dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add UserDBGoogle

Browse Source
This commit is contained in:
Xavier Guimard 2013-09-29 07:09:32 +00:00
parent bb3c9bfac1
commit 93e026b1ad
3 changed files with 189 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lemonldap-ng-manager/example/skins/default/js/manager.js
View File

@ -665,6 +665,7 @@ function formateSelectUser(id,value){
'AD=Active Directory', 'AD=Active Directory',
'DBI=Database (DBI)', 'DBI=Database (DBI)',
'Demo=Demonstration', 'Demo=Demonstration',
'Google=Google',
'LDAP=LDAP', 'LDAP=LDAP',
'Multi=Multiple', 'Multi=Multiple',
'Null=None', 'Null=None',

150
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthGoogle.pm
View File

@ -10,21 +10,52 @@ use strict;
use Lemonldap::NG::Portal::Simple; use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Common::Regexp; use Lemonldap::NG::Common::Regexp;
use LWP::UserAgent; use LWP::UserAgent;
use URI::Escape;
use Cache::FileCache; use Cache::FileCache;
use constant AXSPECURL => 'http://openid.net/srv/ax/1.0';
use constant GOOGLEENDPOINT => 'https://www.google.com/accounts/o8/id';
our $VERSION = '1.3.0'; our $VERSION = '1.3.0';
our $initDone; our $initDone;
our $googleEndPoint;
BEGIN { BEGIN {
eval { eval {
require threads::shared; require threads::shared;
threads::shared::share($initDone); threads::shared::share($initDone);
threads::shared::share($googleEndPoint);
}; };
} }
## @apmethod int authInit() ## @apmethod int authInit()
# @return Lemonldap::NG::Portal constant # @return Lemonldap::NG::Portal constant
sub authInit { sub authInit {
my $self = shift;
# Get the Google OpenID endpoint
unless ($googleEndPoint) {
$self->{ua} ||= LWP::UserAgent->new();
my $response =
$self->{ua}->get( GOOGLEENDPOINT, Accept => 'application/xrds+xml' );
if ( $response->is_success ) {
# Dirty XML parse
# (searching for <URI>https://www.google.com/accounts/o8/ud</URI>)
my $tmp = $response->decoded_content;
if ( $tmp =~ m#<URI.*?>(\S+)</URI>#i ) {
$googleEndPoint = $1;
}
else {
$self->lmLog( 'Here is the Google response: '
. $response->decoded_content );
$self->abort('Can\'t find endpoint in Googe response');
}
}
else {
$self->abort('Can\'t access to Google endpoint');
}
}
PE_OK; PE_OK;
} }
@ -38,12 +69,14 @@ sub extractFormInfo {
# 1. If no openid element has been detected # 1. If no openid element has been detected
my $openid = $self->param('openid.mode'); my $openid = $self->param('openid.mode');
# TODO: direct access to Google page
return PE_FIRSTACCESS return PE_FIRSTACCESS
unless ( $self->param('google_go') or $openid ); unless ( $self->param('google_go') or $openid );
# 2. Check Google responses # 2. Check Google responses
if ($openid) { if ($openid) {
my $check_url = 'https://www.google.com/accounts/o8/ud' . '?' . join( my $check_url = "$googleEndPoint?" . join(
'&', '&',
map { map {
my $val = $self->param($_); my $val = $self->param($_);
@ -51,63 +84,80 @@ sub extractFormInfo {
sprintf '%s=%s', uri_escape_utf8($_), uri_escape_utf8($val); sprintf '%s=%s', uri_escape_utf8($_), uri_escape_utf8($val);
} $self->param() } $self->param()
); );
use URI::Escape;
use LWP::UserAgent;
# TODO : catch errors here
my $response = my $response =
LWP::UserAgent->new()->get( $check_url, Accept => 'text/plain' ); LWP::UserAgent->new()->get( $check_url, Accept => 'text/plain' );
my %tmp = if ( $response->is_success ) {
map { my ( $key, $value ) = split /:/, $_, 2; $key => $value } my %tmp =
split /\n/, $response->decoded_content; map { my ( $key, $value ) = split /:/, $_, 2; $key => $value }
return PE_OK if ( $tmp{is_valid} eq 'true' ); split /\n/, $response->decoded_content;
if ( $tmp{is_valid} eq 'true' ) {
my ($ns) = map {
( /openid\.ns\.(.*)/ and $self->param($_) eq AXSPECURL )
? ($1)
: ()
} $self->param();
if ($ns) {
$self->{user} = $self->param("openid.$ns.value.email");
$self->{_AXNS} = $ns;
}
else {
$self->{user} = $self->param('openid.claimed_id');
}
return PE_OK;
}
# TODO: look for returned errors # TODO: look for returned errors
return PE_BADCREDENTIALS; return PE_BADCREDENTIALS;
}
else {
$self->abort('Can\'t verify Google authentication');
}
} }
# 3. Check if an OpenID url has been submitted # 3. Redirect user to Google login page
else { else {
my $check_url = my $check_url =
'https://www.google.com/accounts/o8/ud' $googleEndPoint
. '?openid.mode=checkid_setup' . '?openid.mode=checkid_setup'
. '&openid.ns=http://specs.openid.net/auth/2.0' . '&openid.ns=http://specs.openid.net/auth/2.0'
. '&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select' . '&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select'
. '&openid.identity=http://specs.openid.net/auth/2.0/identifier_select' . '&openid.identity=http://specs.openid.net/auth/2.0/identifier_select'
. '&openid.return_to=' . '&openid.ns.ax='
. $self->{portal} . '?' . AXSPECURL
. ( $self->{_url} ? "url=$self->{_url}&" : '' ) . '&openid.ax.mode=fetch_request'
. ( . '&openid.ax.type.email=http://axschema.org/contact/email'
$self->param( $self->{authChoiceParam} ) . '&openid.ax.required=email';
? "&" if ( $self->get_module('user') eq 'Google' ) {
. $self->{authChoiceParam} . "=" my ( @r, @o );
. $self->param( $self->{authChoiceParam} ) while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) {
: '' next if ( $k eq 'email' );
); if ( $k =~ /^(?:(?:la(?:nguag|stnam)|firstnam)e|country)$/ ) {
$check_url .= ",$k";
# TODO: Add Google AX extension. Here is OpenID SREG example }
# If UserDB uses OpenID, add "OpenID Simple Registration Extension" else {
# compatible fields $self->lmLog( "Field name: $k is not exported by Google",
#if ( $self->get_module('user') eq 'OpenID' ) { 'warn' );
# my ( @r, @o ); }
# while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) { }
# if ( $k =~ /^(?:(?:(?:full|nick)nam|languag|postcod|timezon)e|country|gender|email|dob)$/ }
# ) my $sep = '?';
# { my $ret = $self->{portal};
# if ( $v =~ s/^!// ) { push @r, $k } foreach my $v (
# else { push @o, $k } [ $self->{_url}, "url" ],
# } [
# else { $self->param( $self->{authChoiceParam} ),
# $self->lmLog( "Unknown \"OpenID Simple Registration Extension\" field name: $k", $self->{authChoiceParam}
# 'warn' ]
# ); )
# } {
# } if ( $v->[0] ) {
# my @tmp; $ret .= "$sep$v->[1]=$v->[0]";
# push @tmp, 'openid.sreg.required' => join( ',', @r ) if (@r); $sep = '&';
# push @tmp, 'openid.sreg.optional' => join( ',', @o ) if (@o); }
# OpenID::util::push_url_arg( \$check_url, @tmp ) if (@tmp); }
#} $check_url .= '&openid.return_to=' . uri_escape_utf8($ret);
print STDERR $check_url . "\n";
print $self->redirect($check_url); print $self->redirect($check_url);
$self->quit(); $self->quit();
} }
@ -168,15 +218,15 @@ __END__
=encoding utf8 =encoding utf8
Lemonldap::NG::Portal::AuthOpenID - Perl extension for building Lemonldap::NG Lemonldap::NG::Portal::AuthGoogle - Perl extension for building Lemonldap::NG
compatible portals with OpenID authentication. compatible portals with Google authentication.
=head1 SYNOPSIS =head1 SYNOPSIS
use Lemonldap::NG::Portal::SharedConf; use Lemonldap::NG::Portal::SharedConf;
my $portal = new Lemonldap::NG::Portal::Simple( my $portal = new Lemonldap::NG::Portal::Simple(
configStorage => {...}, # See Lemonldap::NG::Portal configStorage => {...}, # See Lemonldap::NG::Portal
authentication => 'OpenID', authentication => 'Google',
); );
if($portal->process()) { if($portal->process()) {
@ -196,7 +246,7 @@ compatible portals with OpenID authentication.
=head1 DESCRIPTION =head1 DESCRIPTION
This library just overload few methods of Lemonldap::NG::Portal::Simple to use This library just overload few methods of Lemonldap::NG::Portal::Simple to use
OpenID authentication mechanism. Google authentication mechanism.
See L<Lemonldap::NG::Portal::Simple> for usage and other methods. See L<Lemonldap::NG::Portal::Simple> for usage and other methods.

