LEMONLDAP::NG : * protection system of Manager/Sessions.pm is now included in Handler/CGI.pm
* Handler depends now from CGI (Handler/CGI.pm) * Lintian says that postinst must include "set -e"
This commit is contained in:
parent
521a44669e
commit
aedf90d531
|
@ -1,6 +1,8 @@
|
|||
#!/bin/bash
|
||||
# Maintainer: #DEBHELPER#
|
||||
|
||||
set -e
|
||||
|
||||
. /usr/share/debconf/confmodule
|
||||
|
||||
FIRSTCONFFILE=/var/lib/lemonldap-ng/conf/lmConf-1
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
#!/bin/bash
|
||||
# Maintainer: #DEBHELPER#
|
||||
|
||||
set -e
|
||||
|
||||
. /usr/share/debconf/confmodule
|
||||
|
||||
EXAMPLEHANDLERFILE=/usr/share/doc/liblemonldap-ng-handler-perl/examples/MyHandler-Debian.pm
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
#!/bin/bash
|
||||
# Maintainer: #DEBHELPER#
|
||||
|
||||
set -e
|
||||
|
||||
. /usr/share/debconf/confmodule
|
||||
|
||||
EXAMPLEMANAGERFILE=/usr/share/doc/liblemonldap-ng-manager-perl/examples/index-Debian.pl
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
#!/bin/bash
|
||||
# Maintainer: #DEBHELPER#
|
||||
|
||||
set -e
|
||||
|
||||
. /usr/share/debconf/confmodule
|
||||
|
||||
LAEXAMPLEPORTALFILE=/usr/share/doc/liblemonldap-ng-portal-perl/examples/liberty-alliance-sp-portal/index-Debian.pl
|
||||
|
|
|
@ -13,6 +13,7 @@ requires:
|
|||
IO::Pipe: 0
|
||||
Lemonldap::NG::Manager: 0.4
|
||||
LWP::UserAgent: 0
|
||||
CGI: 3.08
|
||||
meta-spec:
|
||||
url: http://module-build.sourceforge.net/META-spec-v1.3.html
|
||||
version: 1.3
|
||||
|
|
|
@ -11,6 +11,7 @@ WriteMakefile(
|
|||
'Cache::Cache' => 0,
|
||||
'Lemonldap::NG::Manager' => 0.4,
|
||||
'IO::Pipe' => 0,
|
||||
'CGI' => 3.08,
|
||||
}, # e.g., Module::Name => 1.1
|
||||
($] >= 5.005 ? ## Add these new keywords supported since 5.005
|
||||
(ABSTRACT_FROM => 'lib/Lemonldap/NG/Handler.pm', # retrieve abstract from module
|
||||
|
|
|
@ -12,14 +12,59 @@ use Lemonldap::NG::Handler::SharedConf qw(:all);
|
|||
|
||||
our $VERSION = '0.11';
|
||||
|
||||
sub abort {
|
||||
my $self = shift;
|
||||
my $cgi = CGI->new;
|
||||
my ( $t1, $t2 ) = @_;
|
||||
$t2 ||= "See Apache's logs";
|
||||
print $cgi->header('text/html; charset=utf8');
|
||||
print $cgi->start_html(
|
||||
-title => $t1,
|
||||
-encoding => 'utf8',
|
||||
);
|
||||
print "<h1>$t1</h1>";
|
||||
print "<p>$t2</p>";
|
||||
exit;
|
||||
}
|
||||
|
||||
sub new {
|
||||
my $class = shift;
|
||||
my $self = $class->SUPER::new();
|
||||
my $self = $class->SUPER::new() or $class->abort("Unable to build CGI");
|
||||
$self->{_handler} = bless {}, 'Lemonldap::NG::Handler::_CGI';
|
||||
$self->_handler->init(@_);
|
||||
$self->_handler->initLocalStorage();
|
||||
die "Unable to get configuration"
|
||||
$class->abort("Unable to get configuration")
|
||||
unless $self->_handler->localConfUpdate() == OK;
|
||||
# Arguments
|
||||
my @args = @_;
|
||||
if(ref($args[0])) {
|
||||
%$self = (%$self,%{$args[0]});
|
||||
}
|
||||
else {
|
||||
%$self = (%$self,@args);
|
||||
}
|
||||
# Protection
|
||||
if ( $self->{protection} ) {
|
||||
$self->authenticate();
|
||||
# ACCOUNTING
|
||||
if ( $self->{protection} =~ /^manager$/i ) {
|
||||
$self->authorize();
|
||||
}
|
||||
elsif ( $self->{protection} =~ /rule\s*:\s*(.*)\s*$/i ) {
|
||||
my $rule = $1;
|
||||
