diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/OpenID/SREG.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/OpenID/SREG.pm index 8c794337c..5a22c79e0 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/OpenID/SREG.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/OpenID/SREG.pm @@ -19,13 +19,18 @@ sub sregHook { # Refuse federation if rejected by user return 0 if ( $self->param('confirm') == -1 ); + + # If identity is not trusted, does nothing return ( 0, $prm ) unless ($is_id); $self->lmLog( "SREG start", 'debug' ); - # TODO: verify that request has been accepted my $accepted = 1; + + # Check all parameters while ( my ( $k, $v ) = each %$prm ) { + + # Store policy if provided if ( $k eq 'policy_url' ) { if ( $v =~ Lemonldap::NG::Common::Regexp::HTTP_URI ) { $self->{_openIdTrustExtMsg} .= @@ -33,7 +38,8 @@ sub sregHook { . &Lemonldap::NG::Portal::_i18n::msg(PM_OPENID_PA) . " :
$v
"; - # TODO: is it important to notify policy changes ? + # Question: is it important to notify policy changes ? + # if yes, uncomment this #my $p = # $self->{sessionInfo}->{"_openidTrust$trust_root\_Policy"}; #$accepted = 0 unless ( $p and $p eq $v ); @@ -42,10 +48,14 @@ sub sregHook { $self->lmLog( "Bad policy url", 'error' ); } } + + # Parse required attributes elsif ( $k eq 'required' ) { $self->lmLog( "Required attr $v", 'debug' ); push @req, split( /,/, $v ); } + + # Parse optional attributes elsif ( $k eq 'optional' ) { $self->lmLog( "Optional attr $v", 'debug' ); push @opt, @@ -57,7 +67,7 @@ sub sregHook { } # Check if required keys are valid SREG requests - # TODO: reject bad SREG request ? + # Question: reject bad SREG request ? Not done yet @req = sregfilter( $self, @req ); @opt = sregfilter( $self, @opt ); @@ -125,7 +135,6 @@ sub sregHook { # Store the value returned if ( !defined($agree) or $agree != $ck ) { - $self->{sessionInfo}->{"_openidTrust$trust_root\_$k"} = 1; $self->updateSession( { "_openidTrust$trust_root\_$k" => $ck } ); $agree = $ck; @@ -142,6 +151,9 @@ sub sregHook { $r{$k} = $msg{opt}->{$k}; $ag{$k} = 1; } + elsif ( !defined($agree) ) { + $ag{$k} = 1; + } else { $ag{$k} = 0; } @@ -178,6 +190,10 @@ sub sregHook { } } +## @method private array sregfilter(array attr) +# Filter the arguments passed as parameters by checking their compliance with +# SREG. +# @return fitered datas sub sregfilter { my ( $self, @attr ) = splice @_; my ( @ret, @rej ); diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm index d808813eb..6238c1559 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm @@ -781,11 +781,13 @@ sub updateSession { my ( $self, $infos, $id ) = splice @_; my %cookies = fetch CGI::Cookie; - # Session ID - unless ($id) { - $id = $cookies{ $self->{cookieName} }->value - if defined $cookies{ $self->{cookieName} }; - } + # Update sessionInfo datas + $self->{sessionInfo}->{$_} = $infos->{$_} unless ($id); + + # Recover session ID unless given + $id ||= $self->{id}; + $id ||= $cookies{ $self->{cookieName} }->value + if ( defined $cookies{ $self->{cookieName} } ); if ($id) { my $h = $self->getApacheSession( $id, 1 ) or return undef; @@ -800,7 +802,6 @@ sub updateSession { untie %$h; } - } ## @method void addSessionValue(string key, string value, string id)