Append debug messages & Fix issue (#1509)
This commit is contained in:
parent
67e9dc23b1
commit
aaaa8f54f5
|
@ -44,20 +44,20 @@ sub getStatus {
|
||||||
if ( $ENV{LLNGSTATUSHOST} ) {
|
if ( $ENV{LLNGSTATUSHOST} ) {
|
||||||
require IO::Socket::INET;
|
require IO::Socket::INET;
|
||||||
foreach ( 64322 .. 64331 ) {
|
foreach ( 64322 .. 64331 ) {
|
||||||
if ( $statusOut =
|
if ( $statusOut
|
||||||
IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) )
|
= IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) )
|
||||||
{
|
{
|
||||||
$args =
|
$args = ' host='
|
||||||
' host=' . ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_";
|
. ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_";
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $class->abort( $req,
|
return $class->abort( $req,
|
||||||
"$class: status page can not be displayed, unable to open socket" )
|
"$class: status page can not be displayed, unable to open socket"
|
||||||
unless ($statusOut);
|
) unless ($statusOut);
|
||||||
}
|
}
|
||||||
return $class->abort( $req, "$class: status page can not be displayed" )
|
return $class->abort( $req, "$class: status page can not be displayed" )
|
||||||
unless ( $statusPipe and $statusOut );
|
unless ( $statusPipe and $statusOut );
|
||||||
my $q = $req->{env}->{QUERY_STRING} || '';
|
my $q = $req->{env}->{QUERY_STRING} || '';
|
||||||
if ( $q =~ /\s/ ) {
|
if ( $q =~ /\s/ ) {
|
||||||
$class->logger->error("Bad characters in query");
|
$class->logger->error("Bad characters in query");
|
||||||
|
@ -84,12 +84,12 @@ sub checkType {
|
||||||
|
|
||||||
if ( time() - $class->lastCheck > $class->checkTime ) {
|
if ( time() - $class->lastCheck > $class->checkTime ) {
|
||||||
die("$class: No configuration found")
|
die("$class: No configuration found")
|
||||||
unless ( $class->checkConf );
|
unless ( $class->checkConf );
|
||||||
}
|
}
|
||||||
my $vhost = $class->resolveAlias($req);
|
my $vhost = $class->resolveAlias($req);
|
||||||
return ( defined $class->tsv->{type}->{$vhost} )
|
return ( defined $class->tsv->{type}->{$vhost} )
|
||||||
? $class->tsv->{type}->{$vhost}
|
? $class->tsv->{type}->{$vhost}
|
||||||
: 'Main';
|
: 'Main';
|
||||||
}
|
}
|
||||||
|
|
||||||
## @rmethod int run
|
## @rmethod int run
|
||||||
|
@ -125,7 +125,7 @@ sub run {
|
||||||
my ($cond);
|
my ($cond);
|
||||||
( $cond, $protection ) = $class->conditionSub($rule) if ($rule);
|
( $cond, $protection ) = $class->conditionSub($rule) if ($rule);
|
||||||
$protection = $class->isUnprotected( $req, $uri ) || 0
|
$protection = $class->isUnprotected( $req, $uri ) || 0
|
||||||
unless ( defined $protection );
|
unless ( defined $protection );
|
||||||
|
|
||||||
if ( $protection == $class->SKIP ) {
|
if ( $protection == $class->SKIP ) {
|
||||||
$class->logger->debug("Access control skipped");
|
$class->logger->debug("Access control skipped");
|
||||||
|
@ -150,7 +150,7 @@ sub run {
|
||||||
|
|
||||||
# AUTHORIZATION
|
# AUTHORIZATION
|
||||||
return ( $class->forbidden( $req, $session ), $session )
|
return ( $class->forbidden( $req, $session ), $session )
|
||||||
unless ( $class->grant( $req, $session, $uri, $cond ) );
|
unless ( $class->grant( $req, $session, $uri, $cond ) );
|
||||||
$class->updateStatus( $req, 'OK',
|
$class->updateStatus( $req, 'OK',
|
||||||
$session->{ $class->tsv->{whatToTrace} } );
|
$session->{ $class->tsv->{whatToTrace} } );
|
||||||
|
|
||||||
|
@ -168,8 +168,8 @@ sub run {
|
||||||
|
|
||||||
# Log access granted
|
# Log access granted
|
||||||
$class->logger->debug( "User "
|
$class->logger->debug( "User "
|
||||||
. $session->{ $class->tsv->{whatToTrace} }
|
. $session->{ $class->tsv->{whatToTrace} }
|
||||||
. " was granted to access to $uri" );
|
. " was granted to access to $uri" );
|
||||||
|
|
||||||
# Catch POST rules
|
# Catch POST rules
|
||||||
$class->postOutputFilter( $req, $session, $uri );
|
$class->postOutputFilter( $req, $session, $uri );
|
||||||
|
@ -192,7 +192,7 @@ sub run {
|
||||||
|
|
||||||
# Redirect user to the portal
|
# Redirect user to the portal
|
||||||
$class->logger->info("No cookie found")
|
$class->logger->info("No cookie found")
|
||||||
unless ($id);
|
unless ($id);
|
||||||
|
|
||||||
# if the cookie was fetched, a log is sent by retrieveSession()
|
# if the cookie was fetched, a log is sent by retrieveSession()
|
||||||
$class->updateStatus( $req, $id ? 'EXPIRED' : 'REDIRECT' );
|
$class->updateStatus( $req, $id ? 'EXPIRED' : 'REDIRECT' );
|
||||||
|
@ -243,10 +243,10 @@ sub lmLog {
|
||||||
sub checkMaintenanceMode {
|
sub checkMaintenanceMode {
|
||||||
my ( $class, $req ) = @_;
|
my ( $class, $req ) = @_;
|
||||||
my $vhost = $class->resolveAlias($req);
|
my $vhost = $class->resolveAlias($req);
|
||||||
my $_maintenance =
|
my $_maintenance
|
||||||
( defined $class->tsv->{maintenance}->{$vhost} )
|
= ( defined $class->tsv->{maintenance}->{$vhost} )
|
||||||
? $class->tsv->{maintenance}->{$vhost}
|
? $class->tsv->{maintenance}->{$vhost}
|
||||||
: $class->tsv->{maintenance}->{_};
|
: $class->tsv->{maintenance}->{_};
|
||||||
|
|
||||||
if ($_maintenance) {
|
if ($_maintenance) {
|
||||||
$class->logger->debug("Maintenance mode enabled");
|
$class->logger->debug("Maintenance mode enabled");
|
||||||
|
@ -272,17 +272,17 @@ sub grant {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (
|
for (
|
||||||
my $i = 0 ;
|
my $i = 0;
|
||||||
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ;
