dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Kerberos-by-Ajax skeleton (#707)

Browse Source 
TODO: write javascript
This commit is contained in:
Xavier Guimard 2017-04-06 11:33:12 +00:00
parent 9894853355
commit ddc1615546
3 changed files with 109 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm
View File

@ -128,13 +128,6 @@ sub sendError {
$err ||= $req->error;
$code ||= 500;
$self->lmLog( "Error $code: $err", $code > 499 ? 'error' : 'notice' );
my $title = (
$code >= 500 ? 'Server error'
: $code == 403 ? 'Forbidden'
: $code == 401 ? 'Authentication required'
: $code == 400 ? 'Bad request'
: 'Error'
);
# SOAP responses
if ( $req->env->{HTTP_SOAPACTION} ) {
@ -166,6 +159,13 @@ sub sendError {
# Default response: HTML
else {
my $title = (
$code >= 500 ? 'Server error'
: $code == 403 ? 'Forbidden'
: $code == 401 ? 'Authentication required'
: $code == 400 ? 'Bad request'
: 'Error'
);
my $s = "<html><head><title>$title</title>
<style>
body{background:#000;color:#fff;padding:10px 50px;font-family:sans-serif;}a{text-decoration:none;color:#fff;}h1{text-align:center;}

65
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
View File

@ -7,6 +7,7 @@ use MIME::Base64;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_BADCREDENTIALS
PE_ERROR
PE_FIRSTACCESS
PE_OK
PE_SENDRESPONSE
);
@ -32,19 +33,67 @@ sub extractFormInfo {
my ( $self, $req ) = @_;
my $auth = $req->env->{HTTP_AUTHORIZATION};
unless ($auth) {
$req->response(
[
401,
[ 'WWW-Authenticate' => 'Negotiate' ],
['Authentication required']
]
);
return PE_SENDRESPONSE;
# Case 1: simple usage or first Kerberos Ajax request
# => return 401 to initiate Kerberos
if ( !$self->{conf}->{krbByJs} or $req->param('krb') ) {
# Case 1.1: Ajax request
if ( $req->wantJSON ) {
$req->response(
[
401,
[
'WWW-Authenticate' => 'Negotiate',
'Content-Type' => 'application/json',
'Content-Length' => 35
],
['{"error":"Authentication required"}']
]
);
}
# Case 1.2: HTML request: error is customized
else {
$req->error(PE_BADCREDENTIALS);
push @{ $req->respHeaders }, 'WWW-Authenticate' => 'Negotiate';
my ( $tpl, $prms ) = $self->p->display($req);
$req->response(
$self->p->sendHtml(
$req, $tpl,
params => $prms,
code => 401
)
);
}
return PE_SENDRESPONSE;
}
# Case 2: Ajax Kerberos request has failed, and javascript has reloaded
# page with "kerberos=0". Return an error to be able to switch to
# another backend (Combination)
# switch to another backend
elsif ( defined $req->param('krb') ) {
return PE_BADCREDENTIALS;
}
# Case 3: Display kerberos auth page (with javascript)
else {
$req->datas->{customScript} .=
'<script type="text/javascript" src="'
. $self->p->staticPrefix
. 'common/js/kerberos.js"></script>';
return PE_FIRSTACCESS;
}
}
# Case 4: an "Authorization header" has been sent
if ( $auth !~ /^Negotiate (.*)$/ ) {
$self->userLogger->error('Bad authorization header');
return PE_BADCREDENTIALS;
}
# Case 5: Kerberos ticket received
my $data;
eval { $data = MIME::Base64::decode($1) };
if ($@) {

45
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
View File

@ -50,6 +50,11 @@ sub display {
AUTH_URL => $req->{datas}->{_url},
CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->datas->{_authChoice},
(
$req->datas->{customScript}
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
: ()
),
);
}
@ -74,6 +79,11 @@ sub display {
CONFIRMKEY => $self->stamp(),
LIST => $req->datas->{list} || [],
REMEMBER => $req->datas->{confirmRemember},
(
$req->datas->{customScript}
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
: ()
),
);
}
@ -91,6 +101,11 @@ sub display {
FORM_METHOD => $self->conf->{infoFormMethod},
CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->datas->{_authChoice},
(
$req->datas->{customScript}
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
: ()
),
);
}
@ -108,6 +123,11 @@ sub display {
AUTH_ERROR_TYPE => $req->error_type,
PROVIDERURI => $p,
MSG => $req->info(),
(
$req->datas->{customScript}
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
: ()
),
);
$templateParams{ID} = $req->datas->{_openidPortal} . $id if ($id);
}
@ -121,6 +141,11 @@ sub display {
URL => $req->{urldc},
HIDDEN_INPUTS => $self->buildHiddenForm($req),
FORM_METHOD => $req->datas->{redirectFormMethod} || 'get',
(
$req->datas->{customScript}
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
: ()
),
);
}
@ -136,6 +161,11 @@ sub display {
APPSLIST_ORDER => $req->{sessionInfo}->{'appsListOrder'},
PING => $self->conf->{portalPingInterval},
$self->menu->params($req),
(
$req->datas->{customScript}
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
: ()
),
);
}
@ -146,6 +176,11 @@ sub display {
CONFIRMKEY => $self->stamp,
PORTAL => $self->conf->{portal},
URL => $req->datas->{_url},
(
$req->datas->{customScript}
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
: ()
),
);
}
@ -158,6 +193,11 @@ sub display {
%templateParams = (
AUTH_ERROR => $req->error,
AUTH_ERROR_TYPE => $req->error_type,
(
$req->datas->{customScript}
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
: ()
),
);
}
@ -179,6 +219,11 @@ sub display {
REGISTER_URL => $self->conf->{registerUrl},
HIDDEN_INPUTS => $self->buildHiddenForm($req),
STAYCONNECTED => $self->conf->{stayConnected},
(
$req->datas->{customScript}
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
: ()
),
);
# Display captcha if it's enabled