New feature in Portal: Cross-Domain-Authentication (Lemonldap::NG::Portal::CDA).

2007-02-23 05:31:32 +00:00 · 2007-02-23 05:31:32 +00:00 · 9a8d380ad7
parent 670f44c91b
commit 9a8d380ad7
8 changed files with 144 additions and 13 deletions
--- a/modules/lemonldap-ng-portal/MANIFEST
+++ b/modules/lemonldap-ng-portal/MANIFEST
@ -2,6 +2,7 @@ Changes
 example/index.pl
 lib/Lemonldap/NG/Portal.pm
 lib/Lemonldap/NG/Portal/AuthSSL.pm
+lib/Lemonldap/NG/Portal/CDA.pm
 lib/Lemonldap/NG/Portal/SharedConf.pm
 lib/Lemonldap/NG/Portal/SharedConf/DBI.pm
 lib/Lemonldap/NG/Portal/Simple.pm
@ -10,6 +11,7 @@ MANIFEST
 META.yml			Module meta-data (added by MakeMaker)
 README
 t/Lemonldap-NG-Portal-AuthSSL.t
+t/Lemonldap-NG-Portal-CDA.t
 t/Lemonldap-NG-Portal-SharedConf-DBI.t
 t/Lemonldap-NG-Portal-SharedConf.t
 t/Lemonldap-NG-Portal-Simple.t
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;

 print STDERR
 "See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
-our $VERSION = "0.61";
+our $VERSION = "0.62";

 1;

@ -280,7 +280,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>

 =head1 COPYRIGHT AND LICENSE

-Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
+Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>

 This library is free software; you can redistribute it and/or modify
 it under the same terms as Perl itself, either Perl version 5.8.4 or,
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
@ -42,7 +42,8 @@ compatible portals with SSL authentication.

 =head1 SYNOPSIS

-With Lemonldap::NG::Portal::SharedConf::DBI, set authentication field to "SSL".
+With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in
+configuration database.

 With Lemonldap::NG::Portal::Simple:

@ -104,7 +105,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>

 =head1 COPYRIGHT AND LICENSE

-Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
+Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>

 This library is free software; you can redistribute it and/or modify
 it under the same terms as Perl itself, either Perl version 5.8.4 or,
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDA.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDA.pm
@ -0,0 +1,113 @@
+package Lemonldap::NG::Portal::CDA;
+
+use strict;
+use Lemonldap::NG::Portal::SharedConf qw(:all);
+
+our $VERSION = '0.01';
+our @ISA = ('Lemonldap::NG::Portal::SharedConf');
+
+*EXPORT_OK   = *Lemonldap::NG::Portal::SharedConf::EXPORT_OK;
+*EXPORT_TAGS = *Lemonldap::NG::Portal::SharedConf::EXPORT_TAGS;
+*EXPORT      = *Lemonldap::NG::Portal::SharedConf::EXPORT;
+
+##################
+# OVERLOADED SUB #
+##################
+
+# 2. Existing sessions are validated so users coming from an other domain
+#    are not re-prompted
+sub existingSession {
+    my ($self, $id, $datas) = @_;
+    PE_DONE;
+}
+
+# 16. If the user was redirected to the portal, we will now redirect him
+#     to the requested URL. If it does not come from our domain, we add
+#     ID in URL
+sub autoRedirect {
+    my $self = shift;
+    my $tmp = $self->{domain};
+    $self->{urldc} .= ";".$self->{cookieName}."=".$self->{id} if($self->{urldc} !~ /$tmp$/oi);
+    return $self->SUPER::autoredirect(@_);
+}
+
+1;
+__END__
+
+=head1 NAME
+
+Lemonldap::NG::Portal::CDA - Perl extension for building Lemonldap::NG
+compatible portals with Cross Domain Authentication.
+
+=head1 SYNOPSIS
+
+  use Lemonldap::NG::Portal::SharedConf;
+  my $portal = new Lemonldap::NG::Portal::SharedConf( {
+         configStorage => {
+             type        => 'DBI',
+             dbiChain    => "dbi:mysql:...",
+             dbiUser     => "lemonldap",
+             dbiPassword => "password",
+             dbiTable    => "lmConfig",
+         },
+    } );
+
+  if($portal->process()) {
+    # Write here the menu with CGI methods. This page is displayed ONLY IF
+    # the user was not redirected here.
+    print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
+    print "...";
+
+    # or redirect the user to the menu
+    print $portal->redirect( -uri => 'https://portal/menu');
+  }
+  else {
+    # Write here the html form used to authenticate with CGI methods.
+    # $portal->error returns the error message if athentification failed
+    # Warning: by defaut, input names are "user" and "password"
+    print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
+    print "...";
+    print '<form method="POST">';
+    # In your form, the following value is required for redirection
+    print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
+    # Next, login and password
+    print 'Login : <input name="user"><br>';
+    print 'Password : <input name="password" type="password" autocomplete="off">';
+    print '<input type="submit" value="go" />';
+    print '</form>';
+  }
+
+Modify your httpd.conf:
+
+  <Location /My/File>
+    SSLVerifyClient require
+    SSLOptions +ExportCertData +CompatEnvVars +StdEnvVars
+  </Location>
+
+=head1 DESCRIPTION
+
+This library just overload few methods of L<>Lemonldap::NG::Portal::SharedConf>
+to add Cross Domain Authentication. Handlers that are not used in the same
+domain than the portal must inherit from L<>Lemonldap::NG::Handler::CDA>.
+
+See L<Lemonldap::NG::Portal::SharedConf> for usage and other methods.
+
+=head1 SEE ALSO
+
+L<Lemonldap::NG::SharedConf>, L<Lemonldap::NG::Handler>,
+L<Lemonldap::NG::Handler::CDA>
+
+=head1 AUTHOR
+
+Xavier Guimard, E<lt>x.guimard@free.frE<gt>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright (C) 2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
+
+This library is free software; you can redistribute it and/or modify
+it under the same terms as Perl itself, either Perl version 5.8.4 or,
+at your option, any later version of Perl 5 you may have available.
+
+=cut
+
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf.pm
@ -231,7 +231,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>

