First implementation of BrowserID authentication module (#584)
This commit is contained in:
parent
53e8d74758
commit
d3c53c2235
BIN
lemonldap-ng-portal/example/skins/common/BrowserID.png
Normal file
BIN
lemonldap-ng-portal/example/skins/common/BrowserID.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.9 KiB |
19
lemonldap-ng-portal/example/skins/common/browserid.js
Normal file
19
lemonldap-ng-portal/example/skins/common/browserid.js
Normal file
|
@ -0,0 +1,19 @@
|
|||
/* Watch login and logout events */
|
||||
|
||||
navigator.id.watch({
|
||||
loggedInUser: null,
|
||||
onlogin: function(assertion) {
|
||||
// Return on page with BrowserID assertion
|
||||
var portalUrl = window.location.href;
|
||||
var portalSearch = window.location.search;
|
||||
if ( portalSearch ) {
|
||||
portalUrl += '&browserIdAssertion='+assertion
|
||||
} else {
|
||||
portalUrl += '?browserIdAssertion='+assertion
|
||||
}
|
||||
window.location.assign(portalUrl);
|
||||
},
|
||||
onlogout: function() {
|
||||
// Do nothing
|
||||
}
|
||||
});
|
|
@ -0,0 +1,3 @@
|
|||
$(document).ready(function(){
|
||||
navigator.id.request();
|
||||
});
|
|
@ -0,0 +1,3 @@
|
|||
$(document).ready(function(){
|
||||
navigator.id.logout();
|
||||
});
|
|
@ -6,6 +6,9 @@
|
|||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<meta http-equiv="Content-Script-Type" content="text/javascript" />
|
||||
<meta http-equiv="cache-control" content="no-cache" />
|
||||
<TMPL_IF NAME="browserIdEnabled">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
|
||||
</TMPL_IF>
|
||||
<link rel="stylesheet" type="text/css" href="<TMPL_VAR NAME="SKIN_PATH">/<TMPL_VAR NAME="SKIN">/css/styles.css" />
|
||||
<link href="<TMPL_VAR NAME="SKIN_PATH">/common/favicon.ico" rel="icon" type="image/x-icon" />
|
||||
<link href="<TMPL_VAR NAME="SKIN_PATH">/common/favicon.ico" rel="shortcut icon" />
|
||||
|
@ -17,6 +20,17 @@
|
|||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/jquery-ui-1.8.5.custom.min.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/jquery.base64.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/jquery.cookie.js"></script>
|
||||
<TMPL_IF NAME="browserIdEnabled">
|
||||
<script src="https://login.persona.org/include.js"></script>
|
||||
</TMPL_IF>
|
||||
<TMPL_IF NAME="browserIdLoadLoginScript">
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/browserid.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/browseridlogin.js"></script>
|
||||
</TMPL_IF>
|
||||
<TMPL_IF NAME="browserIdLoadLogoutScript">
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/browserid.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/browseridlogout.js"></script>
|
||||
</TMPL_IF>
|
||||
<script type="text/javascript">//<![CDATA[
|
||||
var displaytab='<TMPL_VAR NAME="DISPLAY_TAB">';
|
||||
var choicetab='<TMPL_VAR NAME="CHOICE_VALUE">';
|
||||
|
|
|
@ -6,6 +6,9 @@
|
|||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<meta http-equiv="Content-Script-Type" content="text/javascript" />
|
||||
<meta http-equiv="cache-control" content="no-cache" />
|
||||
<TMPL_IF NAME="browserIdEnabled">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
|
||||
</TMPL_IF>
|
||||
<link rel="stylesheet" type="text/css" href="<TMPL_VAR NAME="SKIN_PATH">/<TMPL_VAR NAME="SKIN">/css/styles.css" />
|
||||
<link href="<TMPL_VAR NAME="SKIN_PATH">/common/favicon.ico" rel="icon" type="image/x-icon" />
|
||||
<link href="<TMPL_VAR NAME="SKIN_PATH">/common/favicon.ico" rel="shortcut icon" />
|
||||
|
@ -17,6 +20,17 @@
|
|||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/jquery-ui-1.8.5.custom.min.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/jquery.base64.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/jquery.cookie.js"></script>
|
||||
<TMPL_IF NAME="browserIdEnabled">
|
||||
<script src="https://login.persona.org/include.js"></script>
|
||||
</TMPL_IF>
|
||||
<TMPL_IF NAME="browserIdLoadLoginScript">
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/browserid.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/browseridlogin.js"></script>
|
||||
</TMPL_IF>
|
||||
<TMPL_IF NAME="browserIdLoadLogoutScript">
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/browserid.js"></script>
|
||||
<script type="text/javascript" src="<TMPL_VAR NAME="SKIN_PATH">/common/browseridlogout.js"></script>
|
||||
</TMPL_IF>
|
||||
