Use new Session module in CAS Issuer (#671)
This commit is contained in:
Clément Oudot
parent
76c1ba75b9
commit
929c704343
|
|
@ -129,7 +129,7 @@ sub issuerForUnAuthUser {
|
||||||
|
|
||||||
my $casServiceSession = $self->getCasSession($ticket);
|
my $casServiceSession = $self->getCasSession($ticket);
|
||||||
|
|
||||||
unless ($casServiceSession) {
|
unless ( $casServiceSession->data ) {
|
||||||
$self->lmLog( "Service ticket session $ticket not found", 'error' );
|
$self->lmLog( "Service ticket session $ticket not found", 'error' );
|
||||||
$self->returnCasValidateError();
|
$self->returnCasValidateError();
|
||||||
}
|
}
|
||||||
|
|
@ -137,13 +137,12 @@ sub issuerForUnAuthUser {
|
||||||
$self->lmLog( "Service ticket session $ticket found", 'debug' );
|
$self->lmLog( "Service ticket session $ticket found", 'debug' );
|
||||||
|
|
||||||
# Check service
|
# Check service
|
||||||
unless ( $service eq $casServiceSession->{service} ) {
|
unless ( $service eq $casServiceSession->data->{service} ) {
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Submitted service $service does not match initial service "
|
"Submitted service $service does not match initial service "
|
||||||
. $casServiceSession->{service},
|
. $casServiceSession->data->{service},
|
||||||
'error'
|
'error'
|
||||||
);
|
);
|
||||||
untie %$casServiceSession;
|
|
||||||
$self->returnCasValidateError();
|
$self->returnCasValidateError();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -156,23 +155,24 @@ sub issuerForUnAuthUser {
|
||||||
# We should check the ST was delivered with primary credentials
|
# We should check the ST was delivered with primary credentials
|
||||||
$self->lmLog( "Renew flag detected ", 'debug' );
|
$self->lmLog( "Renew flag detected ", 'debug' );
|
||||||
|
|
||||||
unless ( $casServiceSession->{renew} ) {
|
unless ( $casServiceSession->data->{renew} ) {
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Authentication renew requested, but not done in former authentication process",
|
"Authentication renew requested, but not done in former authentication process",
|
||||||
'error'
|
'error'
|
||||||
);
|
);
|
||||||
untie %$casServiceSession;
|
|
||||||
$self->returnCasValidateError();
|
$self->returnCasValidateError();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Open local session
|
# Open local session
|
||||||
my $localSession =
|
my $localSession =
|
||||||
$self->getApacheSession( $casServiceSession->{_cas_id}, 1 );
|
$self->getApacheSession( $casServiceSession->data->{_cas_id}, 1 );
|
||||||
|
|
||||||
unless ( $localSession->data ) {
|
unless ( $localSession->data ) {
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Local session " . $casServiceSession->{_cas_id} . " notfound",
|
"Local session "
|
||||||
|
. $casServiceSession->data->{_cas_id}
|
||||||
|
. " notfound",
|
||||||
'error'
|
'error'
|
||||||
);
|
);
|
||||||
$self->returnCasValidateError();
|
$self->returnCasValidateError();
|
||||||
|
|
@ -184,9 +184,6 @@ sub issuerForUnAuthUser {
|
||||||
|
|
||||||
$self->lmLog( "Get username $username", 'debug' );
|
$self->lmLog( "Get username $username", 'debug' );
|
||||||
|
|
||||||
# Close sessions
|
|
||||||
untie %$casServiceSession;
|
|
||||||
|
|
||||||
# Return success message
|
# Return success message
|
||||||
$self->returnCasValidateSuccess($username);
|
$self->returnCasValidateSuccess($username);
|
||||||
|
|
||||||
|
|
@ -249,7 +246,7 @@ sub issuerForUnAuthUser {
|
||||||
|
|
||||||
my $casServiceSession = $self->getCasSession($ticket);
