Split soap/rest server in config/sessions (#970)
This commit is contained in:
parent
2250202fa9
commit
d1646392a9
|
@ -25,6 +25,7 @@ use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
|||
use constant APPLYSECTION => "apply";
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wpSslOpt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost))$/;
|
||||
|
||||
our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession', 'persistent', 'saml', 'oidc' );
|
||||
|
||||
sub NO {qr/^(?:off|no|0)?$/i}
|
||||
|
||||
|
@ -47,6 +48,7 @@ our %EXPORT_TAGS = (
|
|||
APPLYSECTION
|
||||
NO
|
||||
$hashParameters
|
||||
@sessionTypes
|
||||
)
|
||||
]
|
||||
);
|
||||
|
|
|
@ -201,7 +201,8 @@ sub defaultValues {
|
|||
'http://auth.example.com/Lemonldap/NG/Common/CGI/SOAPService',
|
||||
'proxy' => 'http://auth.example.com/index.pl/sessions'
|
||||
},
|
||||
'rest' => 0,
|
||||
'restConfigServer' => 0,
|
||||
'restSessionServer' => 0,
|
||||
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||
'samlAuthnContextMapKerberos' => 4,
|
||||
|
@ -267,7 +268,8 @@ sub defaultValues {
|
|||
'slaveAuthnLevel' => 2,
|
||||
'slaveExportedVars' => {},
|
||||
'SMTPServer' => '',
|
||||
'Soap' => 0,
|
||||
'soapConfigServer' => 0,
|
||||
'soapSessionServer' => 0,
|
||||
'SSLAuthnLevel' => 5,
|
||||
'storePassword' => 0,
|
||||
'successLoginNumber' => 5,
|
||||
|
|
|
@ -30,6 +30,7 @@ sub delSession {
|
|||
sub session {
|
||||
my ( $self, $req, $id, $skey ) = @_;
|
||||
my ( %h, $res );
|
||||
return $self->sendError( $req, 'Bad request', 400 ) unless($id);
|
||||
my $mod = $self->getMod($req)
|
||||
or return $self->sendError( $req, undef, 400 );
|
||||
|
||||
|
|
|
@ -2024,7 +2024,11 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'remotePortal' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'rest' => {
|
||||
'restConfigServer' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'restSessionServer' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
|
@ -2690,12 +2694,16 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
'Soap' => {
|
||||
'soapAuthService' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
'soapConfigServer' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'soapAuthService' => {
|
||||
'type' => 'text'
|
||||
'soapSessionServer' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'soapSessionService' => {
|
||||
'type' => 'text'
|
||||
|
|
|
@ -153,13 +153,12 @@ sub run {
|
|||
$tmp = undef;
|
||||
|
||||
printf STDERR $format, $self->managerConstantsFile;
|
||||
my $sessionTypes = join( "', '", @sessionTypes );
|
||||
|
||||
open F, ">", $self->managerConstantsFile or die($!);
|
||||
my $exportedVars = '$'
|
||||
. join( 'Keys $',
|
||||
'simpleHash', 'doubleHash', 'specialNode', sort keys %cnodesRe )
|
||||
. 'Keys $specialNodeHash @sessionTypes $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters';
|
||||
. 'Keys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters';
|
||||
print F <<EOF;
|
||||
# This file is generated by $module. Don't modify it by hand
|
||||
package Lemonldap::NG::Manager::Constants;
|
||||
|
@ -182,8 +181,6 @@ our \$specialNodeHash = {
|
|||
oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)],
|
||||
};
|
||||
|
||||
our \@sessionTypes = ( '$sessionTypes' );
|
||||
|
||||
EOF
|
||||
|
||||
# Reinitialize $attributes
|
||||
|
@ -271,6 +268,7 @@ $defaultAttr}
|
|||
$ra->add($_);
|
||||
}
|
||||
|
||||
my $sessionTypes = join( "', '", @sessionTypes );
|
||||
my $confConstants =
|
||||
"our \$hashParameters = qr/^" . $ra->as_string . "\$/;\n";
|
||||
open( F, ">", $self->confConstantsFile ) or die($!);
