From deb28bc9cb49d7f78847154c16928a3691da9136 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Wed, 15 Feb 2017 06:41:50 +0000 Subject: [PATCH] Replace lmLog by logger-> (#857) --- lemonldap-ng-common/MANIFEST | 1 + .../lib/Lemonldap/NG/Common/Conf.pm | 2 +- .../Lemonldap/NG/Common/Conf/Backends/File.pm | 4 +- .../lib/Lemonldap/NG/Common/Conf/Compact.pm | 4 +- .../Lemonldap/NG/Common/Conf/RESTServer.pm | 16 +- .../lib/Lemonldap/NG/Common/Logger/Apache2.pm | 4 +- .../lib/Lemonldap/NG/Common/Logger/Syslog.pm | 2 +- .../lib/Lemonldap/NG/Common/Module.pm | 8 +- .../Lemonldap/NG/Common/Notifications/DBI.pm | 21 +- .../Lemonldap/NG/Common/Notifications/File.pm | 4 +- .../Lemonldap/NG/Common/Notifications/JSON.pm | 16 +- .../Lemonldap/NG/Common/Notifications/LDAP.pm | 19 +- .../Lemonldap/NG/Common/Notifications/XML.pm | 16 +- .../lib/Lemonldap/NG/Common/PSGI.pm | 6 +- .../lib/Lemonldap/NG/Common/PSGI/Request.pm | 4 +- .../lib/Lemonldap/NG/Common/PSGI/Router.pm | 8 +- .../lib/Lemonldap/NG/Common/Session.pm | 3 +- lemonldap-ng-common/t/50-Combination-Parser.t | 2 +- .../Lemonldap/NG/Handler/ApacheMP2/Main.pm | 1 - .../lib/Lemonldap/NG/Handler/Lib/AuthBasic.pm | 11 +- .../lib/Lemonldap/NG/Handler/Lib/PSGI.pm | 14 +- .../Lemonldap/NG/Handler/Lib/SecureToken.pm | 32 +- .../lib/Lemonldap/NG/Handler/Lib/Status.pm | 2 +- .../Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm | 25 +- .../lib/Lemonldap/NG/Handler/Main/Jail.pm | 7 +- .../lib/Lemonldap/NG/Handler/Main/Reload.pm | 72 +- .../lib/Lemonldap/NG/Handler/Main/Run.pm | 108 +- .../lib/Lemonldap/NG/Handler/PSGI.pm | 6 +- .../lib/Lemonldap/NG/Handler/PSGI/Main.pm | 7 +- .../lib/Lemonldap/NG/Handler/PSGI/Try.pm | 9 +- .../lib/Lemonldap/NG/Handler/Server/Nginx.pm | 2 +- .../t/10-Lemonldap-NG-Handler-SharedConf.t | 2 +- .../t/12-Lemonldap-NG-Handler-Jail.t | 22 +- .../t/63-Lemonldap-NG-Handler-PSGI-Try.t | 2 +- lemonldap-ng-handler/t/test.pm | 5 +- .../lib/Lemonldap/NG/Manager.pm | 16 +- .../lib/Lemonldap/NG/Manager/Build/CTrees.pm | 3 +- .../lib/Lemonldap/NG/Manager/Build/Tree.pm | 8 +- .../lib/Lemonldap/NG/Manager/Conf.pm | 4 +- .../lib/Lemonldap/NG/Manager/Notifications.pm | 18 +- .../lib/Lemonldap/NG/Manager/Sessions.pm | 2 +- lemonldap-ng-manager/t/15-combination.t | 11 +- lemonldap-ng-portal/MANIFEST | 5 - lemonldap-ng-portal/example/soapconfigtest.pl | 3 +- lemonldap-ng-portal/example/soaptest.pl | 3 +- .../lib/Lemonldap/NG/Portal.pm | 4 +- .../lib/Lemonldap/NG/Portal/Auth/AD.pm | 10 +- .../lib/Lemonldap/NG/Portal/Auth/Apache.pm | 3 +- .../lib/Lemonldap/NG/Portal/Auth/Base.pm | 33 +- .../lib/Lemonldap/NG/Portal/Auth/CAS.pm | 37 +- .../Lemonldap/NG/Portal/Auth/Combination.pm | 6 +- .../lib/Lemonldap/NG/Portal/Auth/Demo.pm | 5 +- .../lib/Lemonldap/NG/Portal/Auth/Facebook.pm | 16 +- .../lib/Lemonldap/NG/Portal/Auth/OpenID.pm | 19 +- .../Lemonldap/NG/Portal/Auth/OpenIDConnect.pm | 75 +- .../lib/Lemonldap/NG/Portal/Auth/Radius.pm | 17 +- .../lib/Lemonldap/NG/Portal/Auth/SAML.pm | 358 +- .../lib/Lemonldap/NG/Portal/Auth/Slave.pm | 4 +- .../lib/Lemonldap/NG/Portal/Auth/Twitter.pm | 37 +- .../lib/Lemonldap/NG/Portal/Auth/WebID.pm | 2 +- .../lib/Lemonldap/NG/Portal/Auth/Yubikey.pm | 6 +- .../lib/Lemonldap/NG/Portal/Auth/_WebForm.pm | 2 +- .../lib/Lemonldap/NG/Portal/CDC.pm | 28 +- .../lib/Lemonldap/NG/Portal/Display.pm | 341 -- .../lib/Lemonldap/NG/Portal/Issuer/CAS.pm | 218 +- .../lib/Lemonldap/NG/Portal/Issuer/Get.pm | 16 +- .../lib/Lemonldap/NG/Portal/Issuer/OpenID.pm | 23 +- .../NG/Portal/Issuer/OpenIDConnect.pm | 270 +- .../lib/Lemonldap/NG/Portal/Issuer/SAML.pm | 395 +- .../lib/Lemonldap/NG/Portal/Lib/CAS.pm | 37 +- .../lib/Lemonldap/NG/Portal/Lib/Captcha.pm | 8 +- .../lib/Lemonldap/NG/Portal/Lib/Choice.pm | 24 +- .../lib/Lemonldap/NG/Portal/Lib/DBI.pm | 12 +- .../lib/Lemonldap/NG/Portal/Lib/LDAP.pm | 15 +- .../lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm | 63 +- .../NG/Portal/Lib/Notifications/JSON.pm | 27 +- .../NG/Portal/Lib/Notifications/XML.pm | 33 +- .../Lemonldap/NG/Portal/Lib/OneTimeToken.pm | 6 +- .../Lemonldap/NG/Portal/Lib/OpenID/SREG.pm | 32 +- .../Lemonldap/NG/Portal/Lib/OpenID/Server.pm | 3 +- .../Lemonldap/NG/Portal/Lib/OpenIDConnect.pm | 197 +- .../lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm | 32 +- .../lib/Lemonldap/NG/Portal/Lib/Remote.pm | 4 +- .../lib/Lemonldap/NG/Portal/Lib/SAML.pm | 336 +- .../lib/Lemonldap/NG/Portal/Lib/SMTP.pm | 16 +- .../lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm | 15 +- .../lib/Lemonldap/NG/Portal/Main/Display.pm | 29 +- .../lib/Lemonldap/NG/Portal/Main/Init.pm | 34 +- .../lib/Lemonldap/NG/Portal/Main/Issuer.pm | 19 +- .../lib/Lemonldap/NG/Portal/Main/Menu.pm | 8 +- .../lib/Lemonldap/NG/Portal/Main/Plugins.pm | 6 +- .../lib/Lemonldap/NG/Portal/Main/Process.pm | 61 +- .../lib/Lemonldap/NG/Portal/Main/Run.pm | 60 +- .../lib/Lemonldap/NG/Portal/Menu.pm | 553 --- .../lib/Lemonldap/NG/Portal/Password/Base.pm | 4 +- .../lib/Lemonldap/NG/Portal/Password/DBI.pm | 2 +- .../lib/Lemonldap/NG/Portal/Password/LDAP.pm | 14 +- .../lib/Lemonldap/NG/Portal/Plugins/CDA.pm | 6 +- .../Lemonldap/NG/Portal/Plugins/ForceAuth.pm | 7 +- .../Lemonldap/NG/Portal/Plugins/MailReset.pm | 36 +- .../Lemonldap/NG/Portal/Plugins/RESTServer.pm | 20 +- .../Lemonldap/NG/Portal/Plugins/Register.pm | 49 +- .../Lemonldap/NG/Portal/Plugins/SOAPServer.pm | 21 +- .../lib/Lemonldap/NG/Portal/Plugins/Status.pm | 2 +- .../lib/Lemonldap/NG/Portal/Plugins/U2F.pm | 12 +- .../lib/Lemonldap/NG/Portal/Register/AD.pm | 12 +- .../lib/Lemonldap/NG/Portal/Register/LDAP.pm | 12 +- .../lib/Lemonldap/NG/Portal/Register/U2F.pm | 2 +- .../lib/Lemonldap/NG/Portal/Simple.pm | 3234 ----------------- .../lib/Lemonldap/NG/Portal/UserDB/DBI.pm | 2 +- .../Lemonldap/NG/Portal/UserDB/Facebook.pm | 5 +- .../lib/Lemonldap/NG/Portal/UserDB/LDAP.pm | 12 +- .../lib/Lemonldap/NG/Portal/UserDB/OpenID.pm | 10 +- .../NG/Portal/UserDB/OpenIDConnect.pm | 16 +- .../lib/Lemonldap/NG/Portal/UserDB/SAML.pm | 40 +- .../lib/Lemonldap/NG/Portal/UserDB/WebID.pm | 4 +- .../lib/Lemonldap/NG/Portal/_Multi.pm | 190 - .../lib/Lemonldap/NG/Portal/_i18n.pm | 963 ----- ...h-and-issuer-SAML-Artifact-with-SOAP-SLO.t | 7 +- .../t/30-Auth-and-issuer-SAML-Metadata.t | 4 +- .../t/33-Auth-and-issuer-OpenID2.t | 2 +- .../t/40-Notifications-JSON-DBI.t | 2 +- .../t/40-Notifications-XML-DBI.t | 2 +- lemonldap-ng-portal/t/41-Token.t | 7 +- 124 files changed, 1619 insertions(+), 7175 deletions(-) delete mode 100644 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm delete mode 100644 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm delete mode 100644 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm delete mode 100644 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Multi.pm delete mode 100644 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm diff --git a/lemonldap-ng-common/MANIFEST b/lemonldap-ng-common/MANIFEST index 45a276bc2..2a1410c3a 100644 --- a/lemonldap-ng-common/MANIFEST +++ b/lemonldap-ng-common/MANIFEST @@ -35,6 +35,7 @@ lib/Lemonldap/NG/Common/Crypto.pm lib/Lemonldap/NG/Common/FormEncode.pm lib/Lemonldap/NG/Common/Logger/Apache2.pm lib/Lemonldap/NG/Common/Logger/Std.pm +lib/Lemonldap/NG/Common/Logger/Syslog.pm lib/Lemonldap/NG/Common/Module.pm lib/Lemonldap/NG/Common/Notifications.pm lib/Lemonldap/NG/Common/Notifications/DBI.pm diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm index 2860030ac..5e142b6c7 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm @@ -173,7 +173,7 @@ sub getConf { unless ( ref( $self->{refLocalStorage} ) ) { $msg .