From aaaa8f54f55afef3ce1ad6029382f253ef7dced4 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Tue, 23 Oct 2018 21:35:44 +0200 Subject: [PATCH] Append debug messages & Fix issue (#1509) --- .../lib/Lemonldap/NG/Handler/Main/Run.pm | 219 ++++++++++-------- .../lib/Lemonldap/NG/Portal/Main/Run.pm | 184 +++++++-------- 2 files changed, 207 insertions(+), 196 deletions(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm index 176752ffc..5103de5c8 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm @@ -44,20 +44,20 @@ sub getStatus { if ( $ENV{LLNGSTATUSHOST} ) { require IO::Socket::INET; foreach ( 64322 .. 64331 ) { - if ( $statusOut = - IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) ) + if ( $statusOut + = IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) ) { - $args = - ' host=' . ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_"; + $args = ' host=' + . ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_"; last; } } return $class->abort( $req, - "$class: status page can not be displayed, unable to open socket" ) - unless ($statusOut); + "$class: status page can not be displayed, unable to open socket" + ) unless ($statusOut); } return $class->abort( $req, "$class: status page can not be displayed" ) - unless ( $statusPipe and $statusOut ); + unless ( $statusPipe and $statusOut ); my $q = $req->{env}->{QUERY_STRING} || ''; if ( $q =~ /\s/ ) { $class->logger->error("Bad characters in query"); @@ -84,12 +84,12 @@ sub checkType { if ( time() - $class->lastCheck > $class->checkTime ) { die("$class: No configuration found") - unless ( $class->checkConf ); + unless ( $class->checkConf ); } my $vhost = $class->resolveAlias($req); return ( defined $class->tsv->{type}->{$vhost} ) - ? $class->tsv->{type}->{$vhost} - : 'Main'; + ? $class->tsv->{type}->{$vhost} + : 'Main'; } ## @rmethod int run @@ -125,7 +125,7 @@ sub run { my ($cond); ( $cond, $protection ) = $class->conditionSub($rule) if ($rule); $protection = $class->isUnprotected( $req, $uri ) || 0 - unless ( defined $protection ); + unless ( defined $protection ); if ( $protection == $class->SKIP ) { $class->logger->debug("Access control skipped"); @@ -150,7 +150,7 @@ sub run { # AUTHORIZATION return ( $class->forbidden( $req, $session ), $session ) - unless ( $class->grant( $req, $session, $uri, $cond ) ); + unless ( $class->grant( $req, $session, $uri, $cond ) ); $class->updateStatus( $req, 'OK', $session->{ $class->tsv->{whatToTrace} } ); @@ -168,8 +168,8 @@ sub run { # Log access granted $class->logger->debug( "User " - . $session->{ $class->tsv->{whatToTrace} } - . " was granted to access to $uri" ); + . $session->{ $class->tsv->{whatToTrace} } + . " was granted to access to $uri" ); # Catch POST rules $class->postOutputFilter( $req, $session, $uri ); @@ -192,7 +192,7 @@ sub run { # Redirect user to the portal $class->logger->info("No cookie found") - unless ($id); + unless ($id); # if the cookie was fetched, a log is sent by retrieveSession() $class->updateStatus( $req, $id ? 'EXPIRED' : 'REDIRECT' ); @@ -243,10 +243,10 @@ sub lmLog { sub checkMaintenanceMode { my ( $class, $req ) = @_; my $vhost = $class->resolveAlias($req); - my $_maintenance = - ( defined $class->tsv->{maintenance}->{$vhost} ) - ? $class->tsv->{maintenance}->{$vhost} - : $class->tsv->{maintenance}->{_}; + my $_maintenance + = ( defined $class->tsv->{maintenance}->{$vhost} ) + ? $class->tsv->{maintenance}->{$vhost} + : $class->tsv->{maintenance}->{_}; if ($_maintenance) { $class->logger->debug("Maintenance mode enabled"); @@ -272,17 +272,17 @@ sub grant { } } for ( - my $i = 0 ; - $i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ; + my $i = 0; + $i < ( $class->tsv->{locationCount}->{$vhost} || 