|
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 );
|
||||||
$i++
|
$i++
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
||||||
$class->logger->debug( 'Regexp "'
|
$class->logger->debug( 'Regexp "'
|
||||||
. $class->tsv->{locationConditionText}->{$vhost}->[$i]
|
. $class->tsv->{locationConditionText}->{$vhost}->[$i]
|
||||||
. '" match' );
|
. '" match' );
|
||||||
return $class->tsv->{locationCondition}->{$vhost}->[$i]
|
return $class->tsv->{locationCondition}->{$vhost}->[$i]
|
||||||
->( $req, $session );
|
->( $req, $session );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
unless ( $class->tsv->{defaultCondition}->{$vhost} ) {
|
unless ( $class->tsv->{defaultCondition}->{$vhost} ) {
|
||||||
|
@ -319,8 +319,8 @@ sub forbidden {
|
||||||
|
|
||||||
# Log forbidding
|
# Log forbidding
|
||||||
$class->userLogger->notice( "User "
|
$class->userLogger->notice( "User "
|
||||||
. $session->{ $class->tsv->{whatToTrace} }
|
. $session->{ $class->tsv->{whatToTrace} }
|
||||||
. " was forbidden to access to $vhost$uri" );
|
. " was forbidden to access to $vhost$uri" );
|
||||||
$class->updateStatus( $req, 'REJECT',
|
$class->updateStatus( $req, 'REJECT',
|
||||||
$session->{ $class->tsv->{whatToTrace} } );
|
$session->{ $class->tsv->{whatToTrace} } );
|
||||||
|
|
||||||
|
@ -373,9 +373,9 @@ sub goToPortal {
|
||||||
$class->logger->debug(
|
$class->logger->debug(
|
||||||
"Redirect $req->{env}->{REMOTE_ADDR} to portal (url was $url)");
|
"Redirect $req->{env}->{REMOTE_ADDR} to portal (url was $url)");
|
||||||
$class->set_header_out( $req,
|
$class->set_header_out( $req,
|
||||||
'Location' => $class->tsv->{portal}->()
|
'Location' => $class->tsv->{portal}->()
|
||||||
. "$path?url=$urlc_init"
|
. "$path?url=$urlc_init"
|
||||||
. ( $arg ? "&$arg" : "" ) );
|
. ( $arg ? "&$arg" : "" ) );
|
||||||
return $class->REDIRECT;
|
return $class->REDIRECT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -385,9 +385,9 @@ sub goToError {
|
||||||
$class->logger->debug(
|
$class->logger->debug(
|
||||||
"Redirect $req->{env}->{REMOTE_ADDR} to lmError (url was $url)");
|
"Redirect $req->{env}->{REMOTE_ADDR} to lmError (url was $url)");
|
||||||
$class->set_header_out( $req,
|
$class->set_header_out( $req,
|
||||||
'Location' => $class->tsv->{portal}->()
|
'Location' => $class->tsv->{portal}->()
|
||||||
. "/lmerror/$code"
|
. "/lmerror/$code"
|
||||||
. "?url=$urlc_init" );
|
. "?url=$urlc_init" );
|
||||||
return $class->REDIRECT;
|
return $class->REDIRECT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -400,15 +400,15 @@ sub fetchId {
|
||||||
my $vhost = $class->resolveAlias($req);
|
my $vhost = $class->resolveAlias($req);
|
||||||
my $lookForHttpCookie = (
|
my $lookForHttpCookie = (
|
||||||
$class->tsv->{securedCookie} =~ /^(2|3)$/
|
$class->tsv->{securedCookie} =~ /^(2|3)$/
|
||||||
and !( defined( $class->tsv->{https}->{$vhost} ) )
|
and !( defined( $class->tsv->{https}->{$vhost} ) )
|
||||||
? $class->tsv->{https}->{$vhost}
|
? $class->tsv->{https}->{$vhost}
|
||||||
: $class->tsv->{https}->{_}
|
: $class->tsv->{https}->{_}
|
||||||
);
|
);
|
||||||
my $cn = $class->tsv->{cookieName};
|
my $cn = $class->tsv->{cookieName};
|
||||||
my $value =
|
my $value
|
||||||
$lookForHttpCookie
|
= $lookForHttpCookie
|
||||||
? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 )
|
? ( $t =~ /${cn}http=([^,; ]+)/o ? $1 : 0 )
|
||||||
: ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
|
: ( $t =~ /$cn=([^,; ]+)/o ? $1 : 0 );
|
||||||
|
|
||||||
if ( $value && $lookForHttpCookie && $class->tsv->{securedCookie} == 3 ) {
|
if ( $value && $lookForHttpCookie && $class->tsv->{securedCookie} == 3 ) {
|
||||||
$value = $class->tsv->{cipher}->decryptHex( $value, "http" );
|
$value = $class->tsv->{cipher}->decryptHex( $value, "http" );
|
||||||
|
@ -446,8 +446,7 @@ sub retrieveSession {
|
||||||
# 2. Get the session from cache or backend
|
# 2. Get the session from cache or backend
|
||||||
my $session = $req->data->{session} = (
|
my $session = $req->data->{session} = (
|
||||||
Lemonldap::NG::Common::Session->new(
|
Lemonldap::NG::Common::Session->new(
|
||||||
{
|
{ storageModule => $class->tsv->{sessionStorageModule},
|
||||||
storageModule => $class->tsv->{sessionStorageModule},
|
|
||||||
storageModuleOptions => $class->tsv->{sessionStorageOptions},
|
storageModuleOptions => $class->tsv->{sessionStorageOptions},
|
||||||
cacheModule => $class->tsv->{sessionCacheModule},
|
cacheModule => $class->tsv->{sessionCacheModule},
|
||||||
cacheModuleOptions => $class->tsv->{sessionCacheOptions},
|
cacheModuleOptions => $class->tsv->{sessionCacheOptions},
|
||||||
|
@ -462,12 +461,50 @@ sub retrieveSession {
|
||||||
$class->data( $session->data );
|
$class->data( $session->data );
|
||||||
$class->logger->debug("Get session $id from Handler::Main::Run");
|
$class->logger->debug("Get session $id from Handler::Main::Run");
|
||||||
|
|
||||||
|
# Verify that session is valid
|
||||||
|
$class->logger->error(
|
||||||
|
"_utime is not defined. This should not happen. Check if it is well transmitted to handler"
|
||||||
|
) unless $session->data->{_utime};
|
||||||
|
|
||||||
|
$class->logger->debug("Check session validity from Handler");
|
||||||
|
$class->logger->debug(
|
||||||
|
"Session timeout -> " . $class->tsv->{timeout} );
|
||||||
|
$class->logger->debug( "Session timeoutActivity -> "
|
||||||
|
. $class->tsv->{timeoutActivity}
|
||||||