= "Get remote configuration (localStorage unavailable).\n"; $r = $self->getDBConf($args); - return undef unless ($r->{cfgNum}); + return undef unless ( $r->{cfgNum} ); $self->setDefault( $r, $args->{localPrm} ); $self->compactConf($r); } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/File.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/File.pm index a46982d93..6e1817bf1 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/File.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Backends/File.pm @@ -96,14 +96,14 @@ sub store { sub load { my ( $self, $cfgNum, $fields ) = @_; - my ($f,$filename); + my ( $f, $filename ); if ( -e $self->_file($cfgNum) ) { $filename = $self->_file($cfgNum); } elsif ( -e "$self->{dirName}/lmConf-$cfgNum.js" ) { $filename = "$self->{dirName}/lmConf-$cfgNum.js"; } - if($filename) { + if ($filename) { local $/ = ''; my $ret; unless ( open FILE, $filename ) { diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Compact.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Compact.pm index 74d93e6ba..67ea615f1 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Compact.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Compact.pm @@ -18,7 +18,7 @@ sub compactConf { $keep{$mod} = 1; } if ( $keep{combination} ) { - foreach my $md (keys %{$conf->{combModules}}) { + foreach my $md ( keys %{ $conf->{combModules} } ) { $_ = $conf->{combModules}->{$md}->{type}; s/^(\w+).*$/lc($1)/e; s/OpenIDConnect/oidc/i; @@ -35,7 +35,7 @@ sub compactConf { } } } - foreach my $key (keys %$authParameters) { + foreach my $key ( keys %$authParameters ) { my $mod = $key; $mod =~ s/Params$//; unless ( $keep{$mod} ) { diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm index e17c94165..baf5f2131 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm @@ -28,14 +28,14 @@ extends 'Lemonldap::NG::Common::Conf::AccessLib'; #@return keyvalue (string, int or hashref) sub getConfKey { my ( $self, $req, $key, @args ) = @_; - $self->lmLog( "Search for $key in conf", 'debug' ); + $self->logger->debug("Search for $key in conf"); # Verify that cfgNum has been asked unless ( defined $req->params('cfgNum') ) { $req->error("Missing configuration number"); return undef; } - $self->lmLog( "Cfgnum set to " . $req->params('cfgNum'), 'debug' ); + $self->logger->debug( "Cfgnum set to " . $req->params('cfgNum') ); # when 'latest' => replace by last cfgNum if ( $req->params('cfgNum') eq 'latest' ) { @@ -117,7 +117,7 @@ sub getConfByNum { #@return PSGI JSON response sub complexNodesRoot { my ( $self, $req, $query, $tpl ) = @_; - $self->lmLog( "Query for $query template keys", 'debug' ); + $self->logger->debug("Query for $query template keys"); my $tmp = $self->getConfKey( $req, $query ); return $self->sendError( $req, undef, 400 ) if ( $req->error ); @@ -170,7 +170,7 @@ sub virtualHosts { my ( $id, $resp ) = ( 1, [] ); my $vhk = eval { $self->getConfKey( $req, $query )->{$vh} } // {}; return $self->sendError( $req, undef, 400 ) if ( $req->error ); - $self->lmLog( "Query for $vh/$query keys", 'debug' ); + $self->logger->debug("Query for $vh/$query keys"); # Keys are ordered except 'default' which must be at the end foreach my $r ( @@ -210,7 +210,7 @@ sub virtualHosts { return $self->sendJSONresponse( $req, $resp ); } elsif ( $query =~ /^vhost(?:(?:Aliase|Http)s|Maintenance|Port|Type)$/ ) { - $self->lmLog( "Query