Check display and prompt request parameters for unauthenticated user (#184)
This commit is contained in:
parent
c07f698bdb
commit
c6589a7f7b
@ -55,6 +55,52 @@ sub issuerForUnAuthUser {
|
|||||||
$self->getHiddenFormValue($param) || $self->param($param) );
|
$self->getHiddenFormValue($param) || $self->param($param) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Detect requested flow
|
||||||
|
my $response_type = $self->param("response_type");
|
||||||
|
my $flow = $self->getFlowType($response_type);
|
||||||
|
|
||||||
|
unless ($flow) {
|
||||||
|
$self->lmLog( "Unknown response type: $response_type", 'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
$self->lmLog(
|
||||||
|
"OIDC $flow flow requested (response type: $response_type)",
|
||||||
|
'debug' );
|
||||||
|
|
||||||
|
# Check redirect_uri
|
||||||
|
unless ( $self->param("redirect_uri") ) {
|
||||||
|
$self->lmLog( "Redirect URI is required", 'error' );
|
||||||
|
return PE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check display
|
||||||
|
my $display = $self->param("display");
|
||||||
|
if ( $display eq "page" ) {
|
||||||
|
$self->lmLog( "Display type page will be used", 'debug' );
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog(
|
||||||
|
"Display type $display not supported, display type page will be used",
|
||||||
|
'debug'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check prompt
|
||||||
|
my $prompt = $self->param("prompt");
|
||||||
|
if ( $prompt eq "none" ) {
|
||||||
|
$self->lmLog(
|
||||||
|
"Prompt type none requested, but user needs to authenticate",
|
||||||
|
'error' );
|
||||||
|
$self->returnRedirectError(
|
||||||
|
$self->param("redirect_uri"),
|
||||||
|
"login_required",
|
||||||
|
"Prompt type none requested",
|
||||||
|
undef,
|
||||||
|
$self->param("state"),
|
||||||
|
( $flow ne "authorizationcode" )
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# TOKEN
|
# TOKEN
|
||||||
@ -314,17 +360,7 @@ sub issuerForAuthUser {
|
|||||||
|
|
||||||
# Detect requested flow
|
# Detect requested flow
|
||||||
my $response_type = $oidc_request->{'response_type'};
|
my $response_type = $oidc_request->{'response_type'};
|
||||||
|
my $flow = $self->getFlowType($response_type);
|
||||||
my $response_types = {
|
|
||||||
"code" => "authorizationcode",
|
|
||||||
"id_token" => "implicit",
|
|
||||||
"id_token token" => "implicit",
|
|
||||||
"code id_token" => "hybrid",
|
|
||||||
"code token" => "hybrid",
|
|
||||||
"code id_token token" => "hybrid",
|
|
||||||
};
|
|
||||||
|
|
||||||
my $flow = $response_types->{$response_type};
|
|
||||||
|
|
||||||
unless ($flow) {
|
unless ($flow) {
|
||||||
$self->lmLog( "Unknown response type: $response_type", 'error' );
|
$self->lmLog( "Unknown response type: $response_type", 'error' );
|
||||||
|
@ -1140,6 +1140,25 @@ sub createIDToken {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## @method String getFlowType(String response_type)
|
||||||
|
# Return flow type
|
||||||
|
# @param response_type Response type
|
||||||
|
# @return String flow
|
||||||
|
sub getFlowType {
|
||||||
|
my ( $self, $response_type ) = splice @_;
|
||||||
|
|
||||||
|
my $response_types = {
|
||||||
|
"code" => "authorizationcode",
|
||||||
|
"id_token" => "implicit",
|
||||||
|
"id_token token" => "implicit",
|
||||||
|
"code id_token" => "hybrid",
|
||||||
|
"code token" => "hybrid",
|
||||||
|
"code id_token token" => "hybrid",
|
||||||
|
};
|
||||||
|
|
||||||
|
return $response_types->{$response_type};
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
||||||
__END__
|
__END__
|
||||||
@ -1277,6 +1296,10 @@ Return Hash of UserInfo data
|
|||||||
|
|
||||||
Return ID Token
|
Return ID Token
|
||||||
|
|
||||||
|
=head2 getFlowType
|
||||||
|
|
||||||
|
Return flow type
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
L<Lemonldap::NG::Portal::AuthOpenIDConnect>, L<Lemonldap::NG::Portal::UserDBOpenIDConnect>
|
L<Lemonldap::NG::Portal::AuthOpenIDConnect>, L<Lemonldap::NG::Portal::UserDBOpenIDConnect>
|
||||||
|
Loading…
Reference in New Issue
Block a user