Generate CAS Service Ticket (#101)
This commit is contained in:
parent
c6c8024326
commit
a6acf86f4e
@ -7,6 +7,8 @@ package Lemonldap::NG::Portal::IssuerDBCAS;
|
||||
|
||||
use strict;
|
||||
use Lemonldap::NG::Portal::Simple;
|
||||
use Lemonldap::NG::Portal::_CAS;
|
||||
our @ISA = qw(Lemonldap::NG::Portal::_CAS);
|
||||
|
||||
our $VERSION = '0.01';
|
||||
|
||||
@ -24,13 +26,46 @@ sub issuerDBInit {
|
||||
sub issuerForUnAuthUser {
|
||||
my $self = shift;
|
||||
|
||||
my $portal = $self->{portal};
|
||||
$portal =~ s/\/$//;
|
||||
|
||||
# CAS URLs
|
||||
my $cas_login_url = $self->{portal} . '/cas/login';
|
||||
my $cas_logout_url = $self->{portal} . '/cas/logout';
|
||||
my $cas_validate_url = $self->{portal} . '/cas/validate';
|
||||
my $cas_serviceValidate_url = $self->{portal} . '/cas/serviceValidate';
|
||||
my $cas_proxyValidate_url = $self->{portal} . '/cas/proxyValidate';
|
||||
my $cas_proxy_url = $self->{portal} . '/cas/proxy';
|
||||
my $cas_login_url = $portal . '/cas/login';
|
||||
my $cas_logout_url = $portal . '/cas/logout';
|
||||
my $cas_validate_url = $portal . '/cas/validate';
|
||||
my $cas_serviceValidate_url = $portal . '/cas/serviceValidate';
|
||||
my $cas_proxyValidate_url = $portal . '/cas/proxyValidate';
|
||||
my $cas_proxy_url = $portal . '/cas/proxy';
|
||||
|
||||
# Called URL
|
||||
my $url = $self->url();
|
||||
|
||||
# 1. LOGIN
|
||||
if ( $url =~ /\Q$cas_login_url\E/io ) {
|
||||
|
||||
$self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' );
|
||||
|
||||
# GET parameters
|
||||
my $service = $self->getHiddenFormValue('service')
|
||||
|| $self->param('service');
|
||||
my $renew = $self->getHiddenFormValue('renew') || $self->param('renew');
|
||||
my $gateway = $self->getHiddenFormValue('gateway')
|
||||
|| $self->param('gateway');
|
||||
|
||||
# Keep values in hidden fields
|
||||
$self->setHiddenFormValue( 'service', $service );
|
||||
$self->setHiddenFormValue( 'renew', $renew );
|
||||
$self->setHiddenFormValue( 'gateway', $gateway );
|
||||
|
||||
# Gateway
|
||||
# Authentication must use non-interactive mean
|
||||
# TODO
|
||||
if ( $gateway eq 'true' ) {
|
||||
$self->lmLog( "Gateway authentication not managed", 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
@ -41,22 +76,92 @@ sub issuerForUnAuthUser {
|
||||
sub issuerForAuthUser {
|
||||
my $self = shift;
|
||||
|
||||
my $portal = $self->{portal};
|
||||
$portal =~ s/\/$//;
|
||||
|
||||
# CAS URLs
|
||||
my $cas_login_url = $self->{portal} . '/cas/login';
|
||||
my $cas_logout_url = $self->{portal} . '/cas/logout';
|
||||
my $cas_validate_url = $self->{portal} . '/cas/validate';
|
||||
my $cas_serviceValidate_url = $self->{portal} . '/cas/serviceValidate';
|
||||
my $cas_proxyValidate_url = $self->{portal} . '/cas/proxyValidate';
|
||||
my $cas_proxy_url = $self->{portal} . '/cas/proxy';
|
||||
my $cas_login_url = $portal . '/cas/login';
|
||||
my $cas_logout_url = $portal . '/cas/logout';
|
||||
my $cas_validate_url = $portal . '/cas/validate';
|
||||
my $cas_serviceValidate_url = $portal . '/cas/serviceValidate';
|
||||
my $cas_proxyValidate_url = $portal . '/cas/proxyValidate';
|
||||
my $cas_proxy_url = $portal . '/cas/proxy';
|
||||
|
||||
# Called URL
|
||||
my $url = $self->url();
|
||||
|
||||
# Session ID
|
||||
my $session_id = $self->{sessionInfo}->{_session_id} || $self->{id};
|
||||
|
||||
# 1. LOGIN
|
||||
if ( $url =~ /\Q$cas_login_url\E/io ) {
|
||||
|
||||
$self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' );
|
||||
|
||||
# GET parameters
|
||||
my $service = $self->getHiddenFormValue('service')
|
||||
|| $self->param('service');
|
||||
my $renew = $self->getHiddenFormValue('renew') || $self->param('renew');
|
||||
my $gateway = $self->getHiddenFormValue('gateway')
|
||||
|| $self->param('gateway');
|
||||
|
||||
# Renew
|
||||
# Authentication must be replayed
|
||||
# TODO
|
||||
if ( $renew eq 'true' ) {
|
||||
$self->lmLog( "Authentication renewal not managed", 'error' );
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
# If no service defined, exit
|
||||
unless ( defined $service ) {
|
||||
$self->lmLog( "No service defined in CAS URL", 'debug' );
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
# Create a service ticket
|
||||
$self->lmLog( "Create a CAS service ticket for service $service",
|
||||
'debug' );
|
||||
|
||||
my $casServiceSession = $self->getCasSession();
