s/datas/data
datas => des données data => les données
This commit is contained in:
parent
9402f9fff4
commit
b2620c2679
|
@ -144,7 +144,7 @@ sub base {
|
||||||
|
|
||||||
## @method hashRef get(string id)
|
## @method hashRef get(string id)
|
||||||
# @param $id Apache::Session session ID.
|
# @param $id Apache::Session session ID.
|
||||||
# @return User datas
|
# @return User data
|
||||||
sub get {
|
sub get {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
my $id = shift;
|
my $id = shift;
|
||||||
|
@ -165,7 +165,7 @@ sub get {
|
||||||
|
|
||||||
## @method hashRef newSession()
|
## @method hashRef newSession()
|
||||||
# Build a new Apache::Session session.
|
# Build a new Apache::Session session.
|
||||||
# @return User datas (just the session ID)
|
# @return User data (just the session ID)
|
||||||
sub newSession {
|
sub newSession {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
$self->generate unless ( $self->{data}->{_session_id} );
|
$self->generate unless ( $self->{data}->{_session_id} );
|
||||||
|
@ -200,7 +200,7 @@ sub newSession {
|
||||||
}
|
}
|
||||||
|
|
||||||
## @method boolean save()
|
## @method boolean save()
|
||||||
# Save user datas if modified.
|
# Save user data if modified.
|
||||||
sub save {
|
sub save {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
return unless ( $self->{modified} );
|
return unless ( $self->{modified} );
|
||||||
|
|
|
@ -147,7 +147,7 @@ sub _soapCall {
|
||||||
|
|
||||||
## @method hashRef get(string id)
|
## @method hashRef get(string id)
|
||||||
# @param $id Apache::Session session ID.
|
# @param $id Apache::Session session ID.
|
||||||
# @return User datas
|
# @return User data
|
||||||
sub get {
|
sub get {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
my $id = shift;
|
my $id = shift;
|
||||||
|
@ -169,7 +169,7 @@ sub get {
|
||||||
|
|
||||||
## @method hashRef newSession()
|
## @method hashRef newSession()
|
||||||
# Build a new Apache::Session session.
|
# Build a new Apache::Session session.
|
||||||
# @return User datas (just the session ID)
|
# @return User data (just the session ID)
|
||||||
sub newSession {
|
sub newSession {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
$self->{data} = $self->_soapCall("newSession");
|
$self->{data} = $self->_soapCall("newSession");
|
||||||
|
@ -187,7 +187,7 @@ sub newSession {
|
||||||
}
|
}
|
||||||
|
|
||||||
## @method boolean save()
|
## @method boolean save()
|
||||||
# Save user datas if modified.
|
# Save user data if modified.
|
||||||
sub save {
|
sub save {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
return unless ( $self->{modified} );
|
return unless ( $self->{modified} );
|
||||||
|
|
|
@ -100,18 +100,18 @@ sub getConfByNum {
|
||||||
# * openIdIDPList() (old OpenID)
|
# * openIdIDPList() (old OpenID)
|
||||||
# * applicationList()
|
# * applicationList()
|
||||||
# - root:
|
# - root:
|
||||||
# root query (/confs/latest for example) is redirected to metadatas()
|
# root query (/confs/latest for example) is redirected to metadata()
|
||||||
# - other requests:
|
# - other requests:
|
||||||
# they are managed by getKey()
|
# they are managed by getKey()
|
||||||
# - newRSAKey() returns a new RSA key pair if /confs/newRSAKey is called in a
|
# - newRSAKey() returns a new RSA key pair if /confs/newRSAKey is called in a
|
||||||
# POST request
|
# POST request
|
||||||
# - prx() load a request and return the content (for SAML/OIDC metadatas)
|
# - prx() load a request and return the content (for SAML/OIDC metadata)
|
||||||
|
|
||||||
# 31 - Complex subnodes
|
# 31 - Complex subnodes
|
||||||
# ----------------
|
# ----------------
|
||||||
|
|
||||||
## @method PSGI-JSON-response complexNodesRoot($req, $query, $tpl)
|
## @method PSGI-JSON-response complexNodesRoot($req, $query, $tpl)
|
||||||
# Respond to root requests for virtual hosts and SAMLmetadatas
|
# Respond to root requests for virtual hosts and SAMLmetadata
|
||||||
#
|
#
|
||||||
#@param $req Lemonldap::NG::Common::PSGI::Request
|
#@param $req Lemonldap::NG::Common::PSGI::Request
|
||||||
#@param $query Configuration root key
|
#@param $query Configuration root key
|
||||||
|
@ -686,15 +686,15 @@ sub combModules {
|
||||||
# 33 - Root queries
|
# 33 - Root queries
|
||||||
# -----------
|
# -----------
|
||||||
|
|
||||||
## @method PSGI-JSON-response metadatas($req)
|
## @method PSGI-JSON-response metadata($req)
|
||||||
# Respond to `/conf/:cfgNum` requests by sending configuration metadatas
|
# Respond to `/conf/:cfgNum` requests by sending configuration metadata
|
||||||
#
|
#
|
||||||
# NB: if `full=1` is set in the query, configuration is returned directly in
|
# NB: if `full=1` is set in the query, configuration is returned directly in
|
||||||
# JSON
|
# JSON
|
||||||
#
|
#
|
||||||
#@param $req Lemonldap::NG::Common::PSGI::Request
|
#@param $req Lemonldap::NG::Common::PSGI::Request
|
||||||
#@return PSGI JSON response
|
#@return PSGI JSON response
|
||||||
sub metadatas {
|
sub metadata {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
if ( $req->params('full') and $req->params('full') !~ NO ) {
|
if ( $req->params('full') and $req->params('full') !~ NO ) {
|
||||||
my $c = $self->getConfKey( $req, 'cfgNum' );
|
my $c = $self->getConfKey( $req, 'cfgNum' );
|
||||||
|
@ -738,13 +738,13 @@ sub metadatas {
|
||||||
if ( $self->can('userId') ) {
|
if ( $self->can('userId') ) {
|
||||||
$self->userLogger->info( 'User '
|
$self->userLogger->info( 'User '
|
||||||
. $self->userId($req)
|
. $self->userId($req)
|
||||||
. ' ask for configuration metadatas ('
|
. ' ask for configuration metadata ('
|
||||||
. $res->{cfgNum}
|
. $res->{cfgNum}
|
||||||
. ')' );
|
. ')' );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->info(
|
$self->logger->info(
|
||||||
"REST request to get configuration metadatas ($res->{cfgNum})"
|
"REST request to get configuration metadata ($res->{cfgNum})"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
return $self->sendJSONresponse( $req, $res );
|
return $self->sendJSONresponse( $req, $res );
|
||||||
|
@ -764,7 +764,7 @@ sub metadatas {
|
||||||
sub getKey {
|
sub getKey {
|
||||||
my ( $self, $req, $key, $subkey ) = @_;
|
my ( $self, $req, $key, $subkey ) = @_;
|
||||||
unless ($key) {
|
unless ($key) {
|
||||||
return $self->metadatas($req);
|
return $self->metadata($req);
|
||||||
}
|
}
|
||||||
$self->userLogger->info(
|
$self->userLogger->info(
|
||||||
'User ' . $self->userId($req) . " asks for key $key" );
|
'User ' . $self->userId($req) . " asks for key $key" );
|
||||||
|
|
|
@ -50,8 +50,8 @@ sub _getCipher {
|
||||||
|
|
||||||
## @method string encrypt(string data)
|
## @method string encrypt(string data)
|
||||||
# Encrypt $data and return it in Base64 format
|
# Encrypt $data and return it in Base64 format
|
||||||
# @param data datas to encrypt
|
# @param data data to encrypt
|
||||||
# @return encrypted datas in Base64 format
|
# @return encrypted data in Base64 format
|
||||||
sub encrypt {
|
sub encrypt {
|
||||||
my ( $self, $data ) = @_;
|
my ( $self, $data ) = @_;
|
||||||
|
|
||||||
|
@ -73,8 +73,8 @@ sub encrypt {
|
||||||
|
|
||||||
## @method string decrypt(string data)
|
## @method string decrypt(string data)
|
||||||
# Decrypt $data and return it
|
# Decrypt $data and return it
|
||||||
# @param data datas to decrypt in Base64 format
|
# @param data data to decrypt in Base64 format
|
||||||
# @return decrypted datas
|
# @return decrypted data
|
||||||
sub decrypt {
|
sub decrypt {
|
||||||
my ( $self, $data ) = @_;
|
my ( $self, $data ) = @_;
|
||||||
$data =~ s/%2B/\+/ig;
|
$data =~ s/%2B/\+/ig;
|
||||||
|
@ -100,9 +100,9 @@ sub decrypt {
|
||||||
# Encrypt $data and return it in hexadecimal format
|
# Encrypt $data and return it in hexadecimal format
|
||||||
# Data must be hexadecimal and its length must be a multiple of 32
|
# Data must be hexadecimal and its length must be a multiple of 32
|
||||||
# the encrypted data have same length as the original data
|
# the encrypted data have same length as the original data
|
||||||
# @param data datas to encrypt
|
# @param data data to encrypt
|
||||||
# @param key optional secondary key
|
# @param key optional secondary key
|
||||||
# @return encrypted datas in hexadecimal data
|
# @return encrypted data in hexadecimal data
|
||||||
sub encryptHex {
|
sub encryptHex {
|
||||||
my ( $self, $data, $key ) = @_;
|
my ( $self, $data, $key ) = @_;
|
||||||
return _cryptHex( $self, $data, $key, "encrypt" );
|
return _cryptHex( $self, $data, $key, "encrypt" );
|
||||||
|
@ -112,9 +112,9 @@ sub encryptHex {
|
||||||
# Decrypt $data and return it in hexadecimal format
|
# Decrypt $data and return it in hexadecimal format
|
||||||
# Data must be hexadecimal and its length must be a multiple of 32
|
# Data must be hexadecimal and its length must be a multiple of 32
|
||||||
# the decrypted data have same length as the encrypted data
|
# the decrypted data have same length as the encrypted data
|
||||||
# @param data datas to decrypt
|
# @param data data to decrypt
|
||||||
# @param key optional secondary key
|
# @param key optional secondary key
|
||||||
# @return decrypted datas in hexadecimal data
|
# @return decrypted data in hexadecimal data
|
||||||
sub decryptHex {
|
sub decryptHex {
|
||||||
my ( $self, $data, $key ) = @_;
|
my ( $self, $data, $key ) = @_;
|
||||||
return _cryptHex( $self, $data, $key, "decrypt" );
|
return _cryptHex( $self, $data, $key, "decrypt" );
|
||||||
|
@ -122,10 +122,10 @@ sub decryptHex {
|
||||||
|
|
||||||
## @method private string _cryptHex (string data, string key, string sub)
|
## @method private string _cryptHex (string data, string key, string sub)
|
||||||
# Auxiliary method to share code between encrypt and decrypt
|
# Auxiliary method to share code between encrypt and decrypt
|
||||||
# @param data datas to decrypt
|
# @param data data to decrypt
|
||||||
# @param key secondary key
|
# @param key secondary key
|
||||||
# @param sub may be "encrypt" or "decrypt"
|
# @param sub may be "encrypt" or "decrypt"
|
||||||
# @return decrypted datas in hexadecimal data
|
# @return decrypted data in hexadecimal data
|
||||||
sub _cryptHex {
|
sub _cryptHex {
|
||||||
my ( $self, $data, $key, $sub ) = @_;
|
my ( $self, $data, $key, $sub ) = @_;
|
||||||
unless ( $data =~ /^([0-9a-fA-F]{2})*$/ ) {
|
unless ( $data =~ /^([0-9a-fA-F]{2})*$/ ) {
|
||||||
|
|
|
@ -17,7 +17,7 @@ sub newNotification {
|
||||||
my @notifs;
|
my @notifs;
|
||||||
$json = [$json] unless ( ref($json) eq 'ARRAY' );
|
$json = [$json] unless ( ref($json) eq 'ARRAY' );
|
||||||
foreach my $notif (@$json) {
|
foreach my $notif (@$json) {
|
||||||
my @datas;
|
my @data;
|
||||||
|
|
||||||
# Mandatory information
|
# Mandatory information
|
||||||
foreach (qw(date uid reference)) {
|
foreach (qw(date uid reference)) {
|
||||||
|
@ -26,10 +26,10 @@ sub newNotification {
|
||||||
$self->logger->error("Attribute $_ is missing");
|
$self->logger->error("Attribute $_ is missing");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
push @datas, $tmp;
|
push @data, $tmp;
|
||||||
}
|
}
|
||||||
push @datas, ( $notif->{condition} // '' );
|
push @data, ( $notif->{condition} // '' );
|
||||||
push @notifs, [ @datas, $jsonString ];
|
push @notifs, [ @data, $jsonString ];
|
||||||
}
|
}
|
||||||
my $count;
|
my $count;
|
||||||
foreach (@notifs) {
|
foreach (@notifs) {
|
||||||
|
|
|
@ -14,7 +14,7 @@ has parser => (
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
# Check XML datas and insert new notifications.
|
# Check XML data and insert new notifications.
|
||||||
# @param $xml XML string containing notification
|
# @param $xml XML string containing notification
|
||||||
# @return number of notifications done
|
# @return number of notifications done
|
||||||
sub newNotification {
|
sub newNotification {
|
||||||
|
@ -29,7 +29,7 @@ sub newNotification {
|
||||||
foreach
|
foreach
|
||||||
my $notif ( $xml->documentElement->getElementsByTagName('notification') )
|
my $notif ( $xml->documentElement->getElementsByTagName('notification') )
|
||||||
{
|
{
|
||||||
my @datas = ();
|
my @data = ();
|
||||||
|
|
||||||
# Mandatory information
|
# Mandatory information
|
||||||
foreach (qw(date uid reference)) {
|
foreach (qw(date uid reference)) {
|
||||||
|
@ -38,16 +38,16 @@ sub newNotification {
|
||||||
$self->logger->error("Attribute $_ is missing");
|
$self->logger->error("Attribute $_ is missing");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
push @datas, $tmp;
|
push @data, $tmp;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Other information
|
# Other information
|
||||||
foreach (qw(condition)) {
|
foreach (qw(condition)) {
|
||||||
my $tmp;
|
my $tmp;
|
||||||
if ( $tmp = $notif->getAttribute($_) ) {
|
if ( $tmp = $notif->getAttribute($_) ) {
|
||||||
push @datas, $tmp;
|
push @data, $tmp;
|
||||||
}
|
}
|
||||||
else { push @datas, ""; }
|
else { push @data, ""; }
|
||||||
}
|
}
|
||||||
|
|
||||||
my $result = XML::LibXML::Document->new( $version, $encoding );
|
my $result = XML::LibXML::Document->new( $version, $encoding );
|
||||||
|
@ -56,7 +56,7 @@ sub newNotification {
|
||||||
$result->setDocumentElement($root);
|
$result->setDocumentElement($root);
|
||||||
$result = $result->serialize;
|
$result = $result->serialize;
|
||||||
utf8::encode($result);
|
utf8::encode($result);
|
||||||
push @notifs, [ @datas, $result ];
|
push @notifs, [ @data, $result ];
|
||||||
}
|
}
|
||||||
my $count;
|
my $count;
|
||||||
foreach (@notifs) {
|
foreach (@notifs) {
|
||||||
|
|
|
@ -33,13 +33,13 @@ sub new {
|
||||||
$self->env->{PATH_INFO} ||= '/';
|
$self->env->{PATH_INFO} ||= '/';
|
||||||
$self->{uri} = uri_unescape( $self->env->{REQUEST_URI} );
|
$self->{uri} = uri_unescape( $self->env->{REQUEST_URI} );
|
||||||
$self->{uri} =~ s|^//+|/|g;
|
$self->{uri} =~ s|^//+|/|g;
|
||||||
$self->{datas} = {};
|
$self->{data} = {};
|
||||||
$self->{error} = 0;
|
$self->{error} = 0;
|
||||||
$self->{respHeaders} = [];
|
$self->{respHeaders} = [];
|
||||||
return bless( $self, $_[0] );
|
return bless( $self, $_[0] );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub datas { $_[0]->{datas} }
|
sub data { $_[0]->{data} }
|
||||||
|
|
||||||
sub uri { $_[0]->{uri} }
|
sub uri { $_[0]->{uri} }
|
||||||
|
|
||||||
|
|
|
@ -20,12 +20,12 @@ sub new {
|
||||||
return bless { obj => $obj, func => \@func, req => $req }, $class;
|
return bless { obj => $obj, func => \@func, req => $req }, $class;
|
||||||
}
|
}
|
||||||
|
|
||||||
## @method datas AUTOLOAD()
|
## @method data AUTOLOAD()
|
||||||
# Call the wanted function with the object given to the constructor.
|
# Call the wanted function with the object given to the constructor.
|
||||||
# AUTOLOAD() is a magic method called by Perl interpreter fon non existent
|
# AUTOLOAD() is a magic method called by Perl interpreter fon non existent
|
||||||
# functions. Here, we use it to call the wanted function (given by $AUTOLOAD)
|
# functions. Here, we use it to call the wanted function (given by $AUTOLOAD)
|
||||||
# if it is authorizated
|
# if it is authorizated
|
||||||
# @return datas provided by the exported function
|
# @return data provided by the exported function
|
||||||
sub AUTOLOAD {
|
sub AUTOLOAD {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
$AUTOLOAD =~ s/.*:://;
|
$AUTOLOAD =~ s/.*:://;
|
||||||
|
|
|
@ -162,7 +162,7 @@ sub redirectFilter {
|
||||||
while ( $f->read( my $buffer, 1024 ) ) {
|
while ( $f->read( my $buffer, 1024 ) ) {
|
||||||
}
|
}
|
||||||
$class->updateStatus( $f->r, '$class->REDIRECT',
|
$class->updateStatus( $f->r, '$class->REDIRECT',
|
||||||
$class->datas->{ $class->tsv->{whatToTrace} }, 'filter' );
|
$class->data->{ $class->tsv->{whatToTrace} }, 'filter' );
|
||||||
return $class->OK;
|
return $class->OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -62,9 +62,9 @@ sub new {
|
||||||
return $self;
|
return $self;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub datas {
|
sub data {
|
||||||
my ($self) = @_;
|
my ($self) = @_;
|
||||||
return $self->{datas} ||= {};
|
return $self->{data} ||= {};
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -169,7 +169,7 @@ sub _authAndTrace {
|
||||||
}
|
}
|
||||||
|
|
||||||
## @method hashRef user()
|
## @method hashRef user()
|
||||||
# @return hash of user datas
|
# @return hash of user data
|
||||||
sub user {
|
sub user {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return $req->userData
|
return $req->userData
|
||||||
|
|
|
@ -94,7 +94,7 @@ sub run {
|
||||||
unless $class->_isAlive();
|
unless $class->_isAlive();
|
||||||
|
|
||||||
# Value to store
|
# Value to store
|
||||||
my $value = $class->datas->{$secureTokenAttribute};
|
my $value = $class->data->{$secureTokenAttribute};
|
||||||
|
|
||||||
# Set token
|
# Set token
|
||||||
my $key = $class->_setToken( $value, $secureTokenExpiration );
|
my $key = $class->_setToken( $value, $secureTokenExpiration );
|
||||||
|
|
|
@ -53,7 +53,7 @@ sub run {
|
||||||
# Build URL
|
# Build URL
|
||||||
my $zimbra_url =
|
my $zimbra_url =
|
||||||
$class->_buildZimbraPreAuthUrl( $req, $zimbraPreAuthKey, $zimbraUrl,
|
$class->_buildZimbraPreAuthUrl( $req, $zimbraPreAuthKey, $zimbraUrl,
|
||||||
$class->datas->{$zimbraAccountKey},
|
$class->data->{$zimbraAccountKey},
|
||||||
$zimbraBy, $timeout );
|
$zimbraBy, $timeout );
|
||||||
|
|
||||||
# Header location
|
# Header location
|
||||||
|
@ -76,7 +76,7 @@ sub _buildZimbraPreAuthUrl {
|
||||||
|
|
||||||
# Expiration time is calculated with _utime and timeout
|
# Expiration time is calculated with _utime and timeout
|
||||||
my $expires =
|
my $expires =
|
||||||
$timeout ? ( $class->datas->{_utime} + $timeout ) * 1000 : $timeout;
|
$timeout ? ( $class->data->{_utime} + $timeout ) * 1000 : $timeout;
|
||||||
|
|
||||||
# Timestamp
|
# Timestamp
|
||||||
my $timestamp = time() * 1000;
|
my $timestamp = time() * 1000;
|
||||||
|
|
|
@ -406,7 +406,7 @@ sub postUrlInit {
|
||||||
{
|
{
|
||||||
$class->tsv->{maintenance}->{$vhost} = 1;
|
$class->tsv->{maintenance}->{$vhost} = 1;
|
||||||
$class->logger->error(
|
$class->logger->error(
|
||||||
"$class: Unable to build post datas: "
|
"$class: Unable to build post data: "
|
||||||
. $class->tsv->{jail}->error );
|
. $class->tsv->{jail}->error );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -552,7 +552,7 @@ sub substitute {
|
||||||
$expr =~ s/\$vhost\b/\$ENV{HTTP_HOST}/sg;
|
$expr =~ s/\$vhost\b/\$ENV{HTTP_HOST}/sg;
|
||||||
$expr =~ s/\$ip\b/\$ENV{REMOTE_ADDR}/sg;
|
$expr =~ s/\$ip\b/\$ENV{REMOTE_ADDR}/sg;
|
||||||
|
|
||||||
# substitute vars with session datas, excepts special vars $_ and $\d+
|
# substitute vars with session data, excepts special vars $_ and $\d+
|
||||||
$expr =~ s/\$(?!ENV)([_a-zA-Z]\w*)/\$s->{$1}/sg;
|
$expr =~ s/\$(?!ENV)([_a-zA-Z]\w*)/\$s->{$1}/sg;
|
||||||
$expr =~ s/\$ENV\{/\$r->{env}->\{/g;
|
$expr =~ s/\$ENV\{/\$r->{env}->\{/g;
|
||||||
|
|
||||||
|
|
|
@ -160,7 +160,7 @@ sub run {
|
||||||
# Store local macros
|
# Store local macros
|
||||||
if ( keys %$session > $kc ) {
|
if ( keys %$session > $kc ) {
|
||||||
$class->logger->debug("Update local cache");
|
$class->logger->debug("Update local cache");
|
||||||
$req->datas->{session}->update( $session, { updateCache => 2 } );
|
$req->data->{session}->update( $session, { updateCache => 2 } );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Hide Lemonldap::NG cookie
