Generate CAS Service Ticket (#101)

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBCAS.pm

@@ -7,6 +7,8 @@ package Lemonldap::NG::Portal::IssuerDBCAS;
 
 use strict;
 use Lemonldap::NG::Portal::Simple;
+use Lemonldap::NG::Portal::_CAS;
+our @ISA = qw(Lemonldap::NG::Portal::_CAS);
 
 our $VERSION = '0.01';
 
@@ -24,13 +26,46 @@ sub issuerDBInit {
 sub issuerForUnAuthUser {
     my $self = shift;
 
+    my $portal = $self->{portal};
+    $portal =~ s/\/$//;
+
     # CAS URLs
-    my $cas_login_url           = $self->{portal} . '/cas/login';
-    my $cas_logout_url          = $self->{portal} . '/cas/logout';
-    my $cas_validate_url        = $self->{portal} . '/cas/validate';
-    my $cas_serviceValidate_url = $self->{portal} . '/cas/serviceValidate';
-    my $cas_proxyValidate_url   = $self->{portal} . '/cas/proxyValidate';
-    my $cas_proxy_url           = $self->{portal} . '/cas/proxy';
+    my $cas_login_url           = $portal . '/cas/login';
+    my $cas_logout_url          = $portal . '/cas/logout';
+    my $cas_validate_url        = $portal . '/cas/validate';
+    my $cas_serviceValidate_url = $portal . '/cas/serviceValidate';
+    my $cas_proxyValidate_url   = $portal . '/cas/proxyValidate';
+    my $cas_proxy_url           = $portal . '/cas/proxy';
+
+    # Called URL
+    my $url = $self->url();
+
+    # 1. LOGIN
+    if ( $url =~ /\Q$cas_login_url\E/io ) {
+
+        $self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' );
+
+        # GET parameters
+        my $service = $self->getHiddenFormValue('service')
+          || $self->param('service');
+        my $renew = $self->getHiddenFormValue('renew') || $self->param('renew');
+        my $gateway = $self->getHiddenFormValue('gateway')
+          || $self->param('gateway');
+
+        # Keep values in hidden fields
+        $self->setHiddenFormValue( 'service', $service );
+        $self->setHiddenFormValue( 'renew',   $renew );
+        $self->setHiddenFormValue( 'gateway', $gateway );
+
+        # Gateway
+        # Authentication must use non-interactive mean
+        # TODO
+        if ( $gateway eq 'true' ) {
+            $self->lmLog( "Gateway authentication not managed", 'error' );
+            return PE_ERROR;
+        }
+
+    }
 
     PE_OK;
 }
@@ -41,22 +76,92 @@ sub issuerForUnAuthUser {
 sub issuerForAuthUser {
     my $self   = shift;
 
+    my $portal = $self->{portal};
+    $portal =~ s/\/$//;
+
     # CAS URLs
-    my $cas_login_url           = $self->{portal} . '/cas/login';
-    my $cas_logout_url          = $self->{portal} . '/cas/logout';
-    my $cas_validate_url        = $self->{portal} . '/cas/validate';
-    my $cas_serviceValidate_url = $self->{portal} . '/cas/serviceValidate';
-    my $cas_proxyValidate_url   = $self->{portal} . '/cas/proxyValidate';
-    my $cas_proxy_url           = $self->{portal} . '/cas/proxy';
+    my $cas_login_url           = $portal . '/cas/login';
+    my $cas_logout_url          = $portal . '/cas/logout';
+    my $cas_validate_url        = $portal . '/cas/validate';
+    my $cas_serviceValidate_url = $portal . '/cas/serviceValidate';
+    my $cas_proxyValidate_url   = $portal . '/cas/proxyValidate';
+    my $cas_proxy_url           = $portal . '/cas/proxy';
+
+    # Called URL
+    my $url = $self->url();
+
+    # Session ID
+    my $session_id = $self->{sessionInfo}->{_session_id} || $self->{id};
+
+    # 1. LOGIN
+    if ( $url =~ /\Q$cas_login_url\E/io ) {
+
+        $self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' );
+
+        # GET parameters
+        my $service = $self->getHiddenFormValue('service')
+          || $self->param('service');
+        my $renew = $self->getHiddenFormValue('renew') || $self->param('renew');
+        my $gateway = $self->getHiddenFormValue('gateway')
+          || $self->param('gateway');
+
+        # Renew
+        # Authentication must be replayed
+        # TODO
+        if ( $renew eq 'true' ) {
+            $self->lmLog( "Authentication renewal not managed", 'error' );
+            return PE_ERROR;
+        }
+
+        # If no service defined, exit
+        unless ( defined $service ) {
+            $self->lmLog( "No service defined in CAS URL", 'debug' );
+            return PE_OK;
+        }
+
+        # Create a service ticket
+        $self->lmLog( "Create a CAS service ticket for service $service",
+            'debug' );
+
+        my $casServiceSession = $self->getCasSession();
+
+        return PE_ERROR unless $casServiceSession;
+
+        $casServiceSession->{type}    = 'casService';
+        $casServiceSession->{service} = $service;
+        $casServiceSession->{id}      = $session_id;
+
+        my $casServiceSessionID = $casServiceSession->{_session_id};
+        my $casServiceTicket    = "ST-" . $casServiceSessionID;
+
+        untie %$casServiceSession;
+
+        $self->lmLog( "CAS service session $casServiceSessionID created",
+            'debug' );
+
+        # Redirect to service
+        my $service_url = (
+              $service =~ /\?/
+            ? $service .= '&ticket=' . $casServiceTicket
+            : $service .= '?ticket=' . $casServiceTicket
+        );
+
+        $self->{urldc} = $service_url;
+
+        return $self->_subProcess(qw(autoRedirect));
+    }
 