for $vh/$query key", 'debug' ); + $self->logger->debug("Query for $vh/$query key"); # TODO: verify how this is done actually my $k1 = $self->getConfKey( $req, 'vhostOptions' ); @@ -593,14 +593,14 @@ sub combModules { foreach my $mod ( keys %$val ) { my $tmp; $tmp->{title} = $mod; - $tmp->{id} = "combModules/$mod"; - $tmp->{type} = 'cmbModule'; + $tmp->{id} = "combModules/$mod"; + $tmp->{type} = 'cmbModule'; $tmp->{data}->{$_} = $val->{$mod}->{$_} foreach (qw(type for)); my $over = $val->{$mod}->{over} // {}; $tmp->{data}->{over} = [ map { [ $_, $over->{$_} ] } keys %$over ]; push @$res, $tmp; } - return $self->sendJSONresponse($req,$res); + return $self->sendJSONresponse( $req, $res ); } # 33 - Root queries diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Apache2.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Apache2.pm index ba1c5f0e7..6c7601c8d 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Apache2.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Apache2.pm @@ -2,7 +2,7 @@ package Lemonldap::NG::Common::Logger::Apache2; use Apache2::ServerRec; -sub new{ +sub new { return bless {}, shift; } @@ -10,6 +10,6 @@ sub AUTOLOAD { shift; $AUTOLOAD =~ s/.*:://; return Apache2::ServerRec->log->$AUTOLOAD(@_); -}; +} 1; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Syslog.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Syslog.pm index 8f08fa70b..3ffbbbb09 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Syslog.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Logger/Syslog.pm @@ -22,7 +22,7 @@ sub new { $name = 'warning' if ( $_ eq 'warn' ); $name = 'err' if ( $_ eq 'error' ); eval qq'sub $_ {syslog("$name|".\$_[0]->{facility},\$_[1])}'; - die $@ if($@); + die $@ if ($@); } else { eval qq'sub $_ {1}'; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Module.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Module.pm index 900863109..a68a2aefc 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Module.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Module.pm @@ -5,16 +5,14 @@ use Mouse; our $VERSION = '2.0.0'; -# Object that provides lmLog and error methods (typically PSGI object) +# Object that provides loggers and error methods (typically PSGI object) has p => ( is => 'rw', weak_ref => 1 ); # Lemonldap::NG configuration hash ref has conf => ( is => 'rw', weak_ref => 1 ); -sub lmLog { - my $self = shift; - return $self->p->lmLog(@_); -} +has logger => ( is => 'ro', default => sub { $_[0]->{p}->logger } ); +has userLogger => ( is => 'ro', default => sub { $_[0]->{p}->userLogger } ); sub error { my $self = shift; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/DBI.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/DBI.pm index 55696d007..490b04ffa 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/DBI.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/DBI.pm @@ -14,9 +14,10 @@ use Encode; our $VERSION = '2.0.0'; extends 'Lemonldap::NG::Common::Notifications'; + sub import { shift; - return Lemonldap::NG::Common::Notifications->import(@_) + return Lemonldap::NG::Common::Notifications->import(@_); } has dbiTable => ( @@ -32,7 +33,7 @@ has dbiChain => ( has dbiUser => ( is => 'ro', default => sub { - $_[0]->{p}->lmLog( 'Warning: "dbiUser" parameter is not set', 'warn' ); + $_[0]->{p}->logger->warn('Warning: "dbiUser" parameter is not set'); return ''; } ); @@ -49,7 +50,7 @@ has _dbh => ( $self->{dbiChain}, $self->{dbiUser}, $self->{dbiPassword}, { RaiseError => 0 } ); - $self->lmLog( $DBI::errstr, 'error' ) unless ($r); + $self->logger->error($DBI::errstr) unless ($r); return $r; } ); @@ -83,7 +84,7 @@ sub get { &getIdentifier( $self, $h->{uid}, $h->{ref}, $h->{date} ); $result->{$identifier} = $xml; } - $self->lmLog( $self->sth->err(), 'warn' ) if ( $self->sth->err() ); + $self->logger->warn( $self->sth->err() ) if ( $self->sth->err() ); return $result; } @@ -104,7 +105,7 @@ sub getAll { condition => $h->{condition} }; } - $self->lmLog( $self->sth->err(), 'warn' ) if ( $self->sth->err() ); + $self->logger->warn( $self->sth->err() ) if ( $self->sth->err() ); return $result; } @@ -115,7 +116,7 @@ sub delete { my ( $self, $myref ) = @_; my ( $d, $u, $r ); unless ( ( $d, $u, $r ) = ( $myref =~ /^([^#]+)#(.+?)#(.+)$/ ) ) { - $self->lmLog( "Bad reference $myref", 'warn' ); + $self->logger->warn("Bad reference $myref"); return 0; } my @ts = localtime(); @@ -136,7 +137,7 @@ sub purge { my ( $self, $myref, $force ) = @_; my ( $d, $u, $r ); unless ( ( $d, $u, $r ) = ( $myref =~ /^([^#]+)#(.+?)#(.+)$/ ) ) { - $self->lmLog( "Bad reference $myref", 'warn' ); + $self->logger->warn("Bad reference $myref"); return 0; } @@ -186,7 +187,7 @@ sub getDone { $result->{"$h->{date}#$h->{uid}#$h->{ref}"} = { notified => $done, uid => $h->{uid}, ref => $h->{ref}, }; } - $self->lmLog( $self->sth->err(), 'warn' ) if ( $self->sth->err() ); + $self->logger->warn( $self->sth->err() ) if ( $self->sth->err() ); return $result; } @@ -197,12 +198,12 @@ sub _execute { my ( $self, $query, @args ) = @_; my $dbh = $self->_dbh or return 0; unless ( $self->sth( $dbh->prepare($query) ) ) { - $self->lmLog( $dbh->errstr(), 'warn' ); + $self->logger->warn( $dbh->errstr() ); return 0; } my $tmp; unless ( $tmp = $self->sth->execute(@args) ) { - $self->lmLog( $self->sth->errstr(), 'warn' ); + $self->logger->warn( $self->sth->errstr() ); return 0; } return $tmp; diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm index f79003682..40da339d1 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/File.pm @@ -48,8 +48,8 @@ sub get { my $files; foreach my $file (@notif) { unless ( open F, $self->{dirName} . "/$file" ) { - $self->lmLog( "Unable to read notification $self->{dirName}/$file", - 'error' ); + $self->logger->error( + "Unable to read notification $self->{dirName}/$file"); next; } $files->{$file} = join( '', ); diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm index 94b6fd558..41dd0d2c5 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/JSON.pm @@ -9,7 +9,7 @@ sub newNotification { my $json; eval { $json = from_json($jsonString) }; if ( my $err = $@ ) { - eval { $self->lmLog( "Unable to decode JSON file: $err", 'error' ) }; + eval { $self->logger->error("Unable to decode JSON file: $err") }; return 0; } my @notifs; @@ -21,7 +21,7 @@ sub newNotification { foreach (qw(date uid reference)) { my $tmp; unless ( $tmp = $notif->{$_} ) { - $self->lmLog( "Attribute $_ is missing", 'error' ); + $self->logger->error("Attribute $_ is missing"); return 0; } push @datas, $tmp; @@ -44,16 +44,14 @@ sub deleteNotification { # Check input parameters unless ( $uid and $myref ) { - $self->lmLog( - 'REST service "delete notification" called without all parameters', - 'error' + $self->userLogger->error( + 'REST service "delete notification" called without all parameters' ); return 0; } - $self->lmLog( -"REST service deleteNotification called for uid $uid and reference $myref", - 'debug' + $self->logger->debug( +"REST service deleteNotification called for uid $uid and reference $myref" ); # Get notifications @@ -79,7 +77,7 @@ sub deleteNotification { # Delete the notification (really) foreach (@data) { if ( $self->purge( $_, 1 ) ) { - $self->lmLog( "Notification $_ was removed.", 'debug' ); + $self->logger->debug("Notification $_ was removed."); $count++; } } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/LDAP.