Add UserDBGoogle
This commit is contained in:
parent
bb3c9bfac1
commit
93e026b1ad
@ -665,6 +665,7 @@ function formateSelectUser(id,value){
|
|||||||
'AD=Active Directory',
|
'AD=Active Directory',
|
||||||
'DBI=Database (DBI)',
|
'DBI=Database (DBI)',
|
||||||
'Demo=Demonstration',
|
'Demo=Demonstration',
|
||||||
|
'Google=Google',
|
||||||
'LDAP=LDAP',
|
'LDAP=LDAP',
|
||||||
'Multi=Multiple',
|
'Multi=Multiple',
|
||||||
'Null=None',
|
'Null=None',
|
||||||
|
@ -10,21 +10,52 @@ use strict;
|
|||||||
use Lemonldap::NG::Portal::Simple;
|
use Lemonldap::NG::Portal::Simple;
|
||||||
use Lemonldap::NG::Common::Regexp;
|
use Lemonldap::NG::Common::Regexp;
|
||||||
use LWP::UserAgent;
|
use LWP::UserAgent;
|
||||||
|
use URI::Escape;
|
||||||
use Cache::FileCache;
|
use Cache::FileCache;
|
||||||
|
|
||||||
|
use constant AXSPECURL => 'http://openid.net/srv/ax/1.0';
|
||||||
|
use constant GOOGLEENDPOINT => 'https://www.google.com/accounts/o8/id';
|
||||||
|
|
||||||
our $VERSION = '1.3.0';
|
our $VERSION = '1.3.0';
|
||||||
our $initDone;
|
our $initDone;
|
||||||
|
our $googleEndPoint;
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
eval {
|
eval {
|
||||||
require threads::shared;
|
require threads::shared;
|
||||||
threads::shared::share($initDone);
|
threads::shared::share($initDone);
|
||||||
|
threads::shared::share($googleEndPoint);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
## @apmethod int authInit()
|
## @apmethod int authInit()
|
||||||
# @return Lemonldap::NG::Portal constant
|
# @return Lemonldap::NG::Portal constant
|
||||||
sub authInit {
|
sub authInit {
|
||||||
|
my $self = shift;
|
||||||
|
|
||||||
|
# Get the Google OpenID endpoint
|
||||||
|
unless ($googleEndPoint) {
|
||||||
|
$self->{ua} ||= LWP::UserAgent->new();
|
||||||
|
my $response =
|
||||||
|
$self->{ua}->get( GOOGLEENDPOINT, Accept => 'application/xrds+xml' );
|
||||||
|
if ( $response->is_success ) {
|
||||||
|
|
||||||
|
# Dirty XML parse
|
||||||
|
# (searching for <URI>https://www.google.com/accounts/o8/ud</URI>)
|
||||||
|
my $tmp = $response->decoded_content;
|
||||||
|
if ( $tmp =~ m#<URI.*?>(\S+)</URI>#i ) {
|
||||||
|
$googleEndPoint = $1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog( 'Here is the Google response: '
|
||||||
|
. $response->decoded_content );
|
||||||
|
$self->abort('Can\'t find endpoint in Googe response');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->abort('Can\'t access to Google endpoint');
|
||||||
|
}
|
||||||
|
}
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -38,12 +69,14 @@ sub extractFormInfo {
|
|||||||
|
|
||||||
# 1. If no openid element has been detected
|
# 1. If no openid element has been detected
|
||||||
my $openid = $self->param('openid.mode');
|
my $openid = $self->param('openid.mode');
|
||||||
|
|
||||||
|
# TODO: direct access to Google page
|
||||||
return PE_FIRSTACCESS
|
return PE_FIRSTACCESS
|
||||||
unless ( $self->param('google_go') or $openid );
|
unless ( $self->param('google_go') or $openid );
|
||||||
|
|
||||||
# 2. Check Google responses
|
# 2. Check Google responses
|
||||||
if ($openid) {
|
if ($openid) {
|
||||||
my $check_url = 'https://www.google.com/accounts/o8/ud' . '?' . join(
|
my $check_url = "$googleEndPoint?" . join(
|
||||||
'&',
|
'&',
|
||||||
map {
|
map {
|
||||||
my $val = $self->param($_);
|
my $val = $self->param($_);
|
||||||
@ -51,63 +84,80 @@ sub extractFormInfo {
|
|||||||
sprintf '%s=%s', uri_escape_utf8($_), uri_escape_utf8($val);
|
sprintf '%s=%s', uri_escape_utf8($_), uri_escape_utf8($val);
|
||||||
} $self->param()
|
} $self->param()
|
||||||
);
|
);
|
||||||
use URI::Escape;
|
|
||||||
use LWP::UserAgent;
|
|
||||||
|
|
||||||
# TODO : catch errors here
|
|
||||||
my $response =
|
my $response =
|
||||||
LWP::UserAgent->new()->get( $check_url, Accept => 'text/plain' );
|
LWP::UserAgent->new()->get( $check_url, Accept => 'text/plain' );
|
||||||
|
if ( $response->is_success ) {
|
||||||
my %tmp =
|
my %tmp =
|
||||||
map { my ( $key, $value ) = split /:/, $_, 2; $key => $value }
|
map { my ( $key, $value ) = split /:/, $_, 2; $key => $value }
|
||||||
