parent
9894853355
commit
ddc1615546
|
@ -128,13 +128,6 @@ sub sendError {
|
||||||
$err ||= $req->error;
|
$err ||= $req->error;
|
||||||
$code ||= 500;
|
$code ||= 500;
|
||||||
$self->lmLog( "Error $code: $err", $code > 499 ? 'error' : 'notice' );
|
$self->lmLog( "Error $code: $err", $code > 499 ? 'error' : 'notice' );
|
||||||
my $title = (
|
|
||||||
$code >= 500 ? 'Server error'
|
|
||||||
: $code == 403 ? 'Forbidden'
|
|
||||||
: $code == 401 ? 'Authentication required'
|
|
||||||
: $code == 400 ? 'Bad request'
|
|
||||||
: 'Error'
|
|
||||||
);
|
|
||||||
|
|
||||||
# SOAP responses
|
# SOAP responses
|
||||||
if ( $req->env->{HTTP_SOAPACTION} ) {
|
if ( $req->env->{HTTP_SOAPACTION} ) {
|
||||||
|
@ -166,6 +159,13 @@ sub sendError {
|
||||||
|
|
||||||
# Default response: HTML
|
# Default response: HTML
|
||||||
else {
|
else {
|
||||||
|
my $title = (
|
||||||
|
$code >= 500 ? 'Server error'
|
||||||
|
: $code == 403 ? 'Forbidden'
|
||||||
|
: $code == 401 ? 'Authentication required'
|
||||||
|
: $code == 400 ? 'Bad request'
|
||||||
|
: 'Error'
|
||||||
|
);
|
||||||
my $s = "<html><head><title>$title</title>
|
my $s = "<html><head><title>$title</title>
|
||||||
<style>
|
<style>
|
||||||
body{background:#000;color:#fff;padding:10px 50px;font-family:sans-serif;}a{text-decoration:none;color:#fff;}h1{text-align:center;}
|
body{background:#000;color:#fff;padding:10px 50px;font-family:sans-serif;}a{text-decoration:none;color:#fff;}h1{text-align:center;}
|
||||||
|
|
|
@ -7,6 +7,7 @@ use MIME::Base64;
|
||||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||||
PE_BADCREDENTIALS
|
PE_BADCREDENTIALS
|
||||||
PE_ERROR
|
PE_ERROR
|
||||||
|
PE_FIRSTACCESS
|
||||||
PE_OK
|
PE_OK
|
||||||
PE_SENDRESPONSE
|
PE_SENDRESPONSE
|
||||||
);
|
);
|
||||||
|
@ -32,19 +33,67 @@ sub extractFormInfo {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $auth = $req->env->{HTTP_AUTHORIZATION};
|
my $auth = $req->env->{HTTP_AUTHORIZATION};
|
||||||
unless ($auth) {
|
unless ($auth) {
|
||||||
$req->response(
|
|
||||||
[
|
# Case 1: simple usage or first Kerberos Ajax request
|
||||||
401,
|
# => return 401 to initiate Kerberos
|
||||||
[ 'WWW-Authenticate' => 'Negotiate' ],
|
if ( !$self->{conf}->{krbByJs} or $req->param('krb') ) {
|
||||||
['Authentication required']
|
|
||||||
]
|
# Case 1.1: Ajax request
|
||||||
);
|
if ( $req->wantJSON ) {
|
||||||
return PE_SENDRESPONSE;
|
$req->response(
|
||||||
|
[
|
||||||
|
401,
|
||||||
|
[
|
||||||
|
'WWW-Authenticate' => 'Negotiate',
|
||||||
|
'Content-Type' => 'application/json',
|
||||||
|
'Content-Length' => 35
|
||||||
|
],
|
||||||
|
['{"error":"Authentication required"}']
|
||||||
|
]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
# Case 1.2: HTML request: error is customized
|
||||||
|
else {
|
||||||
|
$req->error(PE_BADCREDENTIALS);
|
||||||
|
push @{ $req->respHeaders }, 'WWW-Authenticate' => 'Negotiate';
|
||||||
|
my ( $tpl, $prms ) = $self->p->display($req);
|
||||||
|
$req->response(
|
||||||
|
$self->p->sendHtml(
|
||||||
|
$req, $tpl,
|
||||||
|
params => $prms,
|
||||||
|
code => 401
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
return PE_SENDRESPONSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Case 2: Ajax Kerberos request has failed, and javascript has reloaded
|
||||||
|
# page with "kerberos=0". Return an error to be able to switch to
|
||||||
|
# another backend (Combination)
|
||||||
|
# switch to another backend
|
||||||
|
elsif ( defined $req->param('krb') ) {
|
||||||
|
return PE_BADCREDENTIALS;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Case 3: Display kerberos auth page (with javascript)
|
||||||
|
else {
|
||||||
|
$req->datas->{customScript} .=
|
||||||
|
'<script type="text/javascript" src="'
|
||||||
|
. $self->p->staticPrefix
|
||||||
|
. 'common/js/kerberos.js"></script>';
|
||||||
|
return PE_FIRSTACCESS;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Case 4: an "Authorization header" has been sent
|
||||||
if ( $auth !~ /^Negotiate (.*)$/ ) {
|
if ( $auth !~ /^Negotiate (.*)$/ ) {
|
||||||
$self->userLogger->error('Bad authorization header');
|
$self->userLogger->error('Bad authorization header');
|
||||||
return PE_BADCREDENTIALS;
|
return PE_BADCREDENTIALS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Case 5: Kerberos ticket received
|
||||||
my $data;
|