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/LDAP.pm index 7ea465eb8..646ed3f56 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/LDAP.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/LDAP.pm @@ -16,9 +16,10 @@ use utf8; our $VERSION = '2.0.0'; extends 'Lemonldap::NG::Common::Notifications'; + sub import { shift; - return Lemonldap::NG::Common::Notifications->import(@_) + return Lemonldap::NG::Common::Notifications->import(@_); } has ldapServer => ( @@ -38,7 +39,7 @@ has ldapConfBase => ( has ldapBindDN => ( is => 'ro', default => sub { - $_[0]->p->lmLog( 'Warning: "ldapBindDN" parameter is not set', 'warn' ); + $_[0]->p->logger->warn('Warning: "ldapBindDN" parameter is not set'); return ''; } ); @@ -69,7 +70,7 @@ sub get { my $identifier = &getIdentifier( $self, $f->{uid}, $f->{ref}, $f->{date} ); $result->{$identifier} = "$xml"; - $self->lmLog( "notification $identifier found", 'info' ); + $self->logger->info("notification $identifier found"); } return $result; @@ -113,7 +114,7 @@ sub delete { my ( $self, $myref ) = @_; my ( $d, $u, $r ); unless ( ( $d, $u, $r ) = ( $myref =~ /^([^#]+)#(.+?)#(.+)$/ ) ) { - $self->lmLog( "Bad reference $myref", 'warn' ); + $self->logger->warn("Bad reference $myref"); return 0; } my @ts = localtime(); @@ -140,7 +141,7 @@ sub purge { my ( $self, $myref, $force ) = @_; my ( $d, $u, $r ); unless ( ( $d, $u, $r ) = ( $myref =~ /^([^#]+)#(.+?)#(.+)$/ ) ) { - $self->lmLog( "Bad reference $myref", 'warn' ); + $self->logger->warn("Bad reference $myref"); return 0; } @@ -235,7 +236,7 @@ sub _search { ); if ( $search->code ) { - $self->lmLog( "search error: " . $search->error(), 'error' ); + $self->logger->error( "search error: " . $search->error() ); return (); } @@ -385,7 +386,7 @@ sub _ldap { ); unless ($ldap) { - $self->lmLog( 'connexion failed: ' . $@, 'error' ); + $self->logger->error( 'connexion failed: ' . $@ ); return; } @@ -396,7 +397,7 @@ sub _ldap { $h{capath} = $self->{caPath} if ( $self->{caPath} ); my $start_tls = $ldap->start_tls(%h); if ( $start_tls->code ) { - $self->lmLog( 'tls failed: ' . $start_tls->error, 'error' ); + $self->logger->error( 'tls failed: ' . $start_tls->error ); return; } } @@ -405,7 +406,7 @@ sub _ldap { my $bind = $ldap->bind( $self->{ldapBindDN}, password => $self->{ldapBindPassword} ); if ( $bind->code ) { - $self->lmLog( 'bind failed: ' . $bind->error, 'error' ); + $self->logger->error( 'bind failed: ' . $bind->error ); return; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm index 95e347c94..ff6fc7ff0 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Notifications/XML.pm @@ -19,7 +19,7 @@ sub newNotification { my ( $self, $xml ) = @_; eval { $xml = $self->parser->parse_string($xml) }; if ( my $err = $@ ) { - eval { $self->lmLog( "Unable to read XML file : $err", 'error' ) }; + eval { $self->logger->error("Unable to read XML file : $err") }; return 0; } my @notifs; @@ -33,7 +33,7 @@ sub newNotification { foreach (qw(date uid reference)) { my $tmp; unless ( $tmp = $notif->getAttribute($_) ) { - $self->lmLog( "Attribute $_ is missing", 'error' ); + $self->logger->error("Attribute $_ is missing"); return 0; } push @datas, $tmp; @@ -75,15 +75,13 @@ sub deleteNotification { # Check input parameters unless ( $uid and $myref ) { - $self->lmLog( - "SOAP service deleteNotification called without all parameters", - 'error' ); + $self->userLogger->error( + "SOAP service deleteNotification called without all parameters"); return 0; } - $self->lmLog( -"SOAP service deleteNotification called for uid $uid