$rule =~ s/\$date/&POSIX::strftime("%Y%m%d%H%M%S",localtime())/e;
|
||||
$rule =~ s/\$(\w+)/\$datas->{$1}/g;
|
||||
my $r;
|
||||
unless ( $safe->reval($rule) ) {
|
||||
$self->abort( 'Forbidden',
|
||||
"You don't have rights to access this page" );
|
||||
}
|
||||
}
|
||||
elsif ( $self->{protection} !~ /^authenticate$/i ) {
|
||||
$self->abort( 'Bad configuration',
|
||||
"The rule <code>" . $self->{protection} . "</code> is not known" );
|
||||
}
|
||||
}
|
||||
return $self;
|
||||
}
|
||||
|
||||
|
@ -92,12 +137,19 @@ sub _handler {
|
|||
|
||||
package Lemonldap::NG::Handler::_CGI;
|
||||
|
||||
use Lemonldap::NG::Handler::SharedConf qw(:locationRules);
|
||||
use Lemonldap::NG::Handler::SharedConf qw(:locationRules :localStorage);
|
||||
|
||||
our @ISA = qw(Lemonldap::NG::Handler::SharedConf);
|
||||
|
||||
sub localInit {
|
||||
1;
|
||||
my($class, $args) = @_;
|
||||
if($localStorage = $args->{localStorage}) {
|
||||
$localStorageOptions = $args->{localStorageOptions};
|
||||
$localStorageOptions->{namespace} ||= "lemonldap";
|
||||
$localStorageOptions->{default_expires_in} ||= 600;
|
||||
}
|
||||
$lmConf = Lemonldap::NG::Manager::Conf->new( $args->{configStorage} );
|
||||
$class->defaultValuesInit($args);
|
||||
}
|
||||
|
||||
sub lmLog {
|
||||
|
@ -142,7 +194,7 @@ authentication in Perl CGI without using Lemonldap::NG::Handler
|
|||
use Lemonldap::NG::Handler::CGI;
|
||||
my $cgi = Lemonldap::NG::Handler::CGI->new ( {
|
||||
# Local storage used for sessions and configuration
|
||||
localStorage => "Cache::DBFile",
|
||||
localStorage => "Cache::FileCache",
|
||||
localStorageOptions => {...},
|
||||
# How to get my configuration
|
||||
configStorage => {
|
||||
|
@ -152,13 +204,19 @@ authentication in Perl CGI without using Lemonldap::NG::Handler
|
|||
dbiPassword => "password",
|
||||
},
|
||||
https => 0,
|
||||
# Optionnal
|
||||
protection => 'rule: $uid eq "admin"',
|
||||
# Or to use rules from manager
|
||||
protection => 'manager',
|
||||
# Or just to authenticate without managing authorization
|
||||
protection => 'authenticate',
|
||||
}
|
||||
);
|
||||
|
||||
# Lemonldap::NG cookie validation
|
||||
# Lemonldap::NG cookie validation (done if you set "protection")
|
||||
$cgi->authenticate();
|
||||
|
||||
# Optionnal Lemonldap::NG authorization
|
||||
# Optionnal Lemonldap::NG authorization (done if you set "protection")
|
||||
$cgi->authorize();
|
||||
|
||||
# See CGI(3) for more about writing HTML pages
|
||||
|
|
|
@ -656,12 +656,10 @@ sub sendHeaders {
|
|||
sub initLocalStorage {
|
||||
my ( $class, $r ) = @_;
|
||||
if ( $localStorage and not $refLocalStorage ) {
|
||||
eval '$refLocalStorage = new '
|
||||
. $localStorage
|
||||
. '($localStorageOptions);';
|
||||
eval "use $localStorage;\$refLocalStorage = new $localStorage(\$localStorageOptions);";
|
||||
$class->lmLog( "Local cache initialization failed: $@", 'error' )
|
||||
unless ( defined $refLocalStorage );
|
||||
}
|
||||
$class->lmLog( "Local cache initialization failed: $@", 'error' )
|
||||
unless ( defined $refLocalStorage );
|
||||
return DECLINED;
|
||||
}
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
# change 'tests => 1' to 'tests => last_test_to_print';
|
||||
|
||||
use Test::More tests => 1;
|
||||
use Test::More tests => 2;