|
. "s" )
|
||||||
|
if ( $class->tsv->{timeoutActivity} );
|
||||||
|
$class->logger->debug(
|
||||||
|
"Session _utime -> " . $session->data->{_utime} );
|
||||||
|
$class->logger->debug( "now -> " . $now );
|
||||||
|
$class->logger->debug( "_lastSeen -> " . $session->data->{_lastSeen} )
|
||||||
|
if ( $session->data->{_lastSeen} );
|
||||||
|
my $delta = $now - $session->data->{_lastSeen};
|
||||||
|
$class->logger->debug( "now - _lastSeen = " . $delta )
|
||||||
|
if ( $session->data->{_lastSeen} );
|
||||||
|
$class->logger->debug( "Session timeoutActivityInterval -> "
|
||||||
|
. $class->tsv->{timeoutActivityInterval} )
|
||||||
|
if ( $class->tsv->{timeoutActivityInterval} );
|
||||||
|
my $ttl = $class->tsv->{timeout} - $now + $session->data->{_utime};
|
||||||
|
$class->logger->debug( "Session TTL = " . $ttl );
|
||||||
|
|
||||||
|
if ($now - $session->data->{_utime} > $class->tsv->{timeout}
|
||||||
|
or ( $class->tsv->{timeoutActivity}
|
||||||
|
and $session->data->{_lastSeen}
|
||||||
|
and $delta > $class->tsv->{timeoutActivity} )
|
||||||
|
)
|
||||||
|
{
|
||||||
|
$class->logger->info("Session $id expired");
|
||||||
|
|
||||||
|
# Clean cached data
|
||||||
|
$class->data( {} );
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
# Update the session to notify activity, if necessary
|
# Update the session to notify activity, if necessary
|
||||||
if (
|
if ($class->tsv->{timeoutActivity}
|
||||||
$class->tsv->{timeoutActivity}
|
and ( $now - $session->data->{_lastSeen}
|
||||||
and ( $now - $session->data->{_lastSeen} >
|
> $class->tsv->{timeoutActivityInterval} )
|
||||||
$class->tsv->{timeoutActivityInterval} )
|
)
|
||||||
)
|
|
||||||
{
|
{
|
||||||
$req->data->{session}->update( { '_lastSeen' => $now } );
|
$req->data->{session}->update( { '_lastSeen' => $now } );
|
||||||
$class->data( $session->data );
|
$class->data( $session->data );
|
||||||
|
@ -481,26 +518,6 @@ sub retrieveSession {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Verify that session is valid
|
|
||||||
$class->logger->error(
|
|
||||||
"_utime is not defined. This should not happen. Check if it is well transmitted to handler"
|
|
||||||
) unless $session->data->{_utime};
|
|
||||||
|
|
||||||
$class->logger->debug( "Check session timeoutActivity from Handler -> " . $class->tsv->{timeoutActivity} ."s" );
|
|
||||||
if (
|
|
||||||
$now - $session->data->{_utime} > $class->tsv->{timeout}
|
|
||||||
or ( $class->tsv->{timeoutActivity}
|
|
||||||
and $session->data->{_lastSeen}
|
|
||||||
and ( ( $now - $session->data->{_lastSeen} ) > $class->tsv->{timeoutActivity} ) )
|
|
||||||
)
|
|
||||||
{
|
|
||||||
$class->logger->info("Session $id expired");
|
|
||||||
|
|
||||||
# Clean cached data
|
|
||||||
$class->data( {} );
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
$class->dataUpdate($now);
|
$class->dataUpdate($now);
|
||||||
return $session->data;
|
return $session->data;
|
||||||
}
|
}
|
||||||
|
@ -525,14 +542,14 @@ sub _buildUrl {
|
||||||
? $class->tsv->{https}->{$vhost}
|
? $class->tsv->{https}->{$vhost}
|
||||||
: $class->tsv->{https}->{_}
|
: $class->tsv->{https}->{_}
|
||||||
);
|
);
|
||||||
my $portString =
|
my $portString
|
||||||
$class->tsv->{port}->{$vhost}
|
= $class->tsv->{port}->{$vhost}
|
||||||
|| $class->tsv->{port}->{_}
|
|| $class->tsv->{port}->{_}
|
||||||
|| $req->{env}->{SERVER_PORT};
|
|| $req->{env}->{SERVER_PORT};
|
||||||
$portString = (
|
$portString = (
|
||||||
( $realvhost =~ /:\d+/ )
|
( $realvhost =~ /:\d+/ )
|
||||||
or ( $_https && $portString == 443 )
|
or ( $_https && $portString == 443 )
|
||||||
or ( !$_https && $portString == 80 )
|
or ( !$_https && $portString == 80 )
|
||||||
) ? '' : ":$portString";
|
) ? '' : ":$portString";
|
||||||
my $url = "http" . ( $_https ? "s" : "" ) . "://$realvhost$portString$s";
|
my $url = "http" . ( $_https ? "s" : "" ) . "://$realvhost$portString$s";
|
||||||
$class->logger->debug("Build URL $url");
|
$class->logger->debug("Build URL $url");
|
||||||
|
@ -548,10 +565,10 @@ sub isUnprotected {
|
||||||
my ( $class, $req, $uri ) = @_;
|
my ( $class, $req, $uri ) = @_;
|
||||||
my $vhost = $class->resolveAlias($req);
|
my $vhost = $class->resolveAlias($req);
|
||||||
for (
|
for (
|
||||||
my $i = 0 ;
|
my $i = 0;
|
||||||
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ;
|
$i < ( $class->tsv->{locationCount}->{$vhost} || 0 );
|
||||||
$i++
|
$i++
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
||||||
return $class->tsv->{locationProtection}->{$vhost}->[$i];
|
return $class->tsv->{locationProtection}->{$vhost}->[$i];
|
||||||
|
@ -568,7 +585,8 @@ sub sendHeaders {
|
||||||
if ( defined $class->tsv->{forgeHeaders}->{$vhost} ) {
|
if ( defined $class->tsv->{forgeHeaders}->{$vhost} ) {
|
||||||
|
|
||||||
# Log headers in debug mode
|
# Log headers in debug mode
|
||||||
my %headers = $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
|
my %headers
|
||||||
|
= $class->tsv->{forgeHeaders}->{$vhost}->( $req, $session );
|
||||||
foreach my $h ( sort keys %headers ) {
|
foreach my $h ( sort keys %headers ) {
|
||||||
if ( defined( my $v = $headers{$h} ) ) {
|
if ( defined( my $v = $headers{$h} ) ) {
|
||||||
$class->logger->debug("Send header $h with value $v");
|
$class->logger->debug("Send header $h with value $v");
|
||||||
|
@ -600,7 +618,7 @@ sub resolveAlias {
|
||||||
|
|
||||||
$vhost =~ s/:\d+//;
|
$vhost =~ s/:\d+//;
|
||||||
