Move Ajax hook from handler to portal (Closes: #790)

2016-01-28 22:25:46 +00:00 · 2016-01-28 22:25:46 +00:00 · b6f7b2a96a
commit b6f7b2a96a
parent 75a175a9b0
10 changed files with 55 additions and 39 deletions
--- a/debian/NEWS
+++ b/debian/NEWS
@ -19,9 +19,9 @@ lemonldap-ng (1.9.0-1) UNRELEASED; urgency=low
   * manager server

  To request for authentication, handlers sent a 302 HTTP code even if request
-  was an Ajax one. From now, a 401 code will be send with a WWW-Authenticate
-  header containing portal URL. This is a little HTTP protocol hook created
-  because browsers follow redirection tranparently.
+  was an Ajax one. From now, after redirection, portal will send a 401 code
+  with a WWW-Authenticate header containing "SSO portal-URL". This is a little
+  HTTP protocol hook created because browsers follow redirection tranparently.
  If you want to keep old behaviour, set noAjaxHook to 1 (in General Parameters
  -> Advanced -> Handler redirections -> Keep redirections for Ajax).

--- a/e2e-tests/manager/00-auth.js
+++ b/e2e-tests/manager/00-auth.js
@ -13,4 +13,4 @@ describe('Lemonldap::NG', function() {
      browser.driver.findElement(by.xpath("//button[@type='submit']")).click();
    });
  });
-});
+});
--- a/e2e-tests/manager/99-logout.js
+++ b/e2e-tests/manager/99-logout.js
@ -8,4 +8,4 @@ describe('Lemonldap::NG auth mechanism', function() {
    browser.driver.get('http://auth.example.com:' + process.env.TESTWEBSERVERPORT + '/?logout=1');
  });

-});
+});
--- a/e2e-tests/protractor-conf.js
+++ b/e2e-tests/protractor-conf.js
@ -16,4 +16,4 @@ exports.config = {
  jasmineNodeOpts: {
    defaultTimeoutInterval: 30000
  }
-};
+};
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main.pm
@ -136,33 +136,17 @@ sub goToPortal {
    my ( $class, $url, $arg ) = @_;
    my ( $ret, $msg );
    my $urlc_init = $class->encodeUrl($url);
-    if ( !$tsv->{noAjaxHook}
-        and Lemonldap::NG::Handler::API->header_in('Accept') =~
-        m|application/json| )
-    {
-        $msg =
-            "Ajax request, send 401 instead of 302 "
+    Lemonldap::NG::Handler::Main::Logger->lmLog(
+        "Redirect "
          . Lemonldap::NG::Handler::API->remote_ip
-          . " to portal (url was $url)";
-        Lemonldap::NG::Handler::API->set_header_out(
-                'WWW-Authenticate' => &{ $tsv->{portal} }()
-              . "?url=$urlc_init"
-              . ( $arg ? "&$arg" : "" ) );
-        $ret = HTTP_UNAUTHORIZED;
-    }
-    else {
-        $msg =
-            "Redirect "
-          . Lemonldap::NG::Handler::API->remote_ip
-          . " to portal (url was $url)";
-        Lemonldap::NG::Handler::API->set_header_out(
-                'Location' => &{ $tsv->{portal} }()
-              . "?url=$urlc_init"
-              . ( $arg ? "&$arg" : "" ) );
-        $ret = REDIRECT;
-    }
-    Lemonldap::NG::Handler::Main::Logger->lmLog( $msg, 'debug' );
-    return $ret;
+          . " to portal (url was $url)",
+        'debug'
+    );
+    Lemonldap::NG::Handler::API->set_header_out(
+            'Location' => &{ $tsv->{portal} }()
+          . "?url=$urlc_init"
+          . ( $arg ? "&$arg" : "" ) );
+    return REDIRECT;
 }

 ## @rmethod protected $ fetchId()
@ -580,8 +564,8 @@ sub redirectFilter {
    }
    while ( $f->read( my $buffer, 1024 ) ) {
    }
-    $class->updateStatus( $f->r, 'REDIRECT', $datas->{ $tsv->{whatToTrace} },
-        'filter' );
+    $class->updateStatus( $f->r, 'REDIRECT',
+        $datas->{ $tsv->{whatToTrace} }, 'filter' );
    return OK;
 }