|
||||
|
||||
return PE_ERROR unless $casServiceSession;
|
||||
|
||||
$casServiceSession->{type} = 'casService';
|
||||
$casServiceSession->{service} = $service;
|
||||
$casServiceSession->{id} = $session_id;
|
||||
|
||||
my $casServiceSessionID = $casServiceSession->{_session_id};
|
||||
my $casServiceTicket = "ST-" . $casServiceSessionID;
|
||||
|
||||
untie %$casServiceSession;
|
||||
|
||||
$self->lmLog( "CAS service session $casServiceSessionID created",
|
||||
'debug' );
|
||||
|
||||
# Redirect to service
|
||||
my $service_url = (
|
||||
$service =~ /\?/
|
||||
? $service .= '&ticket=' . $casServiceTicket
|
||||
: $service .= '?ticket=' . $casServiceTicket
|
||||
);
|
||||
|
||||
$self->{urldc} = $service_url;
|
||||
|
||||
return $self->_subProcess(qw(autoRedirect));
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
## @apmethod int issuerLogout()
|
||||
# Do nothing
|
||||
# Destroy linked CAS sessions
|
||||
# @return Lemonldap::NG::Portal error code
|
||||
sub issuerLogout {
|
||||
my $self = shift;
|
||||
|
||||
# TODO
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
@ -465,6 +465,10 @@ sub setDefaultValues {
|
||||
$self->{samlStorageOptions} ||= $self->{globalStorageOptions};
|
||||
$self->{samlMetadataForceUTF8} = 1
|
||||
unless ( defined( $self->{samlMetadataForceUTF8} ) );
|
||||
|
||||
# CAS
|
||||
$self->{casStorage} ||= $self->{globalStorage};
|
||||
$self->{casStorageOptions} ||= $self->{globalStorageOptions};
|
||||
}
|
||||
|
||||
## @method protected void setHiddenFormValue(string fieldname, string value, string prefix, boolean base64)
|
||||
|
78
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm
Normal file
78
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm
Normal file
@ -0,0 +1,78 @@
|
||||
## @file
|
||||
# Common CAS functions
|
||||
|
||||
## @class
|
||||
# Common CAS functions
|
||||
package Lemonldap::NG::Portal::_CAS;
|
||||
|
||||
use strict;
|
||||
|
||||
our $VERSION = '0.01';
|
||||
|
||||
## @method hashref getCasSession(string id)
|
||||
# Try to recover the CAS session corresponding to id and return session datas
|
||||
# If id is set to undef, return a new session
|
||||
# @param id session reference
|
||||
# @return session datas
|
||||
sub getCasSession {
|
||||
my ( $self, $id ) = splice @_;
|
||||
my %h;
|
||||
|
||||
# Trying to recover session from CAS session storage
|
||||
eval { tie %h, $self->{casStorage}, $id, $self->{casStorageOptions}; };
|
||||
if ( $@ or not tied(%h) ) {
|
||||
|
||||
# Session not available
|
||||
if ($id) {
|
||||
$self->lmLog( "CAS session $id isn't yet available", 'info' );
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "Unable to create new CAS session: $@", 'error' );
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
return \%h;
|
||||
}
|
||||
|
||||
__END__
|
||||
|
||||
=head1 NAME
|
||||
|
||||
=encoding utf8
|
||||
|
||||
Lemonldap::NG::Portal::_CAS - Common CAS functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Lemonldap::NG::Portal::_CAS;
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This module contains common methods for CAS
|
||||
|
||||
=head1 METHODS
|
||||
|
||||
=head2 getCasSession
|
||||
|
||||
Try to recover the CAS session corresponding to id and return session datas
|
||||
If id is set to undef, return a new session
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::Portal::IssuerDBCAS>,
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Clement Oudot, E<lt>coudot@linagora.comE<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2010 by Clement Oudot
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.10.0 or,
|
||||
at your option, any later version of Perl 5 you may have available.
|
||||
|
||||
=cut
|
||||
|
@ -0,0 +1,15 @@
|
||||
# Before `make install' is performed this script should be runnable with
|
||||
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Portal-AuthSsl.t'
|
||||
|
||||
#########################
|
||||
|
||||
# change 'tests => 1' to 'tests => last_test_to_print';
|
||||
|
||||
use Test::More tests => 1;
|
||||
BEGIN { use_ok('Lemonldap::NG::Portal::IssuerDBCAS') }
|
||||
|
||||
#########################
|
||||
|
||||
# Insert your test code below, the Test::More module is use()ed here so read
|
||||
# its man page ( perldoc Test::More ) for help writing this test script.
|
||||
|
Loading…
Reference in New Issue
Block a user