<script type="text/javascript">//<![CDATA[
|
||||
var displaytab='<TMPL_VAR NAME="DISPLAY_TAB">';
|
||||
var choicetab='<TMPL_VAR NAME="CHOICE_VALUE">';
|
||||
|
|
255
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthBrowserID.pm
Normal file
255
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthBrowserID.pm
Normal file
|
@ -0,0 +1,255 @@
|
|||
##@file
|
||||
# BrowserID authentication backend file
|
||||
|
||||
##@class
|
||||
# BrowserID authentication backend class
|
||||
package Lemonldap::NG::Portal::AuthBrowserID;
|
||||
|
||||
use strict;
|
||||
use Lemonldap::NG::Portal::Simple;
|
||||
use LWP::UserAgent;
|
||||
use HTTP::Request;
|
||||
use JSON;
|
||||
|
||||
our $VERSION = '1.3.0';
|
||||
|
||||
## @apmethod int authInit()
|
||||
# Enables Browser ID (required for templates)
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub authInit {
|
||||
my $self = shift;
|
||||
|
||||
$self->{browserIdVerificationURL} ||=
|
||||
"https://verifier.login.persona.org/verify";
|
||||
$self->{browserIdAuthnLevel} = "2"
|
||||
unless defined $self->{browserIdAuthnLevel};
|
||||
|
||||
# Enable BrowserID in template
|
||||
$self->{tpl_browserIdEnabled} = 1;
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
## @apmethod int setAuthSessionInfo()
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub setAuthSessionInfo {
|
||||
my $self = shift;
|
||||
|
||||
$self->{sessionInfo}->{authenticationLevel} = $self->{browserIdAuthnLevel};
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
## @apmethod int extractFormInfo()
|
||||
# Get BrowserID assertion
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub extractFormInfo {
|
||||
my $self = shift;
|
||||
|
||||
# Assertion should be in POST browserIdAssertion parameter (ajax call)
|
||||
if ( $self->{browserIdAssertion} = $self->param('browserIdAssertion') ) {
|
||||
$self->lmLog(
|
||||
"BrowserID Assertion found: " . $self->{browserIdAssertion},
|
||||
'debug' );
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
# No assertion, return to login page with BrowserID login script
|
||||
$self->{tpl_browserIdLoadLoginScript} = 1;
|
||||
return PE_FIRSTACCESS;
|
||||
}
|
||||
|
||||
## @apmethod int authenticate()
|
||||
# Verify assertion and audience
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub authenticate {
|
||||
my $self = shift;
|
||||
|
||||
# Return unless BrowserID assertion
|
||||
return PE_FIRSTACCESS unless ( $self->{browserIdAssertion} );
|
||||
|
||||
my $ua = new LWP::UserAgent;
|
||||
push @{ $ua->requests_redirectable }, 'POST';
|
||||
|
||||
my $postdata =
|
||||
"assertion="
|
||||
. $self->{browserIdAssertion}
|
||||
. "&audience="
|
||||
. $self->{portal};
|
||||
|
||||
$self->lmLog( "Send $postdata to " . $self->{browserIdVerificationURL},
|
||||
'debug' );
|
||||
|
||||
my $request =
|
||||
HTTP::Request->new( 'POST' => $self->{browserIdVerificationURL} );
|
||||
$request->content_type('application/x-www-form-urlencoded');
|
||||
$request->content($postdata);
|
||||
|
||||
my $answer = $ua->request($request);
|
||||
|
||||
$self->lmLog( "Verification response: " . $answer->as_string, 'debug' );
|
||||
|
||||
if ( $answer->code() == "200" ) {
|
||||
|
||||
# Get JSON answser
|
||||
my $browserIdVerificationAnswer = $answer->content;
|
||||
$self->lmLog( "Received BrowserID answer: $browserIdVerificationAnswer",
|
||||
'debug' );
|
||||
|
||||
my $json = new JSON();
|
||||
$self->{browserIdAnswer} = $json->decode($browserIdVerificationAnswer);
|
||||
|
||||
if ( $self->{browserIdAnswer}->{status} eq "okay" ) {
|
||||
$self->{_user} = $self->{browserIdAnswer}->{email};
|
||||
$self->{sessionInfo}->{user} = $self->{_user};
|
||||
|
||||
$self->lmLog(
|
||||
"Found user "
|
||||
. $self->{_user}
|
||||
. " in BrowserID verification answer",
|
||||
'debug'
|
||||
);
|
||||
|
||||
# TODO - check audience
|
||||
# TODO - adjust session duration with BrowserID expires field
|
||||
# TODO - check SSL certificate
|
||||
|
||||
return PE_OK;
|
||||
}
|
||||
else {
|
||||
$self->lmLog(
|
||||
"Assertion "
|
||||
. $self->{browserIdAssertion}
|
||||
. " not verified by BrowserID provider",
|
||||
'error'
|
||||
);
|
||||
return PE_ERROR;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$self->lmLog(
|
||||
"Fail to validate BrowserId assertion "
|
||||
. $self->{browserIdAssertion},
|
||||
'error'
|
||||
);