|
||||
|
@ -301,6 +299,7 @@ use constant MANAGERSECTION => "manager";
|
|||
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
|
||||
use constant APPLYSECTION => "apply";
|
||||
$confConstants
|
||||
our \@sessionTypes = ( '$sessionTypes' );
|
||||
|
||||
sub NO {qr/^(?:off|no|0)?\$/i}
|
||||
|
||||
|
@ -323,6 +322,7 @@ our %EXPORT_TAGS = (
|
|||
APPLYSECTION
|
||||
NO
|
||||
\$hashParameters
|
||||
\@sessionTypes
|
||||
)
|
||||
]
|
||||
);
|
||||
|
|
|
@ -944,17 +944,27 @@ sub attributes {
|
|||
},
|
||||
|
||||
# REST server
|
||||
rest => {
|
||||
restSessionServer => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Enable REST services',
|
||||
documentation => 'Enable REST session server',
|
||||
},
|
||||
restConfigServer => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Enable REST config server',
|
||||
},
|
||||
|
||||
# SOAP server
|
||||
Soap => {
|
||||
soapSessionServer => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Enable SOAP services',
|
||||
documentation => 'Enable SOAP session server',
|
||||
},
|
||||
soapConfigServer => {
|
||||
default => 0,
|
||||
type => 'bool',
|
||||
documentation => 'Enable SOAP config server',
|
||||
},
|
||||
exportedAttr => {
|
||||
type => 'text',
|
||||
|
|
|
@ -510,11 +510,14 @@ sub tree {
|
|||
help => 'start.html#advanced_features',
|
||||
nodes => [
|
||||
'customFunctions',
|
||||
'rest',
|
||||
{
|
||||
title => 'soap',
|
||||
title => 'portalServers',
|
||||
form => 'simpleInputContainer',
|
||||
nodes => [ 'Soap', 'exportedAttr' ]
|
||||
nodes => [
|
||||
'restSessionServer', 'restConfigServer',
|
||||
'soapSessionServer', 'soapConfigServer',
|
||||
'exportedAttr'
|
||||
]
|
||||
},
|
||||
{
|
||||
title => 'loginHistory',
|
||||
|
|
|
@ -7,7 +7,7 @@ use base qw(Exporter);
|
|||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash @sessionTypes $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters)] );
|
||||
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters)] );
|
||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
our @EXPORT = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
|
||||
|
@ -19,8 +19,6 @@ our $specialNodeHash = {
|
|||
oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)],
|
||||
};
|
||||
|
||||
our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession', 'persistent', 'saml', 'oidc' );
|
||||
|
||||
our $doubleHashKeys = 'issuerDBGetParameters';
|
||||
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wpSslOpt)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))';
|
||||
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
|
||||
|
|
|
@ -181,7 +181,7 @@
|
|||
"enabled": "Enabled",
|
||||
"enterPassword": "Enter password (optional)",
|
||||
"error": "Error",
|
||||
"exportedAttr": "SOAP exported attributes",
|
||||
"exportedAttr": "SOAP/REST exported attributes",
|
||||
"exportedHeaders": "Exported headers",
|
||||
"exportedVars": "Exported Variables",
|
||||
"facebookAppId": "Facebook application ID",
|
||||
|
@ -508,6 +508,7 @@
|
|||
"portalPingInterval": "Ping Interval",
|
||||
"portalRedirection": "Portal redirections",
|
||||
"portalRequireOldPassword": "Require old password",
|
||||
"portalServers": "Portal servers",
|
||||
"portalSkin": "Default Skin",
|
||||
"portalSkinBackground": "Skin background",
|
||||
"portalSkinRules": "Skin display rules",
|
||||
|
@ -544,7 +545,8 @@
|
|||
"remoteParams": "Remote parameters",
|
||||
"remotePortal": "Portal URL",
|
||||
"replaceByFile": "Replace by file",
|
||||
"rest": "Portal REST server",
|
||||
"restConfigServer": "REST configuration server",
|
||||