return $class->tsv->{vhostAlias}->{$vhost}
|
return $class->tsv->{vhostAlias}->{$vhost}
|
||||||
if ( $class->tsv->{vhostAlias}->{$vhost} );
|
if ( $class->tsv->{vhostAlias}->{$vhost} );
|
||||||
return $vhost if ( $class->tsv->{defaultCondition}->{$vhost} );
|
return $vhost if ( $class->tsv->{defaultCondition}->{$vhost} );
|
||||||
my $v = $vhost;
|
my $v = $vhost;
|
||||||
while ( $v =~ s/[\w\-]+/\*/ ) {
|
while ( $v =~ s/[\w\-]+/\*/ ) {
|
||||||
|
@ -673,8 +691,8 @@ sub postOutputFilter {
|
||||||
$class->logger->debug("Filling a html form with fake data");
|
$class->logger->debug("Filling a html form with fake data");
|
||||||
|
|
||||||
$class->unset_header_in( $req, "Accept-Encoding" );
|
$class->unset_header_in( $req, "Accept-Encoding" );
|
||||||
my %postdata =
|
my %postdata = $class->tsv->{outputPostData}->{$vhost}->{$uri}
|
||||||
$class->tsv->{outputPostData}->{$vhost}->{$uri}->( $req, $session );
|
->( $req, $session );
|
||||||
my $formParams = $class->tsv->{postFormParams}->{$vhost}->{$uri};
|
my $formParams = $class->tsv->{postFormParams}->{$vhost}->{$uri};
|
||||||
my $js = $class->postJavascript( $req, \%postdata, $formParams );
|
my $js = $class->postJavascript( $req, \%postdata, $formParams );
|
||||||
$class->addToHtmlHead( $req, $js );
|
$class->addToHtmlHead( $req, $js );
|
||||||
|
@ -691,8 +709,8 @@ sub postInputFilter {
|
||||||
if ( defined( $class->tsv->{inputPostData}->{$vhost}->{$uri} ) ) {
|
if ( defined( $class->tsv->{inputPostData}->{$vhost}->{$uri} ) ) {
|
||||||
$class->logger->debug("Replacing fake data with real form data");
|
$class->logger->debug("Replacing fake data with real form data");
|
||||||
|
|
||||||
my %data =
|
my %data = $class->tsv->{inputPostData}->{$vhost}->{$uri}
|
||||||
$class->tsv->{inputPostData}->{$vhost}->{$uri}->( $req, $session );
|
->( $req, $session );
|
||||||
foreach ( keys %data ) {
|
foreach ( keys %data ) {
|
||||||
$data{$_} = uri_escape( $data{$_} );
|
$data{$_} = uri_escape( $data{$_} );
|
||||||
}
|
}
|
||||||
|
@ -712,32 +730,33 @@ sub postJavascript {
|
||||||
foreach my $name ( keys %$data ) {
|
foreach my $name ( keys %$data ) {
|
||||||
use bytes;
|
use bytes;
|
||||||
my $value = "x" x bytes::length( $data->{$name} );
|
my $value = "x" x bytes::length( $data->{$name} );
|
||||||
$filler .=
|
$filler
|
||||||
"form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n";
|
.= "form.find('input[name=\"$name\"], select[name=\"$name\"], textarea[name=\"$name\"]').val('$value')\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
my $submitter =
|
my $submitter
|
||||||
$formParams->{buttonSelector} eq "none" ? ""
|
= $formParams->{buttonSelector} eq "none" ? ""
|
||||||
: $formParams->{buttonSelector}
|
: $formParams->{buttonSelector}
|
||||||
? "form.find('$formParams->{buttonSelector}').click();\n"
|
? "form.find('$formParams->{buttonSelector}').click();\n"
|
||||||
: "form.submit();\n";
|
: "form.submit();\n";
|
||||||
|
|
||||||
my $jqueryUrl = $formParams->{jqueryUrl} || "";
|
my $jqueryUrl = $formParams->{jqueryUrl} || "";
|
||||||
$jqueryUrl = &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js"
|
$jqueryUrl
|
||||||
if ( $jqueryUrl eq "default" );
|
= &{ $class->tsv->{portal} } . "skins/common/js/jquery-1.10.2.js"
|
||||||
|
if ( $jqueryUrl eq "default" );
|
||||||
$jqueryUrl = "<script type='text/javascript' src='$jqueryUrl'></script>\n"
|
$jqueryUrl = "<script type='text/javascript' src='$jqueryUrl'></script>\n"
|
||||||
if ($jqueryUrl);
|
if ($jqueryUrl);
|
||||||
|
|
||||||
return
|
return
|
||||||
$jqueryUrl
|
$jqueryUrl
|
||||||
. "<script type='text/javascript'>\n"
|
. "<script type='text/javascript'>\n"
|
||||||
. "/* script added by Lemonldap::NG */\n"
|
. "/* script added by Lemonldap::NG */\n"
|
||||||
. "jQuery(window).on('load', function() {\n"
|
. "jQuery(window).on('load', function() {\n"
|
||||||
. "var form = jQuery('$form');\n"
|
. "var form = jQuery('$form');\n"
|
||||||
. "form.attr('autocomplete', 'off');\n"
|
. "form.attr('autocomplete', 'off');\n"
|
||||||
. $filler
|
. $filler
|
||||||
. $submitter . "})\n"
|
. $submitter . "})\n"
|
||||||
. "</script>\n";
|
. "</script>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -17,11 +17,11 @@ use strict;
|
||||||
use URI::Escape;
|
use URI::Escape;
|
||||||
|
|
||||||
# List constants
|
# List constants
|
||||||
sub authProcess { qw(extractFormInfo getUser authenticate) }
|
sub authProcess {qw(extractFormInfo getUser authenticate)}
|
||||||
|
|
||||||
sub sessionData {
|
sub sessionData {
|
||||||
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
|
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
|
||||||
setLocalGroups store secondFactor);
|
setLocalGroups store secondFactor);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub validSession {
|
sub validSession {
|
||||||
|
@ -56,11 +56,9 @@ sub handler {
|
||||||
if ( $sp or %{ $req->pdata } ) {
|
if ( $sp or %{ $req->pdata } ) {
|
||||||
my %v = (
|
my %v = (
|
||||||
name => $self->conf->{cookieName} . 'pdata',
|
name => $self->conf->{cookieName} . 'pdata',
|
||||||
(
|
( %{ $req->pdata }
|
||||||
%{ $req->pdata }
|
|
||||||
? ( value => uri_escape( JSON::to_json( $req->pdata ) ) )
|
? ( value => uri_escape( JSON::to_json( $req->pdata ) ) )
|
||||||
: (
|
: ( value => '',
|
||||||
value => '',
|
|
||||||
expires => 'Wed, 21 Oct 2015 00:00:00 GMT'
|
expires => 'Wed, 21 Oct 2015 00:00:00 GMT'
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