split /\n/, $response->decoded_content;
|
split /\n/, $response->decoded_content;
|
||||||
return PE_OK if ( $tmp{is_valid} eq 'true' );
|
if ( $tmp{is_valid} eq 'true' ) {
|
||||||
|
my ($ns) = map {
|
||||||
|
( /openid\.ns\.(.*)/ and $self->param($_) eq AXSPECURL )
|
||||||
|
? ($1)
|
||||||
|
: ()
|
||||||
|
} $self->param();
|
||||||
|
if ($ns) {
|
||||||
|
$self->{user} = $self->param("openid.$ns.value.email");
|
||||||
|
$self->{_AXNS} = $ns;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->{user} = $self->param('openid.claimed_id');
|
||||||
|
}
|
||||||
|
return PE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
# TODO: look for returned errors
|
# TODO: look for returned errors
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$self->abort('Can\'t verify Google authentication');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# 3. Check if an OpenID url has been submitted
|
# 3. Redirect user to Google login page
|
||||||
else {
|
else {
|
||||||
my $check_url =
|
my $check_url =
|
||||||
'https://www.google.com/accounts/o8/ud'
|
$googleEndPoint
|
||||||
. '?openid.mode=checkid_setup'
|
. '?openid.mode=checkid_setup'
|
||||||
. '&openid.ns=http://specs.openid.net/auth/2.0'
|
. '&openid.ns=http://specs.openid.net/auth/2.0'
|
||||||
. '&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select'
|
. '&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select'
|
||||||
. '&openid.identity=http://specs.openid.net/auth/2.0/identifier_select'
|
. '&openid.identity=http://specs.openid.net/auth/2.0/identifier_select'
|
||||||
. '&openid.return_to='
|
. '&openid.ns.ax='
|
||||||
. $self->{portal} . '?'
|
. AXSPECURL
|
||||||
. ( $self->{_url} ? "url=$self->{_url}&" : '' )
|
. '&openid.ax.mode=fetch_request'
|
||||||
. (
|
. '&openid.ax.type.email=http://axschema.org/contact/email'
|
||||||
$self->param( $self->{authChoiceParam} )
|
. '&openid.ax.required=email';
|
||||||
? "&"
|
if ( $self->get_module('user') eq 'Google' ) {
|
||||||
. $self->{authChoiceParam} . "="
|
my ( @r, @o );
|
||||||
. $self->param( $self->{authChoiceParam} )
|
while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) {
|
||||||
: ''
|
next if ( $k eq 'email' );
|
||||||
);
|
if ( $k =~ /^(?:(?:la(?:nguag|stnam)|firstnam)e|country)$/ ) {
|
||||||
|
$check_url .= ",$k";
|
||||||
# TODO: Add Google AX extension. Here is OpenID SREG example
|
}
|
||||||
# If UserDB uses OpenID, add "OpenID Simple Registration Extension"
|
else {
|
||||||
# compatible fields
|
$self->lmLog( "Field name: $k is not exported by Google",
|
||||||
#if ( $self->get_module('user') eq 'OpenID' ) {
|
'warn' );
|
||||||
# my ( @r, @o );
|
}
|
||||||
# while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) {
|
}
|
||||||
# if ( $k =~ /^(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)$/
|
}
|
||||||
# )
|
my $sep = '?';
|
||||||
# {
|
my $ret = $self->{portal};
|
||||||
# if ( $v =~ s/^!// ) { push @r, $k }
|
foreach my $v (
|
||||||
# else { push @o, $k }
|
[ $self->{_url}, "url" ],
|
||||||
# }
|
[
|
||||||
# else {
|
$self->param( $self->{authChoiceParam} ),
|
||||||
# $self->lmLog( "Unknown \"OpenID Simple Registration Extension\" field name: $k",
|
$self->{authChoiceParam}
|
||||||
# 'warn'
|
]
|
||||||
# );
|
)
|
||||||
# }
|
{
|
||||||
# }
|
if ( $v->[0] ) {
|
||||||
# my @tmp;
|
$ret .= "$sep$v->[1]=$v->[0]";
|
||||||
# push @tmp, 'openid.sreg.required' => join( ',', @r ) if (@r);
|
$sep = '&';
|
||||||
# push @tmp, 'openid.sreg.optional' => join( ',', @o ) if (@o);
|
}
|
||||||
# OpenID::util::push_url_arg( \$check_url, @tmp ) if (@tmp);
|
}
|
||||||
#}
|
$check_url .= '&openid.return_to=' . uri_escape_utf8($ret);
|
||||||
|
print STDERR $check_url . "\n";
|
||||||
print $self->redirect($check_url);
|
print $self->redirect($check_url);
|
||||||
$self->quit();
|
$self->quit();
|
||||||
}
|
}
|
||||||
@ -168,15 +218,15 @@ __END__
|
|||||||
|
|
||||||
=encoding utf8
|
=encoding utf8
|
||||||
|
|
||||||
Lemonldap::NG::Portal::AuthOpenID - Perl extension for building Lemonldap::NG
|
Lemonldap::NG::Portal::AuthGoogle - Perl extension for building Lemonldap::NG
|
||||||
compatible portals with OpenID authentication.