88
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBGoogle.pm Normal file
View File

@ -0,0 +1,88 @@
## @file
# UserDB Google module
## @class
# UserDB Google module
package Lemonldap::NG::Portal::UserDBGoogle;
use strict;
use Lemonldap::NG::Portal::Simple;
our $VERSION = '1.0.0';
## @apmethod int userDBInit()
# Check if authentication module is Google
# @return Lemonldap::NG::Portal error code
sub userDBInit {
my $self = shift;
if ( $self->get_module('auth') eq 'Google' ) {
}
else {
$self->lmLog(
'UserDBGoogle isn\'t useable unless authentication module is set to Google',
'error'
);
return PE_ERROR;
}
}
## @apmethod int getUser()
# Does nothing
# @return Lemonldap::NG::Portal error code
sub getUser {
PE_OK;
}
## @apmethod int setSessionInfo()
# Check if there are some exportedVars in Google response.
# See https://developers.google.com/accounts/docs/OpenID#Parameters
# for more
# @return Lemonldap::NG::Portal error code
sub setSessionInfo {
my $self = shift;
unless ( $self->{_AXNS} ) {
$self->abort(
'AX namespace not found in Google response, no datas will be stored'
);
}
foreach my $k ( keys %{ $self->{exportedVars} } ) {
my $attr = $k;
my $required = ( $attr =~ s/^!// );
if ( $self->{exportedVars}->{$k} =~
/^(?:(?:la(?:nguag|stnam)|firstnam)e|country|email)$/ )
{
$self->{sessionInfo}->{$attr} =
$self->param(
"openid.$self->{_AXNS}.value.$self->{exportedVars}->{$k}");
}
else {
$self->lmLog(
'Ignoring attribute '
. $self->{exportedVars}->{$k}
. ' which is not a valid Google OpenID AX attribute',
'warn'
);
}
if ( $required and not defined( $self->{sessionInfo}->{$attr} ) ) {
$self->lmLog(
"Required parameter $attr is not provided by Google, aborted",
'warn' );
$self->{mustRedirect} = 0;
return PE_MISSINGREQATTR;
}
}
PE_OK;
}
## @apmethod int setGroups()
# Does nothing
# @return Lemonldap::NG::Portal error code
sub setGroups {
PE_OK;
}
1;