Register dynamic client in configuration (#184)

2015-05-29 08:50:51 +00:00 · 2015-05-29 08:50:51 +00:00 · b66a90e197
commit b66a90e197
parent 247725e6d8
2 changed files with 58 additions and 14 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
@ -435,8 +435,8 @@ sub issuerForUnAuthUser {
        my $rp                = "register-$registration_time";

        # Generate Client ID and Client Password
-        my $client_id     = random_string("...............");
-        my $client_secret = random_string("...............");
+        my $client_id     = random_string("ssssssssssssssssssssssssssssss");
+        my $client_secret = random_string("ssssssssssssssssssssssssssssss");

        # Register known parameters
        my $client_name =
@ -444,18 +444,62 @@ sub issuerForUnAuthUser {
        my $logo_uri = $client_metadata->{logo_uri};
        my $id_token_signed_response_alg =
          $client_metadata->{id_token_signed_response_alg} || "RS256";
+        my $userinfo_signed_response_alg =
+          $client_metadata->{userinfo_signed_response_alg};
+        my $redirect_uris = $client_metadata->{redirect_uris};

-        # TODO: register RP in global configuration
+        # Register RP in global configuration
+        my $conf = $self->__lmConf->getConf();

-        # Send registration response
-        $registration_response->{'client_id'}            = $client_id;
-        $registration_response->{'client_secret'}        = $client_secret;
-        $registration_response->{'client_id_issued_at'}  = $registration_time;
-        $registration_response->{'client_id_expires_at'} = 0;
-        $registration_response->{'client_name'}          = $client_name;
-        $registration_response->{'logo_uri'}             = $logo_uri;
-        $registration_response->{'id_token_signed_response_alg'} =
+        $conf->{cfgAuthor}   = "OpenID Connect Registration ($client_name)";
+        $conf->{cfgAuthorIP} = $source_ip;
+
+        $conf->{oidcRPMetaDataExportedVars}->{$rp} = {};
+        $conf->{oidcRPMetaDataOptions}->{$rp}->{oidcRPMetaDataOptionsClientID}
+          = $client_id;
+        $conf->{oidcRPMetaDataOptions}->{$rp}
+          ->{oidcRPMetaDataOptionsClientSecret} = $client_secret;
+        $conf->{oidcRPMetaDataOptions}->{$rp}
+          ->{oidcRPMetaDataOptionsDisplayName} = $client_name;
+        $conf->{oidcRPMetaDataOptions}->{$rp}->{oidcRPMetaDataOptionsIcon} =
+          $logo_uri;
+        $conf->{oidcRPMetaDataOptions}->{$rp}
+          ->{oidcRPMetaDataOptionsIDTokenSignAlg} =
          $id_token_signed_response_alg;
+        $conf->{oidcRPMetaDataOptions}->{$rp}
+          ->{oidcRPMetaDataOptionsRedirectUris} = join( ' ', @$redirect_uris );
+        $conf->{oidcRPMetaDataOptions}->{$rp}
+          ->{oidcRPMetaDataOptionsUserInfoSignAlg} =
+          $userinfo_signed_response_alg
+          if defined $userinfo_signed_response_alg;
+
+        if ( $self->__lmConf->saveConf($conf) ) {
+
+            # Reload RP list
+            $self->loadRPs(1);
+
+            # Send registration response
+            $registration_response->{'client_id'}     = $client_id;
+            $registration_response->{'client_secret'} = $client_secret;
+            $registration_response->{'client_id_issued_at'} =
+              $registration_time;
+            $registration_response->{'client_id_expires_at'} = 0;
+            $registration_response->{'client_name'}          = $client_name;
+            $registration_response->{'logo_uri'}             = $logo_uri;
+            $registration_response->{'id_token_signed_response_alg'} =
+              $id_token_signed_response_alg;
+            $registration_response->{'redirect_uris'} = $redirect_uris;
+            $registration_response->{'userinfo_signed_response_alg'} =
+              $userinfo_signed_response_alg
+              if defined $userinfo_signed_response_alg;
+        }
+        else {
+            $self->lmLog(
+                "Configuration not saved: $Lemonldap::NG::Common::Conf::msg",
+                'error' );
+            $self->returnJSONError( 'server_error', 'Configuration not saved' );
+            $self->quit;
+        }

        # TODO: return 201 HTTP code
        $self->returnJSON($registration_response);
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
@ -62,7 +62,7 @@ sub loadOPs {
            $self->{oidcOPMetaDataJWKS}->{$_}->{oidcOPMetaDataJWKS} );
    }

-    $oidcCache->{_oidcOPList} = $self->{_oidcOPList} unless $no_cache;
+    $oidcCache->{_oidcOPList} = $self->{_oidcOPList};

    return 1;
 }
@ -91,8 +91,8 @@ sub loadRPs {
            'warn' );
    }

-    $self->{_oidcRPList} = $self->{oidcRPMetaDataOptions};
-    $oidcCache->{_oidcRPList} = $self->{_oidcRPList} unless $no_cache;
+    $self->{_oidcRPList}      = $self->{oidcRPMetaDataOptions};
+    $oidcCache->{_oidcRPList} = $self->{_oidcRPList};

    return 1;
 }