parent
9894853355
commit
ddc1615546
|
@ -128,13 +128,6 @@ sub sendError {
|
|||
$err ||= $req->error;
|
||||
$code ||= 500;
|
||||
$self->lmLog( "Error $code: $err", $code > 499 ? 'error' : 'notice' );
|
||||
my $title = (
|
||||
$code >= 500 ? 'Server error'
|
||||
: $code == 403 ? 'Forbidden'
|
||||
: $code == 401 ? 'Authentication required'
|
||||
: $code == 400 ? 'Bad request'
|
||||
: 'Error'
|
||||
);
|
||||
|
||||
# SOAP responses
|
||||
if ( $req->env->{HTTP_SOAPACTION} ) {
|
||||
|
@ -166,6 +159,13 @@ sub sendError {
|
|||
|
||||
# Default response: HTML
|
||||
else {
|
||||
my $title = (
|
||||
$code >= 500 ? 'Server error'
|
||||
: $code == 403 ? 'Forbidden'
|
||||
: $code == 401 ? 'Authentication required'
|
||||
: $code == 400 ? 'Bad request'
|
||||
: 'Error'
|
||||
);
|
||||
my $s = "<html><head><title>$title</title>
|
||||
<style>
|
||||
body{background:#000;color:#fff;padding:10px 50px;font-family:sans-serif;}a{text-decoration:none;color:#fff;}h1{text-align:center;}
|
||||
|
|
|
@ -7,6 +7,7 @@ use MIME::Base64;
|
|||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_BADCREDENTIALS
|
||||
PE_ERROR
|
||||
PE_FIRSTACCESS
|
||||
PE_OK
|
||||
PE_SENDRESPONSE
|
||||
);
|
||||
|
@ -32,19 +33,67 @@ sub extractFormInfo {
|
|||
my ( $self, $req ) = @_;
|
||||
my $auth = $req->env->{HTTP_AUTHORIZATION};
|
||||
unless ($auth) {
|
||||
|
||||
# Case 1: simple usage or first Kerberos Ajax request
|
||||
# => return 401 to initiate Kerberos
|
||||
if ( !$self->{conf}->{krbByJs} or $req->param('krb') ) {
|
||||
|
||||
# Case 1.1: Ajax request
|
||||
if ( $req->wantJSON ) {
|
||||
$req->response(
|
||||
[
|
||||
401,
|
||||
[ 'WWW-Authenticate' => 'Negotiate' ],
|
||||
['Authentication required']
|
||||
[
|
||||
'WWW-Authenticate' => 'Negotiate',
|
||||
'Content-Type' => 'application/json',
|
||||
'Content-Length' => 35
|
||||
],
|
||||
['{"error":"Authentication required"}']
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
# Case 1.2: HTML request: error is customized
|
||||
else {
|
||||
$req->error(PE_BADCREDENTIALS);
|
||||
push @{ $req->respHeaders }, 'WWW-Authenticate' => 'Negotiate';
|
||||
my ( $tpl, $prms ) = $self->p->display($req);
|
||||
$req->response(
|
||||
$self->p->sendHtml(
|
||||
$req, $tpl,
|
||||
params => $prms,
|
||||
code => 401
|
||||
)
|
||||
);
|
||||
}
|
||||
return PE_SENDRESPONSE;
|
||||
}
|
||||
|
||||
# Case 2: Ajax Kerberos request has failed, and javascript has reloaded
|
||||
# page with "kerberos=0". Return an error to be able to switch to
|
||||
# another backend (Combination)
|
||||
# switch to another backend
|
||||
elsif ( defined $req->param('krb') ) {
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
|
||||
# Case 3: Display kerberos auth page (with javascript)
|
||||
else {
|
||||
$req->datas->{customScript} .=
|
||||
'<script type="text/javascript" src="'
|
||||
. $self->p->staticPrefix
|
||||
. 'common/js/kerberos.js"></script>';
|
||||
return PE_FIRSTACCESS;
|
||||
}
|
||||
}
|
||||
|
||||
# Case 4: an "Authorization header" has been sent
|
||||
if ( $auth !~ /^Negotiate (.*)$/ ) {
|
||||
$self->userLogger->error('Bad authorization header');
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
|
||||
# Case 5: Kerberos ticket received
|
||||
my $data;
|
||||
eval { $data = MIME::Base64::decode($1) };
|
||||
if ($@) {
|
||||
|
|
|
@ -50,6 +50,11 @@ sub display {
|
|||
AUTH_URL => $req->{datas}->{_url},
|
||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
||||
(
|
||||
$req->datas->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||
: ()
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -74,6 +79,11 @@ sub display {
|
|||
CONFIRMKEY => $self->stamp(),
|
||||
LIST => $req->datas->{list} || [],
|
||||
REMEMBER => $req->datas->{confirmRemember},
|
||||
(
|
||||
$req->datas->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||
: ()
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -91,6 +101,11 @@ sub display {
|
|||
FORM_METHOD => $self->conf->{infoFormMethod},
|
||||
CHOICE_PARAM => $self->conf->{authChoiceParam},
|
||||
CHOICE_VALUE => $req->datas->{_authChoice},
|
||||
(
|
||||
$req->datas->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||
: ()
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -108,6 +123,11 @@ sub display {
|
|||
AUTH_ERROR_TYPE => $req->error_type,
|
||||
PROVIDERURI => $p,
|
||||
MSG => $req->info(),
|
||||
(
|
||||
$req->datas->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||
: ()
|
||||
),
|
||||
);
|
||||
$templateParams{ID} = $req->datas->{_openidPortal} . $id if ($id);
|
||||
}
|
||||
|
@ -121,6 +141,11 @@ sub display {
|
|||
URL => $req->{urldc},
|
||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||
FORM_METHOD => $req->datas->{redirectFormMethod} || 'get',
|
||||
(
|
||||
$req->datas->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||
: ()
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -136,6 +161,11 @@ sub display {
|
|||
APPSLIST_ORDER => $req->{sessionInfo}->{'appsListOrder'},
|
||||
PING => $self->conf->{portalPingInterval},
|
||||
$self->menu->params($req),
|
||||
(
|
||||
$req->datas->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||
: ()
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -146,6 +176,11 @@ sub display {
|
|||
CONFIRMKEY => $self->stamp,
|
||||
PORTAL => $self->conf->{portal},
|
||||
URL => $req->datas->{_url},
|
||||
(
|
||||
$req->datas->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||
: ()
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -158,6 +193,11 @@ sub display {
|
|||
%templateParams = (
|
||||
AUTH_ERROR => $req->error,
|
||||
AUTH_ERROR_TYPE => $req->error_type,
|
||||
(
|
||||
$req->datas->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||
: ()
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -179,6 +219,11 @@ sub display {
|
|||
REGISTER_URL => $self->conf->{registerUrl},
|
||||
HIDDEN_INPUTS => $self->buildHiddenForm($req),
|
||||
STAYCONNECTED => $self->conf->{stayConnected},
|
||||
(
|
||||
$req->datas->{customScript}
|
||||
? ( CUSTOM_SCRIPT => $req->datas->{customScript} )
|
||||
: ()
|
||||
),
|
||||
);
|
||||
|
||||
# Display captcha if it's enabled
|
||||
|
|
Loading…
Reference in New Issue
Block a user