From c860549f27c2b70b475a8bd511dca70984cdd898 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Sat, 24 Mar 2012 14:47:47 +0000 Subject: [PATCH] Add a display type for each authentication module to know how to display errors (#251) --- .../lib/Lemonldap/NG/Portal/AuthApache.pm | 10 ++- .../lib/Lemonldap/NG/Portal/AuthCAS.pm | 8 ++- .../lib/Lemonldap/NG/Portal/AuthDBI.pm | 8 ++- .../lib/Lemonldap/NG/Portal/AuthDemo.pm | 6 ++ .../lib/Lemonldap/NG/Portal/AuthLDAP.pm | 8 ++- .../lib/Lemonldap/NG/Portal/AuthMulti.pm | 7 +- .../lib/Lemonldap/NG/Portal/AuthNull.pm | 8 ++- .../lib/Lemonldap/NG/Portal/AuthOpenID.pm | 8 ++- .../lib/Lemonldap/NG/Portal/AuthProxy.pm | 8 ++- .../lib/Lemonldap/NG/Portal/AuthRadius.pm | 6 ++ .../lib/Lemonldap/NG/Portal/AuthRemote.pm | 8 ++- .../lib/Lemonldap/NG/Portal/AuthSAML.pm | 6 ++ .../lib/Lemonldap/NG/Portal/AuthSSL.pm | 8 ++- .../lib/Lemonldap/NG/Portal/AuthSlave.pm | 6 ++ .../lib/Lemonldap/NG/Portal/AuthTwitter.pm | 8 ++- .../lib/Lemonldap/NG/Portal/AuthYubikey.pm | 8 ++- .../lib/Lemonldap/NG/Portal/Display.pm | 72 ++++++------------- .../lib/Lemonldap/NG/Portal/IssuerDBSAML.pm | 2 +- .../lib/Lemonldap/NG/Portal/_Choice.pm | 30 ++------ 19 files changed, 136 insertions(+), 89 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthApache.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthApache.pm index 2bf2fb4a5..37f805fe3 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthApache.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthApache.pm @@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::AuthApache; use strict; use Lemonldap::NG::Portal::Simple; -our $VERSION = '1.0.1'; +our $VERSION = '1.2.0'; ## @apmethod int authInit() # @return Lemonldap::NG::Portal constant @@ -24,7 +24,7 @@ sub authInit { sub extractFormInfo { my $self = shift; unless ( $self->{user} = $ENV{REMOTE_USER} ) { - $self->lmLog( 'Apache is not configured to authenticate users !', + $self->lmLog( 'Apache is not configured to authenticate users!', 'error' ); return PE_ERROR; } @@ -76,6 +76,12 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "logo"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthCAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthCAS.pm index 81551551b..54f846176 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthCAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthCAS.pm @@ -9,7 +9,7 @@ use strict; use Lemonldap::NG::Portal::Simple; use URI::Escape; -our $VERSION = '1.0.0'; +our $VERSION = '1.2.0'; our $initDone; BEGIN { @@ -231,6 +231,12 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "logo"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthDBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthDBI.pm index 39e4e98c7..a73dea369 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthDBI.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthDBI.pm @@ -9,7 +9,7 @@ use Lemonldap::NG::Portal::Simple; use base qw(Lemonldap::NG::Portal::_WebForm Lemonldap::NG::Portal::_DBI); use strict; -our $VERSION = '1.0.2'; +our $VERSION = '1.2.0'; our $initDone; BEGIN { @@ -91,4 +91,10 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "standardform"; +} + 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthDemo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthDemo.pm index a9e51ccd8..71d068d40 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthDemo.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthDemo.pm @@ -78,6 +78,12 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "standardform"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm index f8800475e..270fe0c5e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm @@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap use Lemonldap::NG::Portal::_WebForm; use Lemonldap::NG::Portal::UserDBLDAP; #inherits -our $VERSION = '1.1.0'; +our $VERSION = '1.2.0'; use base qw(Lemonldap::NG::Portal::_WebForm); *_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter; @@ -79,4 +79,10 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "standardform"; +} + 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthMulti.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthMulti.pm index d1750129e..ceb660bec 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthMulti.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthMulti.pm @@ -7,7 +7,7 @@ package Lemonldap::NG::Portal::AuthMulti; use Lemonldap::NG::Portal::_Multi; #inherits -our $VERSION = '1.0.0'; +our $VERSION = '1.2.0'; sub authInit { my $self = shift; @@ -44,5 +44,10 @@ sub authForce { return $self->_multi->try( 'authForce', 0 ); } +sub getDisplayType { + my $self = shift; + return $self->_multi->try( 'getDisplayType', 0 ); +} + 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthNull.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthNull.pm index 5c75f087c..8b9e2b915 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthNull.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthNull.pm @@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::AuthNull; use strict; use Lemonldap::NG::Portal::Simple; -our $VERSION = '1.0.1'; +our $VERSION = '1.2.0'; ## @apmethod int authInit() # Does nothing @@ -64,6 +64,12 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return ""; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm index a3df2cad3..2e67af47f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenID.pm @@ -12,7 +12,7 @@ use Lemonldap::NG::Common::Regexp; use LWP::UserAgent; use Cache::FileCache; -our $VERSION = '1.0.0'; +our $VERSION = '1.2.0'; our $initDone; BEGIN { @@ -217,6 +217,12 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "openidform"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthProxy.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthProxy.pm index 8c9be3b28..bb4a97dc9 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthProxy.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthProxy.pm @@ -12,7 +12,7 @@ use Lemonldap::NG::Portal::_WebForm; use Lemonldap::NG::Portal::Simple; use base qw(Lemonldap::NG::Portal::_WebForm Lemonldap::NG::Portal::_Proxy); -our $VERSION = '1.0.0'; +our $VERSION = '1.2.0'; ## @apmethod int authInit() # Call Lemonldap::NG::Portal::_Proxy::proxyInit(); @@ -50,6 +50,12 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "standardform"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthRadius.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthRadius.pm index b47cc0953..2416232c9 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthRadius.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthRadius.pm @@ -87,4 +87,10 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "standardform"; +} + 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthRemote.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthRemote.pm index af3cebfa7..3e1e33fc2 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthRemote.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthRemote.pm @@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::_Remote; use Lemonldap::NG::Portal::Simple; use base qw(Lemonldap::NG::Portal::_Remote); -our $VERSION = '1.0.0'; +our $VERSION = '1.2.0'; *authInit = *Lemonldap::NG::Portal::_Remote::init; @@ -72,6 +72,12 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "logo"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm index a50d36620..f19c5da8c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm @@ -1430,6 +1430,12 @@ sub authFinish { return PE_OK; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "logo"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm index 7da70ca05..1657399dd 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm @@ -17,7 +17,7 @@ our @ISA = qw(Lemonldap::NG::Portal::AuthNull); # @return Lemonldap::NG::Portal constant sub authInit { my $self = shift; - $self->{SSLVar} ||= 'SSL_CLIENT_S_DN_Email'; + $self->{SSLVar} ||= 'SSL_CLIENT_S_DN_Email'; PE_OK; } @@ -51,6 +51,12 @@ sub setAuthSessionInfo { PE_OK; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "logo"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSlave.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSlave.pm index bc841f40d..e1a47d7a7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSlave.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSlave.pm @@ -49,6 +49,12 @@ sub setAuthSessionInfo { PE_OK; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "logo"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthTwitter.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthTwitter.pm index 9a6a4b993..2e8552712 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthTwitter.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthTwitter.pm @@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::AuthTwitter; use strict; use Lemonldap::NG::Portal::Simple; -our $VERSION = '1.0.0'; +our $VERSION = '1.2.0'; our $initDone; BEGIN { @@ -180,6 +180,12 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "logo"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthYubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthYubikey.pm index 0b82e4d40..004d6ee7a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthYubikey.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthYubikey.pm @@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::AuthYubikey; use strict; use Lemonldap::NG::Portal::Simple; -our $VERSION = '1.1.0'; +our $VERSION = '1.2.0'; our $yubikeyInitDone; BEGIN { @@ -118,6 +118,12 @@ sub authForce { return 0; } +## @method string getDisplayType +# @return display type +sub getDisplayType { + return "yubikeyform"; +} + 1; __END__ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm index 3acdea1ae..602e4bcba 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm @@ -198,7 +198,6 @@ sub display { CHECK_LOGINS => $self->{portalCheckLogins}, ASK_LOGINS => $self->{checkLogins}, DISPLAY_RESETPASSWORD => $self->{portalDisplayResetPassword}, - DISPLAY_FORM => 1, MAIL_URL => $self->{mailUrl}, HIDDEN_INPUTS => $self->buildHiddenForm(), LOGIN_INFO => $self->loginInfo(), @@ -217,7 +216,7 @@ sub display { ); } - # Adapt template if password policy error + # Show password form if password policy error if ( $self->{error} == PE_PP_CHANGE_AFTER_RESET @@ -237,7 +236,6 @@ sub display { 1, # Old password is required to check user credentials DISPLAY_PASSWORD => 1, DISPLAY_RESETPASSWORD => 0, - DISPLAY_FORM => 0, AUTH_LOOP => [], CHOICE_PARAM => $self->{authChoiceParam}, CHOICE_VALUE => $self->{_authChoice}, @@ -249,58 +247,27 @@ sub display { ); } - # Adapt template for OpenID - if ( $self->get_module("auth") =~ /openid/i and !