|
# Hide Lemonldap::NG cookie
|
||||||
|
@ -435,16 +435,16 @@ sub retrieveSession {
|
||||||
# persistent connection).
|
# persistent connection).
|
||||||
# NB: timout is here the same value as current HTTP/1.1 Keep-Alive timeout
|
# NB: timout is here the same value as current HTTP/1.1 Keep-Alive timeout
|
||||||
# (15 seconds)
|
# (15 seconds)
|
||||||
if ( defined $class->datas->{_session_id}
|
if ( defined $class->data->{_session_id}
|
||||||
and $id eq $class->datas->{_session_id}
|
and $id eq $class->data->{_session_id}
|
||||||
and ( $now - $class->datasUpdate < 15 ) )
|
and ( $now - $class->dataUpdate < 15 ) )
|
||||||
{
|
{
|
||||||
$class->logger->debug("Get session $id from Handler internal cache");
|
$class->logger->debug("Get session $id from Handler internal cache");
|
||||||
return $class->datas;
|
return $class->data;
|
||||||
}
|
}
|
||||||
|
|
||||||
# 2. Get the session from cache or backend
|
# 2. Get the session from cache or backend
|
||||||
my $session = $req->datas->{session} = (
|
my $session = $req->data->{session} = (
|
||||||
Lemonldap::NG::Common::Session->new(
|
Lemonldap::NG::Common::Session->new(
|
||||||
{
|
{
|
||||||
storageModule => $class->tsv->{sessionStorageModule},
|
storageModule => $class->tsv->{sessionStorageModule},
|
||||||
|
@ -459,7 +459,7 @@ sub retrieveSession {
|
||||||
|
|
||||||
unless ( $session->error ) {
|
unless ( $session->error ) {
|
||||||
|
|
||||||
$class->datas( $session->data );
|
$class->data( $session->data );
|
||||||
|
|
||||||
$class->logger->debug("Get session $id");
|
$class->logger->debug("Get session $id");
|
||||||
|
|
||||||
|
@ -470,12 +470,12 @@ sub retrieveSession {
|
||||||
$class->tsv->{timeoutActivityInterval} )
|
$class->tsv->{timeoutActivityInterval} )
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
$req->datas->{session}->update( { '_lastSeen' => $now } );
|
$req->data->{session}->update( { '_lastSeen' => $now } );
|
||||||
$class->datas( $session->data );
|
$class->data( $session->data );
|
||||||
|
|
||||||
if ( $session->error ) {
|
if ( $session->error ) {
|
||||||
$class->logger->error("Cannot update session $id");
|
$class->logger->error("Cannot update session $id");
|
||||||
$class->logger->error( $req->datas->{session}->error );
|
$class->logger->error( $req->data->{session}->error );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$class->logger->debug("Update _lastSeen with $now");
|
$class->logger->debug("Update _lastSeen with $now");
|
||||||
|
@ -497,11 +497,11 @@ sub retrieveSession {
|
||||||
$class->logger->info("Session $id expired");
|
$class->logger->info("Session $id expired");
|
||||||
|
|
||||||
# Clean cached data
|
# Clean cached data
|
||||||
$class->datas( {} );
|
$class->data( {} );
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
$class->datasUpdate($now);
|
$class->dataUpdate($now);
|
||||||
return $session->data;
|
return $session->data;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
@ -644,13 +644,13 @@ sub localUnlog {
|
||||||
$class->logger->debug('Local handler logout');
|
$class->logger->debug('Local handler logout');
|
||||||
if ( $id //= $class->fetchId($req) ) {
|
if ( $id //= $class->fetchId($req) ) {
|
||||||
|
|
||||||
# Delete thread datas
|
# Delete thread data
|
||||||
if ( $class->datas->{_session_id}
|
if ( $class->data->{_session_id}
|
||||||
and $id eq $class->datas->{_session_id} )
|
and $id eq $class->data->{_session_id} )
|
||||||
{
|
{
|
||||||
$class->datas( {} );
|
$class->data( {} );
|
||||||
}
|
}
|
||||||
delete $req->datas->{session};
|
delete $req->data->{session};
|
||||||
|
|
||||||
# Delete local cache
|
# Delete local cache
|
||||||
if ( $class->tsv->{refLocalStorage}
|
if ( $class->tsv->{refLocalStorage}
|
||||||
|
@ -681,7 +681,7 @@ sub postOutputFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
## @rmethod protected postInputFilter(string uri)
|
## @rmethod protected postInputFilter(string uri)
|
||||||
# Replace request body with form datas defined in configuration
|
# Replace request body with form data defined in configuration
|
||||||
# @param uri URI to catch
|
# @param uri URI to catch
|
||||||
sub postInputFilter {
|
sub postInputFilter {
|
||||||
my ( $class, $req, $session, $uri ) = @_;
|
my ( $class, $req, $session, $uri ) = @_;
|
||||||
|
|
|
@ -24,7 +24,7 @@ BEGIN {
|
||||||
};
|
};
|
||||||
|
|
||||||
# Current sessions properties
|
# Current sessions properties
|
||||||
our $_v = { datas => {}, datasUpdate => {}, };
|
our $_v = { data => {}, dataUpdate => {}, };
|
||||||
|
|
||||||
# Thread shared accessors
|
# Thread shared accessors
|
||||||
foreach ( keys %$_tshv ) {
|
foreach ( keys %$_tshv ) {
|
||||||
|
|
|
@ -92,7 +92,7 @@ Level of protection. It can be one of:
|
||||||
|
|
||||||
=head3 user
|
=head3 user
|
||||||
|
|
||||||
Returns user session datas. If empty (no protection), returns:
|
Returns user session data. If empty (no protection), returns:
|
||||||
|
|
||||||
{ _whatToTrace => 'anonymous' }
|
{ _whatToTrace => 'anonymous' }
|
||||||
|
|
||||||
|
|
|
@ -99,7 +99,7 @@ Level of protection. It can be one of:
|
||||||
|
|
||||||
=head3 user
|
=head3 user
|
||||||
|
|
||||||
Returns user session datas. If empty (no protection), returns:
|
Returns user session data. If empty (no protection), returns:
|
||||||
|
|
||||||
{ _whatToTrace => 'anonymous' }
|
{ _whatToTrace => 'anonymous' }
|
||||||
|
|
||||||
|
|
|
@ -58,7 +58,7 @@ sub _run {
|
||||||
my $res = $self->_authAndTrace( $req, 1 );
|
my $res = $self->_authAndTrace( $req, 1 );
|
||||||
if ( $res->[0] < 300 ) {
|
if ( $res->[0] < 300 ) {
|
||||||
$self->routes( $self->authRoutes );
|
$self->routes( $self->authRoutes );
|
||||||
$req->userData( $self->api->datas );
|
$req->userData( $self->api->data );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
# Unset headers (handler adds a Location header)
|
# Unset headers (handler adds a Location header)
|
||||||
|
@ -148,12 +148,12 @@ L<Lemonldap::NG::Common::PSGI::Router>) except that:
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
Note also that user session datas are available in $req parameter (first argument
|
Note also that user session data are available in $req parameter (first argument
|
||||||
received by REST methods):
|
received by REST methods):
|
||||||
|
|
||||||
=over
|
=over
|
||||||
|
|
||||||
=item $req->userData() returns a hash reference containing user session datas
|
=item $req->userData() returns a hash reference containing user session data
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
|
|
|
@ -105,7 +105,7 @@ sub run {
|
||||||
return $tmp;
|
return $tmp;
|
||||||
";
|
";
|
||||||
|
|
||||||
# Second step, Manager/Constants.pm file will contain datas issued from
|
# Second step, Manager/Constants.pm file will contain data issued from
|
||||||
# this scan
|
# this scan
|
||||||
my $ra = Regexp::Assemble->new;
|
my $ra = Regexp::Assemble->new;
|
||||||
|
|
||||||
|
|
|
@ -1468,7 +1468,7 @@ sub attributes {
|
||||||
test => sub { 1 },
|
test => sub { 1 },
|
||||||
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
|
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
|
||||||
keyMsgFail => '__badHostname__',
|
keyMsgFail => '__badHostname__',
|
||||||
documentation => 'Virtualhost urls/Datas to post',
|
documentation => 'Virtualhost urls/Data to post',
|
||||||
},
|
},
|
||||||
|
|
||||||
vhostOptions => {
|
vhostOptions => {
|
||||||
|
|
|
@ -74,7 +74,7 @@ sub addRoutes {
|
||||||
|
|
||||||
##@method public PSGI-JSON-response newRSAKey($req)
|
##@method public PSGI-JSON-response newRSAKey($req)
|
||||||
# Return a hashref containing private and public keys
|
# Return a hashref containing private and public keys
|
||||||
# The posted datas must contain a JSON object containing
|
# The posted data must contain a JSON object containing
|
||||||
# {"password":"newpassword"}
|
# {"password":"newpassword"}
|
||||||
#
|
#
|
||||||
#@param $req Lemonldap::NG::Common::PSGI::Request object
|
#@param $req Lemonldap::NG::Common::PSGI::Request object
|
||||||
|
|
|
@ -121,7 +121,7 @@ sub scanTree {
|
||||||
$self->_scanNodes( $self->tree ) or return 0;
|
$self->_scanNodes( $self->tree ) or return 0;
|
||||||
|
|
||||||
# Set cfgNum to ref cfgNum (will be changed when saving), set other
|
# Set cfgNum to ref cfgNum (will be changed when saving), set other
|
||||||
# metadatas and set a value to the key if empty
|
# metadata and set a value to the key if empty
|
||||||
$self->newConf->{cfgNum} = $self->req->params('cfgNum');
|
$self->newConf->{cfgNum} = $self->req->params('cfgNum');
|
||||||
$self->newConf->{cfgAuthor} =
|
$self->newConf->{cfgAuthor} =
|
||||||
$self->req->userData->{ $Lemonldap::NG::Handler::Main::tsv->{whatToTrace}
|
$self->req->userData->{ $Lemonldap::NG::Handler::Main::tsv->{whatToTrace}
|
||||||
|
|
|
@ -226,7 +226,7 @@ sub tests {
|
||||||
backend => $conf->{globalStorage}
|
backend => $conf->{globalStorage}
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
return ( -1, "Unable to insert datas ($@)" ) if ($@);
|
return ( -1, "Unable to insert data ($@)" ) if ($@);
|
||||||
return ( -1, "Unable to recover data stored" )
|
return ( -1, "Unable to recover data stored" )
|
||||||
unless ( $h{a} == 1 );
|
unless ( $h{a} == 1 );
|
||||||
eval { tied(%h)->delete; };
|
eval { tied(%h)->delete; };
|
||||||
|
|
|
@ -272,12 +272,12 @@ sub newNotification {
|
||||||
my $dDate = strftime( "%Y-%m-%d", localtime() );
|
my $dDate = strftime( "%Y-%m-%d", localtime() );
|
||||||
if ( $json->{date} ) {
|
if ( $json->{date} ) {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Posted datas : uid = $json->{uid} - Ref = $json->{reference} - Date = $json->{date}"
|
"Posted data : uid = $json->{uid} - Ref = $json->{reference} - Date = $json->{date}"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Posted datas : uid = $json->{uid} - Ref = $json->{reference} - Date = ???"
|
"Posted data : uid = $json->{uid} - Ref = $json->{reference} - Date = ???"
|
||||||
);
|
);
|
||||||
$json->{date} = $dDate;
|
$json->{date} = $dDate;
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,7 +95,7 @@ Main and plugin keys must be initializated during initialization. They must
|
||||||
be read-only during receiving requests.
|
be read-only during receiving requests.
|
||||||
|
|
||||||
The L<Lemonldap::NG::Portal::Main::Request> request has fixed keys. A plugin
|
The L<Lemonldap::NG::Portal::Main::Request> request has fixed keys. A plugin
|
||||||
that wants to store a temporary key must store it in $req->datas or use
|
that wants to store a temporary key must store it in C<$req-E<gt>data> or use
|
||||||
defined keys, but it must never create a root key. Plugin keys may have
|
defined keys, but it must never create a root key. Plugin keys may have
|
||||||
explicit names to avoid conflicts.
|
explicit names to avoid conflicts.
|
||||||
|
|
||||||
|
|
|
@ -208,7 +208,7 @@ sub _choice {
|
||||||
$req,
|
$req,
|
||||||
[
|
[
|
||||||
sub { $res }, 'controlUrl',
|
sub { $res }, 'controlUrl',
|
||||||
'buildCookie', @{ $self->p->afterDatas },
|
'buildCookie', @{ $self->p->afterData },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -165,7 +165,7 @@ sub run {
|
||||||
|
|
||||||
# Get a challenge (from first key)
|
# Get a challenge (from first key)
|
||||||
my $data = eval {
|
my $data = eval {
|
||||||
from_json( $req->datas->{crypter}->[0]->authenticationChallenge );
|
from_json( $req->data->{crypter}->[0]->authenticationChallenge );
|
||||||
};
|
};
|
||||||
|
|
||||||
if ($@) {
|
if ($@) {
|
||||||
|
@ -175,7 +175,7 @@ sub run {
|
||||||
|
|
||||||
# Get registered keys
|
# Get registered keys
|
||||||
my @rk;
|
my @rk;
|
||||||
foreach ( @{ $req->datas->{crypter} } ) {
|
foreach ( @{ $req->data->{crypter} } ) {
|
||||||
my $k = push @rk,
|
my $k = push @rk,
|
||||||
{ keyHandle => $_->{keyHandle}, version => $data->{version} };
|
{ keyHandle => $_->{keyHandle}, version => $data->{version} };
|
||||||
|
|
||||||
|
@ -183,7 +183,7 @@ sub run {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Serialize datas
|
# Serialize data
|
||||||
$data = to_json(
|
$data = to_json(
|
||||||
{
|
{
|
||||||
challenge => $data->{challenge},
|
challenge => $data->{challenge},
|
||||||
|
@ -227,7 +227,7 @@ sub run {
|
||||||
return $self->p->sendError( $req, "U2FAnswerError" );
|
return $self->p->sendError( $req, "U2FAnswerError" );
|
||||||
}
|
}
|
||||||
my $crypter;
|
my $crypter;
|
||||||
foreach ( @{ $req->datas->{crypter} } ) {
|
foreach ( @{ $req->data->{crypter} } ) {
|
||||||
$crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
|
$crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
|
||||||
}
|
}
|
||||||
unless ($crypter) {
|
unless ($crypter) {
|
||||||
|
@ -374,7 +374,7 @@ sub loadUser {
|
||||||
unless (@crypters) {
|
unless (@crypters) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
$req->datas->{crypter} = \@crypters;
|
$req->data->{crypter} = \@crypters;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
@ -61,7 +61,7 @@ sub run {
|
||||||
|
|
||||||
# Get a challenge (from first key)
|
# Get a challenge (from first key)
|
||||||
my $data = eval {
|
my $data = eval {
|
||||||
from_json( $req->datas->{crypter}->[0]->authenticationChallenge );
|
from_json( $req->data->{crypter}->[0]->authenticationChallenge );
|
||||||
};
|
};
|
||||||
|
|
||||||
if ($@) {
|
if ($@) {
|
||||||
|
@ -71,7 +71,7 @@ sub run {
|
||||||
|
|
||||||
# Get registered keys
|
# Get registered keys
|
||||||
my @rk;
|
my @rk;
|
||||||
foreach ( @{ $req->datas->{crypter} } ) {
|
foreach ( @{ $req->data->{crypter} } ) {
|
||||||
my $k = push @rk,
|
my $k = push @rk,
|
||||||
{ keyHandle => $_->{keyHandle}, version => $data->{version} };
|
{ keyHandle => $_->{keyHandle}, version => $data->{version} };
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@ sub run {
|
||||||
|
|
||||||
$self->ott->updateToken( $token, __ch => $data->{challenge} );
|
$self->ott->updateToken( $token, __ch => $data->{challenge} );
|
||||||
|
|
||||||
# Serialize datas
|
# Serialize data
|
||||||
$data = to_json(
|
$data = to_json(
|
||||||
{
|
{
|
||||||
challenge => $data->{challenge},
|
challenge => $data->{challenge},
|
||||||
|
@ -137,7 +137,7 @@ sub verify {
|
||||||
return $self->fail($req);
|
return $self->fail($req);
|
||||||
}
|
}
|
||||||
my $crypter;
|
my $crypter;
|
||||||
foreach ( @{ $req->datas->{crypter} } ) {
|
foreach ( @{ $req->data->{crypter} } ) {
|
||||||
$crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
|
$crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
|
||||||
}
|
}
|
||||||
unless ($crypter) {
|
unless ($crypter) {
|
||||||
|
@ -246,7 +246,7 @@ sub loadUser {
|
||||||
unless (@crypters) {
|
unless (@crypters) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
$req->datas->{crypter} = \@crypters;
|
$req->data->{crypter} = \@crypters;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
@ -77,7 +77,7 @@ sub run {
|
||||||
# Get a challenge (from first key)
|
# Get a challenge (from first key)
|
||||||
my $data = eval {
|
my $data = eval {
|
||||||
from_json(
|
from_json(
|
||||||
$req->datas->{crypter}->[0]->authenticationChallenge );
|
$req->data->{crypter}->[0]->authenticationChallenge );
|
||||||
};
|
};
|
||||||
|
|
||||||
if ($@) {
|
if ($@) {
|
||||||
|
@ -87,7 +87,7 @@ sub run {
|
||||||
|
|
||||||
# Get registered keys
|
# Get registered keys
|
||||||
my @rk;
|
my @rk;
|
||||||
foreach ( @{ $req->datas->{crypter} } ) {
|
foreach ( @{ $req->data->{crypter} } ) {
|
||||||
my $k = push @rk,
|
my $k = push @rk,
|
||||||
{ keyHandle => $_->{keyHandle}, version => $data->{version} };
|
{ keyHandle => $_->{keyHandle}, version => $data->{version} };
|
||||||
|
|
||||||
|
@ -95,7 +95,7 @@ sub run {
|
||||||
|
|
||||||
$self->ott->updateToken( $token, __ch => $data->{challenge} );
|
$self->ott->updateToken( $token, __ch => $data->{challenge} );
|
||||||
|
|
||||||
# Serialize datas
|
# Serialize data
|
||||||
$data = to_json(
|
$data = to_json(
|
||||||
{
|
{
|
||||||
challenge => $data->{challenge},
|
challenge => $data->{challenge},
|
||||||
|
|
|
@ -132,7 +132,7 @@ sub authenticate {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Remember password if password reset needed
|
# Remember password if password reset needed
|
||||||
$req->datas->{oldpassword} = $req->datas->{password}
|
$req->data->{oldpassword} = $req->data->{password}
|
||||||
if (
|
if (
|
||||||
$res == PE_PP_CHANGE_AFTER_RESET
|
$res == PE_PP_CHANGE_AFTER_RESET
|
||||||
or ( $res == PE_PP_PASSWORD_EXPIRED
|
or ( $res == PE_PP_PASSWORD_EXPIRED
|
||||||
|
|
|
@ -123,10 +123,10 @@ sub extractFormInfo {
|
||||||
my $portalPath = $self->conf->{portal};
|
my $portalPath = $self->conf->{portal};
|
||||||
$portalPath =~ s#^https?://[^/]+/?#/#;
|
$portalPath =~ s#^https?://[^/]+/?#/#;
|
||||||
|
|
||||||
$req->datas->{list} = $self->srvList;
|
$req->data->{list} = $self->srvList;
|
||||||
$req->datas->{confirmRemember} = 0;
|
$req->data->{confirmRemember} = 0;
|
||||||
|
|
||||||
$req->datas->{login} = 1;
|
$req->data->{login} = 1;
|
||||||
return PE_IDPCHOICE;
|
return PE_IDPCHOICE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -140,15 +140,15 @@ sub extractFormInfo {
|
||||||
# Provider is choosen
|
# Provider is choosen
|
||||||
$self->logger->debug("CAS server $srv choosen");
|
$self->logger->debug("CAS server $srv choosen");
|
||||||
|
|
||||||
$req->datas->{_casSrvCurrent} = $srv;
|
$req->data->{_casSrvCurrent} = $srv;
|
||||||
|
|
||||||
# Unless a ticket has been found, we redirect the user
|
# Unless a ticket has been found, we redirect the user
|
||||||
unless ($ticket) {
|
unless ($ticket) {
|
||||||
|
|
||||||
# Add request state parameters
|
# Add request state parameters
|
||||||
if ( $req->datas->{_url} ) {
|
if ( $req->data->{_url} ) {
|
||||||
$local_url .= ( $local_url =~ /\?/ ? '&' : '?' )
|
$local_url .= ( $local_url =~ /\?/ ? '&' : '?' )
|
||||||
. build_urlencoded( url => $req->datas->{_url} );
|
. build_urlencoded( url => $req->data->{_url} );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Forward hidden fields
|
# Forward hidden fields
|
||||||
|
@ -189,7 +189,7 @@ sub extractFormInfo {
|
||||||
$local_url =~ s/ticket=[^&]+//;
|
$local_url =~ s/ticket=[^&]+//;
|
||||||
$local_url =~ s/\?$//;
|
$local_url =~ s/\?$//;
|
||||||
$local_url =~ s/\&$//;
|
$local_url =~ s/\&$//;
|
||||||
( $req->{user}, $req->datas->{casAttrs} ) =
|
( $req->{user}, $req->data->{casAttrs} ) =
|
||||||
$self->validateST( $req, $local_url, $ticket, $srvConf, $proxied );
|
$self->validateST( $req, $local_url, $ticket, $srvConf, $proxied );
|
||||||
unless ( $req->{user} ) {
|
unless ( $req->{user} ) {
|
||||||
$self->userLogger->error("CAS: Unable to validate ST $ticket");
|
$self->userLogger->error("CAS: Unable to validate ST $ticket");
|
||||||
|
@ -203,7 +203,7 @@ sub extractFormInfo {
|
||||||
if (%$proxied) {
|
if (%$proxied) {
|
||||||
|
|
||||||
# Check we received a PGT
|
# Check we received a PGT
|
||||||
my $pgtId = $req->datas->{pgtId};
|
my $pgtId = $req->data->{pgtId};
|
||||||
|
|
||||||
unless ($pgtId) {
|
unless ($pgtId) {
|
||||||
$self->logger->error(
|
$self->logger->error(
|
||||||
|
@ -242,7 +242,7 @@ sub authenticate {
|
||||||
sub setAuthSessionInfo {
|
sub setAuthSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{casAuthnLevel};
|
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{casAuthnLevel};
|
||||||
$req->{sessionInfo}->{_casSrv} = $req->datas->{_casSrvCurrent};
|
$req->{sessionInfo}->{_casSrv} = $req->data->{_casSrvCurrent};
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -257,7 +257,7 @@ sub authLogout {
|
||||||
$self->logger->debug("Build CAS logout URL: $logout_url");
|
$self->logger->debug("Build CAS logout URL: $logout_url");
|
||||||
|
|
||||||
# Register CAS logout URL in logoutServices
|
# Register CAS logout URL in logoutServices
|
||||||
$req->datas->{logoutServices}->{CASserver} = $logout_url;
|
$req->data->{logoutServices}->{CASserver} = $logout_url;
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,22 +23,22 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
return PE_FIRSTACCESS;
|
return PE_FIRSTACCESS;
|
||||||
}
|
}
|
||||||
return $req->datas->{enabledMods0}->[0]->extractFormInfo($req);
|
return $req->data->{enabledMods0}->[0]->extractFormInfo($req);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub authenticate {
|
sub authenticate {
|
||||||
return $_[1]->datas->{enabledMods0}->[0]->authenticate( $_[1] );
|
return $_[1]->data->{enabledMods0}->[0]->authenticate( $_[1] );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub setAuthSessionInfo {
|
sub setAuthSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$self->checkChoice($req) unless ( $req->datas->{enabledMods0} );
|
$self->checkChoice($req) unless ( $req->data->{enabledMods0} );
|
||||||
return $req->datas->{enabledMods0}->[0]->setAuthSessionInfo($req);
|
return $req->data->{enabledMods0}->[0]->setAuthSessionInfo($req);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub authLogout {
|
sub authLogout {
|
||||||
$_[0]->checkChoice( $_[1] ) or return PE_OK;
|
$_[0]->checkChoice( $_[1] ) or return PE_OK;
|
||||||
return $_[1]->datas->{enabledMods0}->[0]->authLogout( $_[1] );
|
return $_[1]->data->{enabledMods0}->[0]->authLogout( $_[1] );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -124,8 +124,8 @@ sub getDisplayType {
|
||||||
return $self->conf->{combinationForms}
|
return $self->conf->{combinationForms}
|
||||||
if ( $self->conf->{combinationForms} );
|
if ( $self->conf->{combinationForms} );
|
||||||
my ( $nb, $stack ) = (
|
my ( $nb, $stack ) = (
|
||||||
$req->datas->{dataKeep}->{combinationTry},
|
$req->data->{dataKeep}->{combinationTry},
|
||||||
$req->datas->{combinationStack}
|
$req->data->{combinationStack}
|
||||||
);
|
);
|
||||||
my ( $res, $name ) = $stack->[$nb]->[0]->( 'getDisplayType', $req );
|
my ( $res, $name ) = $stack->[$nb]->[0]->( 'getDisplayType', $req );
|
||||||
return $res;
|
return $res;
|
||||||
|
@ -135,7 +135,7 @@ sub authLogout {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$self->getStack( $req, 'extractFormInfo' ) or return PE_ERROR;
|
$self->getStack( $req, 'extractFormInfo' ) or return PE_ERROR;
|
||||||
my ( $res, $name ) =
|
my ( $res, $name ) =
|
||||||
$req->datas->{combinationStack}->[ $req->userData->{_combinationTry} ]
|
$req->data->{combinationStack}->[ $req->userData->{_combinationTry} ]
|
||||||
->[0]->( 'authLogout', $req );
|
->[0]->( 'authLogout', $req );
|
||||||
$self->logger->debug(qq'User disconnected using scheme "$name"');
|
$self->logger->debug(qq'User disconnected using scheme "$name"');
|
||||||
return $res;
|
return $res;
|
||||||
|
@ -143,15 +143,15 @@ sub authLogout {
|
||||||
|
|
||||||
sub getStack {
|
sub getStack {
|
||||||
my ( $self, $req, @steps ) = @_;
|
my ( $self, $req, @steps ) = @_;
|
||||||
return $req->datas->{combinationStack}
|
return $req->data->{combinationStack}
|
||||||
if ( $req->datas->{combinationStack} );
|
if ( $req->data->{combinationStack} );
|
||||||
my $stack = $req->datas->{combinationStack} =
|
my $stack = $req->data->{combinationStack} =
|
||||||
$self->stackSub->( $req->env );
|
$self->stackSub->( $req->env );
|
||||||
unless ($stack) {
|
unless ($stack) {
|
||||||
$self->logger->error('No authentication scheme for this user');
|
$self->logger->error('No authentication scheme for this user');
|
||||||
}
|
}
|
||||||
@{ $req->datas->{combinationSteps} } = ( @steps, @{ $req->steps } );
|
@{ $req->data->{combinationSteps} } = ( @steps, @{ $req->steps } );
|
||||||
$req->datas->{dataKeep}->{combinationTry} ||= 0;
|
$req->data->{dataKeep}->{combinationTry} ||= 0;
|
||||||
return $stack;
|
return $stack;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -160,12 +160,12 @@ sub try {
|
||||||
my ( $self, $type, $subname, $req ) = @_;
|
my ( $self, $type, $subname, $req ) = @_;
|
||||||
|
|
||||||
# Get available authentication schemes for this user if not done
|
# Get available authentication schemes for this user if not done
|
||||||
unless ( defined $req->datas->{combinationStack} ) {
|
unless ( defined $req->data->{combinationStack} ) {
|
||||||
$self->getStack( $req, $subname ) or return PE_ERROR;
|
$self->getStack( $req, $subname ) or return PE_ERROR;
|
||||||
}
|
}
|
||||||
my ( $nb, $stack ) = (
|
my ( $nb, $stack ) = (
|
||||||
$req->datas->{dataKeep}->{combinationTry},
|
$req->data->{dataKeep}->{combinationTry},
|
||||||
$req->datas->{combinationStack}
|
$req->data->{combinationStack}
|
||||||
);
|
);
|
||||||
|
|
||||||
# If more than 1 scheme is available
|
# If more than 1 scheme is available
|
||||||
|
@ -178,8 +178,8 @@ sub try {
|
||||||
# On error, restart authentication with next scheme
|
# On error, restart authentication with next scheme
|
||||||
if ( $res > PE_OK ) {
|
if ( $res > PE_OK ) {
|
||||||
$self->logger->info(qq'Scheme "$name" returned $res, trying next');
|
$self->logger->info(qq'Scheme "$name" returned $res, trying next');
|
||||||
$req->datas->{dataKeep}->{combinationTry}++;
|
$req->data->{dataKeep}->{combinationTry}++;
|
||||||
$req->steps( [ @{ $req->datas->{combinationSteps} } ] );
|
$req->steps( [ @{ $req->data->{combinationSteps} } ] );
|
||||||
$req->continue(1);
|
$req->continue(1);
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
@ -189,7 +189,7 @@ sub try {
|
||||||
}
|
}
|
||||||
$req->sessionInfo->{ [ '_auth', '_userDB' ]->[$type] } = $name;
|
$req->sessionInfo->{ [ '_auth', '_userDB' ]->[$type] } = $name;
|
||||||
$req->sessionInfo->{_combinationTry} =
|
$req->sessionInfo->{_combinationTry} =
|
||||||
$req->datas->{dataKeep}->{combinationTry};
|
$req->data->{dataKeep}->{combinationTry};
|
||||||
if ( $res > 0 ) {
|
if ( $res > 0 ) {
|
||||||
$self->userLogger->warn( 'All schemes failed'
|
$self->userLogger->warn( 'All schemes failed'
|
||||||
. ( $req->user ? ' for user ' . $req->user : '' ) );
|
. ( $req->user ? ' for user ' . $req->user : '' ) );
|
||||||
|
|
|
@ -32,7 +32,7 @@ sub init {
|
||||||
sub authenticate {
|
sub authenticate {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
unless ( $req->{user} eq $req->datas->{password} ) {
|
unless ( $req->{user} eq $req->data->{password} ) {
|
||||||
$self->setSecurity($req);
|
$self->setSecurity($req);
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,24 +58,24 @@ sub extractFormInfo {
|
||||||
map { /^(\w+)$/ ? ($1) : () }
|
map { /^(\w+)$/ ? ($1) : () }
|
||||||
values %{ $self->conf->{facebookExportedVars} };
|
values %{ $self->conf->{facebookExportedVars} };
|
||||||
|
|
||||||
my $datas;
|
my $data;
|
||||||
|
|
||||||
# When a field is not granted, Facebook returns only an error
|
# When a field is not granted, Facebook returns only an error
|
||||||
# without real explanation. So here we try to reduce query until
|
# without real explanation. So here we try to reduce query until
|
||||||
# having a valid response
|
# having a valid response
|
||||||
while (@fields) {
|
while (@fields) {
|
||||||
$datas = $fb->get(
|
$data = $fb->get(
|
||||||
'https://graph.facebook.com/me',
|
'https://graph.facebook.com/me',
|
||||||
{ fields => join( ',', @fields ) }
|
{ fields => join( ',', @fields ) }
|
||||||
)->as_hash;
|
)->as_hash;
|
||||||
unless ( ref $datas ) {
|
unless ( ref $data ) {
|
||||||
$self->logger->error("Unable to get any Facebook field");
|
$self->logger->error("Unable to get any Facebook field");
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
if ( $datas->{error} ) {
|
if ( $data->{error} ) {
|
||||||
my $tmp = pop @fields;
|
my $tmp = pop @fields;
|
||||||
$self->logger->warn(
|
$self->logger->warn(
|
||||||
"Unable to get some Facebook fields ($datas->{error}->{message}). Retrying without $tmp"
|
"Unable to get some Facebook fields ($data->{error}->{message}). Retrying without $tmp"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
@ -87,22 +87,22 @@ sub extractFormInfo {
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Parse received datas
|
# Parse received data
|
||||||
foreach ( keys %$datas ) {
|
foreach ( keys %$data ) {
|
||||||
utf8::encode $datas->{$_};
|
utf8::encode $data->{$_};
|
||||||
$self->logger->debug( "Facebook data $_: " . $datas->{$_} );
|
$self->logger->debug( "Facebook data $_: " . $data->{$_} );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Field to trace user
|
# Field to trace user
|