"restSessionServer": "REST session server",
|
||||
"restore": "Restore",
|
||||
"restoreConf": "Restore configuration",
|
||||
"returnUrl": "Return URL",
|
||||
|
@ -589,8 +591,8 @@
|
|||
"SMTPAuthPass": "SMTP password",
|
||||
"SMTPAuthUser": "SMTP user",
|
||||
"SMTPServer": "SMTP server",
|
||||
"soap": "Portal SOAP server",
|
||||
"Soap": "Activation",
|
||||
"soapConfigServer": "SOAP configuration server",
|
||||
"soapSessionServer": "SOAP session server",
|
||||
"soapAuthService": "Portal URL",
|
||||
"soapSessionService": "SOAP sessions end point",
|
||||
"specialHandlers": "Special Handlers",
|
||||
|
|
|
@ -181,7 +181,7 @@
|
|||
"enabled": "Activé",
|
||||
"enterPassword": "Entrer le mot de passe (optionnel)",
|
||||
"error": "Erreur",
|
||||
"exportedAttr": "Attributs exportés par le portail (SOAP)",
|
||||
"exportedAttr": "Attributs exportés par le portail (SOAP/REST)",
|
||||
"exportedHeaders": "En-têtes exportés",
|
||||
"exportedVars": "Attributs à exporter",
|
||||
"facebookAppId": "ID de l'application Facebook",
|
||||
|
@ -508,6 +508,7 @@
|
|||
"portalPingInterval": "Interval du ping",
|
||||
"portalRedirection": "Redirections du portail",
|
||||
"portalRequireOldPassword": "Ancien mot de passe requis",
|
||||
"portalServers": "Serveurs du portail",
|
||||
"portalSkin": "Thème visuel par défaut",
|
||||
"portalSkinBackground": "Image de fond",
|
||||
"portalSkinRules": "Règles d'affichage du thème visuel",
|
||||
|
@ -544,7 +545,8 @@
|
|||
"remoteParams": "Paramètres Remote",
|
||||
"remotePortal": "URL du portail",
|
||||
"replaceByFile": "Remplacer par le fichier",
|
||||
"rest": "Serveur REST du portail",
|
||||
"restConfigServer": "Serveur de configurations REST",
|
||||
"restSessionServer": "Serveur de sessions REST",
|
||||
"restore": "Restaurer",
|
||||
"restoreConf": "Restaurer la configuration",
|
||||
"returnUrl": "URL de retour",
|
||||
|
@ -589,8 +591,8 @@
|
|||
"SMTPAuthPass": "Mot de passe SMTP",
|
||||
"SMTPAuthUser": "Utilisateur SMTP",
|
||||
"SMTPServer": "Serveur SMTP",
|
||||
"soap": "Serveur SOAP du portail",
|
||||
"Soap": "Activation",
|
||||
"soapConfigServer": "Serveur de configurations SOAP",
|
||||
"soapSessionServer": "Serveur de sessions SOAP",
|
||||
"soapAuthService": "URL du portail",
|
||||
"soapSessionService": "Point d'accès SOAP des sessions",
|
||||
"specialHandlers": "Handlers spéciaux",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -36,10 +36,14 @@ sub enabledPlugins {
|
|||
#}
|
||||
|
||||
# Check if SOAP is enabled
|
||||
push @res, '::Plugins::SOAPServer' if ( $self->conf->{Soap} );
|
||||
push @res, '::Plugins::SOAPServer'
|
||||
if ( $self->conf->{soapSessionServer}
|
||||
or $self->conf->{soapConfigServer} );
|
||||
|
||||
# Check if REST is enabled
|
||||
push @res, '::Plugins::RESTServer' if ( $self->conf->{rest} );
|
||||
push @res, '::Plugins::RESTServer'
|
||||
if ( $self->conf->{restSessionServer}
|
||||
or $self->conf->{soapSessionServer} );
|
||||
|
||||
# Check if notification is enabled
|
||||
push @res, '::Plugins::Notifications' if ( $self->conf->{notifications} );
|
||||
|
|
|
@ -30,11 +30,72 @@ use Mouse;
|
|||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
sub init {
|
||||
my ($self) = @_;
|
||||
1;
|
||||
my @parents = ('Lemonldap::NG::Portal::Main::Plugin');
|
||||
if ( $self->conf->{restConfigServer} ) {
|
||||
push @parents, 'Lemonldap::NG::Common::Conf::RESTServer';
|
||||
|
||||
# Methods inherited from Lemonldap::NG::Common::Conf::RESTServer
|
||||
$self->addUnauthRoute(
|
||||
confs => {
|
||||
':cfgNum' => [
|
||||
qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes
