantingSession->data->{_utime}; + $Pinfos->{proxies} = $casProxyGrantingSession->data->{proxies}; - my $casProxySessionID = $casProxySession->{_session_id}; + $casProxySession->update($Pinfos); + + my $casProxySessionID = $casProxySession->id; my $casProxyTicket = "PT-" . $casProxySessionID; - # Close sessions - untie %$casProxySession; - untie %$casProxyGrantingSession; - $self->lmLog( "CAS proxy session $casProxySessionID created", 'debug' ); # Return success message @@ -604,22 +596,23 @@ sub issuerForAuthUser { my $casServiceSession = $self->getCasSession(); - unless ($casServiceSession) { + unless ( $casServiceSession->data ) { $self->lmLog( "Unable to create CAS session", 'error' ); return PE_ERROR; } - $casServiceSession->{type} = 'casService'; - $casServiceSession->{service} = $service; - $casServiceSession->{renew} = $casRenewFlag; - $casServiceSession->{_cas_id} = $session_id; - $casServiceSession->{_utime} = $time; + my $Sinfos; + $Sinfos->{type} = 'casService'; + $Sinfos->{service} = $service; + $Sinfos->{renew} = $casRenewFlag; + $Sinfos->{_cas_id} = $session_id; + $Sinfos->{_utime} = $time; - my $casServiceSessionID = $casServiceSession->{_session_id}; + $casServiceSession->update($Sinfos); + + my $casServiceSessionID = $casServiceSession->id; $casServiceTicket = "ST-" . $casServiceSessionID; - untie %$casServiceSession; - $self->lmLog( "CAS service session $casServiceSessionID created", 'debug' ); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm index d39289210..92e0271cb 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm @@ -7,34 +7,41 @@ package Lemonldap::NG::Portal::_CAS; use strict; use Lemonldap::NG::Portal::_Browser; +use Lemonldap::NG::Common::Session; our @ISA = (qw(Lemonldap::NG::Portal::_Browser)); -our $VERSION = '1.3.0'; +our $VERSION = '1.4.0'; ## @method hashref getCasSession(string id) # Try to recover the CAS session corresponding to id and return session datas # If id is set to undef, return a new session # @param id session reference -# @return session datas +# @return CAS session object sub getCasSession { my ( $self, $id ) = splice @_; - my %h; - # Trying to recover session from CAS session storage - eval { tie %h, $self->{casStorage}, $id, $self->{casStorageOptions}; }; - if ( $@ or not tied(%h) ) { + my $casSession = Lemonldap::NG::Common::Session->new( + { + storageModule => $self->{casStorage}, + storageModuleOptions => $self->{casStorageOptions}, + cacheModule => $self->{localSessionStorage}, + cacheModuleOptions => $self->{localSessionStorageOptions}, + id => $id, + kind => "CAS", + } + ); - # Session not available + unless ($casSession->data) { if ($id) { $self->_sub( 'userInfo', "CAS session $id isn't yet available" ); } else { - $self->lmLog( "Unable to create new CAS session: $@", 'error' ); + $self->lmLog( "Unable to create new CAS session", 'error' ); } - return 0; + return undef; } - return \%h; + return $casSession; } ## @method void returnCasValidateError() @@ -189,10 +196,10 @@ sub deleteCasSecondarySessions { # Get session $self->lmLog( "Retrieve CAS session $cas_session", 'debug' ); - my $casSessionInfo = $self->getCasSession($cas_session); + my $casSession = $self->getCasSession($cas_session); # Delete session - $result = $self->deleteCasSession($casSessionInfo); + $result = $self->deleteCasSession($casSession); } } else { @@ -204,29 +211,24 @@ sub deleteCasSecondarySessions { } -## @method boolean deleteCasSession(hashref session) +## @method boolean deleteCasSession(Lemonldap::NG::Common::Session session) # Delete an opened CAS session -# @param session Tied session object +# @param session object # @return result sub deleteCasSession { my ( $self, $session ) = splice @_; # Check session object - unless ( ref($session) eq 'HASH' ) { - $self->lmLog( "Provided session is not a HASH reference", 'error' ); + unless ( $session && $session->data ) { + $self->lmLog( "No session to delete", 'error' ); return 0; } # Get session_id - my $session_id = $session->{_session_id}; + my $session_id = $session->id; # Delete session - eval { tied(%$session)->delete() }; - - if ($@) { - $self->lmLog( "Unable to delete CAS session $session_id: $@", 'error' ); - return 0; - } + $session->remove; $self->lmLog( "CAS session $session_id deleted", 'debug' );