|
||||
BEGIN { use_ok('Lemonldap::NG::Handler::CGI') }
|
||||
|
||||
#########################
|
||||
|
@ -13,3 +13,25 @@ BEGIN { use_ok('Lemonldap::NG::Handler::CGI') }
|
|||
# Insert your test code below, the Test::More module is use()ed here so read
|
||||
# its man page ( perldoc Test::More ) for help writing this test script.
|
||||
|
||||
my $p;
|
||||
|
||||
# CGI Environment
|
||||
$ENV{SCRIPT_NAME} = '/test.pl';
|
||||
$ENV{SCRIPT_FILENAME} = '/tmp/test.pl';
|
||||
$ENV{REQUEST_METHOD} = 'GET';
|
||||
$ENV{REQUEST_URI} = '/';
|
||||
$ENV{QUERY_STRING} = '';
|
||||
|
||||
ok(
|
||||
$p = Lemonldap::NG::Handler::CGI->new(
|
||||
{
|
||||
configStorage => {
|
||||
type => "File",
|
||||
dirName => '/tmp/',
|
||||
},
|
||||
https => 0,
|
||||
}
|
||||
),
|
||||
'Portal object'
|
||||
);
|
||||
|
||||
|
|
|
@ -104,28 +104,15 @@ BEGIN {
|
|||
sub new {
|
||||
my ( $class, $args ) = @_;
|
||||
my $self = $class->SUPER::new($args)
|
||||
or _abort( 'Unable to start ' . __PACKAGE__, 'See Apache logs for more' );
|
||||
foreach (qw(jqueryUri jquerySimpleTreeUri personnalCss imagePath protection)) {
|
||||
or $class->abort( 'Unable to start ' . __PACKAGE__, 'See Apache logs for more' );
|
||||
foreach (qw(jqueryUri personnalCss imagePath)) {
|
||||
$self->{$_} = $args->{$_}; # or print STDERR "Warning, $_ is not set, falling to default value\n";
|
||||
}
|
||||
eval "use $globalStorage";
|
||||
_abort( "Unable to load $globalStorage", $@ ) if ($@);
|
||||
$class->abort( "Unable to load $globalStorage", $@ ) if ($@);
|
||||
return $self;
|
||||
}
|
||||
|
||||
sub _abort {
|
||||
my $cgi = CGI->new;
|
||||
my ( $t1, $t2 ) = @_;
|
||||
print $cgi->header('text/html; charset=utf8');
|
||||
print $cgi->start_html(
|
||||
-title => $t1,
|
||||
-encoding => 'utf8',
|
||||
);
|
||||
print "<h1>$t1</h1>";
|
||||
print "<p>$t2</p>";
|
||||
exit;
|
||||
}
|
||||
|
||||
sub process {
|
||||
my $self = shift;
|
||||
|
||||
|
@ -146,28 +133,6 @@ sub process {
|
|||
exit;
|
||||
}
|
||||
|
||||
# Protection
|
||||
$self->authenticate();
|
||||
if ( $self->{protection} ) {
|
||||
if ( $self->{protection} =~ /^manager$/i ) {
|
||||
$self->authorize();
|
||||
}
|
||||
elsif ( $self->{protection} =~ /rule\s*:\s*(.*)\s*$/i ) {
|
||||
my $rule = $1;
|
||||
$rule =~ s/\$date/&POSIX::strftime("%Y%m%d%H%M%S",localtime())/e;
|
||||
$rule =~ s/\$(\w+)/\$datas->{$1}/g;
|
||||
my $r;
|
||||
unless ( $safe->reval($rule) ) {
|
||||
_abort( 'Forbidden',
|
||||
"You don't have rights to access this page" );
|
||||
}
|
||||
}
|
||||
else {
|
||||
_abort( 'Bad configuration',
|
||||
"The rule <code>$self->{protection}</code> is not known" );
|
||||
}
|
||||
}
|
||||
|
||||
# Beginning of the job
|
||||
|
||||
# User connected from more than 1 IP
|
||||
|
@ -1249,7 +1214,9 @@ sessions
|
|||
# Optionnal
|
||||
protection => 'rule: $uid eq "admin"',
|
||||
# Or to use rules from manager
|
||||
protect => 'manager',
|
||||
protection => 'manager',
|
||||
# Or just to authenticate without managing authorization
|
||||
protection => 'authenticate',
|
||||
});
|
||||
$cgi->process();
|
||||
|
||||
|
@ -1263,7 +1230,7 @@ understand how arguments passed to the constructor.
|
|||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::Manager>
|
||||
L<Lemonldap::NG::Handler::CGI>, L<Lemonldap::NG::Manager>
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
|
|
Loading…
Reference in New Issue