0 ); $i++ - ) + ) { if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) { $class->logger->debug( 'Regexp "' - . $class->tsv->{locationConditionText}->{$vhost}->[$i] - . '" match' ); + . $class->tsv->{locationConditionText}->{$vhost}->[$i] + . '" match' ); return $class->tsv->{locationCondition}->{$vhost}->[$i] - ->( $req, $session ); + ->( $req, $session ); } } unless ( $class->tsv->{defaultCondition}->{$vhost} ) { @@ -319,8 +319,8 @@ sub forbidden { # Log forbidding $class->userLogger->notice( "User " - . $session->{ $class->tsv->{whatToTrace} } - . " was forbidden to access to $vhost$uri" ); + . $session->{ $class->tsv->{whatToTrace} } + . " was forbidden to access to $vhost$uri" ); $class->updateStatus( $req, 'REJECT', $session->{ $class->tsv->{whatToTrace} } ); @@ -373,9 +373,9 @@ sub goToPortal { $class->logger->debug( "Redirect $req->{env}->{REMOTE_ADDR} to portal (url was $url)"); $class->set_header_out( $req, - 'Location' => $class->tsv->{portal}->() - . "$path?url=$urlc_init" - . ( $arg ? "&$arg" : "" ) ); + 'Location' => $class->tsv->{portal}->() + . "$path?url=$urlc_init" + . ( $arg ? "&$arg" : "" ) ); return $class->REDIRECT; } @@ -385,9 +385,9 @@ sub goToError { $class->logger->debug( "Redirect $req->{env}->{REMOTE_ADDR} to lmError (url was $url)"); $class->set_header_out( $req, - 'Location' => $class->tsv->{portal}->() - . "/lmerror/$code" - . "?url=$urlc_init" ); + 'Location' => $class->tsv->{portal}->() + . "/lmerror/$code" + . "?url=$urlc_init" ); return $class->REDIRECT; } @@ -400,15 +400,15 @@ sub fetchId { my $vhost = $class->resolveAlias($req); my $lookForHttpCookie = ( $class->tsv->{securedCookie} =~ /^(2|3)$/ - and !( defined( $class->tsv->{https}->{$vhost} ) ) + and !( defined( $class->tsv->{https}->{$vhost} ) ) ? $class->tsv->{https}->{$vhost} : $class->tsv->{https}->{_} ); my $cn = $class->tsv->{cookieName}; - my $value = - $lookForHttpCookie - ? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 ) - : ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 ); + my $value + = $lookForHttpCookie + ? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 ) + : ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 ); if ( $value && $lookForHttpCookie && $class->tsv->{securedCookie} == 3 ) { $value = $class->tsv->{cipher}->decryptHex( $value, "http" ); @@ -446,8 +446,7 @@ sub retrieveSession { # 2. Get the session from cache or backend my $session = $req->data->{session} = ( Lemonldap::NG::Common::Session->new( - { - storageModule => $class->tsv->{sessionStorageModule}, + { storageModule => $class->tsv->{sessionStorageModule}, storageModuleOptions => $class->tsv->{sessionStorageOptions}, cacheModule => $class->tsv->{sessionCacheModule}, cacheModuleOptions => $class->tsv->{sessionCacheOptions}, @@ -462,12 +461,50 @@ sub retrieveSession { $class->data( $session->data ); $class->logger->debug("Get session $id from Handler::Main::Run"); + # Verify that session is valid + $class->logger->error( + "_utime is not defined. This should not happen. Check if it is well transmitted to handler" + ) unless $session->data->{_utime}; + + $class->logger->debug("Check session validity from Handler"); + $class->logger->debug( + "Session timeout -> " . $class->tsv->{timeout} ); + $class->logger->debug( "Session timeoutActivity -> " + . $class->tsv->{timeoutActivity} + . "s" ) + if ( $class->tsv->{timeoutActivity} ); + $class->logger->debug( + "Session _utime -> " . $session->data->{_utime} ); + $class->logger->debug( "now -> " . $now ); + $class->logger->debug( "_lastSeen -> " . $session->data->{_lastSeen} ) + if ( $session->data->{_lastSeen} ); + my $delta = $now - $session->data->{_lastSeen}; + $class->logger->debug( "now - _lastSeen = " . $delta ) + if ( $session->data->{_lastSeen} ); + $class->logger->debug( "Session timeoutActivityInterval -> " + . $class->tsv->{timeoutActivityInterval} ) + if ( $class->tsv->{timeoutActivityInterval} ); + my $ttl = $class->tsv->{timeout} - $now + $session->data->{_utime}; + $class->logger->debug( "Session TTL = " . $ttl ); + + if ($now - $session->data->{_utime} > $class->tsv->{timeout} + or ( $class->tsv->{timeoutActivity} + and $session->data->{_lastSeen} + and $delta > $class->tsv->{timeoutActivity} ) + ) + { + $class->logger->info("Session $id expired"); + + # Clean cached data + $class->data( {} ); + return 0; + } + # Update the session to notify activity, if necessary - if ( - $class->tsv->{timeoutActivity} - and ( $now - $session->data->{_lastSeen} > - $class->tsv->{timeoutActivityInterval} ) - ) + if ($class->tsv->{timeoutActivity} + and ( $now - $session->data->{_lastSeen} + > $class->tsv->{timeoutActivityInterval} ) + ) { $req->data->{session}->update( { '_lastSeen' => $now } ); $class->data( $session->data ); @@ -481,26 +518,6 @@ sub retrieveSession { } } - # Verify that session is valid - $class->logger->error( -"_utime is not defined. This should not happen. Check if it is well transmitted to handler" - ) unless $session->data->{_utime}; - - $class->logger->debug( "Check session timeoutActivity from Handler -> " . $class->tsv->{timeoutActivity} ."s" ); - if ( - $now - $session->data->{_utime} > $class->tsv->{timeout} - or ( $class->tsv->{timeoutActivity} - and $session->data->{_lastSeen} - and ( ( $now - $session->data->{_lastSeen} ) > $class->tsv->{timeoutActivity} ) ) - ) - { - $class->logger->info("Session $id expired"); - - # Clean cached data - $class->data( {} ); - return 0; - } - $class->dataUpdate($now); return $session->data; } @@ -525,14 +542,14 @@ sub _buildUrl { ? $class->tsv->{https}->{$vhost} : $class->tsv->{https}->{_} ); - my $portString = - $class->tsv->{port}->{$vhost} - || $class->tsv->{port}->{_} - || $req->{env}->{SERVER_PORT}; + my $portString + = $class->tsv->{port}->{$vhost} + || $class->tsv->{port}->{_} + || $req->{env}->{SERVER_PORT}; $portString = ( - ( $realvhost =~ /:\d+/ ) - or ( $_https && $portString == 443 ) - or ( !$_https && $portString == 80 ) + ( $realvhost =~ /:\d+/ ) + or ( $_https && $portString == 443 ) + or ( !$_https && $portString == 80 ) ) ? '' : ":$portString"; my $url = "http" . ( $_https ? "s" : "" ) . "://$realvhost$portString$s"; $class->logger->debug("Build URL $url"); @@ -548,10 +565,10 @@ sub isUnprotected { my ( $class, $req, $uri ) = @_; my $vhost = $class->resolveAlias($req); for ( - my $i = 0 ; - $i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ; + my $i = 0; + $i < ( $class->tsv->{locationCount}->{$vhost} || 0 ); $i++ - ) + ) { if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) { return $class->tsv->{locationProtection}->{$vhost}->[$i]; @@ -568,7 +585,8 @@ sub sendHeaders { if ( defined $class->tsv->{forgeHeaders}->{$vhost} ) { # Log headers in debug mode - my %headers = $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session ); + my %headers + = $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session ); foreach my $h ( sort keys %headers ) { if ( defined( my $v = $headers{$h} ) ) { $class->logger->debug("Send header $h with value $v"); @@ -600,7 +618,7 @@ sub resolveAlias { $vhost =~ s/:\d+//; return $class->tsv->{vhostAlias}->{$vhost} - if ( $class->tsv->{vhostAlias}->{$vhost} ); + if ( $class->tsv->{vhostAlias}->{$vhost} ); return $vhost if ( $class->tsv->{defaultCondition}->{$vhost} ); my $v = $vhost; while ( $v =~ s/[\w\-]+/\*/ ) { @@ -673,8 +691,8 @@ sub postOutputFilter { $class->logger->debug("Filling a html form with fake