|
||||
applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes
|
||||
authChoiceModules grantSessionRules)
|
||||
]
|
||||
},
|
||||
['GET'],
|
||||
);
|
||||
$self->addUnauthRoute(
|
||||
confs => { ':cfgNum' => { '*' => 'getKey' } },
|
||||
['GET']
|
||||
);
|
||||
}
|
||||
if ( $self->conf->{restSessionServer} ) {
|
||||
push @parents, 'Lemonldap::NG::Common::Session::REST';
|
||||
|
||||
# Methods inherited from Lemonldap::NG::Common::Session::REST
|
||||
$self->addUnauthRoute(
|
||||
sessions => { ':sessionType' => 'session' },
|
||||
['GET']
|
||||
);
|
||||
$self->addUnauthRoute(
|
||||
sessions => { ':sessionType' => 'newSession' },
|
||||
['POST']
|
||||
);
|
||||
$self->addUnauthRoute(
|
||||
sessions =>
|
||||
{ ':sessionType' => { ':sessionId' => 'updateSession' } },
|
||||
['PUT']
|
||||
);
|
||||
$self->addUnauthRoute(
|
||||
sessions => { ':sessionType' => { ':sessionId' => 'delSession' } },
|
||||
['DELETE']
|
||||
);
|
||||
}
|
||||
$self->addAuthRoute(
|
||||
authorization => 'isUrlAuthorized',
|
||||
[ 'GET', 'POST' ]
|
||||
);
|
||||
extends @parents;
|
||||
return 1;
|
||||
}
|
||||
|
||||
sub updateSession {
|
||||
my ( $self, $req ) = @_;
|
||||
}
|
||||
|
||||
sub delSession {
|
||||
my ( $self, $req ) = @_;
|
||||
}
|
||||
|
||||
sub isUrlAuthorized {
|
||||
my ( $self, $req ) = @_;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -65,12 +65,19 @@ sub init {
|
|||
return 0;
|
||||
}
|
||||
$self->server( Lemonldap::NG::Common::PSGI::SOAPServer->new );
|
||||
$self->addUnauthRoute( sessions => 'unauthSessions', ['POST'] );
|
||||
$self->addUnauthRoute( adminSessions => 'unauthAdminSessions', ['POST'] );
|
||||
$self->addUnauthRoute( config => 'config', ['POST'] );
|
||||
$self->addAuthRoute( sessions => 'badSoapRequest', ['POST'] );
|
||||
$self->addAuthRoute( adminSessions => 'badSoapRequest', ['POST'] );
|
||||
$self->addAuthRoute( config => 'badSoapRequest', ['POST'] );
|
||||
if ( $self->conf->{soapSessionServer} ) {
|
||||
$self->addUnauthRoute( sessions => 'unauthSessions', ['POST'] );
|
||||
$self->addUnauthRoute(
|
||||
adminSessions => 'unauthAdminSessions',
|
||||
['POST']
|
||||
);
|
||||
$self->addAuthRoute( sessions => 'badSoapRequest', ['POST'] );
|
||||
$self->addAuthRoute( adminSessions => 'badSoapRequest', ['POST'] );
|
||||
}
|
||||
if ( $self->conf->{soapConfigServer} ) {
|
||||
$self->addUnauthRoute( config => 'config', ['POST'] );
|
||||
$self->addAuthRoute( config => 'badSoapRequest', ['POST'] );
|
||||
}
|
||||
1;
|
||||
}
|
||||
|
||||
|
@ -211,8 +218,7 @@ sub getAttributes {
|
|||
push @tmp, SOAP::Data->name( error => 0 )->type('int');
|
||||
push @tmp,
|
||||
SOAP::Data->name( attributes =>
|
||||
_buildSoapHash( $session->data, @{ $self->exportedAttr } )
|
||||
);
|
||||
_buildSoapHash( $session->data, @{ $self->exportedAttr } ) );
|
||||
}
|
||||
my $res = SOAP::Data->name( session => \SOAP::Data->value(@tmp) );
|
||||
return $res;
|
||||
|
|
|
@ -99,13 +99,13 @@ sub issuer {
|
|||
return LLNG::Manager::Test->new(
|
||||
{
|
||||
ini => {
|
||||
logLevel => $debug,
|
||||
templatesDir => 'site/htdocs/static',
|
||||
domain => 'idp.com',
|
||||
portal => 'http://auth.idp.com',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Demo',
|
||||
Soap => 1,
|
||||
logLevel => $debug,
|
||||
templatesDir => 'site/htdocs/static',
|
||||
domain => 'idp.com',
|
||||
portal => 'http://auth.idp.com',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Demo',
|
||||
soapSessionServer => 1,
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
Loading…
Reference in New Issue
Block a user