||||||
unless ( $datas->{ $self->conf->{facebookUserField} } ) {
|
unless ( $data->{ $self->conf->{facebookUserField} } ) {
|
||||||
$self->logger->error('Unable to get Facebook id');
|
$self->logger->error('Unable to get Facebook id');
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
$req->user( $datas->{ $self->conf->{facebookUserField} } );
|
$req->user( $data->{ $self->conf->{facebookUserField} } );
|
||||||
$req->datas->{_facebookDatas} = $datas;
|
$req->data->{_facebookData} = $data;
|
||||||
$req->{sessionInfo}->{_facebookDatas} = $datas;
|
$req->{sessionInfo}->{_facebookData} = $data;
|
||||||
|
|
||||||
# Force redirection to avoid displaying Oauth datas
|
# Force redirection to avoid displaying Oauth data
|
||||||
$req->mustRedirect(1);
|
$req->mustRedirect(1);
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,9 +34,9 @@ sub init {
|
||||||
sub extractFormInfo {
|
sub extractFormInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
if ( $req->datas->{_krbUser} ) {
|
if ( $req->data->{_krbUser} ) {
|
||||||
$self->logger->debug( 'Kerberos ticket already validated for '
|
$self->logger->debug( 'Kerberos ticket already validated for '
|
||||||
. $req->datas->{_krbUser} );
|
. $req->data->{_krbUser} );
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -94,7 +94,7 @@ sub extractFormInfo {
|
||||||
# Case 3: Display kerberos auth page (with javascript)
|
# Case 3: Display kerberos auth page (with javascript)
|
||||||
else {
|
else {
|
||||||
$self->logger->debug('Send Kerberos javascript');
|
$self->logger->debug('Send Kerberos javascript');
|
||||||
$req->datas->{customScript} .=
|
$req->data->{customScript} .=
|
||||||
'<script type="text/javascript" src="'
|
'<script type="text/javascript" src="'
|
||||||
. $self->p->staticPrefix
|
. $self->p->staticPrefix
|
||||||
. '/common/js/kerberos.js"></script>';
|
. '/common/js/kerberos.js"></script>';
|
||||||
|
@ -145,7 +145,7 @@ sub extractFormInfo {
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
$self->userLogger->notice("$client_name authentified by Kerberos");
|
$self->userLogger->notice("$client_name authentified by Kerberos");
|
||||||
$req->datas->{_krbUser} = $client_name;
|
$req->data->{_krbUser} = $client_name;
|
||||||
if ( $self->conf->{krbRemoveDomain} ) {
|
if ( $self->conf->{krbRemoveDomain} ) {
|
||||||
$client_name =~ s/^(.*)@.*$/$1/;
|
$client_name =~ s/^(.*)@.*$/$1/;
|
||||||
}
|
}
|
||||||
|
@ -164,7 +164,7 @@ sub authLogout {
|
||||||
sub setAuthSessionInfo {
|
sub setAuthSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{krbAuthnLevel};
|
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{krbAuthnLevel};
|
||||||
$req->{sessionInfo}->{_krbUser} = $req->datas->{_krbUser};
|
$req->{sessionInfo}->{_krbUser} = $req->data->{_krbUser};
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ sub authenticate {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set the dn unless done before
|
# Set the dn unless done before
|
||||||
unless ( $req->datas->{dn} ) {
|
unless ( $req->data->{dn} ) {
|
||||||
if ( my $tmp = $self->getUser($req) ) {
|
if ( my $tmp = $self->getUser($req) ) {
|
||||||
$self->setSecurity($req);
|
$self->setSecurity($req);
|
||||||
return $tmp;
|
return $tmp;
|
||||||
|
@ -34,11 +34,11 @@ sub authenticate {
|
||||||
}
|
}
|
||||||
|
|
||||||
my $res =
|
my $res =
|
||||||
$self->userBind( $req, $req->datas->{dn},
|
$self->userBind( $req, $req->data->{dn},
|
||||||
password => $req->datas->{password} );
|
password => $req->data->{password} );
|
||||||
|
|
||||||
# Remember password if password reset needed
|
# Remember password if password reset needed
|
||||||
$req->datas->{oldpassword} = $self->{password}
|
$req->data->{oldpassword} = $self->{password}
|
||||||
if (
|
if (
|
||||||
$res == PE_PP_CHANGE_AFTER_RESET
|
$res == PE_PP_CHANGE_AFTER_RESET
|
||||||
or ( $res == PE_PP_PASSWORD_EXPIRED
|
or ( $res == PE_PP_PASSWORD_EXPIRED
|
||||||
|
|
|
@ -150,11 +150,11 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ( keys %$json_hash ) {
|
foreach ( keys %$json_hash ) {
|
||||||
$req->datas->{linkedInData}->{$_} = $json_hash->{$_};
|
$req->data->{linkedInData}->{$_} = $json_hash->{$_};
|
||||||
}
|
}
|
||||||
|
|
||||||
$req->user(
|
$req->user(
|
||||||
$req->datas->{linkedInData}->{ $self->conf->{linkedInUserField} } );
|
$req->data->{linkedInData}->{ $self->conf->{linkedInUserField} } );
|
||||||
|
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Good LinkedIn authentication for " . $req->user );
|
"Good LinkedIn authentication for " . $req->user );
|
||||||
|
@ -211,9 +211,9 @@ sub setAuthSessionInfo {
|
||||||
$req->{sessionInfo}->{authenticationLevel} =
|
$req->{sessionInfo}->{authenticationLevel} =
|
||||||
$self->conf->{linkedInAuthnLevel};
|
$self->conf->{linkedInAuthnLevel};
|
||||||
|
|
||||||
foreach ( keys %{ $req->datas->{linkedInData} } ) {
|
foreach ( keys %{ $req->data->{linkedInData} } ) {
|
||||||
$req->{sessionInfo}->{ 'linkedIn_' . $_ } =
|
$req->{sessionInfo}->{ 'linkedIn_' . $_ } =
|
||||||
$req->datas->{linkedInData}->{$_};
|
$req->data->{linkedInData}->{$_};
|
||||||
}
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
|
|
|
@ -75,7 +75,7 @@ sub init {
|
||||||
|
|
||||||
sub extractFormInfo {
|
sub extractFormInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->datas->{csr} = Net::OpenID::Consumer->new(
|
$req->data->{csr} = Net::OpenID::Consumer->new(
|
||||||
ua => $self->ua(),
|
ua => $self->ua(),
|
||||||
cache => $self->p->HANDLER->tsv->{refLocalStorage}
|
cache => $self->p->HANDLER->tsv->{refLocalStorage}
|
||||||
|| Cache::FileCache->new,
|
|| Cache::FileCache->new,
|
||||||
|
@ -93,7 +93,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# 2. Check OpenID responses
|
# 2. Check OpenID responses
|
||||||
if ($openid) {
|
if ($openid) {
|
||||||
my $csr = $req->datas->{csr};
|
my $csr = $req->data->{csr};
|
||||||
|
|
||||||
# Remote error
|
# Remote error
|
||||||
unless ( $csr->is_server_response() ) {
|
unless ( $csr->is_server_response() ) {
|
||||||
|
@ -115,8 +115,8 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO: check verified identity
|
# TODO: check verified identity
|
||||||
elsif ( $req->datas->{vident} = $csr->verified_identity ) {
|
elsif ( $req->data->{vident} = $csr->verified_identity ) {
|
||||||
$req->user( $req->datas->{vident}->url() );
|
$req->user( $req->data->{vident}->url() );
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
"OpenID good authentication for $req->{user}");
|
"OpenID good authentication for $req->{user}");
|
||||||
$req->{mustRedirect} = 1;
|
$req->{mustRedirect} = 1;
|
||||||
|
@ -138,7 +138,7 @@ sub extractFormInfo {
|
||||||
$self->userLogger->warn("$url is forbidden for openID exchange");
|
$self->userLogger->warn("$url is forbidden for openID exchange");
|
||||||
return PE_BADPARTNER;
|
return PE_BADPARTNER;
|
||||||
}
|
}
|
||||||
my $claimed_identity = $req->datas->{csr}->claimed_identity($url);
|
my $claimed_identity = $req->data->{csr}->claimed_identity($url);
|
||||||
|
|
||||||
# Check if url is valid
|
# Check if url is valid
|
||||||
unless ($claimed_identity) {
|
unless ($claimed_identity) {
|
||||||
|
@ -151,7 +151,7 @@ sub extractFormInfo {
|
||||||
my $check_url = $claimed_identity->check_url(
|
my $check_url = $claimed_identity->check_url(
|
||||||
return_to => $self->conf->{portal}
|
return_to => $self->conf->{portal}
|
||||||
. '?openid=1&'
|
. '?openid=1&'
|
||||||
. ( $req->datas->{_url} ? build_urlencoded( url => $req->datas->{_url} ) : '' ),
|
. ( $req->data->{_url} ? build_urlencoded( url => $req->data->{_url} ) : '' ),
|
||||||
trust_root => $self->conf->{portal},
|
trust_root => $self->conf->{portal},
|
||||||
delayed_return => 1,
|
delayed_return => 1,
|
||||||
);
|
);
|
||||||
|
|
|
@ -101,7 +101,7 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Get OpenID Provider
|
# Get OpenID Provider
|
||||||
my $op = $req->datas->{_oidcOPCurrent};
|
my $op = $req->data->{_oidcOPCurrent};
|
||||||
|
|
||||||
unless ($op) {
|
unless ($op) {
|
||||||
$self->userLogger->error("OpenID Provider not found");
|
$self->userLogger->error("OpenID Provider not found");
|
||||||
|
@ -205,8 +205,8 @@ sub extractFormInfo {
|
||||||
my $user_id = $id_token_payload_hash->{sub};
|
my $user_id = $id_token_payload_hash->{sub};
|
||||||
|
|
||||||
# Remember tokens
|
# Remember tokens
|
||||||
$req->datas->{access_token} = $access_token;
|
$req->data->{access_token} = $access_token;
|
||||||
$req->datas->{id_token} = $id_token;
|
$req->data->{id_token} = $id_token;
|
||||||
|
|
||||||
$self->logger->debug( "Found user_id: " . $user_id );
|
$self->logger->debug( "Found user_id: " . $user_id );
|
||||||
$req->user($user_id);
|
$req->user($user_id);
|
||||||
|
@ -232,10 +232,10 @@ sub extractFormInfo {
|
||||||
my $portalPath = $self->{portal};
|
my $portalPath = $self->{portal};
|
||||||
$portalPath =~ s#^https?://[^/]+/?#/#;
|
$portalPath =~ s#^https?://[^/]+/?#/#;
|
||||||
|
|
||||||
$req->datas->{list} = $self->opList;
|
$req->data->{list} = $self->opList;
|
||||||
$req->datas->{confirmRemember} = 0;
|
$req->data->{confirmRemember} = 0;
|
||||||
|
|
||||||
$req->datas->{login} = 1;
|
$req->data->{login} = 1;
|
||||||
return PE_IDPCHOICE;
|
return PE_IDPCHOICE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -243,7 +243,7 @@ sub extractFormInfo {
|
||||||
# Provider is choosen
|
# Provider is choosen
|
||||||
$self->logger->debug("OpenID Provider $op choosen");
|
$self->logger->debug("OpenID Provider $op choosen");
|
||||||
|
|
||||||
$req->datas->{_oidcOPCurrent} = $op;
|
$req->data->{_oidcOPCurrent} = $op;
|
||||||
|
|
||||||
# AuthN Request
|
# AuthN Request
|
||||||
$self->logger->debug("Build OpenIDConnect AuthN Request");
|
$self->logger->debug("Build OpenIDConnect AuthN Request");
|
||||||
|
@ -268,20 +268,20 @@ sub authenticate {
|
||||||
|
|
||||||
sub setAuthSessionInfo {
|
sub setAuthSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $op = $req->datas->{_oidcOPCurrent};
|
my $op = $req->data->{_oidcOPCurrent};
|
||||||
|
|
||||||
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{oidcAuthnLevel};
|
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{oidcAuthnLevel};
|
||||||
|
|
||||||
$req->{sessionInfo}->{_oidc_OP} = $op;
|
$req->{sessionInfo}->{_oidc_OP} = $op;
|
||||||
$req->{sessionInfo}->{_oidc_access_token} =
|
$req->{sessionInfo}->{_oidc_access_token} =
|
||||||
$req->datas->{access_token};
|
$req->data->{access_token};
|
||||||
|
|
||||||
# Keep ID Token in session
|
# Keep ID Token in session
|
||||||
my $store_IDToken = $self->conf->{oidcOPMetaDataOptions}->{$op}
|
my $store_IDToken = $self->conf->{oidcOPMetaDataOptions}->{$op}
|
||||||
->{oidcOPMetaDataOptionsStoreIDToken};
|
->{oidcOPMetaDataOptionsStoreIDToken};
|
||||||
if ($store_IDToken) {
|
if ($store_IDToken) {
|
||||||
$self->logger->debug("Store ID Token in session");
|
$self->logger->debug("Store ID Token in session");
|
||||||
$req->{sessionInfo}->{_oidc_id_token} = $req->datas->{id_token};
|
$req->{sessionInfo}->{_oidc_id_token} = $req->data->{id_token};
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->debug("ID Token will not be stored in session");
|
$self->logger->debug("ID Token will not be stored in session");
|
||||||
|
|
|
@ -43,7 +43,7 @@ sub authenticate {
|
||||||
}
|
}
|
||||||
|
|
||||||
elsif ( $code == PAM_PROMPT_ECHO_OFF ) {
|
elsif ( $code == PAM_PROMPT_ECHO_OFF ) {
|
||||||
$res = $req->datas->{password};
|
$res = $req->data->{password};
|
||||||
}
|
}
|
||||||
|
|
||||||
push( @response, PAM_SUCCESS, $res );
|
push( @response, PAM_SUCCESS, $res );
|
||||||
|
|
|
@ -31,7 +31,7 @@ sub authenticate {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $res = eval {
|
my $res = eval {
|
||||||
$self->restCall( $self->conf->{restAuthUrl},
|
$self->restCall( $self->conf->{restAuthUrl},
|
||||||
{ user => $req->user, password => $req->datas->{password} } );
|
{ user => $req->user, password => $req->data->{password} } );
|
||||||
};
|
};
|
||||||
if ($@) {
|
if ($@) {
|
||||||
$self->logger("Auth error: $@");
|
$self->logger("Auth error: $@");
|
||||||
|
@ -44,15 +44,15 @@ sub authenticate {
|
||||||
$self->setSecurity($req);
|
$self->setSecurity($req);
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
$req->datas->{restAuthInfo} = $res->{info} || {};
|
$req->data->{restAuthInfo} = $res->{info} || {};
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub setAuthSessionInfo {
|
sub setAuthSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$self->SUPER::setAuthSessionInfo($req);
|
$self->SUPER::setAuthSessionInfo($req);
|
||||||
$req->sessionInfo->{$_} = $req->datas->{restAuthInfo}->{$_}
|
$req->sessionInfo->{$_} = $req->data->{restAuthInfo}->{$_}
|
||||||
foreach ( keys %{ $req->datas->{restAuthInfo} } );
|
foreach ( keys %{ $req->data->{restAuthInfo} } );
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -54,7 +54,7 @@ sub authenticate {
|
||||||
return PE_RADIUSCONNECTFAILED;
|
return PE_RADIUSCONNECTFAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
my $res = $self->radius->check_pwd( $req->user, $req->datas->{password} );
|
my $res = $self->radius->check_pwd( $req->user, $req->data->{password} );
|
||||||
unless ( $res == 1 ) {
|
unless ( $res == 1 ) {
|
||||||
$self->userLogger->warn("Unable to authenticate $req->{user} !");
|
$self->userLogger->warn("Unable to authenticate $req->{user} !");
|
||||||
$self->setSecurity($req);
|
$self->setSecurity($req);
|
||||||
|
|
|
@ -16,8 +16,8 @@ sub extractFormInfo {
|
||||||
my $r = $self->checkRemoteId($req);
|
my $r = $self->checkRemoteId($req);
|
||||||
return $r unless ( $r == PE_OK );
|
return $r unless ( $r == PE_OK );
|
||||||
$req->{user} =
|
$req->{user} =
|
||||||
$req->datas->{rSessionInfo}->{ $self->conf->{remoteUserField} || 'uid' };
|
$req->data->{rSessionInfo}->{ $self->conf->{remoteUserField} || 'uid' };
|
||||||
$req->datas->{password} = $req->datas->{rSessionInfo}->{'_password'};
|
$req->data->{password} = $req->data->{rSessionInfo}->{'_password'};
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -30,9 +30,9 @@ sub setAuthSessionInfo {
|
||||||
|
|
||||||
# Store password (deleted in checkRemoteId() if local policy does not accept
|
# Store password (deleted in checkRemoteId() if local policy does not accept
|
||||||
# stored passwords)
|
# stored passwords)
|
||||||
$req->{sessionInfo}->{'_password'} = $req->datas->{'password'};
|
$req->{sessionInfo}->{'_password'} = $req->data->{'password'};
|
||||||
$req->{sessionInfo}->{authenticationLevel} =
|
$req->{sessionInfo}->{authenticationLevel} =
|
||||||
$req->datas->{rSessionInfo}->{authenticationLevel};
|
$req->data->{rSessionInfo}->{authenticationLevel};
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -306,18 +306,18 @@ sub extractFormInfo {
|
||||||
$req->user($user);
|
$req->user($user);
|
||||||
|
|
||||||
# Store Lasso objects
|
# Store Lasso objects
|
||||||
$req->datas->{_lassoLogin} = $login;
|
$req->data->{_lassoLogin} = $login;
|
||||||
$req->datas->{_idp} = $idp;
|
$req->data->{_idp} = $idp;
|
||||||
$req->datas->{_idpConfKey} = $idpConfKey;
|
$req->data->{_idpConfKey} = $idpConfKey;
|
||||||
$req->datas->{_nameID} = $nameid;
|
$req->data->{_nameID} = $nameid;
|
||||||
$req->datas->{_sessionIndex} = $session_index;
|
$req->data->{_sessionIndex} = $session_index;
|
||||||
|
|
||||||
# Store Token
|
# Store Token
|
||||||
my $saml_token = $assertion->export_to_xml;
|
my $saml_token = $assertion->export_to_xml;
|
||||||
|
|
||||||
$self->logger->debug("SAML Token: $saml_token");
|
$self->logger->debug("SAML Token: $saml_token");
|
||||||
|
|
||||||
$req->datas->{_samlToken} = $saml_token;
|
$req->data->{_samlToken} = $saml_token;
|
||||||
|
|
||||||
# Restore initial SAML request in case of proxying
|
# Restore initial SAML request in case of proxying
|
||||||
if ($assertion_responded) {
|
if ($assertion_responded) {
|
||||||
|
@ -351,13 +351,13 @@ sub extractFormInfo {
|
||||||
|
|
||||||
my $samlSessionInfo = $self->getSamlSession($saml_session);
|
my $samlSessionInfo = $self->getSamlSession($saml_session);
|
||||||
|
|
||||||
$req->datas->{_proxiedRequest} =
|
$req->data->{_proxiedRequest} =
|
||||||
$samlSessionInfo->data->{Request};
|
$samlSessionInfo->data->{Request};
|
||||||
$req->datas->{_proxiedMethod} =
|
$req->data->{_proxiedMethod} =
|
||||||
$samlSessionInfo->data->{Method};
|
$samlSessionInfo->data->{Method};
|
||||||
$req->datas->{_proxiedRelayState} =
|
$req->data->{_proxiedRelayState} =
|
||||||
$samlSessionInfo->data->{RelayState};
|
$samlSessionInfo->data->{RelayState};
|
||||||
$req->datas->{_proxiedArtifact} =
|
$req->data->{_proxiedArtifact} =
|
||||||
$samlSessionInfo->data->{Artifact};
|
$samlSessionInfo->data->{Artifact};
|
||||||
|
|
||||||
# Save values in hidden fields in case of other user interactions
|
# Save values in hidden fields in case of other user interactions
|
||||||
|
@ -845,8 +845,8 @@ sub extractFormInfo {
|
||||||
name => $self->idpList->{$_}->{name}
|
name => $self->idpList->{$_}->{name}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
$req->datas->{list} = \@list;
|
$req->data->{list} = \@list;
|
||||||
$req->datas->{confirmRemember} = 1;
|
$req->data->{confirmRemember} = 1;
|
||||||
|
|
||||||
# Delete existing IDP resolution cookie
|
# Delete existing IDP resolution cookie
|
||||||
$req->addCookie(
|
$req->addCookie(
|
||||||
|
@ -860,7 +860,7 @@ sub extractFormInfo {
|
||||||
);
|
);
|
||||||
|
|
||||||
#TODO: check this
|
#TODO: check this
|
||||||
$req->datas->{login} = 1;
|
$req->data->{login} = 1;
|
||||||
return PE_IDPCHOICE;
|
return PE_IDPCHOICE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -884,7 +884,7 @@ sub extractFormInfo {
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$req->datas->{login} = 1;
|
$req->data->{login} = 1;
|
||||||
return PE_CONFIRM;
|
return PE_CONFIRM;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -998,16 +998,16 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Keep initial SAML request data in memory in case of proxing
|
# Keep initial SAML request data in memory in case of proxing
|
||||||
if ( $req->datas->{_proxiedSamlRequest} ) {
|
if ( $req->data->{_proxiedSamlRequest} ) {
|
||||||
|
|
||||||
my $infos;
|
my $infos;
|
||||||
|
|
||||||
$infos->{type} = 'proxy';
|
$infos->{type} = 'proxy';
|
||||||
$infos->{_utime} = time;
|
$infos->{_utime} = time;
|
||||||
$infos->{Request} = $req->datas->{_proxiedRequest};
|
$infos->{Request} = $req->data->{_proxiedRequest};
|
||||||
$infos->{Method} = $req->datas->{_proxiedMethod};
|
$infos->{Method} = $req->data->{_proxiedMethod};
|
||||||
$infos->{RelayState} = $req->datas->{_proxiedRelayState};
|
$infos->{RelayState} = $req->data->{_proxiedRelayState};
|
||||||
$infos->{Artifact} = $req->datas->{_proxiedArtifact};
|
$infos->{Artifact} = $req->data->{_proxiedArtifact};
|
||||||
$infos->{ProxyID} = $samlID;
|
$infos->{ProxyID} = $samlID;
|
||||||
|
|
||||||
my $samlSessionInfo = $self->getSamlSession( undef, $infos );
|
my $samlSessionInfo = $self->getSamlSession( undef, $infos );
|
||||||
|
@ -1071,9 +1071,9 @@ sub authenticate {
|
||||||
|
|
||||||
sub setAuthSessionInfo {
|
sub setAuthSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $login = $req->datas->{_lassoLogin};
|
my $login = $req->data->{_lassoLogin};
|
||||||
my $idp = $req->datas->{_idp};
|
my $idp = $req->data->{_idp};
|
||||||
my $idpConfKey = $req->datas->{_idpConfKey};
|
my $idpConfKey = $req->data->{_idpConfKey};
|
||||||
|
|
||||||
# Get SAML assertion
|
# Get SAML assertion
|
||||||
my $assertion = $self->getAssertion($login);
|
my $assertion = $self->getAssertion($login);
|
||||||
|
@ -1172,13 +1172,13 @@ sub setAuthSessionInfo {
|
||||||
->{samlIDPMetaDataOptionsStoreSAMLToken};
|
->{samlIDPMetaDataOptionsStoreSAMLToken};
|
||||||
if ($store_samlToken) {
|
if ($store_samlToken) {
|
||||||
$self->logger->debug("Store SAML Token in session");
|
$self->logger->debug("Store SAML Token in session");
|
||||||
$req->{sessionInfo}->{_samlToken} = $req->datas->{_samlToken};
|
$req->{sessionInfo}->{_samlToken} = $req->data->{_samlToken};
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->debug("SAML Token will not be stored in session");
|
$self->logger->debug("SAML Token will not be stored in session");
|
||||||
}
|
}
|
||||||
|
|
||||||
$req->datas->{_lassoLogin} = $login;
|
$req->data->{_lassoLogin} = $login;
|
||||||
push @{ $req->steps }, sub { $self->authFinish(@_) };
|
push @{ $req->steps }, sub { $self->authFinish(@_) };
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
|
@ -1194,8 +1194,8 @@ sub authFinish {
|
||||||
my $utime = $req->{sessionInfo}->{_utime};
|
my $utime = $req->{sessionInfo}->{_utime};
|
||||||
|
|
||||||
# Get saved Lasso objects
|
# Get saved Lasso objects
|
||||||
my $nameid = $req->datas->{_nameID};
|
my $nameid = $req->data->{_nameID};
|
||||||
my $session_index = $req->datas->{_sessionIndex};
|
my $session_index = $req->data->{_sessionIndex};
|
||||||
|
|
||||||
$self->logger->debug( "Store NameID "
|
$self->logger->debug( "Store NameID "
|
||||||
. $nameid->dump
|
. $nameid->dump
|
||||||
|
|
|
@ -40,7 +40,7 @@ sub extractFormInfo {
|
||||||
}
|
}
|
||||||
elsif ( $self->conf->{sslByAjax} and not $req->param('nossl') ) {
|
elsif ( $self->conf->{sslByAjax} and not $req->param('nossl') ) {
|
||||||
$self->logger->debug('Send SSL javascript');
|
$self->logger->debug('Send SSL javascript');
|
||||||
$req->datas->{customScript} .=
|
$req->data->{customScript} .=
|
||||||
'<script type="application/init">{"sslHost":"'
|
'<script type="application/init">{"sslHost":"'
|
||||||
. $self->conf->{sslHost}
|
. $self->conf->{sslHost}
|
||||||
. '"}</script>';
|
. '"}</script>';
|
||||||
|
|
|
@ -84,8 +84,8 @@ sub extractFormInfo {
|
||||||
my %prm = ( twitterback => 1 );
|
my %prm = ( twitterback => 1 );
|
||||||
|
|
||||||
# Add request state parameters
|
# Add request state parameters
|
||||||
if ( $req->datas->{_url} ) {
|
if ( $req->data->{_url} ) {
|
||||||
$prm{url} = $req->datas->{_url};
|
$prm{url} = $req->data->{_url};
|
||||||
}
|
}
|
||||||
|
|
||||||
# Forward hidden fields
|
# Forward hidden fields
|
||||||
|
@ -187,14 +187,14 @@ sub extractFormInfo {
|
||||||
->from_post_body( $res_access->content );
|
->from_post_body( $res_access->content );
|
||||||
|
|
||||||
# Get user_id and screename
|
# Get user_id and screename
|
||||||
$req->datas->{_twitterUserId} = $response->{extra_params}->{user_id};
|
$req->data->{_twitterUserId} = $response->{extra_params}->{user_id};
|
||||||
$req->datas->{_twitterScreenName} =
|
$req->data->{_twitterScreenName} =
|
||||||
$response->{extra_params}->{screen_name};
|
$response->{extra_params}->{screen_name};
|
||||||
|
|
||||||
$self->logger->debug( "Get user id "
|
$self->logger->debug( "Get user id "
|
||||||
. $req->datas->{_twitterUserId}
|
. $req->data->{_twitterUserId}
|
||||||
. " and screen name "
|
. " and screen name "
|
||||||
. $req->datas->{_twitterScreenName} );
|
. $req->data->{_twitterScreenName} );
|
||||||
$req->user(
|
$req->user(
|
||||||
$response->{extra_params}->{ $self->conf->{'twitterUserField'} } );
|
$response->{extra_params}->{ $self->conf->{'twitterUserField'} } );
|
||||||
$self->logger->debug("Good Twitter authentication for $req->{user}");
|
$self->logger->debug("Good Twitter authentication for $req->{user}");
|
||||||
|
@ -205,7 +205,7 @@ sub extractFormInfo {
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Force redirection to avoid displaying OAuth datas
|
# Force redirection to avoid displaying OAuth data
|
||||||
$req->{mustRedirect} = 1;
|
$req->{mustRedirect} = 1;
|
||||||
|
|
||||||
# Clean temporaries cookies
|
# Clean temporaries cookies
|
||||||
|
@ -223,10 +223,10 @@ sub setAuthSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
$req->{sessionInfo}->{authenticationLevel} =
|
$req->{sessionInfo}->{authenticationLevel} =
|
||||||
$req->datas->{twitterAuthnLevel};
|
$req->data->{twitterAuthnLevel};
|
||||||
$req->{sessionInfo}->{_twitterUserId} = $req->datas->{_twitterUserId};
|
$req->{sessionInfo}->{_twitterUserId} = $req->data->{_twitterUserId};
|
||||||
$req->{sessionInfo}->{_twitterScreenName} =
|
$req->{sessionInfo}->{_twitterScreenName} =
|
||||||
$req->datas->{_twitterScreenName};
|
$req->data->{_twitterScreenName};
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,9 +65,9 @@ sub extractFormInfo {
|
||||||
# 2. Verify that certificate is WebID compliant
|
# 2. Verify that certificate is WebID compliant
|
||||||
# NB: WebID URI is used as user field
|
# NB: WebID URI is used as user field
|
||||||
eval {
|
eval {
|
||||||
$req->datas->{_webid} =
|
$req->data->{_webid} =
|
||||||
Web::ID->new( certificate => $req->{SSL_CLIENT_CERT} );
|
Web::ID->new( certificate => $req->{SSL_CLIENT_CERT} );
|
||||||
$req->user( $req->datas->{_webid}->uri->as_string );
|
$req->user( $req->data->{_webid}->uri->as_string );
|
||||||
};
|
};
|
||||||
return PE_BADCERTIFICATE if ( $@ or not( $req->user ) );
|
return PE_BADCERTIFICATE if ( $@ or not( $req->user ) );
|
||||||
|
|
||||||
|
@ -75,8 +75,8 @@ sub extractFormInfo {
|
||||||
return PE_BADPARTNER unless ( $req->user =~ $self->reWebIDWhitelist );
|
return PE_BADPARTNER unless ( $req->user =~ $self->reWebIDWhitelist );
|
||||||
|
|
||||||
# 4. Verify FOAF document
|
# 4. Verify FOAF document
|
||||||
return PE_BADCREDENTIALS unless ( $req->datas->{_webid}->valid() );
|
return PE_BADCREDENTIALS unless ( $req->data->{_webid}->valid() );
|
||||||
$req->datas->{_webIdAuthDone}++;
|
$req->data->{_webIdAuthDone}++;
|
||||||
|
|
||||||
# 5. OK, access granted
|
# 5. OK, access granted
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
|
|
|
@ -49,7 +49,7 @@ sub init {
|
||||||
|
|
||||||
# RUNNING METHODS
|
# RUNNING METHODS
|
||||||
|
|
||||||
# Read username and password from POST datas
|
# Read username and password from POST data
|
||||||
sub extractFormInfo {
|
sub extractFormInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
|
@ -68,16 +68,16 @@ sub extractFormInfo {
|
||||||
elsif ( $defUser and $defPassword ) {
|
elsif ( $defUser and $defPassword ) {
|
||||||
$res = PE_FORMEMPTY
|
$res = PE_FORMEMPTY
|
||||||
unless ( ( $req->{user} = $req->param('user') )
|
unless ( ( $req->{user} = $req->param('user') )
|
||||||
&& ( $req->datas->{password} = $req->param('password') ) );
|
&& ( $req->data->{password} = $req->param('password') ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
# 3. If user and oldpassword defined -> password form
|
# 3. If user and oldpassword defined -> password form
|
||||||
elsif ( $defUser and $defOldPassword ) {
|
elsif ( $defUser and $defOldPassword ) {
|
||||||
$res = PE_PASSWORDFORMEMPTY
|
$res = PE_PASSWORDFORMEMPTY
|
||||||
unless ( ( $req->{user} = $req->param('user') )
|
unless ( ( $req->{user} = $req->param('user') )
|
||||||
&& ( $req->datas->{oldpassword} = $req->param('oldpassword') )
|
&& ( $req->data->{oldpassword} = $req->param('oldpassword') )
|
||||||
&& ( $req->datas->{newpassword} = $req->param('newpassword') )
|
&& ( $req->data->{newpassword} = $req->param('newpassword') )
|
||||||
&& ( $req->datas->{confirmpassword} =
|
&& ( $req->data->{confirmpassword} =
|
||||||
$req->param('confirmpassword') ) );
|
$req->param('confirmpassword') ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -110,24 +110,24 @@ sub extractFormInfo {
|
||||||
$self->logger->debug("Captcha code verified");
|
$self->logger->debug("Captcha code verified");
|
||||||
}
|
}
|
||||||
elsif ( $self->ott ) {
|
elsif ( $self->ott ) {
|
||||||
unless ( $req->datas->{tokenVerified}
|
unless ( $req->data->{tokenVerified}
|
||||||
or $self->ott->getToken($token) )
|
or $self->ott->getToken($token) )
|
||||||
{
|
{
|
||||||
$self->ott->setToken($req);
|
$self->ott->setToken($req);
|
||||||
$self->userLogger->warn('Token expired');
|
$self->userLogger->warn('Token expired');
|
||||||
return PE_TOKENEXPIRED;
|
return PE_TOKENEXPIRED;
|
||||||
}
|
}
|
||||||
$req->datas->{tokenVerified} = 1;
|
$req->data->{tokenVerified} = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Other parameters
|
# Other parameters
|
||||||
$req->datas->{timezone} = $req->param('timezone');
|
$req->data->{timezone} = $req->param('timezone');
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set password in session datas if wanted.
