Manage exported variables for OpenID (#636)
This commit is contained in:
Clément Oudot
parent
68dda1b256
commit
ab4dfe1100
|
|
@ -678,6 +678,13 @@ has 'openIdAuthnLevel' => (
|
|||
documentation => 'OpenID authentication level',
|
||||
);
|
||||
|
||||
has 'openIdExportedVars' => (
|
||||
is => 'rw',
|
||||
isa => 'HashRef',
|
||||
default => sub { return {}; },
|
||||
documentation => 'OpenID exported variables',
|
||||
);
|
||||
|
||||
has 'openIdSreg_email' => (
|
||||
is => 'rw',
|
||||
isa => 'Str',
|
||||
|
|
|
|||
|
|
@ -120,6 +120,7 @@ sub unserialize {
|
|||
|logoutServices
|
||||
|macros
|
||||
|notificationStorageOptions
|
||||
|openIdExportedVars
|
||||
|persistentStorageOptions
|
||||
|portalSkinRules
|
||||
|post
|
||||
|
|
|
|||
|
|
@ -560,10 +560,17 @@ sub struct {
|
|||
|
||||
# OpenID
|
||||
openIdParams => {
|
||||
_nodes => [qw(openIdAuthnLevel openIdSecret openIdIDPList)],
|
||||
_help => 'authOpenID',
|
||||
openIdAuthnLevel => 'int:/openIdAuthnLevel',
|
||||
openIdSecret => 'text:/openIdSecret',
|
||||
_nodes => [
|
||||
qw(openIdAuthnLevel cn:openIdExportedVars openIdSecret openIdIDPList)
|
||||
],
|
||||
_help => 'authOpenID',
|
||||
openIdAuthnLevel => 'int:/openIdAuthnLevel',
|
||||
openIdExportedVars => {
|
||||
_nodes => ['hash:/openIdExportedVars:vars:btext'],
|
||||
_js => 'hashRoot',
|
||||
_help => 'authOpenID',
|
||||
},
|
||||
openIdSecret => 'text:/openIdSecret',
|
||||
openIdIDPList =>
|
||||
'text:/openIdIDPList:authOpenID:openididplist',
|
||||
},
|
||||
|
|
@ -1681,8 +1688,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
keyTest => qr/^\w+$/,
|
||||
keyMsgFail => 'Bad parameter',
|
||||
},
|
||||
notifyDeleted => $boolean,
|
||||
notifyOther => $boolean,
|
||||
notifyDeleted => $boolean,
|
||||
notifyOther => $boolean,
|
||||
openIdExportedVars => {
|
||||
keyTest => qr/^!?[a-zA-Z][\w-]*$/,
|
||||
keyMsgFail => 'Bad variable name',
|
||||
test => qr/^[a-zA-Z][\w:\-]*$/,
|
||||
msgFail => 'Bad attribute name',
|
||||
},
|
||||
persistentStorageOptions => {
|
||||
keyTest => qr/^\w+$/,
|
||||
keyMsgFail => 'Bad parameter',
|
||||
|
|
|
|||
|
|
@ -260,6 +260,7 @@ sub en {
|
|||
nullParams => 'Null parameters',
|
||||
openIdAttr => 'OpenID login',
|
||||
openIdAuthnLevel => 'Authentication level',
|
||||
openIdExportedVars => 'Exported variables',
|
||||
openIdIDPList => 'Authorizated domains',
|
||||
openIdIssuerSecret => 'Secret token',
|
||||
openIdParams => 'OpenID parameters',
|
||||
|
|
@ -754,6 +755,7 @@ sub fr {
|
|||
nullParams => 'Paramètres Null',
|
||||
openIdAttr => 'Identifiant OpenID',
|
||||
openIdAuthnLevel => 'Niveau d\'authentification',
|
||||
openIdExportedVars => 'Variables exportées',
|
||||
openIdIDPList => 'Domaines autorisés',
|
||||
openIdIssuerSecret => 'Jeton secret',
|
||||
openIdParams => 'Paramètres OpenID',
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ use Lemonldap::NG::Portal::_Browser;
|
|||
use Cache::FileCache;
|
||||
|
||||
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
|
||||
our $VERSION = '1.3.0';
|
||||
our $VERSION = '1.4.0';
|
||||
our $initDone;
|
||||
|
||||
BEGIN {
|
||||
|
|
@ -149,7 +149,9 @@ sub extractFormInfo {
|
|||
# compatible fields
|
||||
if ( $self->get_module('user') eq 'OpenID' ) {
|
||||
my ( @r, @o );
|
||||
while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) {
|
||||
my %vars =
|
||||
( %{ $self->{exportedVars} }, %{ $self->{openIdExportedVars} } );
|
||||
while ( my ( $v, $k ) = each %vars ) {
|
||||
if ( $k =~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) {
|
||||
if ( $v =~ s/^!// ) { push @r, $k }
|
||||
else { push @o, $k }
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ use strict;
|
|||
use Lemonldap::NG::Portal::Simple;
|
||||
use Lemonldap::NG::Common::Regexp;
|
||||
|
||||
our $VERSION = '1.0.0';
|
||||
our $VERSION = '1.4.0';
|
||||
|
||||
## @apmethod int userDBInit()
|
||||
# Check if authentication module is OpenID
|
||||
|
|
@ -41,35 +41,32 @@ sub getUser {
|
|||
# @return Lemonldap::NG::Portal error code
|
||||
sub setSessionInfo {
|
||||
my $self = shift;
|
||||
if ( ref( $self->{exportedVars} ) eq 'HASH' ) {
|
||||
while ( my ( $k, $v ) = each %{ $self->{exportedVars} } ) {
|
||||
my $attr = $k;
|
||||
my $required = ( $attr =~ s/^!// );
|
||||
if ( $v =~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) {
|
||||
$self->{sessionInfo}->{$attr} = $self->param("openid.sreg.$v");
|
||||
}
|
||||
else {
|
||||
$self->lmLog(
|
||||
'Ignoring attribute '
|
||||
. $v
|
||||
. ' which is not a valid OpenID SREG attribute',
|
||||
'warn'
|
||||
);
|
||||
}
|
||||
|
||||
if ( $required and not defined( $self->{sessionInfo}->{$attr} ) ) {
|
||||
$self->lmLog(
|
||||
"Required parameter $attr is not provided by OpenID server, aborted",
|
||||
'warn'
|
||||
);
|
||||
|
||||
$self->{mustRedirect} = 0;
|
||||
return PE_MISSINGREQATTR;
|
||||
}
|
||||
my %vars = ( %{ $self->{exportedVars} }, %{ $self->{openIdExportedVars} } );
|
||||
while ( my ( $k, $v ) = each %vars ) {
|
||||
my $attr = $k;
|
||||
my $required = ( $attr =~ s/^!// );
|
||||
if ( $v =~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) {
|
||||
$self->{sessionInfo}->{$attr} = $self->param("openid.sreg.$v");
|
||||
}
|
||||
else {
|
||||
$self->lmLog(
|
||||
'Ignoring attribute '
|
||||
. $v
|
||||
. ' which is not a valid OpenID SREG attribute',
|
||||
'warn'
|
||||
);
|
||||
}
|
||||
|
||||
if ( $required and not defined( $self->{sessionInfo}->{$attr} ) ) {
|
||||
$self->lmLog(
|
||||
"Required parameter $attr is not provided by OpenID server, aborted",
|
||||
'warn'
|
||||
);
|
||||
|
||||
$self->{mustRedirect} = 0;
|
||||
return PE_MISSINGREQATTR;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$self->abort('Only hash reference are supported now in exportedVars');
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user