data"); $class->unset_header_in( $req, "Accept-Encoding" ); - my %postdata = - $class->tsv->{outputPostData}->{$vhost}->{$uri}->( $req, $session ); + my %postdata = $class->tsv->{outputPostData}->{$vhost}->{$uri} + ->( $req, $session ); my $formParams = $class->tsv->{postFormParams}->{$vhost}->{$uri}; my $js = $class->postJavascript( $req, \%postdata, $formParams ); $class->addToHtmlHead( $req, $js ); @@ -691,8 +709,8 @@ sub postInputFilter { if ( defined( $class->tsv->{inputPostData}->{$vhost}->{$uri} ) ) { $class->logger->debug("Replacing fake data with real form data"); - my %data = - $class->tsv->{inputPostData}->{$vhost}->{$uri}->( $req, $session ); + my %data = $class->tsv->{inputPostData}->{$vhost}->{$uri} + ->( $req, $session ); foreach ( keys %data ) { $data{$_} = uri_escape( $data{$_} ); } @@ -712,32 +730,33 @@ sub postJavascript { foreach my $name ( keys %$data ) { use bytes; my $value = "x" x bytes::length( $data->{$name} ); - $filler .= -"form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n"; + $filler + .= "form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n"; } - my $submitter = - $formParams->{buttonSelector} eq "none" ? "" - : $formParams->{buttonSelector} - ? "form.find('$formParams->{buttonSelector}').click();\n" - : "form.submit();\n"; + my $submitter + = $formParams->{buttonSelector} eq "none" ? "" + : $formParams->{buttonSelector} + ? "form.find('$formParams->{buttonSelector}').click();\n" + : "form.submit();\n"; my $jqueryUrl = $formParams->{jqueryUrl} || ""; - $jqueryUrl = &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js" - if ( $jqueryUrl eq "default" ); + $jqueryUrl + = &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js" + if ( $jqueryUrl eq "default" ); $jqueryUrl = "\n" - if ($jqueryUrl); + if ($jqueryUrl); return - $jqueryUrl - . "\n"; + $jqueryUrl + . "\n"; } 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 6a0760db9..2290d0b3e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -17,11 +17,11 @@ use strict; use URI::Escape; # List constants -sub authProcess { qw(extractFormInfo getUser authenticate) } +sub authProcess {qw(extractFormInfo getUser authenticate)} sub sessionData { qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo - setLocalGroups store secondFactor); + setLocalGroups store secondFactor); } sub validSession { @@ -56,11 +56,9 @@ sub handler { if ( $sp or %{ $req->pdata } ) { my %v = ( name => $self->conf->{cookieName} . 'pdata', - ( - %{ $req->pdata } + ( %{ $req->pdata } ? ( value => uri_escape( JSON::to_json( $req->pdata ) ) ) - : ( - value => '', + : ( value => '', expires => 'Wed, 21 Oct 2015 00:00:00 GMT' ) ) @@ -94,8 +92,7 @@ sub login { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'controlUrl', @{ $self->beforeAuth }, + [ 'controlUrl', @{ $self->beforeAuth }, $self->authProcess, @{ $self->betweenAuthAndData }, $self->sessionData, @{ $self->afterData }, $self->validSession, @{ $self->endAuth }, @@ -107,8 +104,7 @@ sub postLogin { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'restoreArgs', 'controlUrl', + [ 'restoreArgs', 'controlUrl', @{ $self->beforeAuth }, $self->authProcess, @{ $self->betweenAuthAndData }, $self->sessionData, @{ $self->afterData }, $self->validSession, @@ -121,8 +117,7 @@ sub authenticatedRequest { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'importHandlerData', 'controlUrl', + [ 'importHandlerData', 'controlUrl', 'checkLogout', @{ $self->forAuthUser } ] ); @@ -132,8 +127,7 @@ sub postAuthenticatedRequest { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'importHandlerData', 'restoreArgs', + [ 'importHandlerData', 'restoreArgs', 'controlUrl', 'checkLogout', @{ $self->forAuthUser } ] @@ -151,8 +145,7 @@ sub refresh { delete $data{$_} unless ( /^_/ or /^(?:startTime)$/ ); } $req->steps( - [ - 'getUser', + [ 'getUser', @{ $self->betweenAuthAndData }, 'setAuthSessionInfo', 'setSessionInfo', @@ -170,21 +163,21 @@ sub refresh { if ($res) { $req->info( $self->loadTemplate( - 'simpleInfo', params => { trspan => 'rightsReloadNeedsLogout' } + 'simpleInfo', + params => { trspan => 'rightsReloadNeedsLogout' } ) ); $req->urldc( $self->conf->{portal} ); - return $self->do( $req, [ sub { PE_INFO } ] ); + return $self->do( $req, [ sub {PE_INFO} ] ); } - return $self->do( $req, [ sub { PE_OK } ] ); + return $self->do( $req, [ sub {PE_OK} ] ); } sub logout { my ( $self, $req ) = @_; return $self->do( $req, - [ - 'controlUrl', @{ $self->beforeLogout }, + [ 'controlUrl', @{ $self->beforeLogout }, 'authLogout', 'deleteSession' ] ); @@ -201,9 +194,9 @@ sub do { # Update status if ( my $p = $self->HANDLER->tsv->{statusPipe} ) { - $p->print( ( $req->user ? $req->user : $req->address ) . ' => ' - . $req->uri - . " $err\n" ); + $p->print(( $req->user ? $req->user : $req->address ) . ' => ' + . $req->uri + . " $err\n" ); } # Update history @@ -215,9 +208,7 @@ sub do { if ( ( $err > 0 and !$req->id ) or $err eq PE_SESSIONNOTGRANTED ) { return [ 401, - [ - 'WWW-Authenticate' => "SSO " . $self->conf->{portal} - ], + [ 'WWW-Authenticate' => "SSO " . $self->conf->{portal} ], [qq'{"result":0,"error":$err}'] ]; } @@ -231,16 +222,14 @@ sub do { else { return $self->sendJSONresponse( $req, - { - result => 1, + { result => 1, code => $err } ); } } else { - if ( - $err + if ( $err and $err != PE_LOGOUT_OK and ( $err != PE_REDIRECT @@ -249,7 +238,7 @@ sub do { and $req->data->{redirectFormMethod} eq 'post' ) or $req->info ) - ) + ) { my ( $tpl, $prms ) = $self->display($req); $self->logger->debug("Calling sendHtml with template $tpl"); @@ -267,21 +256,20 @@ sub do { sub getModule { my ( $self, $req, $type ) = @_; - if ( - my $mod = { + if (my $mod = { auth => '_authentication', user => '_userDB', password => '_passwordDB' }->{$type} - ) + ) { if ( my $sub = $self->$mod->can('name') ) { return $sub->( $self->$mod, $req, $type ); } else { my $s = ref( $self->$mod ); - $s =~ -s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//; + $s + =~ s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//; return $s; } } @@ -298,7 +286,7 @@ sub autoRedirect { # Set redirection URL if needed $req->{urldc} ||= $self->conf->{portal} - if ( $req->mustRedirect and not( $req->info ) ); + if ( $req->mustRedirect and not( $req->info ) ); # Redirection should be made if urldc defined if ( $req->{urldc} ) { @@ -308,8 +296,9 @@ sub autoRedirect { $req->data->{redirectFormMethod} = "get"; } else { - return [ 302, - [ Location => $req->{urldc}, @{ $req->respHeaders } ], [] ]; + return [ + 302, [ Location => $req->{urldc}, @{ $req->respHeaders } ], [] + ]; } } my ( $tpl, $prms ) = $self->display($req); @@ -330,8 +319,7 @@ sub getApacheSession { } my $as = Lemonldap::NG::Common::Session->new( - { - storageModule => $self->conf->{globalStorage}, + { storageModule => $self->conf->{globalStorage}, storageModuleOptions => $self->conf->{globalStorageOptions}, cacheModule => $self->conf->{localSessionStorage}, cacheModuleOptions => $self->conf->{localSessionStorageOptions}, @@ -345,8 +333,7 @@ sub getApacheSession { if ( my $err = $as->error ) { $self->lmLog( $err, - ( - $err =~ /(?:Object does not exist|Invalid session ID)/ + ( $err =~ /(?:Object does not exist|Invalid session ID)/ ? 