Manage exported variables for OpenID (#636)
This commit is contained in:
Clément Oudot
parent
68dda1b256
commit
ab4dfe1100
|
|
@ -678,6 +678,13 @@ has 'openIdAuthnLevel' => (
|
||||||
documentation => 'OpenID authentication level',
|
documentation => 'OpenID authentication level',
|
||||||
);
|
);
|
||||||
|
|
||||||
|
has 'openIdExportedVars' => (
|
||||||
|
is => 'rw',
|
||||||
|
isa => 'HashRef',
|
||||||
|
default => sub { return {}; },
|
||||||
|
documentation => 'OpenID exported variables',
|
||||||
|
);
|
||||||
|
|
||||||
has 'openIdSreg_email' => (
|
has 'openIdSreg_email' => (
|
||||||
is => 'rw',
|
is => 'rw',
|
||||||
isa => 'Str',
|
isa => 'Str',
|
||||||
|
|
|
||||||
|
|
@ -120,6 +120,7 @@ sub unserialize {
|
||||||
|logoutServices
|
|logoutServices
|
||||||
|macros
|
|macros
|
||||||
|notificationStorageOptions
|
|notificationStorageOptions
|
||||||
|
|openIdExportedVars
|
||||||
|persistentStorageOptions
|
|persistentStorageOptions
|
||||||
|portalSkinRules
|
|portalSkinRules
|
||||||
|post
|
|post
|
||||||
|
|
|
||||||
|
|
@ -560,10 +560,17 @@ sub struct {
|
||||||
|
|
||||||
# OpenID
|
# OpenID
|
||||||
openIdParams => {
|
openIdParams => {
|
||||||
_nodes => [qw(openIdAuthnLevel openIdSecret openIdIDPList)],
|
_nodes => [
|
||||||
_help => 'authOpenID',
|
qw(openIdAuthnLevel cn:openIdExportedVars openIdSecret openIdIDPList)
|
||||||
openIdAuthnLevel => 'int:/openIdAuthnLevel',
|
],
|
||||||
openIdSecret => 'text:/openIdSecret',
|
_help => 'authOpenID',
|
||||||
|
openIdAuthnLevel => 'int:/openIdAuthnLevel',
|
||||||
|
openIdExportedVars => {
|
||||||
|
_nodes => ['hash:/openIdExportedVars:vars:btext'],
|
||||||
|
_js => 'hashRoot',
|
||||||
|
_help => 'authOpenID',
|
||||||
|
},
|
||||||
|
openIdSecret => 'text:/openIdSecret',
|
||||||
openIdIDPList =>
|
openIdIDPList =>
|
||||||
'text:/openIdIDPList:authOpenID:openididplist',
|
'text:/openIdIDPList:authOpenID:openididplist',
|
||||||
},
|
},
|
||||||
|
|
@ -1681,8 +1688,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
||||||
keyTest => qr/^\w+$/,
|
keyTest => qr/^\w+$/,
|
||||||
keyMsgFail => 'Bad parameter',
|
keyMsgFail => 'Bad parameter',
|
||||||
},
|
},
|
||||||
notifyDeleted => $boolean,
|
notifyDeleted => $boolean,
|
||||||
notifyOther => $boolean,
|
notifyOther => $boolean,
|
||||||
|
openIdExportedVars => {
|
||||||
|
keyTest => qr/^!?[a-zA-Z][\w-]*$/,
|
||||||
|
keyMsgFail => 'Bad variable name',
|
||||||
|
test => qr/^[a-zA-Z][\w:\-]*$/,
|
||||||
|
msgFail => 'Bad attribute name',
|
||||||
|
},
|
||||||
persistentStorageOptions => {
|
persistentStorageOptions => {
|
||||||
keyTest => qr/^\w+$/,
|
keyTest => qr/^\w+$/,
|
||||||
keyMsgFail => 'Bad parameter',
|
keyMsgFail => 'Bad parameter',
|
||||||
|
|
|
||||||
|
|
@ -260,6 +260,7 @@ sub en {
|
||||||
nullParams => 'Null parameters',
|
nullParams => 'Null parameters',
|
||||||
openIdAttr => 'OpenID login',
|
openIdAttr => 'OpenID login',
|
||||||
openIdAuthnLevel => 'Authentication level',
|
openIdAuthnLevel => 'Authentication level',
|
||||||
|
openIdExportedVars => 'Exported variables',
|
||||||
openIdIDPList => 'Authorizated domains',
|
openIdIDPList => 'Authorizated domains',
|
||||||
openIdIssuerSecret => 'Secret token',
|
openIdIssuerSecret => 'Secret token',
|
||||||
openIdParams => 'OpenID parameters',
|
openIdParams => 'OpenID parameters',
|
||||||
|
|
@ -754,6 +755,7 @@ sub fr {
|
||||||
nullParams => 'Paramètres Null',
|
nullParams => 'Paramètres Null',
|
||||||
openIdAttr => 'Identifiant OpenID',
|
openIdAttr => 'Identifiant OpenID',
|
||||||
openIdAuthnLevel => 'Niveau d\'authentification',
|
openIdAuthnLevel => 'Niveau d\'authentification',
|
||||||
|
openIdExportedVars => 'Variables exportées',
|
||||||
openIdIDPList => 'Domaines autorisés',
|
openIdIDPList => 'Domaines autorisés',
|
||||||
openIdIssuerSecret => 'Jeton secret',
|
openIdIssuerSecret => 'Jeton secret',