|
# Set password in session data if wanted.
|
||||||
sub setAuthSessionInfo {
|
sub setAuthSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
|
@ -137,8 +137,8 @@ sub setAuthSessionInfo {
|
||||||
# Store submitted password if set in configuration
|
# Store submitted password if set in configuration
|
||||||
# WARNING: it can be a security hole
|
# WARNING: it can be a security hole
|
||||||
if ( $self->conf->{storePassword} ) {
|
if ( $self->conf->{storePassword} ) {
|
||||||
$req->{sessionInfo}->{'_password'} = $req->datas->{'newpassword'}
|
$req->{sessionInfo}->{'_password'} = $req->data->{'newpassword'}
|
||||||
|| $req->datas->{'password'};
|
|| $req->data->{'password'};
|
||||||
}
|
}
|
||||||
|
|
||||||
# Store user timezone
|
# Store user timezone
|
||||||
|
|
|
@ -261,7 +261,7 @@ sub run {
|
||||||
'casBack2Url', params => { url => $logout_url }
|
'casBack2Url', params => { url => $logout_url }
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
$req->datas->{activeTimer} = 0;
|
$req->data->{activeTimer} = 0;
|
||||||
|
|
||||||
return PE_CONFIRM;
|
return PE_CONFIRM;
|
||||||
}
|
}
|
||||||
|
|
|
@ -116,9 +116,9 @@ sub logout {
|
||||||
# Create if not done a new Lemonldap::NG::Portal::Lib::OpenID::Server objet
|
# Create if not done a new Lemonldap::NG::Portal::Lib::OpenID::Server objet
|
||||||
sub openIDServer {
|
sub openIDServer {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return $req->datas->{_openidserver} if ( $req->datas->{_openidserver} );
|
return $req->data->{_openidserver} if ( $req->data->{_openidserver} );
|
||||||
|
|
||||||
$req->datas->{_openidserver} =
|
$req->data->{_openidserver} =
|
||||||
Lemonldap::NG::Portal::Lib::OpenID::Server->new(
|
Lemonldap::NG::Portal::Lib::OpenID::Server->new(
|
||||||
server_secret => sub { return $self->secret },
|
server_secret => sub { return $self->secret },
|
||||||
args => sub { $req->param(@_) },
|
args => sub { $req->param(@_) },
|
||||||
|
@ -152,7 +152,7 @@ sub openIDServer {
|
||||||
if ( $tmp =~ $self->spList xor $self->listIsWhite ) {
|
if ( $tmp =~ $self->spList xor $self->listIsWhite ) {
|
||||||
$self->userLogger->warn(
|
$self->userLogger->warn(
|
||||||
"$trust_root is forbidden for openID exchange");
|
"$trust_root is forbidden for openID exchange");
|
||||||
$req->datas->{_openIdForbidden} = 1;
|
$req->data->{_openIdForbidden} = 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
elsif ( $req->{sessionInfo}->{"_openidTrust$trust_root"} ) {
|
elsif ( $req->{sessionInfo}->{"_openidTrust$trust_root"} ) {
|
||||||
|
@ -171,7 +171,7 @@ sub openIDServer {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->debug('OpenID request not trusted');
|
$self->logger->debug('OpenID request not trusted');
|
||||||
$req->datas->{_openIdTrustRequired} = 1;
|
$req->data->{_openIdTrustRequired} = 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -185,7 +185,7 @@ sub openIDServer {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
return $req->datas->{_openidserver};
|
return $req->data->{_openidserver};
|
||||||
}
|
}
|
||||||
|
|
||||||
# Manage Lemonldap::NG::Portal::OpenID::Server responses
|
# Manage Lemonldap::NG::Portal::OpenID::Server responses
|
||||||
|
@ -202,8 +202,8 @@ sub _openIDResponse {
|
||||||
|
|
||||||
# Setup
|
# Setup
|
||||||
elsif ( $type eq 'setup' ) {
|
elsif ( $type eq 'setup' ) {
|
||||||
if ( $req->datas->{_openIdTrustRequired}
|
if ( $req->data->{_openIdTrustRequired}
|
||||||
or $req->datas->{_openIdTrustExtMsg} )
|
or $req->data->{_openIdTrustExtMsg} )
|
||||||
{
|
{
|
||||||
|
|
||||||
# TODO
|
# TODO
|
||||||
|
@ -213,8 +213,8 @@ sub _openIDResponse {
|
||||||
params => { trspan => "openidExchange,$data->{trust_root}" }
|
params => { trspan => "openidExchange,$data->{trust_root}" }
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
$req->info( $req->datas->{_openIdTrustExtMsg} )
|
$req->info( $req->data->{_openIdTrustExtMsg} )
|
||||||
if ( $req->datas->{_openIdTrustExtMsg} );
|
if ( $req->data->{_openIdTrustExtMsg} );
|
||||||
$self->logger->debug('OpenID confirmation');
|
$self->logger->debug('OpenID confirmation');
|
||||||
foreach ( keys %{ $req->parameters } ) {
|
foreach ( keys %{ $req->parameters } ) {
|
||||||
if (/^(?:openid.*|url)$/) {
|
if (/^(?:openid.*|url)$/) {
|
||||||
|
@ -224,20 +224,20 @@ sub _openIDResponse {
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO: understand why this is needed here and not in OIDC
|
# TODO: understand why this is needed here and not in OIDC
|
||||||
delete $req->datas->{_url};
|
delete $req->data->{_url};
|
||||||
return PE_CONFIRM;
|
return PE_CONFIRM;
|
||||||
}
|
}
|
||||||
elsif ( $req->datas->{_badOpenIdentity} ) {
|
elsif ( $req->data->{_badOpenIdentity} ) {
|
||||||
$self->userLogger->warn(
|
$self->userLogger->warn(
|
||||||
"The user $req->{sessionInfo}->{_user} tries to use the id \"$data->{identity}\" on $data->{trust_root}"
|
"The user $req->{sessionInfo}->{_user} tries to use the id \"$data->{identity}\" on $data->{trust_root}"
|
||||||
);
|
);
|
||||||
return PE_OPENID_BADID;
|
return PE_OPENID_BADID;
|
||||||
}
|
}
|
||||||
elsif ( $req->datas->{_openIdForbidden} ) {
|
elsif ( $req->data->{_openIdForbidden} ) {
|
||||||
return PE_BADPARTNER;
|
return PE_BADPARTNER;
|
||||||
}
|
}
|
||||||
|
|
||||||
# User has refused sharing its datas
|
# User has refused sharing its data
|
||||||
else {
|
else {
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
$req->{sessionInfo}->{ $self->conf->{whatToTrace} }
|
$req->{sessionInfo}->{ $self->conf->{whatToTrace} }
|
||||||
|
|
|
@ -502,7 +502,7 @@ sub run {
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
$req->datas->{activeTimer} = 0;
|
$req->data->{activeTimer} = 0;
|
||||||
return PE_CONFIRM;
|
return PE_CONFIRM;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -865,7 +865,7 @@ sub run {
|
||||||
}
|
}
|
||||||
|
|
||||||
$req->info( $self->loadTemplate('oidcLogout') );
|
$req->info( $self->loadTemplate('oidcLogout') );
|
||||||
$req->datas->{activeTimer} = 0;
|
$req->data->{activeTimer} = 0;
|
||||||
return PE_CONFIRM;
|
return PE_CONFIRM;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1127,7 +1127,7 @@ sub registration {
|
||||||
# Get client metadata
|
# Get client metadata
|
||||||
my $client_metadata_json = $req->content;
|
my $client_metadata_json = $req->content;
|
||||||
unless ($client_metadata_json) {
|
unless ($client_metadata_json) {
|
||||||
return $self->p->sendError( $req, 'Missing POST datas', 400 );
|
return $self->p->sendError( $req, 'Missing POST data', 400 );
|
||||||
}
|
}
|
||||||
|
|
||||||
$self->logger->debug("Client metadata received: $client_metadata_json");
|
$self->logger->debug("Client metadata received: $client_metadata_json");
|
||||||
|
|
|
@ -166,7 +166,7 @@ sub ssoMatch {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $url = $self->normalize_url( $req->uri, $self->conf->{issuerDBSAMLPath},
|
my $url = $self->normalize_url( $req->uri, $self->conf->{issuerDBSAMLPath},
|
||||||
$self->ssoGetUrl );
|
$self->ssoGetUrl );
|
||||||
return ( $url =~ $self->ssoUrlRe or $req->datas->{_proxiedRequest}
|
return ( $url =~ $self->ssoUrlRe or $req->data->{_proxiedRequest}
|
||||||
? 1
|
? 1
|
||||||
: 0);
|
: 0);
|
||||||
}
|
}
|
||||||
|
@ -206,7 +206,7 @@ sub run {
|
||||||
}
|
}
|
||||||
|
|
||||||
# 1.1. SSO (SSO URL or Proxy Mode)
|
# 1.1. SSO (SSO URL or Proxy Mode)
|
||||||
if ( $url =~ $self->ssoUrlRe or $req->datas->{_proxiedRequest} ) {
|
if ( $url =~ $self->ssoUrlRe or $req->data->{_proxiedRequest} ) {
|
||||||
|
|
||||||
$self->logger->debug("URL $url detected as an SSO request URL");
|
$self->logger->debug("URL $url detected as an SSO request URL");
|
||||||
|
|
||||||
|
@ -221,11 +221,11 @@ sub run {
|
||||||
$self->disableSignatureVerification($login);
|
$self->disableSignatureVerification($login);
|
||||||
|
|
||||||
if ($request) {
|
if ($request) {
|
||||||
$req->datas->{_proxiedSamlRequest} = $login->request();
|
$req->data->{_proxiedSamlRequest} = $login->request();
|
||||||
$req->datas->{_proxiedRequest} = $request;
|
$req->data->{_proxiedRequest} = $request;
|
||||||
$req->datas->{_proxiedMethod} = $method;
|
$req->data->{_proxiedMethod} = $method;
|
||||||
$req->datas->{_proxiedRelayState} = $relaystate,
|
$req->data->{_proxiedRelayState} = $relaystate,
|
||||||
$req->datas->{_proxiedArtifact} = $artifact;
|
$req->data->{_proxiedArtifact} = $artifact;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Process the request or use IDP initiated mode
|
# Process the request or use IDP initiated mode
|
||||||
|
@ -441,7 +441,7 @@ sub run {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check Destination (only in non proxy mode)
|
# Check Destination (only in non proxy mode)
|
||||||
unless ( $req->datas->{_proxiedRequest} ) {
|
unless ( $req->data->{_proxiedRequest} ) {
|
||||||
return PE_SAML_DESTINATION_ERROR
|
return PE_SAML_DESTINATION_ERROR
|
||||||
unless ( $self->checkDestination( $login->request, $url ) );
|
unless ( $self->checkDestination( $login->request, $url ) );
|
||||||
}
|
}
|
||||||
|
@ -1219,7 +1219,7 @@ sub soapSloServer {
|
||||||
|
|
||||||
sub logout {
|
sub logout {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return PE_OK if ( $req->datas->{samlSLOCalled} );
|
return PE_OK if ( $req->data->{samlSLOCalled} );
|
||||||
|
|
||||||
# Session ID
|
# Session ID
|
||||||
my $session_id = $req->{sessionInfo}->{_session_id} || $req->{id};
|
my $session_id = $req->{sessionInfo}->{_session_id} || $req->{id};
|
||||||
|
@ -1388,7 +1388,7 @@ sub sloRelayPost {
|
||||||
|
|
||||||
sub authSloServer {
|
sub authSloServer {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$self->p->importHandlerDatas($req);
|
$self->p->importHandlerData($req);
|
||||||
return $self->sloServer($req);
|
return $self->sloServer($req);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1488,7 +1488,7 @@ sub sloServer {
|
||||||
$session = $local_session->data->{ $self->lsDump };
|
$session = $local_session->data->{ $self->lsDump };
|
||||||
$identity = $local_session->data->{ $self->liDump };
|
$identity = $local_session->data->{ $self->liDump };
|
||||||
|
|
||||||
# Import user datas in $req (for other "logout" subs)
|
# Import user data in $req (for other "logout" subs)
|
||||||
$req->id( $local_session->data->{_session_id} );
|
$req->id( $local_session->data->{_session_id} );
|
||||||
$req->sessionInfo( $local_session->data );
|
$req->sessionInfo( $local_session->data );
|
||||||
$req->user( $local_session->data->{ $self->conf->{whatToTrace} } );
|
$req->user( $local_session->data->{ $self->conf->{whatToTrace} } );
|
||||||
|
@ -1569,7 +1569,7 @@ sub sloServer {
|
||||||
|
|
||||||
# Close local session
|
# Close local session
|
||||||
# This flag is for logout() to say that SAML logout is already done
|
# This flag is for logout() to say that SAML logout is already done
|
||||||
$req->datas->{samlSLOCalled} = 1;
|
$req->data->{samlSLOCalled} = 1;
|
||||||
|
|
||||||
# Launch normal logout and ignore errors
|
# Launch normal logout and ignore errors
|
||||||
$self->p->do( $req, [ @{ $self->p->beforeLogout }, 'deleteSession' ] );
|
$self->p->do( $req, [ @{ $self->p->beforeLogout }, 'deleteSession' ] );
|
||||||
|
@ -1606,7 +1606,7 @@ sub sloServer {
|
||||||
# else it means SSO session was not closed: launching it
|
# else it means SSO session was not closed: launching it
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"SLO response found on an active SSO session, ignoring it");
|
"SLO response found on an active SSO session, ignoring it");
|
||||||
$req->datas->{samlSLOCalled} = 1;
|
$req->data->{samlSLOCalled} = 1;
|
||||||
return $self->p->do( $req,
|
return $self->p->do( $req,
|
||||||
[ @{ $self->p->beforeLogout }, 'deleteSession' ] );
|
[ @{ $self->p->beforeLogout }, 'deleteSession' ] );
|
||||||
}
|
}
|
||||||
|
|
|
@ -84,7 +84,7 @@ sub sendSoapResponse {
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
# Try to recover the CAS session corresponding to id and return session datas
|
# Try to recover the CAS session corresponding to id and return session data
|
||||||
# If id is set to undef, return a new session
|
# If id is set to undef, return a new session
|
||||||
sub getCasSession {
|
sub getCasSession {
|
||||||
my ( $self, $id, $info ) = @_;
|
my ( $self, $id, $info ) = @_;
|
||||||
|
@ -355,7 +355,7 @@ sub validateST {
|
||||||
|
|
||||||
$self->logger->debug("CAS Proxy URL: $proxy_url");
|
$self->logger->debug("CAS Proxy URL: $proxy_url");
|
||||||
|
|
||||||
$req->datas->{casProxyUrl} = $proxy_url;
|
$req->data->{casProxyUrl} = $proxy_url;
|
||||||
|
|
||||||
$prm{pgtUrl} = $proxy_url;
|
$prm{pgtUrl} = $proxy_url;
|
||||||
}
|
}
|
||||||
|
@ -413,7 +413,7 @@ sub validateST {
|
||||||
|
|
||||||
# There should be only on session
|
# There should be only on session
|
||||||
my $pgtIdSession = $self->getCasSession($id) or next;
|
my $pgtIdSession = $self->getCasSession($id) or next;
|
||||||
$req->datas->{pgtId} = $pgtIdSession->data->{pgtId};
|
$req->data->{pgtId} = $pgtIdSession->data->{pgtId};
|
||||||
$pgtIdSession->remove;
|
$pgtIdSession->remove;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -499,7 +499,7 @@ This module contains common methods for CAS
|
||||||
|
|
||||||
=head2 getCasSession
|
=head2 getCasSession
|
||||||
|
|
||||||
Try to recover the CAS session corresponding to id and return session datas
|
Try to recover the CAS session corresponding to id and return session data
|
||||||
If id is set to undef, return a new session
|
If id is set to undef, return a new session
|
||||||
|
|
||||||
=head2 returnCasValidateError
|
=head2 returnCasValidateError
|
||||||
|
|
|
@ -109,9 +109,9 @@ sub checkChoice {
|
||||||
|
|
||||||
# Store choice if module loops
|
# Store choice if module loops
|
||||||
$req->pdata->{_choice} = $name;
|
$req->pdata->{_choice} = $name;
|
||||||
return $name if ( $req->datas->{ "enabledMods" . $self->type } );
|
return $name if ( $req->data->{ "enabledMods" . $self->type } );
|
||||||
$req->sessionInfo->{_choice} = $name;
|
$req->sessionInfo->{_choice} = $name;
|
||||||
$req->datas->{ "enabledMods" . $self->type } = [ $self->modules->{$name} ];
|
$req->data->{ "enabledMods" . $self->type } = [ $self->modules->{$name} ];
|
||||||
$self->p->_authentication->authnLevel("${name}AuthnLevel");
|
$self->p->_authentication->authnLevel("${name}AuthnLevel");
|
||||||
return $name;
|
return $name;
|
||||||
}
|
}
|
||||||
|
@ -121,7 +121,7 @@ sub name {
|
||||||
unless ($req) {
|
unless ($req) {
|
||||||
return 'Choice';
|
return 'Choice';
|
||||||
}
|
}
|
||||||
my $n = ref( $req->datas->{ "enabledMods" . $self->type }->[0] );
|
my $n = ref( $req->data->{ "enabledMods" . $self->type }->[0] );
|
||||||
$n =~ s/^Lemonldap::NG::Portal::(?:(?:UserDB|Auth)::)?//;
|
$n =~ s/^Lemonldap::NG::Portal::(?:(?:UserDB|Auth)::)?//;
|
||||||
return $n;
|
return $n;
|
||||||
}
|
}
|
||||||
|
|
|
@ -387,7 +387,7 @@ sub check_password {
|
||||||
# If $user is an object then it's a Lemonldap::NG::Portal::Main::Request
|
# If $user is an object then it's a Lemonldap::NG::Portal::Main::Request
|
||||||
# object
|
# object
|
||||||
if ( ref($user) ) {
|
if ( ref($user) ) {
|
||||||
$password = $user->datas->{password};
|
$password = $user->data->{password};
|
||||||
$user = $user->{user};
|
$user = $user->{user};
|
||||||
}
|
}
|
||||||
my $table = $self->conf->{dbiAuthTable};
|
my $table = $self->conf->{dbiAuthTable};
|
||||||
|
|
|
@ -76,7 +76,7 @@ sub _buildFilter {
|
||||||
$filter =~ s/\$(\w+)/".\$req->{sessionInfo}->{$1}."/g;
|
$filter =~ s/\$(\w+)/".\$req->{sessionInfo}->{$1}."/g;
|
||||||
$filter =~ s/\$req->\{sessionInfo\}->\{user\}/\$req->{user}/g;
|
$filter =~ s/\$req->\{sessionInfo\}->\{user\}/\$req->{user}/g;
|
||||||
$filter =~
|
$filter =~
|
||||||
s/\$req->\{sessionInfo\}->\{(_?password|mail)\}/\$req->{datas}->{$1}/g;
|
s/\$req->\{sessionInfo\}->\{(_?password|mail)\}/\$req->{data}->{$1}/g;
|
||||||
$_[0]->{p}->logger->debug("LDAP transformed filter: $filter");
|
$_[0]->{p}->logger->debug("LDAP transformed filter: $filter");
|
||||||
$filter = "sub{my(\$req)=\$_[0];return \"$filter\";}";
|
$filter = "sub{my(\$req)=\$_[0];return \"$filter\";}";
|
||||||
return eval $filter;
|
return eval $filter;
|
||||||
|
|
|
@ -93,8 +93,8 @@ sub getNotifBack {
|
||||||
$req->userData( $self->p->HANDLER->retrieveSession( $req, $id ) )
|
$req->userData( $self->p->HANDLER->retrieveSession( $req, $id ) )
|
||||||
or return $self->p->sendError( $req, 'Unknown session', 401 );
|
or return $self->p->sendError( $req, 'Unknown session', 401 );
|
||||||
|
|
||||||
# Restore datas
|
# Restore data
|
||||||
$self->p->importHandlerDatas($req);
|
$self->p->importHandlerData($req);
|
||||||
my $uid = $req->sessionInfo->{ $self->notifObject->notifField };
|
my $uid = $req->sessionInfo->{ $self->notifObject->notifField };
|
||||||
|
|
||||||
my ( $notifs, $forUser );
|
my ( $notifs, $forUser );
|
||||||
|
@ -174,10 +174,10 @@ sub getNotifBack {
|
||||||
|
|
||||||
# One pending notification has been found and not accepted,
|
# One pending notification has been found and not accepted,
|
||||||
# restart process to display pending notifications
|
# restart process to display pending notifications
|
||||||
# TODO: is it a good idea to launch all 'afterDatas' subs ?
|
# TODO: is it a good idea to launch all 'afterData' subs ?
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
'Pending notification has been found and not accepted');
|
'Pending notification has been found and not accepted');
|
||||||
return $self->p->do( $req, $self->p->afterDatas );
|
return $self->p->do( $req, $self->p->afterData );
|
||||||
}
|
}
|
||||||
|
|
||||||
# All pending notifications have been accepted, restore cookies and
|
# All pending notifications have been accepted, restore cookies and
|
||||||
|
|
|
@ -155,8 +155,8 @@ sub getNotifBack {
|
||||||
$req->userData( $self->p->HANDLER->retrieveSession( $req, $id ) )
|
$req->userData( $self->p->HANDLER->retrieveSession( $req, $id ) )
|
||||||
or return $self->sendError( $req, 'Unknown session', 401 );
|
or return $self->sendError( $req, 'Unknown session', 401 );
|
||||||
|
|
||||||
# Restore datas
|
# Restore data
|
||||||
$self->p->importHandlerDatas($req);
|
$self->p->importHandlerData($req);
|
||||||
my $uid = $req->sessionInfo->{ $self->notifObject->notifField };
|
my $uid = $req->sessionInfo->{ $self->notifObject->notifField };
|
||||||
|
|
||||||
my ( $notifs, $forUser ) = $self->notifObject->getNotifications($uid);
|
my ( $notifs, $forUser ) = $self->notifObject->getNotifications($uid);