@ -94,8 +92,7 @@ sub login {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return $self->do(
|
return $self->do(
|
||||||
$req,
|
$req,
|
||||||
[
|
[ 'controlUrl', @{ $self->beforeAuth },
|
||||||
'controlUrl', @{ $self->beforeAuth },
|
|
||||||
$self->authProcess, @{ $self->betweenAuthAndData },
|
$self->authProcess, @{ $self->betweenAuthAndData },
|
||||||
$self->sessionData, @{ $self->afterData },
|
$self->sessionData, @{ $self->afterData },
|
||||||
$self->validSession, @{ $self->endAuth },
|
$self->validSession, @{ $self->endAuth },
|
||||||
|
@ -107,8 +104,7 @@ sub postLogin {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return $self->do(
|
return $self->do(
|
||||||
$req,
|
$req,
|
||||||
[
|
[ 'restoreArgs', 'controlUrl',
|
||||||
'restoreArgs', 'controlUrl',
|
|
||||||
@{ $self->beforeAuth }, $self->authProcess,
|
@{ $self->beforeAuth }, $self->authProcess,
|
||||||
@{ $self->betweenAuthAndData }, $self->sessionData,
|
@{ $self->betweenAuthAndData }, $self->sessionData,
|
||||||
@{ $self->afterData }, $self->validSession,
|
@{ $self->afterData }, $self->validSession,
|
||||||
|
@ -121,8 +117,7 @@ sub authenticatedRequest {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return $self->do(
|
return $self->do(
|
||||||
$req,
|
$req,
|
||||||
[
|
[ 'importHandlerData', 'controlUrl',
|
||||||
'importHandlerData', 'controlUrl',
|
|
||||||
'checkLogout', @{ $self->forAuthUser }
|
'checkLogout', @{ $self->forAuthUser }
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
@ -132,8 +127,7 @@ sub postAuthenticatedRequest {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return $self->do(
|
return $self->do(
|
||||||
$req,
|
$req,
|
||||||
[
|
[ 'importHandlerData', 'restoreArgs',
|
||||||
'importHandlerData', 'restoreArgs',
|
|
||||||
'controlUrl', 'checkLogout',
|
'controlUrl', 'checkLogout',
|
||||||
@{ $self->forAuthUser }
|
@{ $self->forAuthUser }
|
||||||
]
|
]
|
||||||
|
@ -151,8 +145,7 @@ sub refresh {
|
||||||
delete $data{$_} unless ( /^_/ or /^(?:startTime)$/ );
|
delete $data{$_} unless ( /^_/ or /^(?:startTime)$/ );
|
||||||
}
|
}
|
||||||
$req->steps(
|
$req->steps(
|
||||||
[
|
[ 'getUser',
|
||||||
'getUser',
|
|
||||||
@{ $self->betweenAuthAndData },
|
@{ $self->betweenAuthAndData },
|
||||||
'setAuthSessionInfo',
|
'setAuthSessionInfo',
|
||||||
'setSessionInfo',
|
'setSessionInfo',
|
||||||
|
@ -170,21 +163,21 @@ sub refresh {
|
||||||
if ($res) {
|
if ($res) {
|
||||||
$req->info(
|
$req->info(
|
||||||
$self->loadTemplate(
|
$self->loadTemplate(
|
||||||
'simpleInfo', params => { trspan => 'rightsReloadNeedsLogout' }
|
'simpleInfo',
|
||||||
|
params => { trspan => 'rightsReloadNeedsLogout' }
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
$req->urldc( $self->conf->{portal} );
|
$req->urldc( $self->conf->{portal} );
|
||||||
return $self->do( $req, [ sub { PE_INFO } ] );
|
return $self->do( $req, [ sub {PE_INFO} ] );
|
||||||
}
|
}
|
||||||
return $self->do( $req, [ sub { PE_OK } ] );
|
return $self->do( $req, [ sub {PE_OK} ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub logout {
|
sub logout {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return $self->do(
|
return $self->do(
|
||||||
$req,
|
$req,
|
||||||
[
|
[ 'controlUrl', @{ $self->beforeLogout },
|
||||||
'controlUrl', @{ $self->beforeLogout },
|
|
||||||
'authLogout', 'deleteSession'
|
'authLogout', 'deleteSession'
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
@ -201,9 +194,9 @@ sub do {
|
||||||
|
|
||||||
# Update status
|
# Update status
|
||||||
if ( my $p = $self->HANDLER->tsv->{statusPipe} ) {
|
if ( my $p = $self->HANDLER->tsv->{statusPipe} ) {
|
||||||
$p->print( ( $req->user ? $req->user : $req->address ) . ' => '
|
$p->print(( $req->user ? $req->user : $req->address ) . ' => '
|
||||||
. $req->uri
|
. $req->uri
|
||||||
. " $err\n" );
|
. " $err\n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Update history
|
# Update history
|
||||||
|
@ -215,9 +208,7 @@ sub do {
|
||||||
if ( ( $err > 0 and !$req->id ) or $err eq PE_SESSIONNOTGRANTED ) {
|
if ( ( $err > 0 and !$req->id ) or $err eq PE_SESSIONNOTGRANTED ) {
|
||||||
return [
|
return [
|
||||||
401,
|
401,
|
||||||
[
|
[ 'WWW-Authenticate' => "SSO " . $self->conf->{portal} ],
|
||||||
'WWW-Authenticate' => "SSO " . $self->conf->{portal}
|
|
||||||
],
|
|
||||||
[qq'{"result":0,"error":$err}']
|
[qq'{"result":0,"error":$err}']
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -231,16 +222,14 @@ sub do {
|
||||||
else {
|
else {
|
||||||
return $self->sendJSONresponse(
|
return $self->sendJSONresponse(
|
||||||
$req,
|
$req,
|
||||||
{
|
{ result => 1,
|
||||||
result => 1,
|
|
||||||
code => $err
|
code => $err
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (
|
if ( $err
|
||||||
$err
|
|
||||||
and $err != PE_LOGOUT_OK
|
and $err != PE_LOGOUT_OK
|
||||||
and (
|
and (
|
||||||
$err != PE_REDIRECT
|
$err != PE_REDIRECT
|
||||||
|
@ -249,7 +238,7 @@ sub do {
|
||||||
and $req->data->{redirectFormMethod} eq 'post' )
|
and $req->data->{redirectFormMethod} eq 'post' )
|
||||||
or $req->info
|
or $req->info
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
my ( $tpl, $prms ) = $self->display($req);
|
my ( $tpl, $prms ) = $self->display($req);
|
||||||
$self->logger->debug("Calling sendHtml with template $tpl");
|
$self->logger->debug("Calling sendHtml with template $tpl");
|
||||||
|
@ -267,21 +256,20 @@ sub do {
|
||||||
|
|
||||||
sub getModule {