|
compatible portals with Google authentication.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
use Lemonldap::NG::Portal::SharedConf;
|
use Lemonldap::NG::Portal::SharedConf;
|
||||||
my $portal = new Lemonldap::NG::Portal::Simple(
|
my $portal = new Lemonldap::NG::Portal::Simple(
|
||||||
configStorage => {...}, # See Lemonldap::NG::Portal
|
configStorage => {...}, # See Lemonldap::NG::Portal
|
||||||
authentication => 'OpenID',
|
authentication => 'Google',
|
||||||
);
|
);
|
||||||
|
|
||||||
if($portal->process()) {
|
if($portal->process()) {
|
||||||
@ -196,7 +246,7 @@ compatible portals with OpenID authentication.
|
|||||||
=head1 DESCRIPTION
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
This library just overload few methods of Lemonldap::NG::Portal::Simple to use
|
This library just overload few methods of Lemonldap::NG::Portal::Simple to use
|
||||||
OpenID authentication mechanism.
|
Google authentication mechanism.
|
||||||
|
|
||||||
See L<Lemonldap::NG::Portal::Simple> for usage and other methods.
|
See L<Lemonldap::NG::Portal::Simple> for usage and other methods.
|
||||||
|
|
||||||
|
88
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBGoogle.pm
Normal file
88
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBGoogle.pm
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
## @file
|
||||||
|
# UserDB Google module
|
||||||
|
|
||||||
|
## @class
|
||||||
|
# UserDB Google module
|
||||||
|
package Lemonldap::NG::Portal::UserDBGoogle;
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use Lemonldap::NG::Portal::Simple;
|
||||||
|
|
||||||
|
our $VERSION = '1.0.0';
|
||||||
|
|
||||||
|
## @apmethod int userDBInit()
|
||||||
|
# Check if authentication module is Google
|
||||||
|
# @return Lemonldap::NG::Portal error code
|
||||||
|
sub userDBInit {
|
||||||
|
my $self = shift;
|
||||||
|
|
||||||
|
if ( $self->get_module('auth') eq 'Google' ) {
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog(
|
||||||
|
'UserDBGoogle isn\'t useable unless authentication module is set to Google',
|
||||||
|
'error'
|
||||||
|
);
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
## @apmethod int getUser()
|
||||||
|
# Does nothing
|
||||||
|
# @return Lemonldap::NG::Portal error code
|
||||||
|
sub getUser {
|
||||||
|
PE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
## @apmethod int setSessionInfo()
|
||||||
|
# Check if there are some exportedVars in Google response.
|
||||||
|
# See https://developers.google.com/accounts/docs/OpenID#Parameters
|
||||||
|
# for more
|
||||||
|
# @return Lemonldap::NG::Portal error code
|
||||||
|
sub setSessionInfo {
|
||||||
|
my $self = shift;
|
||||||
|
unless ( $self->{_AXNS} ) {
|
||||||
|
$self->abort(
|
||||||
|
'AX namespace not found in Google response, no datas will be stored'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
foreach my $k ( keys %{ $self->{exportedVars} } ) {
|
||||||
|
my $attr = $k;
|
||||||
|
my $required = ( $attr =~ s/^!// );
|
||||||
|
if ( $self->{exportedVars}->{$k} =~
|
||||||
|
/^(?:(?:la(?:nguag|stnam)|firstnam)e|country|email)$/ )
|
||||||
|
{
|
||||||
|
$self->{sessionInfo}->{$attr} =
|
||||||
|
$self->param(
|
||||||
|
"openid.$self->{_AXNS}.value.$self->{exportedVars}->{$k}");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog(
|
||||||
|
'Ignoring attribute '
|
||||||
|
. $self->{exportedVars}->{$k}
|
||||||
|
. ' which is not a valid Google OpenID AX attribute',
|
||||||
|
'warn'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $required and not defined( $self->{sessionInfo}->{$attr} ) ) {
|
||||||
|
$self->lmLog(
|
||||||
|
"Required parameter $attr is not provided by Google, aborted",
|
||||||
|
'warn' );
|
||||||
|
|
||||||
|
$self->{mustRedirect} = 0;
|
||||||
|
return PE_MISSINGREQATTR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
PE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
## @apmethod int setGroups()
|
||||||
|
# Does nothing
|
||||||
|
# @return Lemonldap::NG::Portal error code
|
||||||
|
sub setGroups {
|
||||||
|
PE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user