|
||||||
|
@ -233,10 +233,10 @@ sub getNotifBack {
|
||||||
|
|
||||||
# One pending notification has been found and not accepted,
|
# One pending notification has been found and not accepted,
|
||||||
# restart process to display pending notifications
|
# restart process to display pending notifications
|
||||||
# TODO: is it a good idea to launch all 'afterDatas' subs ?
|
# TODO: is it a good idea to launch all 'afterData' subs ?
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
'Pending notification has been found and not accepted');
|
'Pending notification has been found and not accepted');
|
||||||
return $self->p->do( $req, $self->p->afterDatas );
|
return $self->p->do( $req, $self->p->afterData );
|
||||||
}
|
}
|
||||||
|
|
||||||
# All pending notifications have been accepted, restore cookies and
|
# All pending notifications have been accepted, restore cookies and
|
||||||
|
|
|
@ -72,7 +72,7 @@ sub sregHook {
|
||||||
$self->logger->error("Unknown OpenID SREG request $k");
|
$self->logger->error("Unknown OpenID SREG request $k");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$req->datas->{_openIdTrustExtMsg} .= $self->loadTemplate(
|
$req->data->{_openIdTrustExtMsg} .= $self->loadTemplate(
|
||||||
'openIdPol',
|
'openIdPol',
|
||||||
params => {
|
params => {
|
||||||
policies => \@pol,
|
policies => \@pol,
|
||||||
|
@ -103,7 +103,7 @@ sub sregHook {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Now set datas
|
# Now set data
|
||||||
my ( %r, %msg, %ag, %toStore );
|
my ( %r, %msg, %ag, %toStore );
|
||||||
|
|
||||||
# Requested parameters: check if already agreed or confirm is set
|
# Requested parameters: check if already agreed or confirm is set
|
||||||
|
@ -197,7 +197,7 @@ sub sregHook {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
$req->datas->{_openIdTrustExtMsg} .= $self->loadTemplate(
|
$req->data->{_openIdTrustExtMsg} .= $self->loadTemplate(
|
||||||
'openIdTrust',
|
'openIdTrust',
|
||||||
params => {
|
params => {
|
||||||
required => \@mreq,
|
required => \@mreq,
|
||||||
|
@ -213,7 +213,7 @@ sub sregHook {
|
||||||
## @method private array sregfilter(array attr)
|
## @method private array sregfilter(array attr)
|
||||||
# Filter the arguments passed as parameters by checking their compliance with
|
# Filter the arguments passed as parameters by checking their compliance with
|
||||||
# SREG.
|
# SREG.
|
||||||
# @return fitered datas
|
# @return fitered data
|
||||||
sub sregfilter {
|
sub sregfilter {
|
||||||
my ( $self, @attr ) = @_;
|
my ( $self, @attr ) = @_;
|
||||||
my ( @ret, @rej );
|
my ( @ret, @rej );
|
||||||
|
|
|
@ -680,7 +680,7 @@ sub storeState {
|
||||||
my $infos;
|
my $infos;
|
||||||
foreach (@data) {
|
foreach (@data) {
|
||||||
$infos->{$_} = $req->{$_} if $req->{$_};
|
$infos->{$_} = $req->{$_} if $req->{$_};
|
||||||
$infos->{"datas_$_"} = $req->datas->{$_} if $req->datas->{$_};
|
$infos->{"data_$_"} = $req->data->{$_} if $req->data->{$_};
|
||||||
}
|
}
|
||||||
return unless ($infos);
|
return unless ($infos);
|
||||||
|
|
||||||
|
@ -714,8 +714,8 @@ sub extractState {
|
||||||
foreach ( keys %{$stateSession} ) {
|
foreach ( keys %{$stateSession} ) {
|
||||||
next if $_ =~ /(type|_session_id|_session_kind|_utime)/;
|
next if $_ =~ /(type|_session_id|_session_kind|_utime)/;
|
||||||
my $tmp = $stateSession->{$_};
|
my $tmp = $stateSession->{$_};
|
||||||
if (s/^datas_//) {
|
if (s/^data_//) {
|
||||||
$req->datas->{$_} = $tmp;
|
$req->data->{$_} = $tmp;
|
||||||
}
|
}
|
||||||
elsif ( $req->can($_) ) {
|
elsif ( $req->can($_) ) {
|
||||||
$req->$_($tmp);
|
$req->$_($tmp);
|
||||||
|
|
|
@ -34,11 +34,11 @@ no warnings 'once';
|
||||||
|
|
||||||
sub getUser {
|
sub getUser {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return PE_OK if ( $req->datas->{_proxyQueryDone} );
|
return PE_OK if ( $req->data->{_proxyQueryDone} );
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
'Proxy push auth to ' . $self->conf->{proxyAuthService} );
|
'Proxy push auth to ' . $self->conf->{proxyAuthService} );
|
||||||
my $resp = $self->ua->post( $self->conf->{proxyAuthService},
|
my $resp = $self->ua->post( $self->conf->{proxyAuthService},
|
||||||
{ user => $req->{user}, password => $req->datas->{password} } );
|
{ user => $req->{user}, password => $req->data->{password} } );
|
||||||
unless ( $resp->is_success ) {
|
unless ( $resp->is_success ) {
|
||||||
$self->logger->error(
|
$self->logger->error(
|
||||||
'Unable to query authentication service: ' . $resp->status_line );
|
'Unable to query authentication service: ' . $resp->status_line );
|
||||||
|
@ -66,7 +66,7 @@ sub getUser {
|
||||||
|
|
||||||
sub setSessionInfo {
|
sub setSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return PE_OK if ( $req->datas->{_setSessionInfoDone} );
|
return PE_OK if ( $req->data->{_setSessionInfoDone} );
|
||||||
my $q = HTTP::Request->new(
|
my $q = HTTP::Request->new(
|
||||||
GET => $self->conf->{proxySessionService} . '/global',
|
GET => $self->conf->{proxySessionService} . '/global',
|
||||||
[
|
[
|
||||||
|
@ -89,7 +89,7 @@ sub setSessionInfo {
|
||||||
foreach ( keys %$res ) {
|
foreach ( keys %$res ) {
|
||||||
$req->{sessionInfo}->{$_} ||= $res->{$_} unless (/^_/);
|
$req->{sessionInfo}->{$_} ||= $res->{$_} unless (/^_/);
|
||||||
}
|
}
|
||||||
$req->datas->{_setSessionInfoDone}++;
|
$req->data->{_setSessionInfoDone}++;
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -61,8 +61,8 @@ sub checkRemoteId {
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
%{ $req->datas->{rSessionInfo} } = %{ $remoteSession->data() };
|
%{ $req->data->{rSessionInfo} } = %{ $remoteSession->data() };
|
||||||
delete( $req->datas->{rSessionInfo}->{'_password'} )
|
delete( $req->data->{rSessionInfo}->{'_password'} )
|
||||||
unless ( $self->conf->{storePassword} );
|
unless ( $self->conf->{storePassword} );
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -546,7 +546,7 @@ sub checkLassoError {
|
||||||
|
|
||||||
## @method Lasso::Server createServer(string metadata, string private_key, string private_key_password, string private_key_enc, string private_key_enc_password, string certificate)
|
## @method Lasso::Server createServer(string metadata, string private_key, string private_key_password, string private_key_enc, string private_key_enc_password, string certificate)
|
||||||
# Load service metadata and create Lasso::Server object
|
# Load service metadata and create Lasso::Server object
|
||||||
# @param metadata SAML metadatas
|
# @param metadata SAML metadata
|
||||||
# @param private_key private key
|
# @param private_key private key
|
||||||
# @param private_key_password optional private key password
|
# @param private_key_password optional private key password
|
||||||
# @param private_key_enc optional private key for encryption
|
# @param private_key_enc optional private key for encryption
|
||||||
|
@ -767,14 +767,14 @@ sub createAuthnRequest {
|
||||||
# In this case:
|
# In this case:
|
||||||
# * Check proxy conditions
|
# * Check proxy conditions
|
||||||
# * Forward some authn constraints
|
# * Forward some authn constraints
|
||||||
if ( $req->datas->{_proxiedSamlRequest} ) {
|
if ( $req->data->{_proxiedSamlRequest} ) {
|
||||||
|
|
||||||
$self->logger->debug("IDP Proxy mode detected");
|
$self->logger->debug("IDP Proxy mode detected");
|
||||||
|
|
||||||
# Get ProxyCount value
|
# Get ProxyCount value
|
||||||
eval {
|
eval {
|
||||||
$proxyCount =
|
$proxyCount =
|
||||||
$req->datas->{_proxiedSamlRequest}->Scoping()->ProxyCount();
|
$req->data->{_proxiedSamlRequest}->Scoping()->ProxyCount();
|
||||||
};
|
};
|
||||||
|
|
||||||
# Deny request if ProxyCount eq 0
|
# Deny request if ProxyCount eq 0
|
||||||
|
@ -791,22 +791,22 @@ sub createAuthnRequest {
|
||||||
else {
|
else {
|
||||||
|
|
||||||
# Decrease ProxyCount
|
# Decrease ProxyCount
|
||||||
my $scoping = $req->datas->{_proxiedSamlRequest}->Scoping();
|
my $scoping = $req->data->{_proxiedSamlRequest}->Scoping();
|
||||||
$scoping->ProxyCount( $proxyCount-- );
|
$scoping->ProxyCount( $proxyCount-- );
|
||||||
eval { $request->Scoping($scoping); };
|
eval { $request->Scoping($scoping); };
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# isPassive
|
# isPassive
|
||||||
eval { $isPassive = $req->datas->{_proxiedSamlRequest}->IsPassive(); };
|
eval { $isPassive = $req->data->{_proxiedSamlRequest}->IsPassive(); };
|
||||||
|
|
||||||
# forceAuthn
|
# forceAuthn
|
||||||
eval { $forceAuthn = $req->datas->{_proxiedSamlRequest}->ForceAuthn(); };
|
eval { $forceAuthn = $req->data->{_proxiedSamlRequest}->ForceAuthn(); };
|
||||||
|
|
||||||
# requestedAuthnContext
|
# requestedAuthnContext
|
||||||
eval {
|
eval {
|
||||||
$proxyRequestedAuthnContext =
|
$proxyRequestedAuthnContext =
|
||||||
$req->datas->{_proxiedSamlRequest}->RequestedAuthnContext();
|
$req->data->{_proxiedSamlRequest}->RequestedAuthnContext();
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3432,7 +3432,7 @@ If SAML Destination attribute is present, check it
|
||||||
|
|
||||||
=head2 getSamlSession
|
=head2 getSamlSession
|
||||||
|
|
||||||
Try to recover the SAML session corresponding to id and return session datas
|
Try to recover the SAML session corresponding to id and return session data
|
||||||
|
|
||||||
=head2 createAttribute
|
=head2 createAttribute
|
||||||
|
|
||||||
|
|
|
@ -29,10 +29,10 @@ no warnings 'once';
|
||||||
|
|
||||||
sub getUser {
|
sub getUser {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return PE_OK if ( $req->datas->{_proxyQueryDone} );
|
return PE_OK if ( $req->data->{_proxyQueryDone} );
|
||||||
my $soap = SOAP::Lite->proxy( $self->conf->{proxyAuthService} )
|
my $soap = SOAP::Lite->proxy( $self->conf->{proxyAuthService} )
|
||||||
->uri('urn:Lemonldap/NG/Common/PSGI/SOAPService');
|
->uri('urn:Lemonldap/NG/Common/PSGI/SOAPService');
|
||||||
my $r = $soap->getCookies( $req->{user}, $req->datas->{password} );
|
my $r = $soap->getCookies( $req->{user}, $req->data->{password} );
|
||||||
if ( $r->fault ) {
|
if ( $r->fault ) {
|
||||||
$self->logger->error( "Unable to query authentication service: "
|
$self->logger->error( "Unable to query authentication service: "
|
||||||
. $r->fault->{faultstring} );
|
. $r->fault->{faultstring} );
|
||||||
|
@ -47,22 +47,22 @@ sub getUser {
|
||||||
$self->setSecurity($req);
|
$self->setSecurity($req);
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
unless ( $req->datas->{_remoteId} =
|
unless ( $req->data->{_remoteId} =
|
||||||
$res->{cookies}->{ $self->conf->{remoteCookieName} } )
|
$res->{cookies}->{ $self->conf->{remoteCookieName} } )
|
||||||
{
|
{
|
||||||
$self->logger->error("No cookie named $self->{remoteCookieName}");
|
$self->logger->error("No cookie named $self->{remoteCookieName}");
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
$req->datas->{_proxyQueryDone}++;
|
$req->data->{_proxyQueryDone}++;
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub setSessionInfo {
|
sub setSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
return PE_OK if ( $req->datas->{_setSessionInfoDone} );
|
return PE_OK if ( $req->data->{_setSessionInfoDone} );
|
||||||
my $soap = SOAP::Lite->proxy( $self->conf->{proxySessionService} )
|
my $soap = SOAP::Lite->proxy( $self->conf->{proxySessionService} )
|
||||||
->uri('urn:Lemonldap/NG/Common/PSGI/SOAPService');
|
->uri('urn:Lemonldap/NG/Common/PSGI/SOAPService');
|
||||||
my $r = $soap->getAttributes( $req->datas->{_remoteId} );
|
my $r = $soap->getAttributes( $req->data->{_remoteId} );
|
||||||
if ( $r->fault ) {
|
if ( $r->fault ) {
|
||||||
$self->logger->error( "Unable to query authentication service"
|
$self->logger->error( "Unable to query authentication service"
|
||||||
. $r->fault->{faultstring} );
|
. $r->fault->{faultstring} );
|
||||||
|
@ -76,7 +76,7 @@ sub setSessionInfo {
|
||||||
$req->{sessionInfo}->{$_} ||= $res->{attributes}->{$_}
|
$req->{sessionInfo}->{$_} ||= $res->{attributes}->{$_}
|
||||||
unless (/^_/);
|
unless (/^_/);
|
||||||
}
|
}
|
||||||
$req->datas->{_setSessionInfoDone}++;
|
$req->data->{_setSessionInfoDone}++;
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,15 +20,15 @@ has availableModules => ( is => 'rw', default => sub { {} } );
|
||||||
# Note that "beforeAuth" can't be used here and must be wrapped in auth
|
# Note that "beforeAuth" can't be used here and must be wrapped in auth
|
||||||
# module
|
# module
|
||||||
#
|
#
|
||||||
# Note also that auth module must store in $req->datas->{enabledMods} a ref
|
# Note also that auth module must store in $req->data->{enabledMods} a ref
|
||||||
# to each enabled underlying auth modules
|
# to each enabled underlying auth modules
|
||||||
sub betweenAuthAndDatas { '_betweenAuthAndDatas' }
|
sub betweenAuthAndData { '_betweenAuthAndData' }
|
||||||
sub afterDatas { '_afterDatas' }
|
sub afterData { '_afterData' }
|
||||||
sub forAuthUser { '_forAuthUser' }
|
sub forAuthUser { '_forAuthUser' }
|
||||||
sub beforeLogout { '_beforeLogout' }
|
sub beforeLogout { '_beforeLogout' }
|
||||||
|
|
||||||
sub _betweenAuthAndDatas { _wrapEntryPoint( @_, 'betweenAuthAndDatas' ); }
|
sub _betweenAuthAndData { _wrapEntryPoint( @_, 'betweenAuthAndData' ); }
|
||||||
sub _afterDatas { _wrapEntryPoint( @_, 'afterDatas' ); }
|
sub _afterData { _wrapEntryPoint( @_, 'afterData' ); }
|
||||||
sub _forAuthUser { _wrapEntryPoint( @_, 'forAuthUser', 1 ); }
|
sub _forAuthUser { _wrapEntryPoint( @_, 'forAuthUser', 1 ); }
|
||||||
sub _beforeLogout { _wrapEntryPoint( @_, 'beforeLogout', 1 ); }
|
sub _beforeLogout { _wrapEntryPoint( @_, 'beforeLogout', 1 ); }
|
||||||
|
|
||||||
|
@ -50,8 +50,8 @@ sub _wrapEntryPoint {
|
||||||
"Missing $self->{sessionKey} key in session");
|
"Missing $self->{sessionKey} key in session");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elsif ( ref $req->datas->{ "enabledMods" . $self->type } ) {
|
elsif ( ref $req->data->{ "enabledMods" . $self->type } ) {
|
||||||
@t = @{ $req->datas->{ "enabledMods" . $self->type } };
|
@t = @{ $req->data->{ "enabledMods" . $self->type } };
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
|
|
|
@ -41,19 +41,19 @@ sub display {
|
||||||
|
|
||||||
# 1.1 A notification has to be done (session is created but hidden and
|
# 1.1 A notification has to be done (session is created but hidden and
|
||||||
# unusable until the user has accept the message)
|
# unusable until the user has accept the message)
|
||||||
if ( my $notif = $req->datas->{notification} ) {
|
if ( my $notif = $req->data->{notification} ) {
|
||||||
$self->logger->debug('Display: notification detected');
|
$self->logger->debug('Display: notification detected');
|
||||||
$skinfile = 'notification';
|
$skinfile = 'notification';
|
||||||
%templateParams = (
|
%templateParams = (
|
||||||
AUTH_ERROR_TYPE => $req->error_type,
|
AUTH_ERROR_TYPE => $req->error_type,
|
||||||
NOTIFICATION => $notif,
|
NOTIFICATION => $notif,
|
||||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||||
AUTH_URL => $req->{datas}->{_url},
|
AUTH_URL => $req->{data}->{_url},
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
CHOICE_VALUE => $req->data->{_authChoice},
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
@ -67,21 +67,21 @@ sub display {
|
||||||
%templateParams = (
|
%templateParams = (
|
||||||
AUTH_ERROR => $req->error,
|
AUTH_ERROR => $req->error,
|
||||||
AUTH_ERROR_TYPE => $req->error_type,
|
AUTH_ERROR_TYPE => $req->error_type,
|
||||||
AUTH_URL => $req->{datas}->{_url},
|
AUTH_URL => $req->{data}->{_url},
|
||||||
MSG => $req->info,
|
MSG => $req->info,
|
||||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||||
ACTIVE_TIMER => $req->datas->{activeTimer},
|
ACTIVE_TIMER => $req->data->{activeTimer},
|
||||||
FORM_METHOD => $self->conf->{confirmFormMethod},
|
FORM_METHOD => $self->conf->{confirmFormMethod},
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
CHOICE_VALUE => $req->data->{_authChoice},
|
||||||
CHECK_LOGINS => $self->conf->{portalCheckLogins}
|
CHECK_LOGINS => $self->conf->{portalCheckLogins}
|
||||||
&& $req->datas->{login},
|
&& $req->data->{login},
|
||||||
ASK_LOGINS => $req->param('checkLogins') || 0,
|
ASK_LOGINS => $req->param('checkLogins') || 0,
|
||||||
CONFIRMKEY => $self->stamp(),
|
CONFIRMKEY => $self->stamp(),
|
||||||
REMEMBER => $req->datas->{confirmRemember},
|
REMEMBER => $req->data->{confirmRemember},
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
@ -95,21 +95,21 @@ sub display {
|
||||||
%templateParams = (
|
%templateParams = (
|
||||||
AUTH_ERROR => $req->error,
|
AUTH_ERROR => $req->error,
|
||||||
AUTH_ERROR_TYPE => $req->error_type,
|
AUTH_ERROR_TYPE => $req->error_type,
|
||||||
AUTH_URL => $req->{datas}->{_url},
|
AUTH_URL => $req->{data}->{_url},
|
||||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||||
ACTIVE_TIMER => $req->datas->{activeTimer},
|
ACTIVE_TIMER => $req->data->{activeTimer},
|
||||||
FORM_METHOD => $self->conf->{confirmFormMethod},
|
FORM_METHOD => $self->conf->{confirmFormMethod},
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
CHOICE_VALUE => $req->data->{_authChoice},
|
||||||
CHECK_LOGINS => $self->conf->{portalCheckLogins}
|
CHECK_LOGINS => $self->conf->{portalCheckLogins}
|
||||||
&& $req->datas->{login},
|
&& $req->data->{login},
|
||||||
ASK_LOGINS => $req->param('checkLogins') || 0,
|
ASK_LOGINS => $req->param('checkLogins') || 0,
|
||||||
CONFIRMKEY => $self->stamp(),
|
CONFIRMKEY => $self->stamp(),
|
||||||
LIST => $req->datas->{list} || [],
|
LIST => $req->data->{list} || [],
|
||||||
REMEMBER => $req->datas->{confirmRemember},
|
REMEMBER => $req->data->{confirmRemember},
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
@ -126,13 +126,13 @@ sub display {
|
||||||
MSG => $info,
|
MSG => $info,
|
||||||
URL => $req->{urldc},
|
URL => $req->{urldc},
|
||||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||||
ACTIVE_TIMER => $req->datas->{activeTimer},
|
ACTIVE_TIMER => $req->data->{activeTimer},
|
||||||
FORM_METHOD => $self->conf->{infoFormMethod},
|
FORM_METHOD => $self->conf->{infoFormMethod},
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
CHOICE_VALUE => $req->data->{_authChoice},
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
@ -153,12 +153,12 @@ sub display {
|
||||||
PROVIDERURI => $p,
|
PROVIDERURI => $p,
|
||||||
MSG => $req->info(),
|
MSG => $req->info(),
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
$templateParams{ID} = $req->datas->{_openidPortal} . $id if ($id);
|
$templateParams{ID} = $req->data->{_openidPortal} . $id if ($id);
|
||||||
}
|
}
|
||||||
|
|
||||||
# 2. Good authentication
|
# 2. Good authentication
|
||||||
|
@ -169,10 +169,10 @@ sub display {
|
||||||
%templateParams = (
|
%templateParams = (
|
||||||
URL => $req->{urldc},
|
URL => $req->{urldc},
|
||||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||||
FORM_METHOD => $req->datas->{redirectFormMethod} || 'get',
|
FORM_METHOD => $req->data->{redirectFormMethod} || 'get',
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
@ -193,8 +193,8 @@ sub display {
|
||||||
HIDE_OLDPASSWORD => 0,
|
HIDE_OLDPASSWORD => 0,
|
||||||
$self->menu->params($req),
|
$self->menu->params($req),
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
@ -206,10 +206,10 @@ sub display {
|
||||||
MSG => 'askToRenew',
|
MSG => 'askToRenew',
|
||||||
CONFIRMKEY => $self->stamp,
|
CONFIRMKEY => $self->stamp,
|
||||||
PORTAL => $self->conf->{portal},
|
PORTAL => $self->conf->{portal},
|
||||||
URL => $req->datas->{_url},
|
URL => $req->data->{_url},
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
@ -218,7 +218,7 @@ sub display {
|
||||||
# 2.3 Case : user authenticated but an error was returned (bas url,...)
|
# 2.3 Case : user authenticated but an error was returned (bas url,...)
|
||||||
elsif (
|
elsif (
|
||||||
$req->noLoginDisplay
|
$req->noLoginDisplay
|
||||||
or ( not $req->datas->{noerror}
|
or ( not $req->data->{noerror}
|
||||||
and $req->userData
|
and $req->userData
|
||||||
and %{ $req->userData } )
|
and %{ $req->userData } )
|
||||||
)
|
)
|
||||||
|
@ -228,8 +228,8 @@ sub display {
|
||||||
AUTH_ERROR => $req->error,
|
AUTH_ERROR => $req->error,
|
||||||
AUTH_ERROR_TYPE => $req->error_type,
|
AUTH_ERROR_TYPE => $req->error_type,
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
@ -243,7 +243,7 @@ sub display {
|
||||||
%templateParams = (
|
%templateParams = (
|
||||||
AUTH_ERROR => $req->error,
|
AUTH_ERROR => $req->error,
|
||||||
AUTH_ERROR_TYPE => $req->error_type,
|
AUTH_ERROR_TYPE => $req->error_type,
|
||||||
AUTH_URL => $req->{datas}->{_url},
|
AUTH_URL => $req->{data}->{_url},
|
||||||
LOGIN => $login,
|
LOGIN => $login,
|
||||||
CHECK_LOGINS => $self->conf->{portalCheckLogins},
|
CHECK_LOGINS => $self->conf->{portalCheckLogins},
|
||||||
ASK_LOGINS => $req->param('checkLogins') || 0,
|
ASK_LOGINS => $req->param('checkLogins') || 0,
|
||||||
|
@ -254,8 +254,8 @@ sub display {
|
||||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||||
STAYCONNECTED => $self->conf->{stayConnected},
|
STAYCONNECTED => $self->conf->{stayConnected},
|
||||||
(
|
(
|
||||||
$req->datas->{customScript}
|
$req->data->{customScript}
|
||||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
? ( CUSTOM_SCRIPT => $req->data->{customScript} )
|
||||||
: ()
|
: ()
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
@ -299,11 +299,11 @@ sub display {
|
||||||
DISPLAY_RESETPASSWORD => 0,
|
DISPLAY_RESETPASSWORD => 0,
|
||||||
AUTH_LOOP => [],
|
AUTH_LOOP => [],
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
CHOICE_VALUE => $req->data->{_authChoice},
|
||||||
OLDPASSWORD => $self->checkXSSAttack( 'oldpassword',
|
OLDPASSWORD => $self->checkXSSAttack( 'oldpassword',
|
||||||
$req->datas->{oldpassword} )
|
$req->data->{oldpassword} )
|
||||||
? ""
|
? ""
|
||||||
: $req->datas->{oldpassword},
|
: $req->data->{oldpassword},
|
||||||
HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
|
HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -337,7 +337,7 @@ sub display {
|
||||||
%templateParams,
|
%templateParams,
|
||||||
AUTH_LOOP => $authLoop,
|
AUTH_LOOP => $authLoop,
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
CHOICE_VALUE => $req->data->{_authChoice},
|
||||||
DISPLAY_FORM => 0,
|
DISPLAY_FORM => 0,
|
||||||
DISPLAY_OPENID_FORM => 0,
|
DISPLAY_OPENID_FORM => 0,
|
||||||
DISPLAY_YUBIKEY_FORM => 0,
|
DISPLAY_YUBIKEY_FORM => 0,
|
||||||
|
@ -473,7 +473,7 @@ sub getSkin {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Build an HTML array to display sessions
|
# Build an HTML array to display sessions
|
||||||
# @param $sessions Array ref of hash ref containing sessions datas
|
# @param $sessions Array ref of hash ref containing sessions data
|
||||||
# @param $title Title of the array
|
# @param $title Title of the array
|
||||||
# @param $displayUser To display "User" column
|
# @param $displayUser To display "User" column
|
||||||
# @param $displaError To display "Error" column
|
# @param $displaError To display "Error" column
|
||||||
|
|
|
@ -45,12 +45,12 @@ has beforeAuth => (
|
||||||
isa => 'ArrayRef',
|
isa => 'ArrayRef',
|
||||||
default => sub { [] }
|
default => sub { [] }
|
||||||
);
|
);
|
||||||
has betweenAuthAndDatas => (
|
has betweenAuthAndData => (
|
||||||
is => 'rw',
|
is => 'rw',
|
||||||
isa => 'ArrayRef',
|
isa => 'ArrayRef',
|
||||||
default => sub { [] }
|
default => sub { [] }
|
||||||
);
|
);
|
||||||
has afterDatas => (
|
has afterData => (
|
||||||
is => 'rw',
|
is => 'rw',
|
||||||
isa => 'ArrayRef',
|
isa => 'ArrayRef',
|
||||||
default => sub { [] }
|
default => sub { [] }
|
||||||
|
@ -151,7 +151,7 @@ sub reloadConf {
|
||||||
|
|
||||||
# Reinitialize arrays
|
# Reinitialize arrays
|
||||||
foreach (
|
foreach (
|
||||||
qw(_macros _groups beforeAuth betweenAuthAndDatas afterDatas forAuthUser beforeLogout)
|
qw(_macros _groups beforeAuth betweenAuthAndData afterData forAuthUser beforeLogout)
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
$self->{$_} = [];
|
$self->{$_} = [];
|
||||||
|
@ -307,7 +307,7 @@ sub reloadConf {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Clean $req->pdata after authentication
|
# Clean $req->pdata after authentication
|
||||||
push @{ $self->afterDatas }, sub {
|
push @{ $self->afterData }, sub {
|
||||||
unless ( $_[0]->pdata->{keepPdata} ) {
|
unless ( $_[0]->pdata->{keepPdata} ) {
|
||||||
$self->logger->debug('Cleaning pdata');
|
$self->logger->debug('Cleaning pdata');
|
||||||
$_[0]->pdata( {} );
|
$_[0]->pdata( {} );
|
||||||
|
@ -337,7 +337,7 @@ sub findEP {
|
||||||
|
|
||||||
# Standards entry points
|
# Standards entry points
|
||||||
foreach my $sub (
|
foreach my $sub (
|
||||||
qw(beforeAuth betweenAuthAndDatas afterDatas forAuthUser beforeLogout))
|
qw(beforeAuth betweenAuthAndData afterData forAuthUser beforeLogout))
|
||||||
{
|
{
|
||||||
if ( $obj->can($sub) ) {
|
if ( $obj->can($sub) ) {
|
||||||
$self->logger->debug(" Found $sub entry point:");
|
$self->logger->debug(" Found $sub entry point:");
|
||||||
|
|
|
@ -99,9 +99,9 @@ sub _redirect {
|
||||||
'controlUrl',
|
'controlUrl',
|
||||||
@{ $self->p->beforeAuth },
|
@{ $self->p->beforeAuth },
|
||||||
$self->p->authProcess,
|
$self->p->authProcess,
|
||||||
@{ $self->p->betweenAuthAndDatas },
|
@{ $self->p->betweenAuthAndData },
|
||||||
$self->p->sessionDatas,
|
$self->p->sessionData,
|
||||||
@{ $self->p->afterDatas },
|
@{ $self->p->afterData },
|
||||||
(
|
(
|
||||||
$restore
|
$restore
|
||||||
? sub {
|
? sub {
|
||||||
|
@ -136,7 +136,7 @@ sub _forAuthUser {
|
||||||
return $self->p->do(
|
return $self->p->do(
|
||||||
$req,
|
$req,
|
||||||
[
|
[
|
||||||
'importHandlerDatas',
|
'importHandlerData',
|
||||||
'controlUrl',
|
'controlUrl',
|
||||||
@{ $self->p->forAuthUser },
|
@{ $self->p->forAuthUser },
|
||||||
sub {
|
sub {
|
||||||
|
@ -180,10 +180,10 @@ sub restoreRequest {
|
||||||
|
|
||||||
sub reAuth {
|
sub reAuth {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->datas->{customScript} =
|
$req->data->{customScript} =
|
||||||
qq'<script type="text/javascript" src="$self->{p}->{staticPrefix}/common/js/autoRenew.min.js"></script>'
|
qq'<script type="text/javascript" src="$self->{p}->{staticPrefix}/common/js/autoRenew.min.js"></script>'
|
||||||
if ( $self->conf->{skipRenewConfirmation} );
|
if ( $self->conf->{skipRenewConfirmation} );
|
||||||
$req->datas->{_url} =
|
$req->data->{_url} =
|
||||||
encode_base64( $self->conf->{portal} . $req->path_info, '' );
|
encode_base64( $self->conf->{portal} . $req->path_info, '' );
|
||||||
$req->pdata->{ $self->ipath } = $self->storeRequest($req);
|
$req->pdata->{ $self->ipath } = $self->storeRequest($req);
|
||||||
$req->pdata->{keepPdata} = 1;
|
$req->pdata->{keepPdata} = 1;
|
||||||
|
|
|
@ -156,10 +156,10 @@ are available.