my $data;
|
||||||
eval { $data = MIME::Base64::decode($1) };
|
eval { $data = MIME::Base64::decode($1) };
|
||||||
if ($@) {
|
if ($@) {
|
||||||
|
|
|
@ -50,6 +50,11 @@ sub display {
|
||||||
AUTH_URL => $req->{datas}->{_url},
|
AUTH_URL => $req->{datas}->{_url},
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
CHOICE_VALUE => $req->datas->{_authChoice},
|
||||||
|
(
|
||||||
|
$req->datas->{customScript}
|
||||||
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||||
|
: ()
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -74,6 +79,11 @@ sub display {
|
||||||
CONFIRMKEY => $self->stamp(),
|
CONFIRMKEY => $self->stamp(),
|
||||||
LIST => $req->datas->{list} || [],
|
LIST => $req->datas->{list} || [],
|
||||||
REMEMBER => $req->datas->{confirmRemember},
|
REMEMBER => $req->datas->{confirmRemember},
|
||||||
|
(
|
||||||
|
$req->datas->{customScript}
|
||||||
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||||
|
: ()
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -91,6 +101,11 @@ sub display {
|
||||||
FORM_METHOD => $self->conf->{infoFormMethod},
|
FORM_METHOD => $self->conf->{infoFormMethod},
|
||||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
CHOICE_VALUE => $req->datas->{_authChoice},
|
||||||
|
(
|
||||||
|
$req->datas->{customScript}
|
||||||
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||||
|
: ()
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -108,6 +123,11 @@ sub display {
|
||||||
AUTH_ERROR_TYPE => $req->error_type,
|
AUTH_ERROR_TYPE => $req->error_type,
|
||||||
PROVIDERURI => $p,
|
PROVIDERURI => $p,
|
||||||
MSG => $req->info(),
|
MSG => $req->info(),
|
||||||
|
(
|
||||||
|
$req->datas->{customScript}
|
||||||
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||||
|
: ()
|
||||||
|
),
|
||||||
);
|
);
|
||||||
$templateParams{ID} = $req->datas->{_openidPortal} . $id if ($id);
|
$templateParams{ID} = $req->datas->{_openidPortal} . $id if ($id);
|
||||||
}
|
}
|
||||||
|
@ -121,6 +141,11 @@ sub display {
|
||||||
URL => $req->{urldc},
|
URL => $req->{urldc},
|
||||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||||
FORM_METHOD => $req->datas->{redirectFormMethod} || 'get',
|
FORM_METHOD => $req->datas->{redirectFormMethod} || 'get',
|
||||||
|
(
|
||||||
|
$req->datas->{customScript}
|
||||||
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||||
|
: ()
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -136,6 +161,11 @@ sub display {
|
||||||
APPSLIST_ORDER => $req->{sessionInfo}->{'appsListOrder'},
|
APPSLIST_ORDER => $req->{sessionInfo}->{'appsListOrder'},
|
||||||
PING => $self->conf->{portalPingInterval},
|
PING => $self->conf->{portalPingInterval},
|
||||||
$self->menu->params($req),
|
$self->menu->params($req),
|
||||||
|
(
|
||||||
|
$req->datas->{customScript}
|
||||||
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||||
|
: ()
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -146,6 +176,11 @@ sub display {
|
||||||
CONFIRMKEY => $self->stamp,
|
CONFIRMKEY => $self->stamp,
|
||||||
PORTAL => $self->conf->{portal},
|
PORTAL => $self->conf->{portal},
|
||||||
URL => $req->datas->{_url},
|
URL => $req->datas->{_url},
|
||||||
|
(
|
||||||
|
$req->datas->{customScript}
|
||||||
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||||
|
: ()
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -158,6 +193,11 @@ sub display {
|
||||||
%templateParams = (
|
%templateParams = (
|
||||||
AUTH_ERROR => $req->error,
|
AUTH_ERROR => $req->error,
|
||||||
AUTH_ERROR_TYPE => $req->error_type,
|
AUTH_ERROR_TYPE => $req->error_type,
|
||||||
|
(
|
||||||
|
$req->datas->{customScript}
|
||||||
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||||
|
: ()
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -179,6 +219,11 @@ sub display {
|
||||||
REGISTER_URL => $self->conf->{registerUrl},
|
REGISTER_URL => $self->conf->{registerUrl},
|
||||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||||
STAYCONNECTED => $self->conf->{stayConnected},
|
STAYCONNECTED => $self->conf->{stayConnected},
|
||||||
|
(
|
||||||
|
$req->datas->{customScript}
|
||||||
|
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||||
|
: ()
|
||||||
|
),
|
||||||
);
|
);
|
||||||
|
|
||||||
# Display captcha if it's enabled
|
# Display captcha if it's enabled
|
||||||
|
|
Loading…
Reference in New Issue
Block a user