|
||||||
openIdParams => 'Paramètres OpenID',
|
openIdParams => 'Paramètres OpenID',
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ use Lemonldap::NG::Portal::_Browser;
|
||||||
use Cache::FileCache;
|
use Cache::FileCache;
|
||||||
|
|
||||||
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
|
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
|
||||||
our $VERSION = '1.3.0';
|
our $VERSION = '1.4.0';
|
||||||
our $initDone;
|
our $initDone;
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
|
|
@ -149,7 +149,9 @@ sub extractFormInfo {
|
||||||
# compatible fields
|
# compatible fields
|
||||||
if ( $self->get_module('user') eq 'OpenID' ) {
|
if ( $self->get_module('user') eq 'OpenID' ) {
|
||||||
my ( @r, @o );
|
my ( @r, @o );
|
||||||
while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) {
|
my %vars =
|
||||||
|
( %{ $self->{exportedVars} }, %{ $self->{openIdExportedVars} } );
|
||||||
|
while ( my ( $v, $k ) = each %vars ) {
|
||||||
if ( $k =~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) {
|
if ( $k =~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) {
|
||||||
if ( $v =~ s/^!// ) { push @r, $k }
|
if ( $v =~ s/^!// ) { push @r, $k }
|
||||||
else { push @o, $k }
|
else { push @o, $k }
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ use strict;
|
||||||
use Lemonldap::NG::Portal::Simple;
|
use Lemonldap::NG::Portal::Simple;
|
||||||
use Lemonldap::NG::Common::Regexp;
|
use Lemonldap::NG::Common::Regexp;
|
||||||
|
|
||||||
our $VERSION = '1.0.0';
|
our $VERSION = '1.4.0';
|
||||||
|
|
||||||
## @apmethod int userDBInit()
|
## @apmethod int userDBInit()
|
||||||
# Check if authentication module is OpenID
|
# Check if authentication module is OpenID
|
||||||
|
|
@ -41,35 +41,32 @@ sub getUser {
|
||||||
# @return Lemonldap::NG::Portal error code
|
# @return Lemonldap::NG::Portal error code
|
||||||
sub setSessionInfo {
|
sub setSessionInfo {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
if ( ref( $self->{exportedVars} ) eq 'HASH' ) {
|
|
||||||
while ( my ( $k, $v ) = each %{ $self->{exportedVars} } ) {
|
|
||||||
my $attr = $k;
|
|
||||||
my $required = ( $attr =~ s/^!// );
|
|
||||||
if ( $v =~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) {
|
|
||||||
$self->{sessionInfo}->{$attr} = $self->param("openid.sreg.$v");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$self->lmLog(
|
|
||||||
'Ignoring attribute '
|
|
||||||
. $v
|
|
||||||
. ' which is not a valid OpenID SREG attribute',
|
|
||||||
'warn'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( $required and not defined( $self->{sessionInfo}->{$attr} ) ) {
|
my %vars = ( %{ $self->{exportedVars} }, %{ $self->{openIdExportedVars} } );
|
||||||
$self->lmLog(
|
while ( my ( $k, $v ) = each %vars ) {
|
||||||
"Required parameter $attr is not provided by OpenID server, aborted",
|
my $attr = $k;
|
||||||
'warn'
|
my $required = ( $attr =~ s/^!// );
|
||||||
);
|
if ( $v =~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) {
|
||||||
|
$self->{sessionInfo}->{$attr} = $self->param("openid.sreg.$v");
|
||||||
$self->{mustRedirect} = 0;
|
}
|
||||||
return PE_MISSINGREQATTR;
|
else {
|
||||||
}
|
$self->lmLog(
|
||||||
|
'Ignoring attribute '
|
||||||
|
. $v
|
||||||
|
. ' which is not a valid OpenID SREG attribute',
|
||||||
|
'warn'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $required and not defined( $self->{sessionInfo}->{$attr} ) ) {
|
||||||
|
$self->lmLog(
|
||||||
|
"Required parameter $attr is not provided by OpenID server, aborted",
|
||||||
|
'warn'
|
||||||
|
);
|
||||||
|
|
||||||
|
$self->{mustRedirect} = 0;
|
||||||
|
return PE_MISSINGREQATTR;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
else {
|
|
||||||
$self->abort('Only hash reference are supported now in exportedVars');
|
|
||||||
}
|
}
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user