|
my $casServiceSession = $self->getCasSession($ticket);
|
||||||
|
|
||||||
unless ($casServiceSession) {
|
unless ( $casServiceSession->data ) {
|
||||||
$self->lmLog( "$urlType ticket session $ticket not found",
|
$self->lmLog( "$urlType ticket session $ticket not found",
|
||||||
'error' );
|
'error' );
|
||||||
$self->returnCasServiceValidateError( 'INVALID_TICKET',
|
$self->returnCasServiceValidateError( 'INVALID_TICKET',
|
||||||
|
|
@ -259,10 +256,10 @@ sub issuerForUnAuthUser {
|
||||||
$self->lmLog( "$urlType ticket session $ticket found", 'debug' );
|
$self->lmLog( "$urlType ticket session $ticket found", 'debug' );
|
||||||
|
|
||||||
# Check service
|
# Check service
|
||||||
unless ( $service eq $casServiceSession->{service} ) {
|
unless ( $service eq $casServiceSession->data->{service} ) {
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Submitted service $service does not match initial service "
|
"Submitted service $service does not match initial service "
|
||||||
. $casServiceSession->{service},
|
. $casServiceSession->data->{service},
|
||||||
'error'
|
'error'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -282,19 +279,18 @@ sub issuerForUnAuthUser {
|
||||||
# We should check the ST was delivered with primary credentials
|
# We should check the ST was delivered with primary credentials
|
||||||
$self->lmLog( "Renew flag detected ", 'debug' );
|
$self->lmLog( "Renew flag detected ", 'debug' );
|
||||||
|
|
||||||
unless ( $casServiceSession->{renew} ) {
|
unless ( $casServiceSession->data->{renew} ) {
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Authentication renew requested, but not done in former authentication process",
|
"Authentication renew requested, but not done in former authentication process",
|
||||||
'error'
|
'error'
|
||||||
);
|
);
|
||||||
untie %$casServiceSession;
|
|
||||||
$self->returnCasValidateError();
|
$self->returnCasValidateError();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Proxies (for PROXY VALIDATE only)
|
# Proxies (for PROXY VALIDATE only)
|
||||||
my $proxies = $casServiceSession->{proxies};
|
my $proxies = $casServiceSession->data->{proxies};
|
||||||
|
|
||||||
# Proxy granting ticket
|
# Proxy granting ticket
|
||||||
if ($pgtUrl) {
|
if ($pgtUrl) {
|
||||||
|
|
@ -308,27 +304,26 @@ sub issuerForUnAuthUser {
|
||||||
|
|
||||||
if ($casProxyGrantingSession) {
|
if ($casProxyGrantingSession) {
|
||||||
|
|
||||||
|
my $PGinfos;
|
||||||
|
|
||||||
# PGT session
|
# PGT session
|
||||||
$casProxyGrantingSession->{type} = 'casProxyGranting';
|
$PGinfos->{type} = 'casProxyGranting';
|
||||||
$casProxyGrantingSession->{service} = $service;
|
$PGinfos->{service} = $service;
|
||||||
$casProxyGrantingSession->{_cas_id} =
|
$PGinfos->{_cas_id} = $casServiceSession->data->{_cas_id};
|
||||||
$casServiceSession->{_cas_id};
|
$PGinfos->{_utime} = $casServiceSession->data->{_utime};
|
||||||
$casProxyGrantingSession->{_utime} =
|
|
||||||
$casServiceSession->{_utime};
|
|
||||||
|
|
||||||
# Trace proxies
|
# Trace proxies
|
||||||
$casProxyGrantingSession->{proxies} = (
|
$PGinfos->{proxies} = (
|
||||||
$proxies
|
$proxies
|
||||||
? $proxies . $self->{multiValuesSeparator} . $pgtUrl
|
? $proxies . $self->{multiValuesSeparator} . $pgtUrl
|
||||||
: $pgtUrl
|
: $pgtUrl
|
||||||
);
|
);
|
||||||
|
|
||||||
my $casProxyGrantingSessionID =
|
my $casProxyGrantingSessionID = $casProxyGrantingSession->id;
|
||||||
$casProxyGrantingSession->{_session_id};
|
|
||||||
my $casProxyGrantingTicket =
|