|
||||||
|
|
||||||
=item C<beforeAuth>: method called before authentication process
|
=item C<beforeAuth>: method called before authentication process
|
||||||
|
|
||||||
=item C<betweenAuthAndDatas>: method called after authentication and before
|
=item C<betweenAuthAndData>: method called after authentication and before
|
||||||
setting C<sessionInfo> provisionning
|
setting C<sessionInfo> provisionning
|
||||||
|
|
||||||
=item C<afterDatas>: method called after C<sessionInfo> provisionning
|
=item C<afterData>: method called after C<sessionInfo> provisionning
|
||||||
I<(macros, groups,...)>
|
I<(macros, groups,...)>
|
||||||
|
|
||||||
=item C<forAuthUser>: method called for already authenticated users
|
=item C<forAuthUser>: method called for already authenticated users
|
||||||
|
|
|
@ -36,14 +36,14 @@ sub process {
|
||||||
# First process block: check args
|
# First process block: check args
|
||||||
# -------------------------------
|
# -------------------------------
|
||||||
|
|
||||||
# For post requests, parse datas
|
# For post requests, parse data
|
||||||
sub restoreArgs {
|
sub restoreArgs {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->mustRedirect(1);
|
$req->mustRedirect(1);
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub importHandlerDatas {
|
sub importHandlerData {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->{sessionInfo} = $req->userData;
|
$req->{sessionInfo} = $req->userData;
|
||||||
$req->id( $req->sessionInfo->{_session_id} );
|
$req->id( $req->sessionInfo->{_session_id} );
|
||||||
|
@ -73,7 +73,7 @@ sub controlUrl {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$req->{datas}->{_url} ||= '';
|
$req->{data}->{_url} ||= '';
|
||||||
my $url = $req->param('url');
|
my $url = $req->param('url');
|
||||||
if ($url) {
|
if ($url) {
|
||||||
|
|
||||||
|
@ -120,7 +120,7 @@ sub controlUrl {
|
||||||
return PE_BADURL;
|
return PE_BADURL;
|
||||||
}
|
}
|
||||||
|
|
||||||
$req->datas->{_url} = $url;
|
$req->data->{_url} = $url;
|
||||||
}
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
|
@ -161,7 +161,7 @@ sub deleteSession {
|
||||||
|
|
||||||
# TODO
|
# TODO
|
||||||
# Collect logout services and build hidden iFrames
|
# Collect logout services and build hidden iFrames
|
||||||
if ( $req->datas->{logoutServices} and %{ $req->datas->{logoutServices} } )
|
if ( $req->data->{logoutServices} and %{ $req->data->{logoutServices} } )
|
||||||
{
|
{
|
||||||
|
|
||||||
$self->logger->debug("Create iFrames to forward logout to services");
|
$self->logger->debug("Create iFrames to forward logout to services");
|
||||||
|
@ -172,10 +172,10 @@ sub deleteSession {
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
foreach ( keys %{ $req->datas->{logoutServices} } ) {
|
foreach ( keys %{ $req->data->{logoutServices} } ) {
|
||||||
my $logoutServiceName = $_;
|
my $logoutServiceName = $_;
|
||||||
my $logoutServiceUrl =
|
my $logoutServiceUrl =
|
||||||
$req->datas->{logoutServices}->{$logoutServiceName};
|
$req->data->{logoutServices}->{$logoutServiceName};
|
||||||
|
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Find logout service $logoutServiceName ($logoutServiceUrl)");
|
"Find logout service $logoutServiceName ($logoutServiceUrl)");
|
||||||
|
|
|
@ -17,7 +17,7 @@ has steps => ( is => 'rw' );
|
||||||
# Authentication result
|
# Authentication result
|
||||||
has authResult => ( is => 'rw' );
|
has authResult => ( is => 'rw' );
|
||||||
|
|
||||||
# Session datas when created
|
# Session data when created
|
||||||
has id => ( is => 'rw' );
|
has id => ( is => 'rw' );
|
||||||
has sessionInfo => ( is => 'rw' );
|
has sessionInfo => ( is => 'rw' );
|
||||||
has user => ( is => 'rw' );
|
has user => ( is => 'rw' );
|
||||||
|
@ -116,7 +116,7 @@ sub error_type {
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
my ($self) = @_;
|
my ($self) = @_;
|
||||||
$self->{$_} = {} foreach (qw(datas customParameters sessionInfo pdata));
|
$self->{$_} = {} foreach (qw(data customParameters sessionInfo pdata));
|
||||||
$self->{$_} = [] foreach (qw(respCookies));
|
$self->{$_} = [] foreach (qw(respCookies));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -130,8 +130,8 @@ sub loginInfo {
|
||||||
|
|
||||||
sub info {
|
sub info {
|
||||||
my ( $self, $info ) = @_;
|
my ( $self, $info ) = @_;
|
||||||
$self->datas->{_info} .= $info if ( defined $info );
|
$self->data->{_info} .= $info if ( defined $info );
|
||||||
return $self->datas->{_info};
|
return $self->data->{_info};
|
||||||
}
|
}
|
||||||
|
|
||||||
sub addCookie {
|
sub addCookie {
|
||||||
|
@ -174,7 +174,7 @@ portal jobs.
|
||||||
Stack of methods to call for this requests. It can be modified to change
|
Stack of methods to call for this requests. It can be modified to change
|
||||||
authentication process
|
authentication process
|
||||||
|
|
||||||
=head3 datas()
|
=head3 data()
|
||||||
|
|
||||||
Free hash ref where plugins can store their data (during one request). Using it
|
Free hash ref where plugins can store their data (during one request). Using it
|
||||||
is a LLNG best practice
|
is a LLNG best practice
|
||||||
|
|
|
@ -19,7 +19,7 @@ use URI::Escape;
|
||||||
# List constants
|
# List constants
|
||||||
sub authProcess { qw(extractFormInfo getUser authenticate) }
|
sub authProcess { qw(extractFormInfo getUser authenticate) }
|
||||||
|
|
||||||
sub sessionDatas {
|
sub sessionData {
|
||||||
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
|
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
|
||||||
setLocalGroups store secondFactor storeHistory buildCookie);
|
setLocalGroups store secondFactor storeHistory buildCookie);
|
||||||
}
|
}
|
||||||
|
@ -89,8 +89,8 @@ sub login {
|
||||||
$req,
|
$req,
|
||||||
[
|
[
|
||||||
'controlUrl', @{ $self->beforeAuth },
|
'controlUrl', @{ $self->beforeAuth },
|
||||||
$self->authProcess, @{ $self->betweenAuthAndDatas },
|
$self->authProcess, @{ $self->betweenAuthAndData },
|
||||||
$self->sessionDatas, @{ $self->afterDatas },
|
$self->sessionData, @{ $self->afterData },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -102,8 +102,8 @@ sub postLogin {
|
||||||
[
|
[
|
||||||
'restoreArgs', 'controlUrl',
|
'restoreArgs', 'controlUrl',
|
||||||
@{ $self->beforeAuth }, $self->authProcess,
|
@{ $self->beforeAuth }, $self->authProcess,
|
||||||
@{ $self->betweenAuthAndDatas }, $self->sessionDatas,
|
@{ $self->betweenAuthAndData }, $self->sessionData,
|
||||||
@{ $self->afterDatas },
|
@{ $self->afterData },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -113,7 +113,7 @@ sub authenticatedRequest {
|
||||||
return $self->do(
|
return $self->do(
|
||||||
$req,
|
$req,
|
||||||
[
|
[
|
||||||
'importHandlerDatas', 'controlUrl',
|
'importHandlerData', 'controlUrl',
|
||||||
'checkLogout', @{ $self->forAuthUser }
|
'checkLogout', @{ $self->forAuthUser }
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
@ -124,7 +124,7 @@ sub postAuthenticatedRequest {
|
||||||
return $self->do(
|
return $self->do(
|
||||||
$req,
|
$req,
|
||||||
[
|
[
|
||||||
'importHandlerDatas', 'restoreArgs',
|
'importHandlerData', 'restoreArgs',
|
||||||
'controlUrl', 'checkLogout',
|
'controlUrl', 'checkLogout',
|
||||||
@{ $self->forAuthUser }
|
@{ $self->forAuthUser }
|
||||||
]
|
]
|
||||||
|
@ -134,24 +134,24 @@ sub postAuthenticatedRequest {
|
||||||
sub refresh {
|
sub refresh {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->mustRedirect(1);
|
$req->mustRedirect(1);
|
||||||
my %datas = %{ $req->userData };
|
my %data = %{ $req->userData };
|
||||||
$req->user( $datas{ $self->conf->{whatToTrace} } );
|
$req->user( $data{ $self->conf->{whatToTrace} } );
|
||||||
$req->id( $datas{_session_id} );
|
$req->id( $data{_session_id} );
|
||||||
$self->userLogger->notice( 'Refresh request for ' . $req->user );
|
$self->userLogger->notice( 'Refresh request for ' . $req->user );
|
||||||
foreach ( keys %datas ) {
|
foreach ( keys %data ) {
|
||||||
delete $datas{$_} unless ( /^_/ or /^(?:startTime)$/ );
|
delete $data{$_} unless ( /^_/ or /^(?:startTime)$/ );
|
||||||
}
|
}
|
||||||
$req->steps(
|
$req->steps(
|
||||||
[
|
[
|
||||||
'getUser',
|
'getUser',
|
||||||
@{ $self->betweenAuthAndDatas },
|
@{ $self->betweenAuthAndData },
|
||||||
'setAuthSessionInfo',
|
'setAuthSessionInfo',
|
||||||
'setSessionInfo',
|
'setSessionInfo',
|
||||||
'setMacros',
|
'setMacros',
|
||||||
'setGroups',
|
'setGroups',
|
||||||
'setLocalGroups',
|
'setLocalGroups',
|
||||||
sub {
|
sub {
|
||||||
$req->sessionInfo->{$_} = $datas{$_} foreach ( keys %datas );
|
$req->sessionInfo->{$_} = $data{$_} foreach ( keys %data );
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
},
|
},
|
||||||
'store',
|
'store',
|
||||||
|
@ -187,7 +187,7 @@ sub logout {
|
||||||
sub do {
|
sub do {
|
||||||
my ( $self, $req, $steps ) = @_;
|
my ( $self, $req, $steps ) = @_;
|
||||||
$req->steps($steps);
|
$req->steps($steps);
|
||||||
$req->datas->{activeTimer} = $self->conf->{activeTimer};
|
$req->data->{activeTimer} = $self->conf->{activeTimer};
|
||||||
my $err = $req->error( $self->process($req) );
|
my $err = $req->error( $self->process($req) );
|
||||||
|
|
||||||
# Update status
|
# Update status
|
||||||
|
@ -237,8 +237,8 @@ sub do {
|
||||||
and (
|
and (
|
||||||
$err != PE_REDIRECT
|
$err != PE_REDIRECT
|
||||||
or ( $err == PE_REDIRECT
|
or ( $err == PE_REDIRECT
|
||||||
and $req->datas->{redirectFormMethod}
|
and $req->data->{redirectFormMethod}
|
||||||
and $req->datas->{redirectFormMethod} eq 'post' )
|
and $req->data->{redirectFormMethod} eq 'post' )
|
||||||
or $req->info
|
or $req->info
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
@ -297,7 +297,7 @@ sub autoRedirect {
|
||||||
$self->logger->debug("Building redirection to $req->{urldc}");
|
$self->logger->debug("Building redirection to $req->{urldc}");
|
||||||
if ( $self->_jsRedirect->( $req, $req->sessionInfo ) ) {
|
if ( $self->_jsRedirect->( $req, $req->sessionInfo ) ) {
|
||||||
$req->error(PE_REDIRECT);
|
$req->error(PE_REDIRECT);
|
||||||
$req->datas->{redirectFormMethod} = "get";
|
$req->data->{redirectFormMethod} = "get";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return [ 302,
|
return [ 302,
|
||||||
|
@ -309,7 +309,7 @@ sub autoRedirect {
|
||||||
return $self->sendHtml( $req, $tpl, params => $prms );
|
return $self->sendHtml( $req, $tpl, params => $prms );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Try to recover the session corresponding to id and return session datas.
|
# Try to recover the session corresponding to id and return session data.
|
||||||
# If $id is set to undef or if $args{force} is true, return a new session.
|
# If $id is set to undef or if $args{force} is true, return a new session.
|
||||||
sub getApacheSession {
|
sub getApacheSession {
|
||||||
my ( $self, $id, %args ) = @_;
|
my ( $self, $id, %args ) = @_;
|
||||||
|
@ -374,7 +374,7 @@ sub getApacheSession {
|
||||||
return $as;
|
return $as;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Try to recover the persistent session corresponding to uid and return session datas.
|
# Try to recover the persistent session corresponding to uid and return session data.
|
||||||
sub getPersistentSession {
|
sub getPersistentSession {
|
||||||
my ( $self, $uid, $info ) = @_;
|
my ( $self, $uid, $info ) = @_;
|
||||||
|
|
||||||
|
@ -450,7 +450,7 @@ sub updatePersistentSession {
|
||||||
|
|
||||||
# Update session stored.
|
# Update session stored.
|
||||||
# If no id is given, try to get it from cookie.
|
# If no id is given, try to get it from cookie.
|
||||||
# If the session is available, update datas with $info.
|
# If the session is available, update data with $info.
|
||||||
# Note that outdated session data may remain some time on
|
# Note that outdated session data may remain some time on
|
||||||
# server local cache, if there are several LL::NG servers.
|
# server local cache, if there are several LL::NG servers.
|
||||||
# @param infos hash reference of information to update
|
# @param infos hash reference of information to update
|
||||||
|
@ -473,7 +473,7 @@ sub updateSession {
|
||||||
foreach ( keys %$infos ) {
|
foreach ( keys %$infos ) {
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Update sessionInfo $_ with " . $infos->{$_} );
|
"Update sessionInfo $_ with " . $infos->{$_} );
|
||||||
$req->{sessionInfo}->{$_} = $self->HANDLER->datas->{$_} =
|
$req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_} =
|
||||||
$infos->{$_};
|
$infos->{$_};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -589,7 +589,7 @@ sub autoPost {
|
||||||
return PE_INFO;
|
return PE_INFO;
|
||||||
}
|
}
|
||||||
|
|
||||||
$req->datas->{redirectFormMethod} = "post";
|
$req->data->{redirectFormMethod} = "post";
|
||||||
return PE_REDIRECT;
|
return PE_REDIRECT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -95,7 +95,7 @@ sub _verify {
|
||||||
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
|
||||||
$self->p->updateSession( $req, { authenticationLevel => $l } );
|
$self->p->updateSession( $req, { authenticationLevel => $l } );
|
||||||
}
|
}
|
||||||
return $self->p->do( $req, [ @{ $self->p->afterDatas }, sub { PE_OK } ] );
|
return $self->p->do( $req, [ @{ $self->p->afterData }, sub { PE_OK } ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -32,13 +32,13 @@ sub _modifyPassword {
|
||||||
|
|
||||||
# Exit if no password change requested
|
# Exit if no password change requested
|
||||||
return PE_OK
|
return PE_OK
|
||||||
unless ( $req->datas->{newpassword} = $req->param('newpassword') );
|
unless ( $req->data->{newpassword} = $req->param('newpassword') );
|
||||||
|
|
||||||
# Check if portal require old password
|
# Check if portal require old password
|
||||||
if ( $self->conf->{portalRequireOldPassword} ) {
|
if ( $self->conf->{portalRequireOldPassword} ) {
|
||||||
|
|
||||||
# TODO: verify oldpassword
|
# TODO: verify oldpassword
|
||||||
unless ( $req->datas->{oldpassword} = $req->param('oldpassword') ) {
|
unless ( $req->data->{oldpassword} = $req->param('oldpassword') ) {
|
||||||
$self->logger->warn("Portal require old password");
|
$self->logger->warn("Portal require old password");
|
||||||
return PE_PP_MUST_SUPPLY_OLD_PASSWORD;
|
return PE_PP_MUST_SUPPLY_OLD_PASSWORD;
|
||||||
}
|
}
|
||||||
|
@ -46,15 +46,15 @@ sub _modifyPassword {
|
||||||
# Verify that old password is good
|
# Verify that old password is good
|
||||||
return PE_PASSWORD_MISMATCH
|
return PE_PASSWORD_MISMATCH
|
||||||
unless (
|
unless (
|
||||||
$req->datas->{newpassword} eq $req->param('confirmpassword') );
|
$req->data->{newpassword} eq $req->param('confirmpassword') );
|
||||||
|
|
||||||
# Verify old password
|
# Verify old password
|
||||||
return PE_BADOLDPASSWORD
|
return PE_BADOLDPASSWORD
|
||||||
unless ( $self->confirm( $req, $req->datas->{oldpassword} ) );
|
unless ( $self->confirm( $req, $req->data->{oldpassword} ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Call password package
|
# Call password package
|
||||||
my $res = $self->modifyPassword( $req, $req->datas->{newpassword} );
|
my $res = $self->modifyPassword( $req, $req->data->{newpassword} );
|
||||||
if ( $res == PE_PASSWORD_OK ) {
|
if ( $res == PE_PASSWORD_OK ) {
|
||||||
$self->logger->debug( 'Update password in session for ' . $req->user );
|
$self->logger->debug( 'Update password in session for ' . $req->user );
|
||||||
my $infos;
|
my $infos;
|
||||||
|
|
|
@ -18,13 +18,13 @@ sub init {
|
||||||
sub confirm {
|
sub confirm {
|
||||||
my ( $self, $req, $pwd ) = @_;
|
my ( $self, $req, $pwd ) = @_;
|
||||||
$self->checkChoice($req) or return PE_ERROR;
|
$self->checkChoice($req) or return PE_ERROR;
|
||||||
return $req->datas->{enabledMods2}->[0]->confirm( $req, $pwd );
|
return $req->data->{enabledMods2}->[0]->confirm( $req, $pwd );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub modifyPassword {
|
sub modifyPassword {
|
||||||
my ( $self, $req, $pwd ) = @_;
|
my ( $self, $req, $pwd ) = @_;
|
||||||
$self->checkChoice($req) or return PE_ERROR;
|
$self->checkChoice($req) or return PE_ERROR;
|
||||||
return $req->datas->{enabledMods2}->[0]->modifyPassword( $req, $pwd );
|
return $req->data->{enabledMods2}->[0]->modifyPassword( $req, $pwd );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -32,7 +32,7 @@ sub modifyPassword {
|
||||||
|
|
||||||
# Call the modify password method
|
# Call the modify password method
|
||||||
my $code =
|
my $code =
|
||||||
$self->ldap->userModifyPassword( $dn, $pwd, $req->datas->{oldpassword} );
|
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword} );
|
||||||
|
|
||||||
unless ( $code == PE_PASSWORD_OK ) {
|
unless ( $code == PE_PASSWORD_OK ) {
|
||||||
$self->ldap->unbind;
|
$self->ldap->unbind;
|
||||||
|
@ -42,7 +42,7 @@ sub modifyPassword {
|
||||||
|
|
||||||
# If password policy and force reset, set reset flag
|
# If password policy and force reset, set reset flag
|
||||||
if ( $self->conf->{ldapPpolicyControl}
|
if ( $self->conf->{ldapPpolicyControl}
|
||||||
and $req->datas->{forceReset}
|
and $req->data->{forceReset}
|
||||||
and $self->conf->{ldapUsePasswordResetAttribute} )
|
and $self->conf->{ldapUsePasswordResetAttribute} )
|
||||||
{
|
{
|
||||||
my $result = $self->ldap->modify(
|
my $result = $self->ldap->modify(
|
||||||
|
|
|
@ -13,7 +13,7 @@ extends 'Lemonldap::NG::Common::Module';
|
||||||
|
|
||||||
# INTERFACE
|
# INTERFACE
|
||||||
|
|
||||||
use constant afterDatas => 'changeUrldc';
|
use constant afterData => 'changeUrldc';
|
||||||
use constant forAuthUser => 'changeUrldc';
|
use constant forAuthUser => 'changeUrldc';
|
||||||
|
|
||||||
sub init { 1 }
|
sub init { 1 }
|
||||||
|
|
|
@ -42,7 +42,7 @@ sub check {
|
||||||
if ( my $user = $req->param('user') and my $pwd = $req->param('password') )
|
if ( my $user = $req->param('user') and my $pwd = $req->param('password') )
|
||||||
{
|
{
|
||||||
$req->user($user);
|
$req->user($user);
|
||||||
$req->datas->{password} = $pwd;
|
$req->data->{password} = $pwd;
|
||||||
|
|
||||||
# Not launched methods:
|
# Not launched methods:
|
||||||
# - "extractFormInfo" due to "token"
|
# - "extractFormInfo" due to "token"
|
||||||
|
@ -51,11 +51,11 @@ sub check {
|
||||||
[
|
[
|
||||||
'getUser',
|
'getUser',
|
||||||
'authenticate',
|
'authenticate',
|
||||||
@{ $self->p->betweenAuthAndDatas },
|
@{ $self->p->betweenAuthAndData },
|
||||||
qw( setAuthSessionInfo setSessionInfo setMacros setGroups
|
qw( setAuthSessionInfo setSessionInfo setMacros setGroups
|
||||||
setPersistentSessionInfo setLocalGroups store secondFactor
|
setPersistentSessionInfo setLocalGroups store secondFactor
|
||||||
storeHistory),
|
storeHistory),
|
||||||
@{ $self->p->afterDatas }
|
@{ $self->p->afterData }
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
if ( $res = $self->p->process( $req, ) ) {
|
if ( $res = $self->p->process( $req, ) ) {
|
||||||
|
|
|
@ -11,7 +11,7 @@ our $VERSION = '2.0.0';
|
||||||
|
|
||||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
|
|
||||||
use constant afterDatas => 'grantSession';
|
use constant afterData => 'grantSession';
|
||||||
|
|
||||||
has rules => ( is => 'rw', default => sub { {} } );
|
has rules => ( is => 'rw', default => sub { {} } );
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||||
|
|
||||||
# INITIALIZATION
|
# INITIALIZATION
|
||||||
|
|
||||||
sub afterDatas { 'run' }
|
sub afterData { 'run' }
|
||||||
|
|
||||||
sub init { 1 }
|
sub init { 1 }
|
||||||
|
|
||||||
|
|
|
@ -93,7 +93,7 @@ sub _reset {
|
||||||
}
|
}
|
||||||
|
|
||||||
# FIRST FORM
|
# FIRST FORM
|
||||||
$mailToken = $req->datas->{mailToken} = $req->param('mail_token');
|
$mailToken = $req->data->{mailToken} = $req->param('mail_token');
|
||||||
unless ( $req->param('mail') || $mailToken ) {
|
unless ( $req->param('mail') || $mailToken ) {
|
||||||
$self->setSecurity($req);
|
$self->setSecurity($req);
|
||||||
return PE_MAILFIRSTACCESS if ( $req->method eq 'GET' );
|
return PE_MAILFIRSTACCESS if ( $req->method eq 'GET' );
|
||||||
|
@ -114,7 +114,7 @@ sub _reset {
|
||||||
}
|
}
|
||||||
|
|
||||||
$req->{user} = $mailSession->data->{user};
|
$req->{user} = $mailSession->data->{user};
|
||||||
$req->datas->{mailAddress} =
|
$req->data->{mailAddress} =
|
||||||
$mailSession->data->{ $self->conf->{mailSessionKey} };
|
$mailSession->data->{ $self->conf->{mailSessionKey} };
|
||||||
$self->logger->debug( 'User associated to: ' . $req->{user} );
|
$self->logger->debug( 'User associated to: ' . $req->{user} );
|
||||||
$mailSession->remove;
|
$mailSession->remove;
|
||||||
|
@ -197,9 +197,9 @@ sub _reset {
|
||||||
my $mailTimeout =
|
my $mailTimeout =
|
||||||
$self->conf->{mailTimeout} || $self->conf->{timeout};
|
$self->conf->{mailTimeout} || $self->conf->{timeout};
|
||||||
my $expTimestamp = time() + $mailTimeout;
|
my $expTimestamp = time() + $mailTimeout;
|
||||||
$req->datas->{expMailDate} =
|
$req->data->{expMailDate} =
|
||||||
strftime( "%d/%m/%Y", localtime $expTimestamp );
|
strftime( "%d/%m/%Y", localtime $expTimestamp );
|
||||||
$req->datas->{expMailTime} =
|
$req->data->{expMailTime} =
|
||||||
strftime( "%H:%M", localtime $expTimestamp );
|
strftime( "%H:%M", localtime $expTimestamp );
|
||||||
return PE_MAILCONFIRMOK;
|
return PE_MAILCONFIRMOK;
|
||||||
}
|
}
|
||||||
|
@ -246,7 +246,7 @@ sub _reset {
|
||||||
}
|
}
|
||||||
elsif ($mailSession) {
|
elsif ($mailSession) {
|
||||||
$self->logger->debug( 'Mail session found: ' . $mailSession->id );
|
$self->logger->debug( 'Mail session found: ' . $mailSession->id );
|
||||||
$req->datas->{mailAlreadySent} = 1;
|
$req->data->{mailAlreadySent} = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Send confirmation mail
|
# Send confirmation mail
|
||||||
|
@ -257,22 +257,22 @@ sub _reset {
|
||||||
|
|
||||||
$self->logger->debug("Mail expiration timestamp: $expTimestamp");
|
$self->logger->debug("Mail expiration timestamp: $expTimestamp");
|
||||||
|
|
||||||
$req->datas->{expMailDate} =
|
$req->data->{expMailDate} =
|
||||||
strftime( "%d/%m/%Y", localtime $expTimestamp );
|
strftime( "%d/%m/%Y", localtime $expTimestamp );
|
||||||
$req->datas->{expMailTime} =
|
$req->data->{expMailTime} =
|
||||||
strftime( "%H:%M", localtime $expTimestamp );
|
strftime( "%H:%M", localtime $expTimestamp );
|
||||||
|
|
||||||
# Mail session start date
|
# Mail session start date
|
||||||
my $startTimestamp = $mailSession->data->{mailSessionStartTimestamp};
|
my $startTimestamp = $mailSession->data->{mailSessionStartTimestamp};
|
||||||
|
|
||||||
$self->logger->debug("Mail start timestamp: $startTimestamp");
|
$self->logger->debug("Mail start timestamp: $startTimestamp");
|
||||||
$req->datas->{startMailDate} =
|
$req->data->{startMailDate} =
|
||||||
strftime( "%d/%m/%Y", localtime $startTimestamp );
|
strftime( "%d/%m/%Y", localtime $startTimestamp );
|
||||||
$req->datas->{startMailTime} =
|
$req->data->{startMailTime} =
|
||||||
strftime( "%H:%M", localtime $startTimestamp );
|
strftime( "%H:%M", localtime $startTimestamp );
|
