#595 in progress
This commit is contained in:
Xavier Guimard
parent
eb4b72168b
commit
d3d6410646
|
|
@ -7,6 +7,6 @@ our $VERSION = '2.0.0';
|
|||
|
||||
extends 'Lemonldap::NG::Portal::Main::Module';
|
||||
|
||||
has authnLevel => (is => 'rw');
|
||||
has authnLevel => ( is => 'rw' );
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -27,8 +27,8 @@ has _authentication => ( is => 'rw' );
|
|||
has _userDB => ( is => 'rw' );
|
||||
|
||||
# Macros and groups
|
||||
has _macros => (is => 'rw');
|
||||
has _groups => (is => 'rw');
|
||||
has _macros => ( is => 'rw' );
|
||||
has _groups => ( is => 'rw' );
|
||||
|
||||
# Lists to store plugins entry-points
|
||||
has beforeAuth => (
|
||||
|
|
@ -91,7 +91,10 @@ sub reloadConf {
|
|||
}
|
||||
|
||||
# Reinitialize arrays
|
||||
foreach (qw(_macros _groups beforeAuth betweenAuthAndDatas afterDatas forAuthUser)) {
|
||||
foreach (
|
||||
qw(_macros _groups beforeAuth betweenAuthAndDatas afterDatas forAuthUser)
|
||||
)
|
||||
{
|
||||
$self->{$_} = [];
|
||||
}
|
||||
|
||||
|
|
@ -160,8 +163,7 @@ sub loadPlugin {
|
|||
my ( $self, $plugin ) = @_;
|
||||
my $obj;
|
||||
return 0
|
||||
unless ( $obj =
|
||||
$self->loadModule("$plugin") );
|
||||
unless ( $obj = $self->loadModule("$plugin") );
|
||||
foreach my $sub (
|
||||
qw(beforeAuthProcess addSessionData afterAuthProcess forAuthUser))
|
||||
{
|
||||
|
|
@ -177,7 +179,7 @@ sub loadPlugin {
|
|||
sub loadModule {
|
||||
my ( $self, $module ) = @_;
|
||||
my $obj;
|
||||
$module = "Lemonldap::NG::Portal$module" if($module =~/^::/);
|
||||
$module = "Lemonldap::NG::Portal$module" if ( $module =~ /^::/ );
|
||||
|
||||
eval "require $module";
|
||||
if ($@) {
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ sub enabledPlugins {
|
|||
foreach my $type (qw(password register)) {
|
||||
my $tmp = $self->conf->{$type};
|
||||
if ( $tmp and $tmp ne 'Null' ) {
|
||||
$tmp = '::'.ucfirst($type) . "DB::$tmp";
|
||||
$tmp = '::' . ucfirst($type) . "DB::$tmp";
|
||||
$self->lmLog("$tmp enabled");
|
||||
push @res, $tmp;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,28 @@ use MIME::Base64;
|
|||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
# Main method
|
||||
# -----------
|
||||
# Launch all methods declared in request "steps" array. Methods can be
|
||||
# declared by their name (in Lemonldap::NG::Portal::Main namespace) or point
|
||||
# to a subroutine (see Lemonldap::NG::Portal::Main::Run.pm)
|
||||
|
||||
sub process {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
#$req->error(PE_OK);
|
||||
my $err = PE_OK;
|
||||
while ( my $sub = shift @{ $req->steps } ) {
|
||||
if ( ref $sub ) {
|
||||
last if ( $sub->($req) );
|
||||
}
|
||||
else {
|
||||
last if ( $err = $self->$sub($req) );
|
||||
}
|
||||
}
|
||||
return $err;
|
||||
}
|
||||
|
||||
# First process block: check args
|
||||
# -------------------------------
|
||||
|
||||
|
|
@ -15,6 +37,7 @@ our $VERSION = '2.0.0';
|
|||
sub restoreArgs {
|
||||
my ( $self, $req ) = @_;
|
||||
$req->parseBody;
|
||||
$req->mustRedirect(1);
|
||||
return ( %{ $req->params } ? PE_OK : PE_FORMEMPTY );
|
||||
}
|
||||
|
||||
|
|
@ -24,19 +47,20 @@ sub controlUrl {
|
|||
$req->datas->{_url} ||= '';
|
||||
if ( my $url = $req->param('url') ) {
|
||||
|
||||
# REJECT NON BASE64 URL except for CAS IssuerDB
|
||||
if ( $self->get_module('issuer') ne "CAS" ) {
|
||||
# REJECT NON BASE64 URL
|
||||
if ( $req->urlNotBase64 ) {
|
||||
$req->datas->{urldc} = $url;
|
||||
}
|
||||
else {
|
||||
if ( $url =~ m#[^A-Za-z0-9\+/=]# ) {
|
||||
$self->lmLog(
|
||||
"Value must be in BASE64 (param: url | value: $url)",
|
||||
"warn" );
|
||||
return PE_BADURL;
|
||||
}
|
||||