'notice' : 'error' ) @@ -358,19 +345,22 @@ sub getApacheSession { $self->logger->debug("Session $args{kind} $id not found"); return; } - $self->logger->debug("Get session $id from Portal::Main::Run") if ( $id ); - $self->logger->debug("Check session timeoutActivity -> " . $self->conf->{timeoutActivity} . "s"); + $self->logger->debug("Get session $id from Portal::Main::Run") if ($id); + $self->logger->debug( + "Check session validity -> " . $self->conf->{timeoutActivity} . "s" ) + if ( $self->conf->{timeoutActivity} ); my $now = time; - if ( - $id + if ( $id and defined $as->data->{_utime} and ( ( ( $now - $as->data->{_utime} ) > $self->conf->{timeout} ) or ( $self->conf->{timeoutActivity} and $as->data->{_lastSeen} - and ( ( $now - $as->data->{_lastSeen} ) > $self->conf->{timeoutActivity} ) ) + and ( ( $now - $as->data->{_lastSeen} ) + > $self->conf->{timeoutActivity} ) + ) + ) ) - ) { $self->logger->debug("Session $args{kind} $id expired"); return; @@ -393,8 +383,7 @@ sub getPersistentSession { $info->{_session_uid} = $uid; my $ps = Lemonldap::NG::Common::Session->new( - { - storageModule => $self->conf->{persistentStorage}, + { storageModule => $self->conf->{persistentStorage}, storageModuleOptions => $self->conf->{persistentStorageOptions}, id => $pid, force => 1, @@ -435,10 +424,11 @@ sub updatePersistentSession { # Return if no infos to update return () unless ( ref $infos eq 'HASH' and %$infos ); $uid ||= $req->{sessionInfo}->{ $self->conf->{whatToTrace} } - || $req->userData->{ $self->conf->{whatToTrace} }; + || $req->userData->{ $self->conf->{whatToTrace} }; $self->logger->debug("Found 'whatToTrace' -> $uid"); unless ($uid) { - $self->logger->debug('No uid found, skipping updatePersistentSession'); + $self->logger->debug( + 'No uid found, skipping updatePersistentSession'); return (); } $self->logger->debug("Update $uid persistent session"); @@ -480,14 +470,14 @@ sub updateSession { foreach ( keys %$infos ) { $self->logger->debug( "Update sessionInfo $_ with " . $infos->{$_} ); - $req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_} = - $infos->{$_}; + $req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_} + = $infos->{$_}; } # Update session in global storage with _updateTime $infos->{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() ); - if ( my $apacheSession = - $self->getApacheSession( $id, info => $infos ) ) + if ( my $apacheSession + = $self->getApacheSession( $id, info => $infos ) ) { if ( $apacheSession->error ) { $self->logger->error("Cannot update session $id"); @@ -570,10 +560,10 @@ sub isTrustedUrl { sub stamp { my $self = shift; - my $res = - $self->conf->{cipher} - ? $self->conf->{cipher}->encrypt( time() ) - : 1; + my $res + = $self->conf->{cipher} + ? $self->conf->{cipher}->encrypt( time() ) + : 1; $res =~ s/\+/%2B/g; return $res; } @@ -705,7 +695,7 @@ sub cookie { $h{path} ||= '/'; $h{HttpOnly} //= $self->conf->{httpOnly}; $h{max_age} //= $self->conf->{cookieExpiration} - if ( $self->conf->{cookieExpiration} ); + if ( $self->conf->{cookieExpiration} ); foreach (qw(domain path expires max_age HttpOnly)) { my $f = $_; $f =~ s/_/-/g; @@ -728,11 +718,12 @@ sub sendHtml { my ( $self, $req, $template, %args ) = @_; my $res = $self->SUPER::sendHtml( $req, $template, %args ); push @{ $res->[1] }, - 'X-XSS-Protection' => '1; mode=block', - 'X-Content-Type-Options' => 'nosniff'; + 'X-XSS-Protection' => '1; mode=block', + 'X-Content-Type-Options' => 'nosniff'; # Set authorized URL for POST - my $csp = $self->csp . "form-action 'self' " . $self->conf->{cspFormAction}; + my $csp + = $self->csp . "form-action 'self' " . $self->conf->{cspFormAction}; if ( my $url = $req->urldc ) { $self->logger->debug("Required urldc : $url"); $url =~ s#(https?://[^/]+).*#$1#; @@ -743,13 +734,14 @@ sub sendHtml { if ( defined $url ) { $self->logger->debug("Required Params URL : $url"); if ( $url =~ s#(https?://[^/]+).