--- a/lemonldap-ng-manager/site/static/js/llApp.js
+++ b/lemonldap-ng-manager/site/static/js/llApp.js
@ -234,4 +234,4 @@
    $httpProvider.interceptors.push('$lmhttp');
  }]);

-})();
+})();
--- a/lemonldap-ng-manager/site/static/js/manager.js
+++ b/lemonldap-ng-manager/site/static/js/manager.js
@ -92,7 +92,15 @@
        };
      }
      else if (e == 401) {
+        if ($scope.portal) {
+          window.location = $scope.portal + window.btoa(window.location).replace(/\//, '_');
+        }
        console.log('Authentication needed');
+        $scope.message = {
+          title: 'authenticationNeeded',
+          message: 'waitOrF5',
+          items: []
+        };
      }
      else if (e == 400) {
        $scope.message = {
--- a/lemonldap-ng-manager/site/static/languages/en.json
+++ b/lemonldap-ng-manager/site/static/languages/en.json
@ -44,6 +44,7 @@
 "authChoiceModules": "Allowed modules",
 "authChoiceParam": "URL parameter",
 "authentication": "Authentication module",
+"authenticationNeeded": "Authentication needed",
 "authenticationLevel": "Authentication level",
 "authenticationTitle": "Authentication",
 "AuthLDAPFilter": "Authentication filter",
@ -619,6 +620,7 @@
 "webIDExportedVars": "Exported variables",
 "webidParams": "WebID parameters",
 "webIDWhitelist": "WebID whitelist",
+"waitOrF5": "Wait for redirection or press F5",
 "whatToTrace": "REMOTE_USER",
 "whiteList": "White list",
 "XMLcontent": "XML content",
--- a/lemonldap-ng-manager/site/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/static/languages/fr.json
@ -44,6 +44,7 @@
 "authChoiceModules": "Modules autorisés",
 "authChoiceParam": "Paramètre de l'URL",
 "authentication": "Module d'authentification",
+"authenticationNeeded": "Authentification exigée",
 "authenticationLevel": "Niveau d'authentification",
 "authenticationTitle": "Authentification",
 "AuthLDAPFilter": "Filtre d'authentification",
@ -619,6 +620,7 @@
 "webIDExportedVars": "Variables exportées",
 "webidParams": "Paramètres WebID",
 "webIDWhitelist": "Liste blanche WebID",
+"waitOrF5": "Attendez la redirection ou appuyez sur F5",
 "whatToTrace": "REMOTE_USER",
 "whiteList": "Liste blanche",
 "XMLcontent": "Contenu XML",
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@ -1373,7 +1373,9 @@ sub printImage {
        return;
    }
    print $self->header(
-        $type . '; charset=utf-8; content-length=' . ( stat($file) )[10] );
+        -type             => "$type; charset=utf-8",
+        '-Content-Length' => ( stat($file) )[10]
+    );
    my $buffer = "";
    while ( read( IMAGE, $buffer, 4096 ) ) {
        print $buffer;
@ -1505,6 +1507,23 @@ sub process {
          issuerForAuthUser autoRedirect)
    );
    $self->updateStatus;
+    if (   !$self->{noAjaxHook}
+        and $self->http('Accept') =~ m#(?:application|text)/json# )
+    {
+        if ( ( my $code = $self->{error} ) > 0 ) {
+            print $self->header(
+                -status                        => '401 Unauthorizated',
+                '-WWW-Authenticate'            => "SSO $self->{portal}",
+                '-Access-Control-Allow-Origin' => '*',
+            );
+            $self->quit;
+        }
+        else {
+            $self->header( -type => 'application/json' );
+            print '{"result":1,"message":"Authenticated"}';
+            $self->quit;
+        }
+    }
    return ( ( $self->{error} > 0 ) ? 0 : 1 );
 }

@ -1643,9 +1662,10 @@ sub controlExistingSession {

        if ( $captcha && $captcha->image ) {
            binmode STDOUT;
-            print $self->header( 'image/png'
-                  . '; charset=utf-8; content-length='
-                  . length( $captcha->image ) );
+            print $self->header(
+                -type             => 'image/png; charset=utf-8',
+                '-Content-Length' => length( $captcha->image )
+            );
            print $captcha->image;
        }
        $self->quit();