|
||||
$req->datas->{urldc} = decode_base64($url);
|
||||
$req->datas->{urldc} =~ s/[\r\n]//sg;
|
||||
}
|
||||
else { $req->datas->{urldc} = $url; }
|
||||
|
||||
# For logout request, test if Referer comes from an authorizated site
|
||||
my $tmp =
|
||||
|
|
@ -97,7 +121,8 @@ sub setSessionInfo {
|
|||
my ( $self, $req ) = @_;
|
||||
|
||||
# Get the current user module
|
||||
$req->{sessionInfo}->{_userDB} = $self->get_module("user");
|
||||
$req->{sessionInfo}->{_auth} = $self->getModule("auth");
|
||||
$req->{sessionInfo}->{_userDB} = $self->getModule("user");
|
||||
|
||||
# Store IP address from remote address or X-FORWARDED-FOR header
|
||||
$req->{sessionInfo}->{ipAddr} = $req->remote_ip;
|
||||
|
|
@ -127,7 +152,7 @@ sub setSessionInfo {
|
|||
$req->{sessionInfo}->{_url} = $req->datas->{urldc};
|
||||
|
||||
# Call UserDB setSessionInfo
|
||||
return $self->_userDB->setSessionInfo($req) );
|
||||
return $self->_userDB->setSessionInfo($req);
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
|
@ -174,8 +199,7 @@ sub setPersistentSessionInfo {
|
|||
sub setLocalGroups {
|
||||
my ( $self, $req ) = @_;
|
||||
foreach ( sort keys %{ $self->_groups } ) {
|
||||
if ( $self->_groups->{$_}->($req) ) )
|
||||
{
|
||||
if ( $self->_groups->{$_}->($req) ) {
|
||||
$req->{sessionInfo}->{groups} .=
|
||||
$self->conf->{multiValuesSeparator} . $_;
|
||||
$req->{sessionInfo}->{hGroups}->{$_}->{name} = $_;
|
||||
|
|
@ -237,7 +261,8 @@ sub store {
|
|||
|
||||
sub buildCookie {
|
||||
my ( $self, $req ) = @_;
|
||||
push @{ $req->respCookies }, $self->cookie(
|
||||
push @{ $req->respCookies },
|
||||
$self->cookie(
|
||||
name => $self->{cookieName},
|
||||
value => $self->{id},
|
||||
domain => $self->{domain},
|
||||
|
|
@ -266,8 +291,8 @@ sub buildCookie {
|
|||
sub cookie {
|
||||
my ( $self, %h ) = @_;
|
||||
my @res;
|
||||
$req[0] = "$h{name}" or die("name required");
|
||||
my $res[0] .= "=$h{value}";
|
||||
$res[0] = "$h{name}" or die("name required");
|
||||
$res[0] .= "=$h{value}";
|
||||
foreach (qw(domain path expires max_age)) {
|
||||
my $f = $_;
|
||||
s/_/-/g;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
package Lemonldap::NG::Portal::Main::Request;
|
||||
|
||||
# Developpers, be careful: new() is never called so default values will not be
|
||||
# taken in account (see Portal::Run::handler())
|
||||
|
||||
use strict;
|
||||
use Mouse;
|
||||
|
||||
|
|
@ -21,6 +24,12 @@ has respCookies => ( is => 'rw' );
|
|||
# Template to display (if not defined, login or menu)
|
||||
has template => ( is => 'rw' );
|
||||
|
||||
# Boolean to indicate that response must be a redirection
|
||||
has mustRedirect => ( is => 'rw' );
|
||||
|
||||
# Boolean to indicate that url isn't Base64 encoded
|
||||
has urlNotBase64 => ( is => 'rw' );
|
||||
|
||||
sub wantJSON {
|
||||
return $_[0]->accept =~ m#(?:application|text)/json# ? 1 : 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,18 +1,12 @@
|
|||
##@class Lemonldap::NG::Portal::Main::Run
|
||||
# Serve request part of Lemonldap::NG portal
|
||||
#
|
||||
# Methods:
|
||||
# - handler(): verify that portal configuration is the same that the
|
||||
# underlying handler configuration before launching
|
||||
# Lemonldap::NG::Common::PSGI::Router::handler() (which parse
|
||||
# routes)
|
||||
# Parts of this file:
|
||||
# - response handler
|
||||
# - main entry points
|
||||
# - running methods
|
||||
# - utilities
|
||||
#
|
||||
# Entry points:
|
||||
# - "/test": - authenticated() for already authenticated users
|
||||
# - pleaseAuth() for others
|
||||
# - "/": - login() ~first access
|
||||
# - postLogin(), same for POST requests
|
||||