|
sub getModule {
|
||||||
my ( $self, $req, $type ) = @_;
|
my ( $self, $req, $type ) = @_;
|
||||||
if (
|
if (my $mod = {
|
||||||
my $mod = {
|
|
||||||
auth => '_authentication',
|
auth => '_authentication',
|
||||||
user => '_userDB',
|
user => '_userDB',
|
||||||
password => '_passwordDB'
|
password => '_passwordDB'
|
||||||
}->{$type}
|
}->{$type}
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
if ( my $sub = $self->$mod->can('name') ) {
|
if ( my $sub = $self->$mod->can('name') ) {
|
||||||
return $sub->( $self->$mod, $req, $type );
|
return $sub->( $self->$mod, $req, $type );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
my $s = ref( $self->$mod );
|
my $s = ref( $self->$mod );
|
||||||
$s =~
|
$s
|
||||||
s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//;
|
=~ s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//;
|
||||||
return $s;
|
return $s;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -298,7 +286,7 @@ sub autoRedirect {
|
||||||
|
|
||||||
# Set redirection URL if needed
|
# Set redirection URL if needed
|
||||||
$req->{urldc} ||= $self->conf->{portal}
|
$req->{urldc} ||= $self->conf->{portal}
|
||||||
if ( $req->mustRedirect and not( $req->info ) );
|
if ( $req->mustRedirect and not( $req->info ) );
|
||||||
|
|
||||||
# Redirection should be made if urldc defined
|
# Redirection should be made if urldc defined
|
||||||
if ( $req->{urldc} ) {
|
if ( $req->{urldc} ) {
|
||||||
|
@ -308,8 +296,9 @@ sub autoRedirect {
|
||||||
$req->data->{redirectFormMethod} = "get";
|
$req->data->{redirectFormMethod} = "get";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return [ 302,
|
return [
|
||||||
[ Location => $req->{urldc}, @{ $req->respHeaders } ], [] ];
|
302, [ Location => $req->{urldc}, @{ $req->respHeaders } ], []
|
||||||
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
my ( $tpl, $prms ) = $self->display($req);
|
my ( $tpl, $prms ) = $self->display($req);
|
||||||
|
@ -330,8 +319,7 @@ sub getApacheSession {
|
||||||
}
|
}
|
||||||
|
|
||||||
my $as = Lemonldap::NG::Common::Session->new(
|
my $as = Lemonldap::NG::Common::Session->new(
|
||||||
{
|
{ storageModule => $self->conf->{globalStorage},
|
||||||
storageModule => $self->conf->{globalStorage},
|
|
||||||
storageModuleOptions => $self->conf->{globalStorageOptions},
|
storageModuleOptions => $self->conf->{globalStorageOptions},
|
||||||
cacheModule => $self->conf->{localSessionStorage},
|
cacheModule => $self->conf->{localSessionStorage},
|
||||||
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
|
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
|
||||||
|
@ -345,8 +333,7 @@ sub getApacheSession {
|
||||||
if ( my $err = $as->error ) {
|
if ( my $err = $as->error ) {
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
$err,
|
$err,
|
||||||
(
|
( $err =~ /(?:Object does not exist|Invalid session ID)/
|
||||||
$err =~ /(?:Object does not exist|Invalid session ID)/
|
|
||||||
? 'notice'
|
? 'notice'
|
||||||
: 'error'
|
: 'error'
|
||||||
)
|
)
|
||||||
|
@ -358,19 +345,22 @@ sub getApacheSession {
|
||||||
$self->logger->debug("Session $args{kind} $id not found");
|
$self->logger->debug("Session $args{kind} $id not found");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$self->logger->debug("Get session $id from Portal::Main::Run") if ( $id );
|
$self->logger->debug("Get session $id from Portal::Main::Run") if ($id);
|
||||||
$self->logger->debug("Check session timeoutActivity -> " . $self->conf->{timeoutActivity} . "s");
|
$self->logger->debug(
|
||||||
|
"Check session validity -> " . $self->conf->{timeoutActivity} . "s" )
|
||||||
|
if ( $self->conf->{timeoutActivity} );
|
||||||
my $now = time;
|
my $now = time;
|
||||||
if (
|
if ( $id
|
||||||
$id
|
|
||||||
and defined $as->data->{_utime}
|
and defined $as->data->{_utime}
|
||||||
and (
|
and (
|
||||||
( ( $now - $as->data->{_utime} ) > $self->conf->{timeout} )
|
( ( $now - $as->data->{_utime} ) > $self->conf->{timeout} )
|
||||||
or ( $self->conf->{timeoutActivity}
|
or ( $self->conf->{timeoutActivity}
|
||||||
and $as->data->{_lastSeen}
|
and $as->data->{_lastSeen}
|
||||||
and ( ( $now - $as->data->{_lastSeen} ) > $self->conf->{timeoutActivity} ) )
|
and ( ( $now - $as->data->{_lastSeen} )
|
||||||
|
> $self->conf->{timeoutActivity} )
|
||||||
|
)
|
||||||
|
)
|
||||||
)
|
)
|
||||||
)
|
|
||||||
{
|
{
|
||||||
$self->logger->debug("Session $args{kind} $id expired");
|
$self->logger->debug("Session $args{kind} $id expired");
|
||||||
return;
|
return;
|
||||||
|
@ -393,8 +383,7 @@ sub getPersistentSession {
|
||||||
$info->{_session_uid} = $uid;
|
$info->{_session_uid} = $uid;
|
||||||
|
|
||||||
my $ps = Lemonldap::NG::Common::Session->new(
|
my $ps = Lemonldap::NG::Common::Session->new(
|
||||||
{
|
{ storageModule => $self->conf->{persistentStorage},
|
||||||
storageModule => $self->conf->{persistentStorage},
|
|
||||||
storageModuleOptions => $self->conf->{persistentStorageOptions},
|
storageModuleOptions => $self->conf->{persistentStorageOptions},
|
||||||
id => $pid,
|
id => $pid,
|
||||||
force => 1,
|
force => 1,
|
||||||
|
@ -435,10 +424,11 @@ sub updatePersistentSession {
|
||||||
# Return if no infos to update
|
# Return if no infos to update
|
||||||
return () unless ( ref $infos eq 'HASH' and %$infos );
|
return () unless ( ref $infos eq 'HASH' and %$infos );
|
||||||
$uid ||= $req->{sessionInfo}->{ $self->conf->{whatToTrace} }
|