and reference $myref", - 'debug' + $self->logger->debug( +"SOAP service deleteNotification called for uid $uid and reference $myref" ); # Get notifications @@ -111,7 +109,7 @@ sub deleteNotification { # Delete the notification (really) foreach (@data) { if ( $self->purge( $_, 1 ) ) { - $self->lmLog( "Notification $_ was removed.", 'debug' ); + $self->logger->debug("Notification $_ was removed."); $count++; } } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm index b699dc306..0467e0721 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm @@ -186,7 +186,7 @@ body{background:#000;color:#fff;padding:10px 50px;font-family:sans-serif;}a{text sub abort { my ( $self, $err ) = @_; - $self->lmLog( $err, 'error' ); + $self->logger->error($err); return sub { $self->sendError( Lemonldap::NG::Common::PSGI::Request->new( $_[0] ), $err, 500 ); @@ -233,7 +233,7 @@ sub sendHtml { return $self->sendError( $req, "Unable to read $template", 500 ) unless ( -r $template and -f $template ); eval { - $self->lmLog( "Starting HTML generation using $template", 'debug' ); + $self->logger->debug("Starting HTML generation using $template"); require HTML::Template; $htpl = HTML::Template->new( filehandle => IO::File->new($template), @@ -263,7 +263,7 @@ sub sendHtml { # Set headers my $hdrs = [ 'Content-Type' => 'text/html', @{ $args{headers} } ]; - $self->lmLog( "Sending $template", 'debug' ); + $self->logger->debug("Sending $template"); return [ $args{code}, $hdrs, [ $htpl->output() ] ]; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm index 040f6440f..3af226b9d 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm @@ -37,8 +37,8 @@ sub new { sub uri { $_[0]->{uri} } sub userData { - my($self,$v)=@_; - return $_[0]->{userData} = $v if($v); + my ( $self, $v ) = @_; + return $_[0]->{userData} = $v if ($v); return $_[0]->{userData} || { _whatToTrace => $_[0]->user, }; } diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Router.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Router.pm index 45c76f9b3..1225590a1 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Router.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Router.pm @@ -22,7 +22,7 @@ sub addRoute { my ( $self, $word, $dest, $methods, $transform ) = (@_); $methods ||= [qw(GET POST PUT DELETE)]; foreach my $method (@$methods) { - $self->lmLog( "Add $method route:", 'debug' ); + $self->logger->debug("Add $method route:"); $self->genRoute( $self->routes->{$method}, $word, $dest, $transform ); } return $self; @@ -51,7 +51,7 @@ sub genRoute { } if ( $dest =~ /^(.+)\.html$/ ) { my $tpl = $1 or die; - $self->lmLog( "route $dest will use $tpl", 'debug' ); + $self->logger->debug("route $dest will use $tpl"); $routes->{$word} = sub { $self->sendHtml( $_[1], $tpl ) }; return; } @@ -85,7 +85,7 @@ sub genRoute { else { die "$dest() isn't a method"; } - $self->lmLog( "route $word added", 'debug' ); + $self->logger->debug("route $word added"); } } @@ -121,7 +121,7 @@ sub handler { $last = 1 if ( $_ =~ /[^\.\w]/ ); ( $last or /^$/ ? 0 : 1 ); } split /\//, $req->path(); - $self->lmLog( "Start routing " . ( $path[0] // 'default route' ), 'debug' ); + $self->logger->debug( "Start routing " . ( $path[0] // 'default route' ) ); if ( !