*#$1# ) { - $self->logger->debug("Set CSP form-action with Params URL : $url"); + $self->logger->debug( + "Set CSP form-action with Params URL : $url"); $csp .= " $url"; } } if ( defined $req->{cspFormAction} ) { - $self->logger->debug( - "Set CSP form-action with request URL: " . $req->{cspFormAction} ); + $self->logger->debug( "Set CSP form-action with request URL: " + . $req->{cspFormAction} ); $csp .= " " . $req->{cspFormAction}; } @@ -775,7 +767,7 @@ sub sendHtml { my @url; if ( $req->info ) { @url = map { s#https?://([^/]+).*#$1#; $_ } - ( $req->info =~ /info =~ /staticPrefix - . '/common/backgrounds/' - . $self->conf->{portalSkinBackground} - . '") no-repeat center fixed;' - . 'background-size:cover;}'; + my $s + = 'html,body{background:url("' + . $self->staticPrefix + . '/common/backgrounds/' + . $self->conf->{portalSkinBackground} + . '") no-repeat center fixed;' + . 'background-size:cover;}'; return [ 200, - [ - 'Content-Type' => 'text/css', + [ 'Content-Type' => 'text/css', 'Content-Length' => length($s), 'Cache-Control' => 'public,max-age=3600', ], @@ -821,16 +812,16 @@ sub lmError { # Error code $templateParams{"ERROR$_"} = ( $httpError == $_ ? 1 : 0 ) - foreach ( 403, 404, 500, 502, 503 ); + foreach ( 403, 404, 500, 502, 503 ); return $self->sendHtml( $req, 'error', params => \%templateParams ); } sub rebuildCookies { my ( $self, $req ) = @_; my @tmp; - for ( my $i = 0 ; $i < @{ $req->{respHeaders} } ; $i += 2 ) { + for ( my $i = 0; $i < @{ $req->{respHeaders} }; $i += 2 ) { push @tmp, $req->respHeaders->[0], $req->respHeaders->[1] - unless ( $req->respHeaders->[0] eq 'Set-Cookie' ); + unless ( $req->respHeaders->[0] eq 'Set-Cookie' ); } $req->{respHeaders} = \@tmp; $self->buildCookie($req); @@ -853,7 +844,7 @@ sub tplParams { sub registerLogin { my ( $self, $req ) = @_; return - unless ( $self->conf->{loginHistoryEnabled} + unless ( $self->conf->{loginHistoryEnabled} and defined $req->authResult ); my $history = $req->sessionInfo->{_loginHistory} ||= {}; my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login'; @@ -863,17 +854,18 @@ sub registerLogin { # Gather current login's parameters my $login = $self->_sumUpSession( $req->{sessionInfo}, 1 ); $login->{error} = $self->error( $req->authResult ) - if ( $req->authResult ); + if ( $req->authResult ); $self->logger->debug( " Current login -> " . $login->{error} ) - if ( $login->{error} ); + if ( $login->{error} ); # Add current login into history unshift @{ $history->{$type} }, $login; # Forget oldest logins splice @{ $history->{$type} }, $self->conf->{ $type . "Number" } - if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } ); + if ( + scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } ); # Save into persistent session $self->updatePersistentSession( $req, { _loginHistory => $history, } ); @@ -884,12 +876,12 @@ sub registerLogin { # @return hashref sub _sumUpSession { my ( $self, $session, $withoutUser ) = @_; - my $res = - $withoutUser - ? {} - : { user => $session->{ $self->conf->{whatToTrace} } }; + my $res + = $withoutUser + ? {} + : { user => $session->{ $self->conf->{whatToTrace} } }; $res->{$_} = $session->{$_} - foreach ( "_utime", "ipAddr", + foreach ( "_utime", "ipAddr", keys %{ $self->conf->{sessionDataToRemember} } ); return $res; } @@ -898,12 +890,12 @@ sub _sumUpSession { sub loadTemplate { my ( $self, $name, %prm ) = @_; $name .= '.tpl'; - my $file = - $self->conf->{templateDir} . '/' - . $self->conf->{portalSkin} . '/' - . $name; + my $file + = $self->conf->{templateDir} . '/' + . $self->conf->{portalSkin} . '/' + . $name; $file = $self->conf->{templateDir} . '/common/' . $name - unless ( -e $file ); + unless ( -e $file ); unless ( -e $file ) { die "Unable to find $name in $self->conf->{templateDir}"; }