 =head1 COPYRIGHT AND LICENSE

-Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
+Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>

 This library is free software; you can redistribute it and/or modify
 it under the same terms as Perl itself, either Perl version 5.8.4 or,
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf/DBI.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf/DBI.pm
@ -89,7 +89,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>

 =head1 COPYRIGHT AND LICENSE

-Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
+Copyright (C) 2005-2006 by Xavier Guimard E<lt>x.guimard@free.frE<gt>

 This library is free software; you can redistribute it and/or modify
 it under the same terms as Perl itself, either Perl version 5.8.4 or,
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@ -11,7 +11,7 @@ use MIME::Base64;
 use CGI;
 use CGI::Cookie;

-our $VERSION = '0.61';
+our $VERSION = '0.62';

 our @ISA = qw(CGI Exporter);

@ -32,11 +32,11 @@ sub PE_BADCERTIFICATE      { 10 }
 # EXPORTER PARAMETERS
 our %EXPORT_TAGS = (
    'all' => [
-        qw( PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
+        qw( PE_DONE PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
          PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE import )
    ],
    'constants' => [
-        qw( PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
+        qw( PE_DONE PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
          PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE )
    ],
 );
@ -44,7 +44,7 @@ our %EXPORT_TAGS = (
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );

 our @EXPORT =
-  qw( PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
+  qw( PE_DONE PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
  PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE import );

 # CONSTRUCTOR
@ -193,8 +193,8 @@ sub controlUrlOrigin {
 }

 # 2. Control existing sessions
-# TODO: what to do with existing sessions ?
-#       - delete and create a new session
+# what to do with existing sessions ?
+#       - delete and create a new session (default)
 #       - re-authentication (actual scheme)
 #       - nothing: user is authenticated and process
 #                  returns true
@ -700,7 +700,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>

 =head1 COPYRIGHT AND LICENSE

-Copyright (C) 2005, 2006, 2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
+Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>

 This library is free software; you can redistribute it and/or modify
 it under the same terms as Perl itself, either Perl version 5.8.4 or,
--- a/modules/lemonldap-ng-portal/t/Lemonldap-NG-Portal-CDA.t
+++ b/modules/lemonldap-ng-portal/t/Lemonldap-NG-Portal-CDA.t
@ -0,0 +1,15 @@
+# Before `make install' is performed this script should be runnable with
+# `make test'. After `make install' it should work as `perl Lemonldap-NG-Portal.t'
+
+#########################
+
+# change 'tests => 1' to 'tests => last_test_to_print';
+
+use Test::More tests => 1;
+BEGIN { use_ok('Lemonldap::NG::Portal::CDA') };
+
+#########################
+
+# Insert your test code below, the Test::More module is use()ed here so read
+# its man page ( perldoc Test::More ) for help writing this test script.
+