# - authenticatedRequest() for authenticated users
|
||||
package Lemonldap::NG::Portal::Main::Run;
|
||||
|
||||
use strict;
|
||||
|
|
@ -22,6 +16,21 @@ use Lemonldap::NG::Portal::Main::Request;
|
|||
|
||||
our $VERSION = '2.0.0';
|
||||
|
||||
# List constants
|
||||
sub authProcess { qw(extractFormInfo getUser authenticate) }
|
||||
|
||||
sub sessionDatas {
|
||||
qw(setSessionInfo setMacros setGroups setPersistentSessionInfo
|
||||
setLocalGroups store buildCookie);
|
||||
}
|
||||
|
||||
# RESPONSE HANDLER
|
||||
# ----------------
|
||||
#
|
||||
# - check if conf has changed
|
||||
# - replace Lemonldap::NG::Common::PSGI::Request request by
|
||||
# Lemonldap::NG::Portal::Main::Request
|
||||
# - launch Lemonldap::NG::Common::PSGI::Request::handler()
|
||||
sub handler {
|
||||
my ( $self, $req ) = shift;
|
||||
unless ($self->conf->{cfgNum}
|
||||
|
|
@ -33,9 +42,16 @@ sub handler {
|
|||
return $self->SUPER::handler($req);
|
||||
}
|
||||
|
||||
# CORE REST API
|
||||
# MAIN ENTRY POINTS (declared in Lemonldap::NG::Portal::Main::Init)
|
||||
# -----------------
|
||||
#
|
||||
# Entry points:
|
||||
# - "/test": - authenticated() for already authenticated users
|
||||
# - pleaseAuth() for others
|
||||
# - "/": - login() ~first access
|
||||
# - postLogin(), same for POST requests
|
||||
# - authenticatedRequest() for authenticated users
|
||||
|
||||
# Methods that handle /test
|
||||
sub authenticated {
|
||||
my ( $self, $req ) = @_;
|
||||
return $self->sendJSONresponse( $req, { status => 1 } );
|
||||
|
|
@ -46,15 +62,6 @@ sub pleaseAuth {
|
|||
return $self->sendJSONresponse( $req, { status => 0 } );
|
||||
}
|
||||
|
||||
# MAIN ENTRY POINTS
|
||||
|
||||
# List constants
|
||||
sub authProcess { qw(extractFormInfo getUser authenticate) }
|
||||
|
||||
sub sessionDatas {
|
||||
qw(setSessionInfo setMacros setGroups setPersistentSessionInfo
|
||||
setLocalGroups store buildCookie);
|
||||
}
|
||||
|
||||
sub login {
|
||||
my ( $self, $req ) = @_;
|
||||
|
|
@ -73,9 +80,10 @@ sub postLogin {
|
|||
return $req->do(
|
||||
$req,
|
||||
[
|
||||
'restoreArgs', 'controlUrl' @{ $self->beforeAuth },
|
||||
&authProcess, @{ $self->betweenAuthAndDatas },
|
||||
&sessionDatas, @{ $self->afterdatas },
|
||||
'restoreArgs', 'controlUrl',
|
||||
@{ $self->beforeAuth }, &authProcess,
|
||||
@{ $self->betweenAuthAndDatas }, &sessionDatas,
|
||||
@{ $self->afterdatas },
|
||||
]
|
||||
);
|
||||
}
|
||||
|
|
@ -85,6 +93,9 @@ sub authenticatedRequest {
|
|||
return $req->do( $req, $self->forAuthUser );
|
||||
}
|
||||
|
||||
# RUNNING METHODS
|
||||
# ---------------
|
||||
|
||||
sub do {
|
||||
my ( $self, $req, $steps ) = @_;
|
||||
$req->steps($steps);
|
||||
|
|
@ -117,18 +128,32 @@ sub do {
|
|||
}
|
||||
}
|
||||
|
||||
sub process {
|
||||
my ( $self, $req ) = @_;
|
||||
# Utilities
|
||||
# ---------
|
||||
|
||||
#$req->error(PE_OK);
|
||||
my $err = PE_OK;
|
||||
while ( my $sub = shift @{ $req->steps } ) {
|
||||
last if ( $err = $self->$sub($req) );
|
||||
sub getModule {
|
||||
my ( $self, $req, $type ) = @_;
|
||||
if (
|
||||
my $mod = {
|
||||
auth => '_authentication',
|
||||
user => '_userDB',
|
||||
password => '_passwordDB'
|
||||
}->{$type}
|
||||
)
|
||||
{
|
||||
if ( $self->$mod->can('name') ) {
|
||||
return $self->$mod->can('name');
|
||||
}
|
||||
else {
|
||||
return ref( $self->$mod );
|
||||
}
|
||||
}
|
||||
elsif ( $type eq 'issuer' ) {
|
||||
return $req->{_activeIssuerDB};
|
||||
}
|
||||
else {
|
||||
die "Unknown type $type";
|
||||
}
|
||||
return $err;
|
||||
}
|
||||
|
||||
# TODO in run
|
||||
# - mustRedirect
|
||||
|
||||
1;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user