dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More comments

Browse Source
This commit is contained in:
Xavier Guimard 2013-10-11 18:59:18 +00:00
parent 4d03b75951
commit da41295b76
2 changed files with 45 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthFacebook.pm
View File

@ -80,6 +80,8 @@ sub extractFormInfo {
my $self = shift; my $self = shift;
# 1. Check Facebook responses # 1. Check Facebook responses
# 1.1 Good responses
if ( my $code = $self->param('code') ) { if ( my $code = $self->param('code') ) {
if ( my $access_token = $self->fb()->get_access_token( code => $code ) ) if ( my $access_token = $self->fb()->get_access_token( code => $code ) )
{ {
@ -141,6 +143,7 @@ sub extractFormInfo {
return PE_BADCREDENTIALS; return PE_BADCREDENTIALS;
} }
# 1.2 Bad responses
if ( my $error_code = $self->param('error_code') ) { if ( my $error_code = $self->param('error_code') ) {
my $error_message = $self->param('error_message'); my $error_message = $self->param('error_message');
$self->lmLog( "Facebook error code $error_code: $error_message", $self->lmLog( "Facebook error code $error_code: $error_message",

60
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthGoogle.pm
View File

@ -32,6 +32,7 @@ BEGIN {
sub googleEndPoint { sub googleEndPoint {
my $self = shift; my $self = shift;
# First time, get and store Google endpoint
unless ($googleEndPoint) { unless ($googleEndPoint) {
my $response = my $response =
$self->ua()->get( GOOGLEENDPOINT, Accept => 'application/xrds+xml' ); $self->ua()->get( GOOGLEENDPOINT, Accept => 'application/xrds+xml' );
@ -40,17 +41,21 @@ sub googleEndPoint {
# Dirty XML parse # Dirty XML parse
# (searching for <URI>https://www.google.com/accounts/o8/ud</URI>) # (searching for <URI>https://www.google.com/accounts/o8/ud</URI>)
my $tmp = $response->decoded_content; my $tmp = $response->decoded_content;
if ( $tmp =~ m#<URI.*?>(\S+)</URI>#mi ) { if ( $tmp =~ m#<URI.*?>\s*(\S+)\s*</URI>#mi ) {
$googleEndPoint = $1; $googleEndPoint = $1;
} }
else { else {
$self->lmLog( 'Here is the Google response: ' $self->lmLog(
. $response->decoded_content ); 'Here is the Google response: '
$self->abort('Can\'t find endpoint in Googe response'); . $response->decoded_content,
'error'
);
$self->abort('Can\'t find endpoint in Google response');
} }
} }
else { else {
$self->abort('Can\'t access to Google endpoint'); $self->abort( 'Can\'t access to Google endpoint:',
$response->status_line );
} }
} }
return $googleEndPoint; return $googleEndPoint;
@ -85,7 +90,7 @@ sub checkGoogleSession {
} }
} }
} }
else { else { # Parse AX response
# First store email as user key. Note that this is the returned value # First store email as user key. Note that this is the returned value
# so if it's empty, request is retried # so if it's empty, request is retried
@ -99,7 +104,7 @@ sub checkGoogleSession {
eval { tie %$h, $self->{persistentStorage}, undef, \%opts; }; eval { tie %$h, $self->{persistentStorage}, undef, \%opts; };
if ($@) { if ($@) {
$self->abort( $self->abort(
"Unable to create persistent session required to use Google backend: $@" "Unable to create persistent session, required to use Google backend: $@"
); );
} }
else { else {
@ -112,7 +117,7 @@ sub checkGoogleSession {
} }
} }
# Retrieve AX datas # Retrieve AX datas (and store them in persistent session)
foreach my $k ( $self->param() ) { foreach my $k ( $self->param() ) {
if ( $k =~ /^openid\.$self->{_AXNS}\.value\.(\w+)$/ ) { if ( $k =~ /^openid\.$self->{_AXNS}\.value\.(\w+)$/ ) {
$gs->{$1} = $h->{$1} = $self->param($k); $gs->{$1} = $h->{$1} = $self->param($k);
@ -153,6 +158,8 @@ sub checkGoogleSession {