my $casProxyGrantingTicket =
|
||||||
"PGT-" . $casProxyGrantingSessionID;
|
"PGT-" . $casProxyGrantingSessionID;
|
||||||
|
|
||||||
untie %$casProxyGrantingSession;
|
$casProxyGrantingSession->update($PGinfos);
|
||||||
|
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"CAS proxy granting session $casProxyGrantingSessionID created",
|
"CAS proxy granting session $casProxyGrantingSessionID created",
|
||||||
|
|
@ -340,8 +335,7 @@ sub issuerForUnAuthUser {
|
||||||
|
|
||||||
if ($tmpCasSession) {
|
if ($tmpCasSession) {
|
||||||
|
|
||||||
$casProxyGrantingTicketIOU =
|
$casProxyGrantingTicketIOU = "PGTIOU-" . $tmpCasSession->id;
|
||||||
"PGTIOU-" . $tmpCasSession->{_session_id};
|
|
||||||
$self->deleteCasSession($tmpCasSession);
|
$self->deleteCasSession($tmpCasSession);
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Generate proxy granting ticket IOU $casProxyGrantingTicketIOU",
|
"Generate proxy granting ticket IOU $casProxyGrantingTicketIOU",
|
||||||
|
|
@ -379,11 +373,13 @@ sub issuerForUnAuthUser {
|
||||||
|
|
||||||
# Open local session
|
# Open local session
|
||||||
my $localSession =
|
my $localSession =
|
||||||
$self->getApacheSession( $casServiceSession->{_cas_id}, 1 );
|
$self->getApacheSession( $casServiceSession->data->{_cas_id}, 1 );
|
||||||
|
|
||||||
unless ( $localSession->data ) {
|
unless ( $localSession->data ) {
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Local session " . $casServiceSession->{_cas_id} . " notfound",
|
"Local session "
|
||||||
|
. $casServiceSession->data->{_cas_id}
|
||||||
|
. " notfound",
|
||||||
'error'
|
'error'
|
||||||
);
|
);
|
||||||
$self->returnCasServiceValidateError( 'INTERNAL_ERROR',
|
$self->returnCasServiceValidateError( 'INTERNAL_ERROR',
|
||||||
|
|
@ -396,9 +392,6 @@ sub issuerForUnAuthUser {
|
||||||
|
|
||||||
$self->lmLog( "Get username $username", 'debug' );
|
$self->lmLog( "Get username $username", 'debug' );
|
||||||
|
|
||||||
# Close sessions
|
|
||||||
untie %$casServiceSession;
|
|
||||||
|
|
||||||
# Return success message
|
# Return success message
|
||||||
$self->returnCasServiceValidateSuccess( $username,
|
$self->returnCasServiceValidateSuccess( $username,
|
||||||
$casProxyGrantingTicketIOU, $proxies );
|
$casProxyGrantingTicketIOU, $proxies );
|
||||||
|
|
@ -439,7 +432,7 @@ sub issuerForUnAuthUser {
|
||||||
|
|
||||||
my $casProxyGrantingSession = $self->getCasSession($pgt);
|
my $casProxyGrantingSession = $self->getCasSession($pgt);
|
||||||
|
|
||||||
unless ($casProxyGrantingSession) {
|
unless ( $casProxyGrantingSession->data ) {
|
||||||
$self->lmLog( "Proxy granting ticket session $pgt not found",
|
$self->lmLog( "Proxy granting ticket session $pgt not found",
|
||||||
'error' );
|
'error' );
|
||||||
$self->returnCasProxyError( 'BAD_PGT', 'Ticket not found' );
|
$self->returnCasProxyError( 'BAD_PGT', 'Ticket not found' );
|
||||||
|
|
@ -453,25 +446,24 @@ sub issuerForUnAuthUser {
|
||||||
|
|
||||||
my $casProxySession = $self->getCasSession();
|
my $casProxySession = $self->getCasSession();
|
||||||
|
|
||||||
unless ($casProxySession) {
|
unless ( $casProxySession->data ) {
|
||||||
$self->lmLog( "Unable to create CAS proxy session", 'error' );
|
$self->lmLog( "Unable to create CAS proxy session", 'error' );
|
||||||
$self->returnCasProxyError( 'INTERNAL_ERROR',
|
$self->returnCasProxyError( 'INTERNAL_ERROR',
|
||||||
'Error in proxy session management' );
|
'Error in proxy session management' );
|
||||||
}
|
}
|
||||||
|
|
||||||
$casProxySession->{type} = 'casProxy';
|