$uid ||= $req->{sessionInfo}->{ $self->conf->{whatToTrace} }
|
||||||
|| $req->userData->{ $self->conf->{whatToTrace} };
|
|| $req->userData->{ $self->conf->{whatToTrace} };
|
||||||
$self->logger->debug("Found 'whatToTrace' -> $uid");
|
$self->logger->debug("Found 'whatToTrace' -> $uid");
|
||||||
unless ($uid) {
|
unless ($uid) {
|
||||||
$self->logger->debug('No uid found, skipping updatePersistentSession');
|
$self->logger->debug(
|
||||||
|
'No uid found, skipping updatePersistentSession');
|
||||||
return ();
|
return ();
|
||||||
}
|
}
|
||||||
$self->logger->debug("Update $uid persistent session");
|
$self->logger->debug("Update $uid persistent session");
|
||||||
|
@ -480,14 +470,14 @@ sub updateSession {
|
||||||
foreach ( keys %$infos ) {
|
foreach ( keys %$infos ) {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Update sessionInfo $_ with " . $infos->{$_} );
|
"Update sessionInfo $_ with " . $infos->{$_} );
|
||||||
$req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_} =
|
$req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_}
|
||||||
$infos->{$_};
|
= $infos->{$_};
|
||||||
}
|
}
|
||||||
|
|
||||||
# Update session in global storage with _updateTime
|
# Update session in global storage with _updateTime
|
||||||
$infos->{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
|
$infos->{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
|
||||||
if ( my $apacheSession =
|
if ( my $apacheSession
|
||||||
$self->getApacheSession( $id, info => $infos ) )
|
= $self->getApacheSession( $id, info => $infos ) )
|
||||||
{
|
{
|
||||||
if ( $apacheSession->error ) {
|
if ( $apacheSession->error ) {
|
||||||
$self->logger->error("Cannot update session $id");
|
$self->logger->error("Cannot update session $id");
|
||||||
|
@ -570,10 +560,10 @@ sub isTrustedUrl {
|
||||||
|
|
||||||
sub stamp {
|
sub stamp {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
my $res =
|
my $res
|
||||||
$self->conf->{cipher}
|
= $self->conf->{cipher}
|
||||||
? $self->conf->{cipher}->encrypt( time() )
|
? $self->conf->{cipher}->encrypt( time() )
|
||||||
: 1;
|
: 1;
|
||||||
$res =~ s/\+/%2B/g;
|
$res =~ s/\+/%2B/g;
|
||||||
return $res;
|
return $res;
|
||||||
}
|
}
|
||||||
|
@ -705,7 +695,7 @@ sub cookie {
|
||||||
$h{path} ||= '/';
|
$h{path} ||= '/';
|
||||||
$h{HttpOnly} //= $self->conf->{httpOnly};
|
$h{HttpOnly} //= $self->conf->{httpOnly};
|
||||||
$h{max_age} //= $self->conf->{cookieExpiration}
|
$h{max_age} //= $self->conf->{cookieExpiration}
|
||||||
if ( $self->conf->{cookieExpiration} );
|
if ( $self->conf->{cookieExpiration} );
|
||||||
foreach (qw(domain path expires max_age HttpOnly)) {
|
foreach (qw(domain path expires max_age HttpOnly)) {
|
||||||
my $f = $_;
|
my $f = $_;
|
||||||
$f =~ s/_/-/g;
|
$f =~ s/_/-/g;
|
||||||
|
@ -728,11 +718,12 @@ sub sendHtml {
|
||||||
my ( $self, $req, $template, %args ) = @_;
|
my ( $self, $req, $template, %args ) = @_;
|
||||||
my $res = $self->SUPER::sendHtml( $req, $template, %args );
|
my $res = $self->SUPER::sendHtml( $req, $template, %args );
|
||||||
push @{ $res->[1] },
|
push @{ $res->[1] },
|
||||||
'X-XSS-Protection' => '1; mode=block',
|
'X-XSS-Protection' => '1; mode=block',
|
||||||
'X-Content-Type-Options' => 'nosniff';
|
'X-Content-Type-Options' => 'nosniff';
|
||||||
|
|
||||||
# Set authorized URL for POST
|
# Set authorized URL for POST
|
||||||
my $csp = $self->csp . "form-action 'self' " . $self->conf->{cspFormAction};
|
my $csp
|
||||||
|
= $self->csp . "form-action 'self' " . $self->conf->{cspFormAction};
|
||||||
if ( my $url = $req->urldc ) {
|
if ( my $url = $req->urldc ) {
|
||||||
$self->logger->debug("Required urldc : $url");
|
$self->logger->debug("Required urldc : $url");
|
||||||
$url =~ s#(https?://[^/]+).*#$1#;
|
$url =~ s#(https?://[^/]+).*#$1#;
|
||||||
|
@ -743,13 +734,14 @@ sub sendHtml {
|
||||||
if ( defined $url ) {
|
if ( defined $url ) {
|
||||||
$self->logger->debug("Required Params URL : $url");
|
$self->logger->debug("Required Params URL : $url");
|
||||||
if ( $url =~ s#(https?://[^/]+).*#$1# ) {
|
if ( $url =~ s#(https?://[^/]+).*#$1# ) {
|
||||||
$self->logger->debug("Set CSP form-action with Params URL : $url");
|
$self->logger->debug(
|
||||||
|
"Set CSP form-action with Params URL : $url");
|
||||||
$csp .= " $url";
|
$csp .= " $url";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ( defined $req->{cspFormAction} ) {
|
if ( defined $req->{cspFormAction} ) {
|
||||||
$self->logger->debug(
|
$self->logger->debug( "Set CSP form-action with request URL: "
|
||||||
"Set CSP form-action with request URL: " . $req->{cspFormAction} );
|
. $req->{cspFormAction} );
|
||||||
$csp .= " " . $req->{cspFormAction};
|
$csp .= " " . $req->{cspFormAction};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -775,7 +767,7 @@ sub sendHtml {
|
||||||
my @url;
|
my @url;
|
||||||
if ( $req->info ) {
|
if ( $req->info ) {
|
||||||
@url = map { s#https?://([^/]+).*#$1#; $_ }
|
@url = map { s#https?://([^/]+).*#$1#; $_ }
|
||||||
( $req->info =~ /<iframe.*?src="(.*?)"/sg );
|
( $req->info =~ /<iframe.*?src="(.*?)"/sg );
|
||||||
}
|
}
|
||||||
if (@url) {
|
if (@url) {
|
||||||
$csp .= join( ' ', 'child-src', @url ) . ';';
|
$csp .= join( ' ', 'child-src', @url ) . ';';
|
||||||
|
@ -789,17 +781,16 @@ sub sendHtml {
|
||||||
|
|
||||||
sub sendCss {
|
sub sendCss {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $s =
|
my $s
|
||||||
'html,body{background:url("'
|