||||||
|
|
||||||
# Ask if user want another confirmation email
|
# Ask if user want another confirmation email
|
||||||
if ( $req->datas->{mailAlreadySent}
|
if ( $req->data->{mailAlreadySent}
|
||||||
and !$req->param('resendconfirmation') )
|
and !$req->param('resendconfirmation') )
|
||||||
{
|
{
|
||||||
$self->userLogger->notice(
|
$self->userLogger->notice(
|
||||||
|
@ -283,10 +283,10 @@ sub _reset {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Get mail address
|
# Get mail address
|
||||||
$req->datas->{mailAddress} ||=
|
$req->data->{mailAddress} ||=
|
||||||
$self->p->getFirstValue(
|
$self->p->getFirstValue(
|
||||||
$req->{sessionInfo}->{ $self->conf->{mailSessionKey} } );
|
$req->{sessionInfo}->{ $self->conf->{mailSessionKey} } );
|
||||||
return PE_MAILERROR unless ( $req->datas->{mailAddress} );
|
return PE_MAILERROR unless ( $req->data->{mailAddress} );
|
||||||
|
|
||||||
# Build confirmation url
|
# Build confirmation url
|
||||||
my $url =
|
my $url =
|
||||||
|
@ -294,7 +294,7 @@ sub _reset {
|
||||||
. build_urlencoded(
|
. build_urlencoded(
|
||||||
mail_token => $req->{id},
|
mail_token => $req->{id},
|
||||||
skin => $self->p->getSkin($req),
|
skin => $self->p->getSkin($req),
|
||||||
( $req->datas->{_url} ? ( url => $req->datas->{_url} ) : () ),
|
( $req->data->{_url} ? ( url => $req->data->{_url} ) : () ),
|
||||||
);
|
);
|
||||||
|
|
||||||
# Build mail content
|
# Build mail content
|
||||||
|
@ -319,15 +319,15 @@ sub _reset {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Replace variables in body
|
# Replace variables in body
|
||||||
$body =~ s/\$expMailDate/$req->datas->{expMailDate}/ge;
|
$body =~ s/\$expMailDate/$req->data->{expMailDate}/ge;
|
||||||
$body =~ s/\$expMailTime/$req->datas->{expMailTime}/ge;
|
$body =~ s/\$expMailTime/$req->data->{expMailTime}/ge;
|
||||||
$body =~ s/\$url/$url/g;
|
$body =~ s/\$url/$url/g;
|
||||||
$body =~ s/\$(\w+)/$req->{sessionInfo}->{$1} || ''/ge;
|
$body =~ s/\$(\w+)/$req->{sessionInfo}->{$1} || ''/ge;
|
||||||
|
|
||||||
# Send mail
|
# Send mail
|
||||||
unless (
|
unless (
|
||||||
$self->send_mail(
|
$self->send_mail(
|
||||||
$req->datas->{mailAddress},
|
$req->data->{mailAddress},
|
||||||
$subject, $body, $html
|
$subject, $body, $html
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
@ -383,18 +383,18 @@ sub changePwd {
|
||||||
|
|
||||||
$self->logger->debug( "Generated password: " . $password );
|
$self->logger->debug( "Generated password: " . $password );
|
||||||
|
|
||||||
$req->datas->{newpassword} = $password;
|
$req->data->{newpassword} = $password;
|
||||||
$req->datas->{confirmpassword} = $password;
|
$req->data->{confirmpassword} = $password;
|
||||||
$req->datas->{forceReset} = 1;
|
$req->data->{forceReset} = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Else a password is required in request
|
# Else a password is required in request
|
||||||
else {
|
else {
|
||||||
$req->datas->{newpassword} = $req->param('newpassword');
|
$req->data->{newpassword} = $req->param('newpassword');
|
||||||
$req->datas->{confirmpassword} = $req->param('confirmpassword');
|
$req->data->{confirmpassword} = $req->param('confirmpassword');
|
||||||
unless ($req->datas->{newpassword}
|
unless ($req->data->{newpassword}
|
||||||
and $req->datas->{confirmpassword}
|
and $req->data->{confirmpassword}
|
||||||
and $req->datas->{newpassword} eq $req->datas->{confirmpassword} )
|
and $req->data->{newpassword} eq $req->data->{confirmpassword} )
|
||||||
{
|
{
|
||||||
$self->ott->setToken( $req, $req->sessionInfo );
|
$self->ott->setToken( $req, $req->sessionInfo );
|
||||||
return PE_PASSWORDFORMEMPTY;
|
return PE_PASSWORDFORMEMPTY;
|
||||||
|
@ -412,7 +412,7 @@ sub changePwd {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Send mail containing the new password
|
# Send mail containing the new password
|
||||||
$req->datas->{mailAddress} ||=
|
$req->data->{mailAddress} ||=
|
||||||
$self->p->getFirstValue(
|
$self->p->getFirstValue(
|
||||||
$req->{sessionInfo}->{ $self->conf->{mailSessionKey} } );
|
$req->{sessionInfo}->{ $self->conf->{mailSessionKey} } );
|
||||||
|
|
||||||
|
@ -438,13 +438,13 @@ sub changePwd {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Replace variables in body
|
# Replace variables in body
|
||||||
my $password = $req->datas->{newpassword};
|
my $password = $req->data->{newpassword};
|
||||||
$body =~ s/\$password/$password/g;
|
$body =~ s/\$password/$password/g;
|
||||||
$body =~ s/\$(\w+)/$req->{sessionInfo}->{$1} || ''/ge;
|
$body =~ s/\$(\w+)/$req->{sessionInfo}->{$1} || ''/ge;
|
||||||
|
|
||||||
# Send mail
|
# Send mail
|
||||||
return PE_MAILERROR
|
return PE_MAILERROR
|
||||||
unless $self->send_mail( $req->datas->{mailAddress}, $subject, $body,
|
unless $self->send_mail( $req->data->{mailAddress}, $subject, $body,
|
||||||
$html );
|
$html );
|
||||||
|
|
||||||
PE_MAILOK;
|
PE_MAILOK;
|
||||||
|
@ -469,13 +469,13 @@ sub display {
|
||||||
SKIN_BG => $self->conf->{portalSkinBackground},
|
SKIN_BG => $self->conf->{portalSkinBackground},
|
||||||
AUTH_ERROR => $req->error,
|
AUTH_ERROR => $req->error,
|
||||||
AUTH_ERROR_TYPE => $req->error_type,
|
AUTH_ERROR_TYPE => $req->error_type,
|
||||||
AUTH_URL => $req->datas->{_url},
|
AUTH_URL => $req->data->{_url},
|
||||||
CHOICE_VALUE => $req->{_authChoice},
|
CHOICE_VALUE => $req->{_authChoice},
|
||||||
EXPMAILDATE => $req->datas->{expMailDate},
|
EXPMAILDATE => $req->data->{expMailDate},
|
||||||
EXPMAILTIME => $req->datas->{expMailTime},
|
EXPMAILTIME => $req->data->{expMailTime},
|
||||||
STARTMAILDATE => $req->datas->{startMailDate},
|
STARTMAILDATE => $req->data->{startMailDate},
|
||||||
STARTMAILTIME => $req->datas->{startMailTime},
|
STARTMAILTIME => $req->data->{startMailTime},
|
||||||
MAILALREADYSENT => $req->datas->{mailAlreadySent},
|
MAILALREADYSENT => $req->data->{mailAlreadySent},
|
||||||
MAIL => (
|
MAIL => (
|
||||||
$self->p->checkXSSAttack( 'mail', $req->{user} )
|
$self->p->checkXSSAttack( 'mail', $req->{user} )
|
||||||
? ""
|
? ""
|
||||||
|
@ -487,11 +487,11 @@ sub display {
|
||||||
DISPLAY_MAILSENT => 0,
|
DISPLAY_MAILSENT => 0,
|
||||||
DISPLAY_PASSWORD_FORM => 0,
|
DISPLAY_PASSWORD_FORM => 0,
|
||||||
);
|
);
|
||||||
if ( $req->datas->{mailToken}
|
if ( $req->data->{mailToken}
|
||||||
and !$self->p->checkXSSAttack( 'mail_token', $req->datas->{mailToken} )
|
and !$self->p->checkXSSAttack( 'mail_token', $req->data->{mailToken} )
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
$tplPrm{MAIL_TOKEN} = $req->datas->{mailToken};
|
$tplPrm{MAIL_TOKEN} = $req->data->{mailToken};
|
||||||
}
|
}
|
||||||
|
|
||||||
# Display captcha if it's enabled
|
# Display captcha if it's enabled
|
||||||
|
@ -512,7 +512,7 @@ sub display {
|
||||||
or $req->error == PE_CAPTCHAERROR
|
or $req->error == PE_CAPTCHAERROR
|
||||||
or $req->error == PE_CAPTCHAEMPTY
|
or $req->error == PE_CAPTCHAEMPTY
|
||||||
)
|
)
|
||||||
and !$req->datas->{mailToken}
|
and !$req->data->{mailToken}
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
$self->logger->debug('Display form');
|
$self->logger->debug('Display form');
|
||||||
|
@ -538,7 +538,7 @@ sub display {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Display password change form
|
# Display password change form
|
||||||
elsif ( $req->datas->{mailToken}
|
elsif ( $req->data->{mailToken}
|
||||||
and $req->error != PE_MAILERROR
|
and $req->error != PE_MAILERROR
|
||||||
and $req->error != PE_BADMAILTOKEN
|
and $req->error != PE_BADMAILTOKEN
|
||||||
and $req->error != PE_MAILOK )
|
and $req->error != PE_MAILOK )
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
# * a new route "/notifback" for checking accepted notifications
|
# * a new route "/notifback" for checking accepted notifications
|
||||||
# (sub getNotifBack). It launch then autoRedirect() with "mustRedirect"
|
# (sub getNotifBack). It launch then autoRedirect() with "mustRedirect"
|
||||||
# set to 1 because underlying handler has not seen user as authenticated
|
# set to 1 because underlying handler has not seen user as authenticated
|
||||||
# so datas are not set;
|
# so data are not set;
|
||||||
# * a callback inserted in process steps after authentication process,
|
# * a callback inserted in process steps after authentication process,
|
||||||
# This callback launches checkForNotifications to get notification and
|
# This callback launches checkForNotifications to get notification and
|
||||||
# cipher LemonLDAP::NG cookies.
|
# cipher LemonLDAP::NG cookies.
|
||||||
|
@ -26,7 +26,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
# INTERFACE
|
# INTERFACE
|
||||||
|
|
||||||
# Declare additional process steps
|
# Declare additional process steps
|
||||||
sub afterDatas { 'checkNotifDuringAuth' }
|
sub afterData { 'checkNotifDuringAuth' }
|
||||||
|
|
||||||
# For now, notifications are done only during authentication process
|
# For now, notifications are done only during authentication process
|
||||||
#sub forAuthUser { 'checkNotifForAuthUser' }
|
#sub forAuthUser { 'checkNotifForAuthUser' }
|
||||||
|
@ -109,14 +109,14 @@ sub init {
|
||||||
sub checkNotifDuringAuth {
|
sub checkNotifDuringAuth {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
eval {
|
eval {
|
||||||
$req->{datas}->{notification} =
|
$req->{data}->{notification} =
|
||||||
$self->module->checkForNotifications($req);
|
$self->module->checkForNotifications($req);
|
||||||
};
|
};
|
||||||
if ($@) {
|
if ($@) {
|
||||||
$self->logger->error($@);
|
$self->logger->error($@);
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
if ( $req->{datas}->{notification} ) {
|
if ( $req->{data}->{notification} ) {
|
||||||
$self->p->rebuildCookies($req);
|
$self->p->rebuildCookies($req);
|
||||||
|
|
||||||
# Restore and cipher cookies
|
# Restore and cipher cookies
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
#
|
#
|
||||||
# This plugin adds the following entry points:
|
# This plugin adds the following entry points:
|
||||||
# - Sessions backend (if restSessionServer is on)
|
# - Sessions backend (if restSessionServer is on)
|
||||||
# * GET /sessions/<type>/<session-id> : get session datas
|
# * GET /sessions/<type>/<session-id> : get session data
|
||||||
# * GET /sessions/<type>/<session-id>/<key> : get a session key value
|
# * GET /sessions/<type>/<session-id>/<key> : get a session key value
|
||||||
# * GET /sessions/<type>/<session-id>/[k1,k2] : get some session key value
|
# * GET /sessions/<type>/<session-id>/[k1,k2] : get some session key value
|
||||||
# * POST /sessions/<type> : create a session
|
# * POST /sessions/<type> : create a session
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
# * DELETE /sessions/<type>/<session-id> : delete a session
|
# * DELETE /sessions/<type>/<session-id> : delete a session
|
||||||
#
|
#
|
||||||
# - Sessions for connected users (if restSessionServer is on):
|
# - Sessions for connected users (if restSessionServer is on):
|
||||||
# * GET /session/my/<type> : get session datas
|
# * GET /session/my/<type> : get session data
|
||||||
# * GET /session/my/<type>/key : get session key
|
# * GET /session/my/<type>/key : get session key
|
||||||
# * DELETE /session/my : ask for logout
|
# * DELETE /session/my : ask for logout
|
||||||
#
|
#
|
||||||
|
@ -229,14 +229,14 @@ sub newAuthSession {
|
||||||
$req->{id} = $id;
|
$req->{id} = $id;
|
||||||
$req->{force} = 1;
|
$req->{force} = 1;
|
||||||
$req->user( $req->param('user') );
|
$req->user( $req->param('user') );
|
||||||
$req->datas->{password} = $req->param('password');
|
$req->data->{password} = $req->param('password');
|
||||||
$req->steps(
|
$req->steps(
|
||||||
[
|
[
|
||||||
@{ $self->p->beforeAuth },
|
@{ $self->p->beforeAuth },
|
||||||
qw(getUser authenticate setAuthSessionInfo),
|
qw(getUser authenticate setAuthSessionInfo),
|
||||||
@{ $self->p->betweenAuthAndDatas },
|
@{ $self->p->betweenAuthAndData },
|
||||||
$self->p->sessionDatas,
|
$self->p->sessionData,
|
||||||
@{ $self->p->afterDatas },
|
@{ $self->p->afterData },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
$req->{error} = $self->p->process($req);
|
$req->{error} = $self->p->process($req);
|
||||||
|
|
|
@ -125,25 +125,25 @@ sub _register {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Get register token (mail link)
|
# Get register token (mail link)
|
||||||
$req->datas->{register_token} = $req->param('register_token');
|
$req->data->{register_token} = $req->param('register_token');
|
||||||
|
|
||||||
# If a register token is present, find the corresponding info
|
# If a register token is present, find the corresponding info
|
||||||
if ( $req->datas->{register_token} ) {
|
if ( $req->data->{register_token} ) {
|
||||||
|
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
"Token given for register: " . $req->datas->{register_token} );
|
"Token given for register: " . $req->data->{register_token} );
|
||||||
|
|
||||||
# Get the corresponding session
|
# Get the corresponding session
|
||||||
if ( my $datas =
|
if ( my $data =
|
||||||
$self->mailott->getToken( $req->datas->{register_token} ) )
|
$self->mailott->getToken( $req->data->{register_token} ) )
|
||||||
{
|
{
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
'Token ' . $req->datas->{register_token} . ' found' );
|
'Token ' . $req->data->{register_token} . ' found' );
|
||||||
foreach (qw(mail firstname lastname ipAddr)) {
|
foreach (qw(mail firstname lastname ipAddr)) {
|
||||||
$req->datas->{registerInfo}->{$_} = $datas->{$_};
|
$req->data->{registerInfo}->{$_} = $data->{$_};
|
||||||
}
|
}
|
||||||
$self->logger->debug( "User associated to token: "
|
$self->logger->debug( "User associated to token: "
|
||||||
. $req->datas->{registerInfo}->{mail} );
|
. $req->data->{registerInfo}->{mail} );
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return PE_BADMAILTOKEN;
|
return PE_BADMAILTOKEN;
|
||||||
|
@ -154,15 +154,15 @@ sub _register {
|
||||||
else {
|
else {
|
||||||
|
|
||||||
# Use submitted value
|
# Use submitted value
|
||||||
$req->datas->{registerInfo}->{mail} = $req->param('mail');
|
$req->data->{registerInfo}->{mail} = $req->param('mail');
|
||||||
$req->datas->{registerInfo}->{firstname} = $req->param('firstname');
|
$req->data->{registerInfo}->{firstname} = $req->param('firstname');
|
||||||
$req->datas->{registerInfo}->{lastname} = $req->param('lastname');
|
$req->data->{registerInfo}->{lastname} = $req->param('lastname');
|
||||||
$req->datas->{registerInfo}->{ipAddr} = $req->address;
|
$req->data->{registerInfo}->{ipAddr} = $req->address;
|
||||||
|
|
||||||
# Check captcha/token only if register session does not already exist
|
# Check captcha/token only if register session does not already exist
|
||||||
if ( $req->datas->{registerInfo}->{mail}
|
if ( $req->data->{registerInfo}->{mail}
|
||||||
and
|
and
|
||||||
!$self->getRegisterSession( $req->datas->{registerInfo}->{mail} ) )
|
!$self->getRegisterSession( $req->data->{registerInfo}->{mail} ) )
|
||||||
{
|
{
|
||||||
# Check if token exists
|
# Check if token exists
|
||||||
my $token;
|
my $token;
|
||||||
|
@ -211,12 +211,12 @@ sub _register {
|
||||||
|
|
||||||
# Check mail
|
# Check mail
|
||||||
return PE_MALFORMEDUSER
|
return PE_MALFORMEDUSER
|
||||||
unless ( $req->datas->{registerInfo}->{mail} =~
|
unless ( $req->data->{registerInfo}->{mail} =~
|
||||||
m/$self->{conf}->{userControl}/o );
|
m/$self->{conf}->{userControl}/o );
|
||||||
|
|
||||||
# Search for user using UserDB module
|
# Search for user using UserDB module
|
||||||
# If the user already exists, register is forbidden
|
# If the user already exists, register is forbidden
|
||||||
$req->user( $req->datas->{registerInfo}->{mail} );
|
$req->user( $req->data->{registerInfo}->{mail} );
|
||||||
if ( $self->p->_userDB->getUser( $req, useMail => 1 ) == PE_OK ) {
|
if ( $self->p->_userDB->getUser( $req, useMail => 1 ) == PE_OK ) {
|
||||||
$self->userLogger->error(
|
$self->userLogger->error(
|
||||||
"Register: refuse mail $req->{mail} because already exists in UserDB"
|
"Register: refuse mail $req->{mail} because already exists in UserDB"
|
||||||
|
@ -224,20 +224,20 @@ sub _register {
|
||||||
return PE_REGISTERALREADYEXISTS;
|
return PE_REGISTERALREADYEXISTS;
|
||||||
}
|
}
|
||||||
my $register_session =
|
my $register_session =
|
||||||
$self->getRegisterSession( $req->datas->{registerInfo}->{mail} );
|
$self->getRegisterSession( $req->data->{registerInfo}->{mail} );
|
||||||
$req->datas->{mail_already_sent} =
|
$req->data->{mail_already_sent} =
|
||||||
( $register_session and !$req->id ) ? 1 : 0;
|
( $register_session and !$req->id ) ? 1 : 0;
|
||||||
|
|
||||||
# Skip this step if confirmation was already sent
|
# Skip this step if confirmation was already sent
|
||||||
unless ( $req->datas->{register_token} or $register_session ) {
|
unless ( $req->data->{register_token} or $register_session ) {
|
||||||
|
|
||||||
# Create mail token
|
# Create mail token
|
||||||
$register_session = $self->mailott->createToken(
|
$register_session = $self->mailott->createToken(
|
||||||
{
|
{
|
||||||
mail => $req->datas->{registerInfo}->{mail},
|
mail => $req->data->{registerInfo}->{mail},
|
||||||
firstname => $req->datas->{registerInfo}->{firstname},
|
firstname => $req->data->{registerInfo}->{firstname},
|
||||||
lastname => $req->datas->{registerInfo}->{lastname},
|
lastname => $req->data->{registerInfo}->{lastname},
|
||||||
ipAddr => $req->datas->{registerInfo}->{ipAddr},
|
ipAddr => $req->data->{registerInfo}->{ipAddr},
|
||||||
_type => 'register',
|
_type => 'register',
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
@ -247,7 +247,7 @@ sub _register {
|
||||||
# Send confirmation mail
|
# Send confirmation mail
|
||||||
|
|
||||||
# Skip this step if user clicked on the confirmation link
|
# Skip this step if user clicked on the confirmation link
|
||||||
unless ( $req->datas->{register_token} ) {
|
unless ( $req->data->{register_token} ) {
|
||||||
|
|
||||||
# Check if confirmation mail has already been sent
|
# Check if confirmation mail has already been sent
|
||||||
$self->logger->debug('No register_token');
|
$self->logger->debug('No register_token');
|
||||||
|
@ -263,9 +263,9 @@ sub _register {
|
||||||
|
|
||||||
$self->logger->debug("Register expiration timestamp: $expTimestamp");
|
$self->logger->debug("Register expiration timestamp: $expTimestamp");
|
||||||
|
|
||||||
$req->datas->{expMailDate} =
|
$req->data->{expMailDate} =
|
||||||
strftime( "%d/%m/%Y", localtime $expTimestamp );
|
strftime( "%d/%m/%Y", localtime $expTimestamp );
|
||||||
$req->datas->{expMailTime} =
|
$req->data->{expMailTime} =
|
||||||
strftime( "%H:%M", localtime $expTimestamp );
|
strftime( "%H:%M", localtime $expTimestamp );
|
||||||
|
|
||||||
# Mail session start date
|
# Mail session start date
|
||||||
|
@ -273,13 +273,13 @@ sub _register {
|
||||||
|
|
||||||
$self->logger->debug("Register start timestamp: $startTimestamp");
|
$self->logger->debug("Register start timestamp: $startTimestamp");
|
||||||
|
|
||||||
$req->datas->{startMailDate} =
|
$req->data->{startMailDate} =
|
||||||
strftime( "%d/%m/%Y", localtime $startTimestamp );
|
strftime( "%d/%m/%Y", localtime $startTimestamp );
|
||||||
$req->datas->{startMailTime} =
|
$req->data->{startMailTime} =
|
||||||
strftime( "%H:%M", localtime $startTimestamp );
|
strftime( "%H:%M", localtime $startTimestamp );
|
||||||
|
|
||||||
# Ask if user want another confirmation email
|
# Ask if user want another confirmation email
|
||||||
if ( $req->datas->{mail_already_sent}
|
if ( $req->data->{mail_already_sent}
|
||||||
and !$req->param('resendconfirmation') )
|
and !$req->param('resendconfirmation') )
|
||||||
{
|
{
|
||||||
return PE_MAILCONFIRMATION_ALREADY_SENT;
|
return PE_MAILCONFIRMATION_ALREADY_SENT;
|
||||||
|
@ -291,7 +291,7 @@ sub _register {
|
||||||
. build_urlencoded(
|
. build_urlencoded(
|
||||||
register_token => $req->{id},
|
register_token => $req->{id},
|
||||||
skin => $self->p->getSkin($req),
|
skin => $self->p->getSkin($req),
|
||||||
( $req->datas->{_url} ? ( url => $req->datas->{_url} ) : () ),
|
( $req->data->{_url} ? ( url => $req->data->{_url} ) : () ),
|
||||||
);
|
);
|
||||||
|
|
||||||
# Build mail content
|
# Build mail content
|
||||||
|
@ -308,14 +308,14 @@ sub _register {
|
||||||
$body = $self->loadTemplate( 'mail_register_confirm', filter => $tr );
|
$body = $self->loadTemplate( 'mail_register_confirm', filter => $tr );
|
||||||
|
|
||||||
# Replace variables in body
|
# Replace variables in body
|
||||||
$body =~ s/\$expMailDate/$req->datas->{expMailDate}/g;
|
$body =~ s/\$expMailDate/$req->data->{expMailDate}/g;
|
||||||
$body =~ s/\$expMailTime/$req->datas->{expMailTime}/g;
|
$body =~ s/\$expMailTime/$req->data->{expMailTime}/g;
|
||||||
$body =~ s/\$url/$url/g;
|
$body =~ s/\$url/$url/g;
|
||||||
$body =~ s/\$(\w+)/$req->datas->{registerInfo}->{$1}/eg;
|
$body =~ s/\$(\w+)/$req->data->{registerInfo}->{$1}/eg;
|
||||||
|
|
||||||
# Send mail
|
# Send mail
|
||||||
return PE_MAILERROR
|
return PE_MAILERROR
|
||||||
unless $self->send_mail( $req->datas->{registerInfo}->{mail},
|
unless $self->send_mail( $req->data->{registerInfo}->{mail},
|
||||||
$subject, $body, $html );
|
$subject, $body, $html );
|
||||||
|
|
||||||
$self->logger->debug('Register message sent');
|
$self->logger->debug('Register message sent');
|
||||||
|
@ -327,24 +327,24 @@ sub _register {
|
||||||
|
|
||||||
$self->logger->debug( "Generated password: " . $password );
|
$self->logger->debug( "Generated password: " . $password );
|
||||||
|
|
||||||
$req->datas->{registerInfo}->{password} = $password;
|
$req->data->{registerInfo}->{password} = $password;
|
||||||
$req->datas->{forceReset} = 1;
|
$req->data->{forceReset} = 1;
|
||||||
|
|
||||||
# Find a login
|
# Find a login
|
||||||
my $result = $self->registerModule->computeLogin($req);
|
my $result = $self->registerModule->computeLogin($req);
|
||||||
unless ( $result == PE_OK ) {
|
unless ( $result == PE_OK ) {
|
||||||
$self->logger->error( "Could not compute login for "
|
$self->logger->error( "Could not compute login for "
|
||||||
. $req->datas->{registerInfo}->{mail} );
|
. $req->data->{registerInfo}->{mail} );
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create user
|
# Create user
|
||||||
$self->logger->debug(
|
$self->logger->debug(
|
||||||
'Create new user ' . $req->datas->{registerInfo}->{login} );
|
'Create new user ' . $req->data->{registerInfo}->{login} );
|
||||||
$result = $self->registerModule->createUser($req);
|
$result = $self->registerModule->createUser($req);
|
||||||
unless ( $result == PE_OK ) {
|
unless ( $result == PE_OK ) {
|
||||||
$self->logger->error(
|
$self->logger->error(
|
||||||
"Could not create user " . $req->datas->{registerInfo}->{login} );
|
"Could not create user " . $req->data->{registerInfo}->{login} );
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -367,16 +367,16 @@ sub _register {
|
||||||
$url .= '/?'
|
$url .= '/?'