my $Pinfos;
|
||||||
$casProxySession->{service} = $targetService;
|
$Pinfos->{type} = 'casProxy';
|
||||||
$casProxySession->{_cas_id} = $casProxyGrantingSession->{_cas_id};
|
$Pinfos->{service} = $targetService;
|
||||||
$casProxySession->{_utime} = $casProxyGrantingSession->{_utime};
|
$Pinfos->{_cas_id} = $casProxyGrantingSession->data->{_cas_id};
|
||||||
$casProxySession->{proxies} = $casProxyGrantingSession->{proxies};
|
$Pinfos->{_utime} = $casProxyGrantingSession->data->{_utime};
|
||||||
|
$Pinfos->{proxies} = $casProxyGrantingSession->data->{proxies};
|
||||||
|
|
||||||
my $casProxySessionID = $casProxySession->{_session_id};
|
$casProxySession->update($Pinfos);
|
||||||
|
|
||||||
|
my $casProxySessionID = $casProxySession->id;
|
||||||
my $casProxyTicket = "PT-" . $casProxySessionID;
|
my $casProxyTicket = "PT-" . $casProxySessionID;
|
||||||
|
|
||||||
# Close sessions
|
|
||||||
untie %$casProxySession;
|
|
||||||
untie %$casProxyGrantingSession;
|
|
||||||
|
|
||||||
$self->lmLog( "CAS proxy session $casProxySessionID created", 'debug' );
|
$self->lmLog( "CAS proxy session $casProxySessionID created", 'debug' );
|
||||||
|
|
||||||
# Return success message
|
# Return success message
|
||||||
|
|
@ -604,22 +596,23 @@ sub issuerForAuthUser {
|
||||||
|
|
||||||
my $casServiceSession = $self->getCasSession();
|
my $casServiceSession = $self->getCasSession();
|
||||||
|
|
||||||
unless ($casServiceSession) {
|
unless ( $casServiceSession->data ) {
|
||||||
$self->lmLog( "Unable to create CAS session", 'error' );
|
$self->lmLog( "Unable to create CAS session", 'error' );
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
$casServiceSession->{type} = 'casService';
|
my $Sinfos;
|
||||||
$casServiceSession->{service} = $service;
|
$Sinfos->{type} = 'casService';
|
||||||
$casServiceSession->{renew} = $casRenewFlag;
|
$Sinfos->{service} = $service;
|
||||||
$casServiceSession->{_cas_id} = $session_id;
|
$Sinfos->{renew} = $casRenewFlag;
|
||||||
$casServiceSession->{_utime} = $time;
|
$Sinfos->{_cas_id} = $session_id;
|
||||||
|
$Sinfos->{_utime} = $time;
|
||||||
|
|
||||||
my $casServiceSessionID = $casServiceSession->{_session_id};
|
$casServiceSession->update($Sinfos);
|
||||||
|
|
||||||
|
my $casServiceSessionID = $casServiceSession->id;
|
||||||
$casServiceTicket = "ST-" . $casServiceSessionID;
|
$casServiceTicket = "ST-" . $casServiceSessionID;
|
||||||
|
|
||||||
untie %$casServiceSession;
|
|
||||||
|
|
||||||
$self->lmLog( "CAS service session $casServiceSessionID created",
|
$self->lmLog( "CAS service session $casServiceSessionID created",
|
||||||
'debug' );
|
'debug' );
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,34 +7,41 @@ package Lemonldap::NG::Portal::_CAS;
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
use Lemonldap::NG::Portal::_Browser;
|
use Lemonldap::NG::Portal::_Browser;
|
||||||
|
use Lemonldap::NG::Common::Session;
|
||||||
|
|
||||||
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
|
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
|
||||||
our $VERSION = '1.3.0';
|
our $VERSION = '1.4.0';
|
||||||
|
|
||||||
## @method hashref getCasSession(string id)
|
## @method hashref getCasSession(string id)
|
||||||
# Try to recover the CAS session corresponding to id and return session datas
|
# Try to recover the CAS session corresponding to id and return session datas
|
||||||
# If id is set to undef, return a new session
|
# If id is set to undef, return a new session
|
||||||
# @param id session reference
|