= 'html,body{background:url("'
|
||||||
. $self->staticPrefix
|
. $self->staticPrefix
|
||||||
. '/common/backgrounds/'
|
. '/common/backgrounds/'
|
||||||
. $self->conf->{portalSkinBackground}
|
. $self->conf->{portalSkinBackground}
|
||||||
. '") no-repeat center fixed;'
|
. '") no-repeat center fixed;'
|
||||||
. 'background-size:cover;}';
|
. 'background-size:cover;}';
|
||||||
return [
|
return [
|
||||||
200,
|
200,
|
||||||
[
|
[ 'Content-Type' => 'text/css',
|
||||||
'Content-Type' => 'text/css',
|
|
||||||
'Content-Length' => length($s),
|
'Content-Length' => length($s),
|
||||||
'Cache-Control' => 'public,max-age=3600',
|
'Cache-Control' => 'public,max-age=3600',
|
||||||
],
|
],
|
||||||
|
@ -821,16 +812,16 @@ sub lmError {
|
||||||
|
|
||||||
# Error code
|
# Error code
|
||||||
$templateParams{"ERROR$_"} = ( $httpError == $_ ? 1 : 0 )
|
$templateParams{"ERROR$_"} = ( $httpError == $_ ? 1 : 0 )
|
||||||
foreach ( 403, 404, 500, 502, 503 );
|
foreach ( 403, 404, 500, 502, 503 );
|
||||||
return $self->sendHtml( $req, 'error', params => \%templateParams );
|
return $self->sendHtml( $req, 'error', params => \%templateParams );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub rebuildCookies {
|
sub rebuildCookies {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my @tmp;
|
my @tmp;
|
||||||
for ( my $i = 0 ; $i < @{ $req->{respHeaders} } ; $i += 2 ) {
|
for ( my $i = 0; $i < @{ $req->{respHeaders} }; $i += 2 ) {
|
||||||
push @tmp, $req->respHeaders->[0], $req->respHeaders->[1]
|
push @tmp, $req->respHeaders->[0], $req->respHeaders->[1]
|
||||||
unless ( $req->respHeaders->[0] eq 'Set-Cookie' );
|
unless ( $req->respHeaders->[0] eq 'Set-Cookie' );
|
||||||
}
|
}
|
||||||
$req->{respHeaders} = \@tmp;
|
$req->{respHeaders} = \@tmp;
|
||||||
$self->buildCookie($req);
|
$self->buildCookie($req);
|
||||||
|
@ -853,7 +844,7 @@ sub tplParams {
|
||||||
sub registerLogin {
|
sub registerLogin {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return
|
return
|
||||||
unless ( $self->conf->{loginHistoryEnabled}
|
unless ( $self->conf->{loginHistoryEnabled}
|
||||||
and defined $req->authResult );
|
and defined $req->authResult );
|
||||||
my $history = $req->sessionInfo->{_loginHistory} ||= {};
|
my $history = $req->sessionInfo->{_loginHistory} ||= {};
|
||||||
my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
|
my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
|
||||||
|
@ -863,17 +854,18 @@ sub registerLogin {
|
||||||
# Gather current login's parameters
|
# Gather current login's parameters
|
||||||
my $login = $self->_sumUpSession( $req->{sessionInfo}, 1 );
|
my $login = $self->_sumUpSession( $req->{sessionInfo}, 1 );
|
||||||
$login->{error} = $self->error( $req->authResult )
|
$login->{error} = $self->error( $req->authResult )
|
||||||
if ( $req->authResult );
|
if ( $req->authResult );
|
||||||
|
|
||||||
$self->logger->debug( " Current login -> " . $login->{error} )
|
$self->logger->debug( " Current login -> " . $login->{error} )
|
||||||
if ( $login->{error} );
|
if ( $login->{error} );
|
||||||
|
|
||||||
# Add current login into history
|
# Add current login into history
|
||||||
unshift @{ $history->{$type} }, $login;
|
unshift @{ $history->{$type} }, $login;
|
||||||
|
|
||||||
# Forget oldest logins
|
# Forget oldest logins
|
||||||
splice @{ $history->{$type} }, $self->conf->{ $type . "Number" }
|
splice @{ $history->{$type} }, $self->conf->{ $type . "Number" }
|
||||||
if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
|
if (
|
||||||
|
scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
|
||||||
|
|
||||||
# Save into persistent session
|
# Save into persistent session
|
||||||
$self->updatePersistentSession( $req, { _loginHistory => $history, } );
|
$self->updatePersistentSession( $req, { _loginHistory => $history, } );
|
||||||
|
@ -884,12 +876,12 @@ sub registerLogin {
|
||||||
# @return hashref
|
# @return hashref
|
||||||
sub _sumUpSession {
|
sub _sumUpSession {
|
||||||
my ( $self, $session, $withoutUser ) = @_;
|
my ( $self, $session, $withoutUser ) = @_;
|
||||||
my $res =
|
my $res
|
||||||
$withoutUser
|
= $withoutUser
|
||||||
? {}
|
? {}
|
||||||
: { user => $session->{ $self->conf->{whatToTrace} } };
|
: { user => $session->{ $self->conf->{whatToTrace} } };
|
||||||
$res->{$_} = $session->{$_}
|
$res->{$_} = $session->{$_}
|
||||||
foreach ( "_utime", "ipAddr",
|
foreach ( "_utime", "ipAddr",
|
||||||
keys %{ $self->conf->{sessionDataToRemember} } );
|
keys %{ $self->conf->{sessionDataToRemember} } );
|
||||||
return $res;
|
return $res;
|
||||||
}
|
}
|
||||||
|
@ -898,12 +890,12 @@ sub _sumUpSession {
|
||||||
sub loadTemplate {
|
sub loadTemplate {
|
||||||
my ( $self, $name, %prm ) = @_;
|
my ( $self, $name, %prm ) = @_;
|
||||||
$name .= '.tpl';
|
$name .= '.tpl';
|
||||||
my $file =
|
my $file
|
||||||
$self->conf->{templateDir} . '/'
|
= $self->conf->{templateDir} . '/'
|
||||||
. $self->conf->{portalSkin} . '/'
|
. $self->conf->{portalSkin} . '/'
|
||||||
. $name;
|
. $name;
|
||||||
$file = $self->conf->{templateDir} . '/common/' . $name
|
$file = $self->conf->{templateDir} . '/common/' . $name
|
||||||
unless ( -e $file );
|
unless ( -e $file );
|
||||||
unless ( -e $file ) {
|
unless ( -e $file ) {
|
||||||
die "Unable to find $name in $self->conf->{templateDir}";
|
die "Unable to find $name in $self->conf->{templateDir}";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user