|
||||||
. build_urlencoded(
|
. build_urlencoded(
|
||||||
skin => $self->p->getSkin($req),
|
skin => $self->p->getSkin($req),
|
||||||
( $req->datas->{_url} ? ( url => $req->datas->{_url} ) : () ),
|
( $req->data->{_url} ? ( url => $req->data->{_url} ) : () ),
|
||||||
);
|
);
|
||||||
|
|
||||||
# Replace variables in body
|
# Replace variables in body
|
||||||
$body =~ s/\$url/$url/g;
|
$body =~ s/\$url/$url/g;
|
||||||
$body =~ s/\$(\w+)/$req->datas->{registerInfo}->{$1}/ge;
|
$body =~ s/\$(\w+)/$req->data->{registerInfo}->{$1}/ge;
|
||||||
|
|
||||||
# Send mail
|
# Send mail
|
||||||
return PE_MAILERROR
|
return PE_MAILERROR
|
||||||
unless $self->send_mail( $req->datas->{registerInfo}->{mail},
|
unless $self->send_mail( $req->data->{registerInfo}->{mail},
|
||||||
$subject, $body, $html );
|
$subject, $body, $html );
|
||||||
|
|
||||||
return PE_MAILOK;
|
return PE_MAILOK;
|
||||||
|
@ -390,26 +390,26 @@ sub display {
|
||||||
SKIN_BG => $self->conf->{portalSkinBackground},
|
SKIN_BG => $self->conf->{portalSkinBackground},
|
||||||
AUTH_ERROR => $req->error,
|
AUTH_ERROR => $req->error,
|
||||||
AUTH_ERROR_TYPE => $req->error_type,
|
AUTH_ERROR_TYPE => $req->error_type,
|
||||||
AUTH_URL => $req->datas->{_url},
|
AUTH_URL => $req->data->{_url},
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
CHOICE_VALUE => $req->data->{_authChoice},
|
||||||
EXPMAILDATE => $req->datas->{expMailDate},
|
EXPMAILDATE => $req->data->{expMailDate},
|
||||||
EXPMAILTIME => $req->datas->{expMailTime},
|
EXPMAILTIME => $req->data->{expMailTime},
|
||||||
STARTMAILDATE => $req->datas->{startMailDate},
|
STARTMAILDATE => $req->data->{startMailDate},
|
||||||
STARTMAILTIME => $req->datas->{startMailTime},
|
STARTMAILTIME => $req->data->{startMailTime},
|
||||||
MAILALREADYSENT => $req->datas->{mail_already_sent},
|
MAILALREADYSENT => $req->data->{mail_already_sent},
|
||||||
MAIL => $self->p->checkXSSAttack( 'mail',
|
MAIL => $self->p->checkXSSAttack( 'mail',
|
||||||
$req->datas->{registerInfo}->{mail} ) ? ""
|
$req->data->{registerInfo}->{mail} ) ? ""
|
||||||
: $req->datas->{registerInfo}->{mail},
|
: $req->data->{registerInfo}->{mail},
|
||||||
FIRSTNAME => $self->p->checkXSSAttack( 'firstname',
|
FIRSTNAME => $self->p->checkXSSAttack( 'firstname',
|
||||||
$req->datas->{registerInfo}->{firstname} ) ? ""
|
$req->data->{registerInfo}->{firstname} ) ? ""
|
||||||
: $req->datas->{registerInfo}->{firstname},
|
: $req->data->{registerInfo}->{firstname},
|
||||||
LASTNAME => $self->p->checkXSSAttack( 'lastname',
|
LASTNAME => $self->p->checkXSSAttack( 'lastname',
|
||||||
$req->datas->{registerInfo}->{lastname} ) ? ""
|
$req->data->{registerInfo}->{lastname} ) ? ""
|
||||||
: $req->datas->{registerInfo}->{lastname},
|
: $req->data->{registerInfo}->{lastname},
|
||||||
REGISTER_TOKEN => $self->p->checkXSSAttack( 'register_token',
|
REGISTER_TOKEN => $self->p->checkXSSAttack( 'register_token',
|
||||||
$req->datas->{register_token} ) ? ""
|
$req->data->{register_token} ) ? ""
|
||||||
: $req->datas->{register_token},
|
: $req->data->{register_token},
|
||||||
);
|
);
|
||||||
|
|
||||||
# Display form the first time
|
# Display form the first time
|
||||||
|
|
|
@ -159,7 +159,7 @@ sub getCookies {
|
||||||
$self->logger->debug("SOAP authentication request for $user");
|
$self->logger->debug("SOAP authentication request for $user");
|
||||||
|
|
||||||
$req->{user} = $user;
|
$req->{user} = $user;
|
||||||
$req->datas->{password} = $password;
|
$req->data->{password} = $password;
|
||||||
if ($sessionid) {
|
if ($sessionid) {
|
||||||
$req->{id} = $sessionid;
|
$req->{id} = $sessionid;
|
||||||
$req->{force} = 1;
|
$req->{force} = 1;
|
||||||
|
@ -168,7 +168,7 @@ sub getCookies {
|
||||||
$req->{error} = PE_OK;
|
$req->{error} = PE_OK;
|
||||||
|
|
||||||
# User and password are required
|
# User and password are required
|
||||||
unless ( $req->{user} && $req->datas->{password} ) {
|
unless ( $req->{user} && $req->data->{password} ) {
|
||||||
$req->{error} = PE_FORMEMPTY;
|
$req->{error} = PE_FORMEMPTY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -177,9 +177,9 @@ sub getCookies {
|
||||||
$req->steps(
|
$req->steps(
|
||||||
[
|
[
|
||||||
qw(getUser authenticate setAuthSessionInfo),
|
qw(getUser authenticate setAuthSessionInfo),
|
||||||
@{ $self->p->betweenAuthAndDatas },
|
@{ $self->p->betweenAuthAndData },
|
||||||
$self->p->sessionDatas,
|
$self->p->sessionData,
|
||||||
@{ $self->p->afterDatas },
|
@{ $self->p->afterData },
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
$req->{error} = $self->p->process($req);
|
$req->{error} = $self->p->process($req);
|
||||||
|
@ -255,9 +255,9 @@ sub getAttributes {
|
||||||
return $res;
|
return $res;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Update datas in the session referenced by $id
|
# Update data in the session referenced by $id
|
||||||
# @param $id Id of the session
|
# @param $id Id of the session
|
||||||
# @param $args datas to store
|
# @param $args data to store
|
||||||
|
|
||||||
=begin WSDL
|
=begin WSDL
|
||||||
|
|
||||||
|
@ -425,7 +425,7 @@ sub isAuthorizedURI {
|
||||||
|
|
||||||
##@fn private SOAP::Data _buildSoapHash()
|
##@fn private SOAP::Data _buildSoapHash()
|
||||||
# Serialize a hashref into SOAP::Data. Types are fixed to "string".
|
# Serialize a hashref into SOAP::Data. Types are fixed to "string".
|
||||||
# @return SOAP::Data serialized datas
|
# @return SOAP::Data serialized data
|
||||||
sub _buildSoapHash {
|
sub _buildSoapHash {
|
||||||
my ( $h, @keys ) = @_;
|
my ( $h, @keys ) = @_;
|
||||||
my @tmp = ();
|
my @tmp = ();
|
||||||
|
|
|
@ -9,7 +9,7 @@ our $VERSION = '2.0.0';
|
||||||
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||||
'Lemonldap::NG::Portal::Lib::OtherSessions';
|
'Lemonldap::NG::Portal::Lib::OtherSessions';
|
||||||
|
|
||||||
sub afterDatas { 'run' }
|
sub afterData { 'run' }
|
||||||
|
|
||||||
sub init { 1 }
|
sub init { 1 }
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
|
|
||||||
# INTERFACE
|
# INTERFACE
|
||||||
|
|
||||||
use constant afterDatas => 'newDevice';
|
use constant afterData => 'newDevice';
|
||||||
|
|
||||||
use constant beforeAuth => 'check';
|
use constant beforeAuth => 'check';
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@ sub newDevice {
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Store datas in a long-time session
|
# Store data in a long-time session
|
||||||
sub storeBrowser {
|
sub storeBrowser {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->urldc( $req->param('url') );
|
$req->urldc( $req->param('url') );
|
||||||
|
@ -98,7 +98,7 @@ sub storeBrowser {
|
||||||
_utime => time + $self->timeout,
|
_utime => time + $self->timeout,
|
||||||
_session_uid => $uid,
|
_session_uid => $uid,
|
||||||
_connectedSince => time,
|
_connectedSince => time,
|
||||||
dataKeep => $req->datas->{dataToKeep},
|
dataKeep => $req->data->{dataToKeep},
|
||||||
fingerprint => $fg,
|
fingerprint => $fg,
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
|
@ -153,7 +153,7 @@ sub check {
|
||||||
and my $token = $req->param('token') )
|
and my $token = $req->param('token') )
|
||||||
{
|
{
|
||||||
if ( my $prm = $self->ott->getToken($token) ) {
|
if ( my $prm = $self->ott->getToken($token) ) {
|
||||||
$req->datas->{dataKeep} = $ps->data->{dataKeep};
|
$req->data->{dataKeep} = $ps->data->{dataKeep};
|
||||||
$self->logger->debug('Persistent connection found');
|
$self->logger->debug('Persistent connection found');
|
||||||
if ( $fg eq $ps->data->{fingerprint} ) {
|
if ( $fg eq $ps->data->{fingerprint} ) {
|
||||||
$req->user($uid);
|
$req->user($uid);
|
||||||
|
|
|
@ -72,7 +72,7 @@ sub confirm {
|
||||||
my $res = $self->p->process($req);
|
my $res = $self->p->process($req);
|
||||||
return $self->p->do( $req, [ sub { $res } ] ) if ($res);
|
return $self->p->do( $req, [ sub { $res } ] ) if ($res);
|
||||||
if ( $upg or $req->param('confirm') == 1 ) {
|
if ( $upg or $req->param('confirm') == 1 ) {
|
||||||
$req->datas->{noerror} = 1;
|
$req->data->{noerror} = 1;
|
||||||
$self->p->setHiddenFormValue(
|
$self->p->setHiddenFormValue(
|
||||||
$req,
|
$req,
|
||||||
upgrading => $self->ott->createToken,
|
upgrading => $self->ott->createToken,
|
||||||
|
|
|
@ -15,31 +15,31 @@ sub createUser {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
my $name =
|
my $name =
|
||||||
ucfirst $req->datas->{registerInfo}->{firstname} . " "
|
ucfirst $req->data->{registerInfo}->{firstname} . " "
|
||||||
. uc $req->datas->{registerInfo}->{lastname};
|
. uc $req->data->{registerInfo}->{lastname};
|
||||||
|
|
||||||
my $sn = uc $req->datas->{registerInfo}->{lastname};
|
my $sn = uc $req->data->{registerInfo}->{lastname};
|
||||||
my $gn = ucfirst $req->datas->{registerInfo}->{firstname};
|
my $gn = ucfirst $req->data->{registerInfo}->{firstname};
|
||||||
utf8::decode($sn);
|
utf8::decode($sn);
|
||||||
utf8::decode($gn);
|
utf8::decode($gn);
|
||||||
my $mesg = $self->ldap->add(
|
my $mesg = $self->ldap->add(
|
||||||
"cn=$name," . $self->conf->{ldapBase},
|
"cn=$name," . $self->conf->{ldapBase},
|
||||||
attrs => [
|
attrs => [
|
||||||
objectClass => [qw/top person organizationalPerson user/],
|
objectClass => [qw/top person organizationalPerson user/],
|
||||||
sAMAccountName => $req->datas->{registerInfo}->{login},
|
sAMAccountName => $req->data->{registerInfo}->{login},
|
||||||
cn => $name,
|
cn => $name,
|
||||||
sn => $sn,
|
sn => $sn,
|
||||||
givenName => $gn,
|
givenName => $gn,
|
||||||
unicodePwd => utf8(
|
unicodePwd => utf8(
|
||||||
chr(34) . $req->datas->{registerInfo}->{password} . chr(34)
|
chr(34) . $req->data->{registerInfo}->{password} . chr(34)
|
||||||
)->utf16le(),
|
)->utf16le(),
|
||||||
mail => $req->datas->{registerInfo}->{mail},
|
mail => $req->data->{registerInfo}->{mail},
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
||||||
if ( $mesg->is_error ) {
|
if ( $mesg->is_error ) {
|
||||||
$self->userLogger->error( "Can not create entry for "
|
$self->userLogger->error( "Can not create entry for "
|
||||||
. $req->datas->{registerInfo}->{login} );
|
. $req->data->{registerInfo}->{login} );
|
||||||
$self->logger->error( "LDAP error " . $mesg->error );
|
$self->logger->error( "LDAP error " . $mesg->error );
|
||||||
|
|
||||||
$self->ldap->unbind();
|
$self->ldap->unbind();
|
||||||
|
|
|
@ -19,10 +19,10 @@ sub computeLogin {
|
||||||
|
|
||||||
# Get first letter of firstname and lastname
|
# Get first letter of firstname and lastname
|
||||||
my $login =
|
my $login =
|
||||||
substr( lc $req->datas->{registerInfo}->{firstname}, 0, 1 )
|
substr( lc $req->data->{registerInfo}->{firstname}, 0, 1 )
|
||||||
. lc $req->datas->{registerInfo}->{lastname};
|
. lc $req->data->{registerInfo}->{lastname};
|
||||||
|
|
||||||
$req->datas->{registerInfo}->{login} = $login;
|
$req->data->{registerInfo}->{login} = $login;
|
||||||
|
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
@ -32,12 +32,12 @@ sub computeLogin {
|
||||||
# @result Lemonldap::NG::Portal constant
|
# @result Lemonldap::NG::Portal constant
|
||||||
sub createUser {
|
sub createUser {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$Lemonldap::NG::Portal::UserDB::Demo::demoAccounts{ $req->datas
|
$Lemonldap::NG::Portal::UserDB::Demo::demoAccounts{ $req->data
|
||||||
->{registerInfo}->{login} } = {
|
->{registerInfo}->{login} } = {
|
||||||
uid => $req->datas->{registerInfo}->{login},
|
uid => $req->data->{registerInfo}->{login},
|
||||||
cn => $req->datas->{registerInfo}->{firstname} . ' '
|
cn => $req->data->{registerInfo}->{firstname} . ' '
|
||||||
. $req->datas->{registerInfo}->{lastname},
|
. $req->data->{registerInfo}->{lastname},
|
||||||
mail => $req->datas->{registerInfo}->{login} . '@badwolf.org',
|
mail => $req->data->{registerInfo}->{login} . '@badwolf.org',
|
||||||
};
|
};
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,8 +22,8 @@ sub computeLogin {
|
||||||
|
|
||||||
# Get first letter of firstname and lastname
|
# Get first letter of firstname and lastname
|
||||||
my $login =
|
my $login =
|
||||||
substr( lc $req->datas->{registerInfo}->{firstname}, 0, 1 )
|
substr( lc $req->data->{registerInfo}->{firstname}, 0, 1 )
|
||||||
. lc $req->datas->{registerInfo}->{lastname};
|
. lc $req->data->{registerInfo}->{lastname};
|
||||||
|
|
||||||
my $finalLogin = $login;
|
my $finalLogin = $login;
|
||||||
|
|
||||||
|
@ -34,7 +34,7 @@ sub computeLogin {
|
||||||
$finalLogin = $login . $i;
|
$finalLogin = $login . $i;
|
||||||
}
|
}
|
||||||
|
|
||||||
$req->datas->{registerInfo}->{login} = $finalLogin;
|
$req->data->{registerInfo}->{login} = $finalLogin;
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -45,30 +45,30 @@ sub createUser {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
# LDAP connection has been verified by computeLogin
|
# LDAP connection has been verified by computeLogin
|
||||||
my $sn = uc $req->datas->{registerInfo}->{lastname};
|
my $sn = uc $req->data->{registerInfo}->{lastname};
|
||||||
my $gn = ucfirst $req->datas->{registerInfo}->{firstname};
|
my $gn = ucfirst $req->data->{registerInfo}->{firstname};
|
||||||
my $cn = "$gn $sn";
|
my $cn = "$gn $sn";
|
||||||
utf8::decode($cn);
|
utf8::decode($cn);
|
||||||
utf8::decode($sn);
|
utf8::decode($sn);
|
||||||
utf8::decode($gn);
|
utf8::decode($gn);
|
||||||
my $mesg = $self->ldap->add(
|
my $mesg = $self->ldap->add(
|
||||||
"uid="
|
"uid="
|
||||||
. $req->datas->{registerInfo}->{login} . ","
|
. $req->data->{registerInfo}->{login} . ","
|
||||||
. $self->conf->{ldapBase},
|
. $self->conf->{ldapBase},
|
||||||
attrs => [
|
attrs => [
|
||||||
objectClass => [qw/top person organizationalPerson inetOrgPerson/],
|
objectClass => [qw/top person organizationalPerson inetOrgPerson/],
|
||||||
uid => $req->datas->{registerInfo}->{login},
|
uid => $req->data->{registerInfo}->{login},
|
||||||
cn => $cn,
|
cn => $cn,
|
||||||
sn => $sn,
|
sn => $sn,
|
||||||
givenName => $gn,
|
givenName => $gn,
|
||||||
userPassword => $req->datas->{registerInfo}->{password},
|
userPassword => $req->data->{registerInfo}->{password},
|
||||||
mail => $req->datas->{registerInfo}->{mail},
|
mail => $req->data->{registerInfo}->{mail},
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
||||||
if ( $mesg->is_error ) {
|
if ( $mesg->is_error ) {
|
||||||
$self->userLogger->error( "Can not create entry for "
|
$self->userLogger->error( "Can not create entry for "
|
||||||
. $req->datas->{registerInfo}->{login} );
|
. $req->data->{registerInfo}->{login} );
|
||||||
$self->logger->error( "LDAP error " . $mesg->error );
|
$self->logger->error( "LDAP error " . $mesg->error );
|
||||||
|
|
||||||
$self->ldap->unbind();
|
$self->ldap->unbind();
|
||||||
|
|
|
@ -28,7 +28,7 @@ sub getUser {
|
||||||
sub setSessionInfo {
|
sub setSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $srv;
|
my $srv;
|
||||||
unless ( $srv = $req->datas->{_casSrvCurrent} ) {
|
unless ( $srv = $req->data->{_casSrvCurrent} ) {
|
||||||
$self->logger->error('UserDB::CAS must be used with Auth::CAS');
|
$self->logger->error('UserDB::CAS must be used with Auth::CAS');
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
|
@ -37,7 +37,7 @@ sub setSessionInfo {
|
||||||
%{ $self->conf->{exportedVars} }
|
%{ $self->conf->{exportedVars} }
|
||||||
);
|
);
|
||||||
foreach ( keys %ev ) {
|
foreach ( keys %ev ) {
|
||||||
$req->{sessionInfo}->{$_} = $req->datas->{casAttrs}->{$_};
|
$req->{sessionInfo}->{$_} = $req->data->{casAttrs}->{$_};
|
||||||
}
|
}
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,16 +19,16 @@ sub init {
|
||||||
sub getUser {
|
sub getUser {
|
||||||
my ( $self, $req, %args ) = @_;
|
my ( $self, $req, %args ) = @_;
|
||||||
$self->checkChoice($req) or return PE_FIRSTACCESS;
|
$self->checkChoice($req) or return PE_FIRSTACCESS;
|
||||||
return $req->datas->{enabledMods1}->[0]->getUser( $req, %args );
|
return $req->data->{enabledMods1}->[0]->getUser( $req, %args );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub setSessionInfo {
|
sub setSessionInfo {
|
||||||
return $_[1]->datas->{enabledMods1}->[0]->setSessionInfo( $_[1] );
|
return $_[1]->data->{enabledMods1}->[0]->setSessionInfo( $_[1] );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub setGroups {
|
sub setGroups {
|
||||||
$_[0]->checkChoice( $_[1] );
|
$_[0]->checkChoice( $_[1] );
|
||||||
return $_[1]->datas->{enabledMods1}->[0]->setGroups( $_[1] );
|
return $_[1]->data->{enabledMods1}->[0]->setGroups( $_[1] );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -68,7 +68,7 @@ sub getUser {
|
||||||
eval { $self->p->_authentication->setSecurity($req) };
|
eval { $self->p->_authentication->setSecurity($req) };
|
||||||
return PE_ERROR;
|
return PE_ERROR;
|
||||||
}
|
}
|
||||||
unless ( $req->datas->{entry} = $sth->fetchrow_hashref() ) {
|
unless ( $req->data->{entry} = $sth->fetchrow_hashref() ) {
|
||||||
$self->userLogger->warn("User $user not found");
|
$self->userLogger->warn("User $user not found");
|
||||||
eval { $self->p->_authentication->setSecurity($req) };
|
eval { $self->p->_authentication->setSecurity($req) };
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
|
@ -84,8 +84,8 @@ sub setSessionInfo {
|
||||||
|
|
||||||
foreach my $var ( keys %{ $self->exportedVars } ) {
|
foreach my $var ( keys %{ $self->exportedVars } ) {
|
||||||
my $attr = $self->exportedVars->{$var};
|
my $attr = $self->exportedVars->{$var};
|
||||||
$req->{sessionInfo}->{$var} = $req->datas->{entry}->{$attr}
|
$req->{sessionInfo}->{$var} = $req->data->{entry}->{$attr}
|
||||||
if ( defined $req->datas->{entry}->{$attr} );
|
if ( defined $req->data->{entry}->{$attr} );
|
||||||
}
|
}
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -40,7 +40,7 @@ sub setSessionInfo {
|
||||||
my $v = $self->{vars}->{$k};
|
my $v = $self->{vars}->{$k};
|
||||||
my $attr = $k;
|
my $attr = $k;
|
||||||
my $required = ( $attr =~ s/^!// ) ? 1 : 0;
|
my $required = ( $attr =~ s/^!// ) ? 1 : 0;
|
||||||
$req->{sessionInfo}->{$attr} = $req->datas->{_facebookDatas}->{$v};
|
$req->{sessionInfo}->{$attr} = $req->data->{_facebookData}->{$v};
|
||||||
if ( $required and not( defined $req->{sessionInfo}->{$attr} ) ) {
|
if ( $required and not( defined $req->{sessionInfo}->{$attr} ) ) {
|
||||||
$self->logger->warn(
|
$self->logger->warn(
|
||||||
"Required parameter $v is not provided by Facebook server, aborted"
|
"Required parameter $v is not provided by Facebook server, aborted"
|
||||||
|
|
|
@ -60,12 +60,12 @@ sub getUser {
|
||||||
eval { $self->p->_authentication->setSecurity($req) };
|
eval { $self->p->_authentication->setSecurity($req) };
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
unless ( $req->datas->{entry} = $mesg->entry(0) ) {
|
unless ( $req->data->{entry} = $mesg->entry(0) ) {
|
||||||
$self->userLogger->warn("$req->{user} was not found in LDAP directory");
|
$self->userLogger->warn("$req->{user} was not found in LDAP directory");
|
||||||
eval { $self->p->_authentication->setSecurity($req) };
|
eval { $self->p->_authentication->setSecurity($req) };
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
$req->datas->{dn} = $req->datas->{entry}->dn();
|
$req->data->{dn} = $req->data->{entry}->dn();
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -75,13 +75,13 @@ sub getUser {
|
||||||
# @return Lemonldap::NG::Portal constant
|
# @return Lemonldap::NG::Portal constant
|
||||||
sub setSessionInfo {
|
sub setSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->{sessionInfo}->{_dn} = $req->datas->{dn};
|
$req->{sessionInfo}->{_dn} = $req->data->{dn};
|
||||||
|
|
||||||
my %vars = ( %{ $self->conf->{exportedVars} },
|
my %vars = ( %{ $self->conf->{exportedVars} },
|
||||||
%{ $self->conf->{ldapExportedVars} } );
|
%{ $self->conf->{ldapExportedVars} } );
|
||||||
while ( my ( $k, $v ) = each %vars ) {
|
while ( my ( $k, $v ) = each %vars ) {
|
||||||
$req->sessionInfo->{$k} =
|
$req->sessionInfo->{$k} =
|
||||||
$self->ldap->getLdapValue( $req->datas->{entry}, $v ) || "";
|
$self->ldap->getLdapValue( $req->data->{entry}, $v ) || "";
|
||||||
}
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
|
@ -97,7 +97,7 @@ sub setGroups {
|
||||||
if ( $self->conf->{ldapGroupBase} ) {
|
if ( $self->conf->{ldapGroupBase} ) {
|
||||||
|
|
||||||
# Get value for group search
|
# Get value for group search
|
||||||
my $group_value = $self->ldap->getLdapValue( $req->datas->{entry},
|
my $group_value = $self->ldap->getLdapValue( $req->data->{entry},
|
||||||
$self->conf->{ldapGroupAttributeNameUser} );
|
$self->conf->{ldapGroupAttributeNameUser} );
|
||||||
|
|
||||||
$self->logger->debug( "Searching LDAP groups in "
|
$self->logger->debug( "Searching LDAP groups in "
|
||||||
|
|
|
@ -23,9 +23,9 @@ sub init {
|
||||||
|
|
||||||
sub getUser {
|
sub getUser {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $op = $req->datas->{_oidcOPCurrent};
|
my $op = $req->data->{_oidcOPCurrent};
|
||||||
|
|
||||||
my $access_token = $req->datas->{access_token};
|
my $access_token = $req->data->{access_token};
|
||||||
|
|
||||||
my $userinfo_content = $self->getUserInfo( $op, $access_token );
|
my $userinfo_content = $self->getUserInfo( $op, $access_token );
|
||||||
|
|
||||||
|
@ -36,11 +36,11 @@ sub getUser {
|
||||||
|
|
||||||
$self->logger->debug("UserInfo received: $userinfo_content");
|
$self->logger->debug("UserInfo received: $userinfo_content");
|
||||||
|
|
||||||
$req->datas->{OpenIDConnect_user_info} =
|
$req->data->{OpenIDConnect_user_info} =
|
||||||
$self->decodeJSON($userinfo_content);
|
$self->decodeJSON($userinfo_content);
|
||||||
|
|
||||||
# Check that received sub is the same than current user
|
# Check that received sub is the same than current user
|
||||||
unless ( $req->datas->{OpenIDConnect_user_info}->{sub} eq $req->{user} ) {
|
unless ( $req->data->{OpenIDConnect_user_info}->{sub} eq $req->{user} ) {
|
||||||
$self->logger->error("Received sub do not match current user");
|
$self->logger->error("Received sub do not match current user");
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
|
@ -51,7 +51,7 @@ sub getUser {
|
||||||
# Get all required attributes
|
# Get all required attributes
|
||||||
sub setSessionInfo {
|
sub setSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $op = $req->datas->{_oidcOPCurrent};
|
my $op = $req->data->{_oidcOPCurrent};
|
||||||
|
|
||||||
my %vars = (
|
my %vars = (
|
||||||
%{ $self->conf->{exportedVars} },
|
%{ $self->conf->{exportedVars} },
|
||||||
|
@ -59,7 +59,7 @@ sub setSessionInfo {
|
||||||
);
|
);
|
||||||
|
|
||||||
while ( my ( $k, $v ) = each %vars ) {
|
while ( my ( $k, $v ) = each %vars ) {
|
||||||
$req->{sessionInfo}->{$k} = $req->datas->{OpenIDConnect_user_info}->{$v}
|
$req->{sessionInfo}->{$k} = $req->data->{OpenIDConnect_user_info}->{$v}
|
||||||
|| "";
|
|| "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -48,14 +48,14 @@ sub getUser {
|
||||||
$self->userLogger->warn( 'User ' . $req->user . ' not found' );
|
$self->userLogger->warn( 'User ' . $req->user . ' not found' );
|
||||||
return PE_USERNOTFOUND;
|
return PE_USERNOTFOUND;
|
||||||
}
|
}
|
||||||
$req->datas->{restUserDBInfo} = $res->{info} || {};
|
$req->data->{restUserDBInfo} = $res->{info} || {};
|
||||||
return PE_OK;
|
return PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub setSessionInfo {
|
sub setSessionInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
$req->sessionInfo->{$_} = $req->datas->{restUserDBInfo}->{$_}
|
$req->sessionInfo->{$_} = $req->data->{restUserDBInfo}->{$_}
|
||||||
foreach ( keys %{ $req->datas->{restUserDBInfo} } );
|
foreach ( keys %{ $req->data->{restUserDBInfo} } );
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user