} }
$self->{sessionInfo}->{$attr} = $gs->{$v}; $self->{sessionInfo}->{$attr} = $gs->{$v};
} }
# If an exported variable is not AX compliant, just warn
else { else {
$self->lmLog( $self->lmLog(
'Ignoring attribute ' 'Ignoring attribute '
@ -162,7 +169,11 @@ sub checkGoogleSession {
); );
} }
} }
# Save persistent session
untie %$h if ($h); untie %$h if ($h);
# Boolean value: ~false if no $user value
return $self->{user}; return $self->{user};
} }
@ -197,7 +208,8 @@ sub extractFormInfo {
# Launch request # Launch request
my $response = $self->ua()->get( $check_url, Accept => 'text/plain' ); my $response = $self->ua()->get( $check_url, Accept => 'text/plain' );
unless ( $response->is_success ) { unless ( $response->is_success ) {
$self->abort('Can\'t verify Google authentication'); $self->abort( 'Can\'t verify Google authentication',
$response->status_line );
} }
else { else {
my %tmp = my %tmp =
@ -212,8 +224,8 @@ sub extractFormInfo {
# 1.2 Check if datas are already shared with Google # 1.2 Check if datas are already shared with Google
unless ( $self->checkGoogleSession() ) { unless ( $self->checkGoogleSession() ) {
# Datas are missing, prepare to launch a new request with # Datas are missing, prepare AX query which will be added to
# AX request # the request to Google
# a) email is required, will be used as 'user' field # a) email is required, will be used as 'user' field
$ax = $ax =
@ -228,11 +240,15 @@ sub extractFormInfo {
my $u; my $u;
while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) { while ( my ( $v, $k ) = each %{ $self->{exportedVars} } ) {
next if ( $k eq 'email' ); next if ( $k eq 'email' );
# Check if wanted attribute is known by Google
if ( $k =~ if ( $k =~
/^(?:(?:la(?:nguag|stnam)|firstnam)e|country)$/ ) /^(?:(?:la(?:nguag|stnam)|firstnam)e|country)$/ )
{ {
$ax .= ",$k"; $ax .= ",$k";
$u .= "&openid.ax.type.$k="
# Note: AX type seems to be required by Google
$u .= "&openid.ax.type.$k="
. { . {
country => country =>
"http://axschema.org/contact/country/home", "http://axschema.org/contact/country/home",
@ -265,27 +281,35 @@ sub extractFormInfo {
} }
# 2. Redirect user to Google login page: # 2. Redirect user to Google login page:
# * no OpenID response or missing datas # => no OpenID response or missing datas
# Build request to Google
my $check_url = my $check_url =
$self->googleEndPoint() $self->googleEndPoint()
. '?openid.mode=checkid_setup' . '?openid.mode=checkid_setup'
. '&openid.ns=http://specs.openid.net/auth/2.0' . '&openid.ns=http://specs.openid.net/auth/2.0'
. '&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select' . '&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select'
. '&openid.identity=http://specs.openid.net/auth/2.0/identifier_select' . '&openid.identity=http://specs.openid.net/auth/2.0/identifier_select'
. $ax; . $ax; # Requested attributes if set
my $sep = '?';
my $ret = $self->{portal}; # Build portal URI...
my $sep = '?';
my $returnTo = $self->{portal};
foreach my $v ( foreach my $v (
[ $self->{_url}, "url" ], [ $self->{_url}, "url" ],
[ $self->param( $self->{authChoiceParam} ), $self->{authChoiceParam} ] [ $self->param( $self->{authChoiceParam} ), $self->{authChoiceParam} ]
) )
{ {
if ( $v->[0] ) { if ( $v->[0] ) {
$ret .= "$sep$v->[1]=$v->[0]"; $returnTo .= "$sep$v->[1]=$v->[0]";
$sep = '&'; $sep = '&';
} }
} }
$check_url .= '&openid.return_to=' . uri_escape_utf8($ret);
# ... and add it
$check_url .= '&openid.return_to=' . uri_escape_utf8($returnTo);
# Now redirect user
print $self->redirect($check_url); print $self->redirect($check_url);
$self->quit(); $self->quit();
} }