# @param id session reference
|
||||||
# @return session datas
|
# @return CAS session object
|
||||||
sub getCasSession {
|
sub getCasSession {
|
||||||
my ( $self, $id ) = splice @_;
|
my ( $self, $id ) = splice @_;
|
||||||
my %h;
|
|
||||||
|
|
||||||
# Trying to recover session from CAS session storage
|
my $casSession = Lemonldap::NG::Common::Session->new(
|
||||||
eval { tie %h, $self->{casStorage}, $id, $self->{casStorageOptions}; };
|
{
|
||||||
if ( $@ or not tied(%h) ) {
|
storageModule => $self->{casStorage},
|
||||||
|
storageModuleOptions => $self->{casStorageOptions},
|
||||||
|
cacheModule => $self->{localSessionStorage},
|
||||||
|
cacheModuleOptions => $self->{localSessionStorageOptions},
|
||||||
|
id => $id,
|
||||||
|
kind => "CAS",
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
# Session not available
|
unless ($casSession->data) {
|
||||||
if ($id) {
|
if ($id) {
|
||||||
$self->_sub( 'userInfo', "CAS session $id isn't yet available" );
|
$self->_sub( 'userInfo', "CAS session $id isn't yet available" );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->lmLog( "Unable to create new CAS session: $@", 'error' );
|
$self->lmLog( "Unable to create new CAS session", 'error' );
|
||||||
}
|
}
|
||||||
return 0;
|
return undef;
|
||||||
}
|
}
|
||||||
|
|
||||||
return \%h;
|
return $casSession;
|
||||||
}
|
}
|
||||||
|
|
||||||
## @method void returnCasValidateError()
|
## @method void returnCasValidateError()
|
||||||
|
|
@ -189,10 +196,10 @@ sub deleteCasSecondarySessions {
|
||||||
# Get session
|
# Get session
|
||||||
$self->lmLog( "Retrieve CAS session $cas_session", 'debug' );
|
$self->lmLog( "Retrieve CAS session $cas_session", 'debug' );
|
||||||
|
|
||||||
my $casSessionInfo = $self->getCasSession($cas_session);
|
my $casSession = $self->getCasSession($cas_session);
|
||||||
|
|
||||||
# Delete session
|
# Delete session
|
||||||
$result = $self->deleteCasSession($casSessionInfo);
|
$result = $self->deleteCasSession($casSession);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
@ -204,29 +211,24 @@ sub deleteCasSecondarySessions {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
## @method boolean deleteCasSession(hashref session)
|
## @method boolean deleteCasSession(Lemonldap::NG::Common::Session session)
|
||||||
# Delete an opened CAS session
|
# Delete an opened CAS session
|
||||||
# @param session Tied session object
|
# @param session object
|
||||||
# @return result
|
# @return result
|
||||||
sub deleteCasSession {
|
sub deleteCasSession {
|
||||||
my ( $self, $session ) = splice @_;
|
my ( $self, $session ) = splice @_;
|
||||||
|
|
||||||
# Check session object
|
# Check session object
|
||||||
unless ( ref($session) eq 'HASH' ) {
|
unless ( $session && $session->data ) {
|
||||||
$self->lmLog( "Provided session is not a HASH reference", 'error' );
|
$self->lmLog( "No session to delete", 'error' );
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Get session_id
|
# Get session_id
|
||||||
my $session_id = $session->{_session_id};
|
my $session_id = $session->id;
|
||||||
|
|
||||||
# Delete session
|
# Delete session
|
||||||
eval { tied(%$session)->delete() };
|
$session->remove;
|
||||||
|
|
||||||
if ($@) {
|
|
||||||
$self->lmLog( "Unable to delete CAS session $session_id: $@", 'error' );
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
$self->lmLog( "CAS session $session_id deleted", 'debug' );
|
$self->lmLog( "CAS session $session_id deleted", 'debug' );
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user