$self->{authLoop} ) { + # Choose what form to display if not in a loop + if ( !$self->{authLoop} ) { + + my $displayType = $self->getDisplayType(); + + $self->lmLog( "Display type $displayType ", 'debug' ); + %templateParams = ( %templateParams, - DISPLAY_RESETPASSWORD => 0, - DISPLAY_FORM => 0, - DISPLAY_OPENID_FORM => 1, - DISPLAY_YUBIKEY_FORM => 0, - AUTH_LOOP => [], + DISPLAY_FORM => $displayType eq "standardform" ? 1 : 0, + DISPLAY_OPENID_FORM => $displayType eq "openidform" ? 1 : 0, + DISPLAY_YUBIKEY_FORM => $displayType eq "yubikeyform" ? 1 : 0, + AUTH_LOOP => [], + PORTAL_URL => $displayType eq "logo" ? $self->{portal} : 0, + MSG => $self->info(), ); + } - # Adapt template for Yubikey - if ( $self->get_module("auth") =~ /yubikey/i and !$self->{authLoop} ) { - %templateParams = ( - %templateParams, - DISPLAY_RESETPASSWORD => 0, - DISPLAY_FORM => 0, - DISPLAY_OPENID_FORM => 0, - DISPLAY_YUBIKEY_FORM => 1, - AUTH_LOOP => [], - ); - } - - # Adapt template if external authentication error - # or session not granted, or logout is OK - if ( $self->{error} == PE_BADCERTIFICATE - or $self->{error} == PE_CERTIFICATEREQUIRED - or $self->{error} == PE_ERROR - or $self->{error} == PE_BADURL - or $self->{error} == PE_SAML_ERROR - or $self->{error} == PE_SAML_LOAD_SERVICE_ERROR - or $self->{error} == PE_SAML_LOAD_IDP_ERROR - or $self->{error} == PE_SAML_SSO_ERROR - or $self->{error} == PE_SAML_UNKNOWN_ENTITY - or $self->{error} == PE_SAML_DESTINATION_ERROR - or $self->{error} == PE_SAML_CONDITIONS_ERROR - or $self->{error} == PE_SAML_IDPSSOINITIATED_NOTALLOWED - or $self->{error} == PE_SAML_SLO_ERROR - or $self->{error} == PE_SAML_SIGNATURE_ERROR - or $self->{error} == PE_SAML_ART_ERROR - or $self->{error} == PE_SAML_SESSION_ERROR - or $self->{error} == PE_SAML_LOAD_SP_ERROR - or $self->{error} == PE_SAML_ATTR_ERROR - or $self->{error} == PE_OPENID_EMPTY - or $self->{error} == PE_OPENID_BADID - or $self->{error} == PE_MISSINGREQATTR - or $self->{error} == PE_BADPARTNER - or $self->{error} == PE_CAS_SERVICE_NOT_ALLOWED - or $self->{error} == PE_SESSIONNOTGRANTED - or $self->{error} == PE_LOGOUT_OK ) - { + # Disable all forms on logout message + if ( $self->{error} == PE_LOGOUT_OK ) { %templateParams = ( %templateParams, DISPLAY_RESETPASSWORD => 0, @@ -308,11 +275,12 @@ sub display { DISPLAY_OPENID_FORM => 0, DISPLAY_YUBIKEY_FORM => 0, AUTH_LOOP => [], - CHECK_LOGINS => 0, PORTAL_URL => $self->{portal}, MSG => $self->info(), ); + } + } ## Common template params @@ -328,7 +296,7 @@ sub display { ## Custom template params if ( my $customParams = $self->getCustomTemplateParameters() ) { - %templateParams = ( %templateParams, %$customParams ); + %templateParams = ( %templateParams, %$customParams ); } return ( "$skin_dir/$skin/$skinfile", %templateParams ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm index c96535941..9a2b7ddcc 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm @@ -1750,7 +1750,7 @@ sub issuerForAuthUser { # RelayState $self->{postFields}->{'RelayState'} = $relaystate - if ($relaystate); + if ($relaystate); return $self->_subProcess(qw(autoPost)); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Choice.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Choice.pm index 2061dc292..ab8e2b92c 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Choice.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Choice.pm @@ -184,36 +184,20 @@ sub _buildAuthLoop { my ( $auth, $userDB, $passwordDB ) = split( /\|/, $self->{authChoiceModules}->{$_} ); - # What do display - # -> login/password form (LDAP, DBI, ...) - # -> OpenID form - # -> Yubikey form - # -> logo with link (ex: CAS, SSL, etc.) - my $displayType = { - 'standardform' => [qw(LDAP DBI Proxy)], - 'openidform' => [qw(OpenID)], - 'yubikeyform' => [qw(Yubikey)], - 'logo' => [qw(CAS Twitter SAML SSL Apache Remote Slave)], - }; - if ( $auth and $userDB and $passwordDB ) { # Options to store in the loop my $optionsLoop = { name => $name, key => $_, module => $auth }; # Get displayType for this module + my $modulePrefix = 'Lemonldap::NG::Portal::'; + my $authModule = $modulePrefix . 'Auth' . $auth; + $self->loadModule($authModule); + my $displayType = &{ $authModule . '::getDisplayType' }; - foreach my $type ( keys %$displayType ) { - foreach my $backend ( @{ $displayType->{$type} } ) { - if ( $auth eq $backend ) { - $self->lmLog( "Display type $type for module $auth", - 'debug' ); - - $optionsLoop->{$type} = 1; - last; - } - } - } + $self->lmLog( "Display type $displayType for module $auth", + 'debug' ); + $optionsLoop->{$displayType} = 1; # Register item in loop push @authLoop, $optionsLoop;