     PE_OK;
 }
 
 ## @apmethod int issuerLogout()
-# Do nothing
+# Destroy linked CAS sessions
 # @return Lemonldap::NG::Portal error code
 sub issuerLogout {
     my $self = shift;
+
+    # TODO
+
     PE_OK;
 }
 

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm

@@ -465,6 +465,10 @@ sub setDefaultValues {
     $self->{samlStorageOptions}   ||= $self->{globalStorageOptions};
     $self->{samlMetadataForceUTF8} = 1
       unless ( defined( $self->{samlMetadataForceUTF8} ) );
+
+    # CAS
+    $self->{casStorage}        ||= $self->{globalStorage};
+    $self->{casStorageOptions} ||= $self->{globalStorageOptions};
 }
 
 ## @method protected void setHiddenFormValue(string fieldname, string value, string prefix, boolean base64)

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm

@@ -0,0 +1,78 @@
+## @file
+# Common CAS functions
+
+## @class
+# Common CAS functions
+package Lemonldap::NG::Portal::_CAS;
+
+use strict;
+
+our $VERSION = '0.01';
+
+## @method hashref getCasSession(string id)
+# Try to recover the CAS session corresponding to id and return session datas
+# If id is set to undef, return a new session
+# @param id session reference
+# @return session datas
+sub getCasSession {
+    my ( $self, $id ) = splice @_;
+    my %h;
+
+    # Trying to recover session from CAS session storage
+    eval { tie %h, $self->{casStorage}, $id, $self->{casStorageOptions}; };
+    if ( $@ or not tied(%h) ) {
+
+        # Session not available
+        if ($id) {
+            $self->lmLog( "CAS session $id isn't yet available", 'info' );
+        }
+        else {
+            $self->lmLog( "Unable to create new CAS session: $@", 'error' );
+        }
+        return 0;
+    }
+
+    return \%h;
+}
+
+__END__
+
+=head1 NAME
+
+=encoding utf8
+
+Lemonldap::NG::Portal::_CAS - Common CAS functions
+
+=head1 SYNOPSIS
+
+use Lemonldap::NG::Portal::_CAS;
+
+=head1 DESCRIPTION
+
+This module contains common methods for CAS
+
+=head1 METHODS
+
+=head2 getCasSession
+
+Try to recover the CAS session corresponding to id and return session datas
+If id is set to undef, return a new session
+
+=head1 SEE ALSO
+
+L<Lemonldap::NG::Portal::IssuerDBCAS>,
+
+=head1 AUTHOR
+
+Clement Oudot, E<lt>coudot@linagora.comE<gt>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright (C) 2010 by Clement Oudot
+
+This library is free software; you can redistribute it and/or modify
+it under the same terms as Perl itself, either Perl version 5.10.0 or,
+at your option, any later version of Perl 5 you may have available.
+
+=cut
+

modules/lemonldap-ng-portal/t/65-Lemonldap-NG-Portal-IssuerDBCAS.t

@@ -0,0 +1,15 @@
+# Before `make install' is performed this script should be runnable with
+# `make test'. After `make install' it should work as `perl Lemonldap-NG-Portal-AuthSsl.t'
+
+#########################
+
+# change 'tests => 1' to 'tests => last_test_to_print';
+
+use Test::More tests => 1;
+BEGIN { use_ok('Lemonldap::NG::Portal::IssuerDBCAS') }
+
+#########################
+
+# Insert your test code below, the Test::More module is use()ed here so read
+# its man page ( perldoc Test::More ) for help writing this test script.
+