|
||||
return PE_ERROR;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
## @apmethod int authFinish()
|
||||
# Does nothing.
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub authFinish {
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
## @apmethod int authLogout()
|
||||
# Call BrowserID logout method
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub authLogout {
|
||||
my $self = shift;
|
||||
$self->{tpl_browserIdLoadLogoutScript} = 1;
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
## @apmethod boolean authForce()
|
||||
# Does nothing
|
||||
# @return result
|
||||
sub authForce {
|
||||
return 0;
|
||||
}
|
||||
|
||||
## @method string getDisplayType
|
||||
# @return display type
|
||||
sub getDisplayType {
|
||||
return "logo";
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
=head1 NAME
|
||||
|
||||
=encoding utf8
|
||||
|
||||
Lemonldap::NG::Portal::AuthBrowserID - Perl extension for building Lemonldap::NG
|
||||
compatible portals with Mozilla BrowserID protocol
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Lemonldap::NG::Portal::SharedConf;
|
||||
my $portal = new Lemonldap::NG::Portal::Simple(
|
||||
configStorage => {...}, # See Lemonldap::NG::Portal
|
||||
authentication => 'BrowserID',
|
||||
);
|
||||
|
||||
if($portal->process()) {
|
||||
# Write here the menu with CGI methods. This page is displayed ONLY IF
|
||||
# the user was not redirected here.
|
||||
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
|
||||
print "...";
|
||||
|
||||
# or redirect the user to the menu
|
||||
print $portal->redirect( -uri => 'https://portal/menu');
|
||||
}
|
||||
else {
|
||||
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3))
|
||||
print "<html><body><h1>Unable to work</h1>";
|
||||
print "This server isn't well configured. Contact your administrator.";
|
||||
print "</body></html>";
|
||||
}
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This library just overload few methods of Lemonldap::NG::Portal::Simple to
|
||||
create sessions for anonymous users.
|
||||
|
||||
See L<Lemonldap::NG::Portal::Simple> for usage and other methods.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Portal::Simple>,
|
||||
L<http://lemonldap-ng.org/>
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
=over
|
||||
|
||||
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
||||
|
||||
=back
|
||||
|
||||
=head1 BUG REPORT
|
||||
|
||||
Use OW2 system to report bug or ask for features:
|
||||
L<http://jira.ow2.org>
|
||||
|
||||
=head1 DOWNLOAD
|
||||
|
||||
Lemonldap::NG is available at
|
||||
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
=over
|
||||
|
||||
=item Copyright (C) 2013 by Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
||||
|
||||
=back
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
||||
|
||||
=cut
|
||||
|
27
lemonldap-ng-portal/t/67-Lemonldap-NG-Portal-AuthBrowserID.t
Normal file
27
lemonldap-ng-portal/t/67-Lemonldap-NG-Portal-AuthBrowserID.t
Normal file
|
@ -0,0 +1,27 @@
|
|||
# Before `make install' is performed this script should be runnable with
|
||||
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Portal-AuthSsl.t'
|
||||
|
||||
#########################
|
||||
|
||||
# change 'tests => 1' to 'tests => last_test_to_print';
|
||||
|
||||
use Test::More tests => 2;
|
||||
BEGIN { use_ok('Lemonldap::NG::Portal::Simple') }
|
||||
|
||||
#########################
|
||||
|
||||
# Insert your test code below, the Test::More module is use()ed here so read
|
||||
# its man page ( perldoc Test::More ) for help writing this test script.
|
||||
|
||||
$ENV{"REQUEST_METHOD"} = 'GET';
|
||||
my $p;
|
||||
ok(
|
||||
$p = Lemonldap::NG::Portal::Simple->new(
|
||||
{
|
||||
globalStorage => 'Apache::Session::File',
|
||||
domain => 'example.com',
|
||||
authentication => 'BrowserID',
|
||||
}
|
||||
)
|
||||
);
|
||||
|
Loading…
Reference in New Issue
Block a user