@path and $self->defaultRoute ) { @path = ( $self->defaultRoute ); diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm index 404804dfd..1e00cb285 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm @@ -125,8 +125,7 @@ sub _tie_session { eval { # SOAP session module must be directly tied - if ( $self->storageModule =~ - /^Lemonldap::NG::Common::Apache::Session/ ) + if ( $self->storageModule =~ /^Lemonldap::NG::Common::Apache::Session/ ) { tie %h, $self->storageModule, $self->id, { %{ $self->options }, %$options }; diff --git a/lemonldap-ng-common/t/50-Combination-Parser.t b/lemonldap-ng-common/t/50-Combination-Parser.t index c7c9958c8..da72227a5 100644 --- a/lemonldap-ng-common/t/50-Combination-Parser.t +++ b/lemonldap-ng-common/t/50-Combination-Parser.t @@ -59,7 +59,7 @@ ok( 'if(0) then [A,B] else [A,B] and [B,C]' ); while ( my $expr = shift @tests ) { - ok( [getok($expr)]->[0] == 0, qq{"$expr" returns PE_OK as auth result} ) + ok( [ getok($expr) ]->[0] == 0, qq{"$expr" returns PE_OK as auth result} ) or print STDERR "Expect 0, get " . getok($expr) . "\n"; } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm index 648b3a150..79eeeefa6 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm @@ -36,7 +36,6 @@ eval { require threads::shared; }; our $request; # Apache2::RequestRec object for current request - #*run = \&Lemonldap::NG::Handler::Main::run; ## @rmethod protected int redirectFilter(string url, Apache2::Filter f) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/AuthBasic.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/AuthBasic.pm index e3c13abff..42b628958 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/AuthBasic.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/AuthBasic.pm @@ -74,7 +74,7 @@ sub createSession { my $creds = $class->header_in('Authorization'); $creds =~ s/^Basic\s+//; my ( $user, $pwd ) = ( decode_base64($creds) =~ /^(.*?):(.*)$/ ); - $class->lmLog( "AuthBasic authentication for user: $user", 'debug' ); + $class->logger->debug("AuthBasic authentication for user: $user"); my $soapRequest = $soapClient->getCookies( $user, $pwd, $id ); # Catch SOAP errors @@ -87,11 +87,8 @@ sub createSession { # If authentication failed, display error if ( $res->{errorCode} ) { - $class->lmLog( - "Authentication failed for $user: " - . $soapClient->error( $res->{errorCode}, 'en' )->result(), - 'notice' - ); + $class->userLogger->notice( "Authentication failed for $user: " + . $soapClient->error( $res->{errorCode}, 'en' )->result() ); return 0; } else { @@ -104,7 +101,7 @@ sub createSession { # Hide user credentials to the protected application sub hideCookie { my $class = shift; - $class->lmLog( "removing Authorization header", 'debug' ); + $class->logger->debug("removing Authorization header"); $class->unset_header_in('Authorization'); } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm index c8e53abc6..76d5fbae4 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm @@ -45,7 +45,7 @@ sub _run { # Override _run() only if protection != 'none' if ( !$self->rule or $self->rule ne 'none' ) { - $self->lmLog( 'PSGI app is protected', 'debug' ); + $self->logger->debug('PSGI app is protected'); # Handle requests # Developers, be careful: Only this part is executed at each request @@ -56,13 +56,13 @@ sub _run { } else { - $self->lmLog( 'PSGI app is not protected', 'debug' ); + $self->logger->debug('PSGI app is not protected'); # Check if main handler initialization has been done unless ( $self->api->tsv ) { - $self->lmLog( 'Checking conf', 'debug' ); + $self->logger->debug('Checking conf'); eval { $self->api->checkConf() }; - $self->lmLog( $@, 'error' ) if ($@); + $self->logger->error($@) if ($@); } # Handle unprotected requests @@ -83,7 +83,7 @@ sub status { # Check if main handler initialization has been done unless ( %$self->api->tsv ) { eval { $self->api->checkConf() }; - $self->lmLog( $@, 'error' ) if ($@); + $self->logger->error($@) if ($@); } return sub { my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] ); @@ -100,7 +100,7 @@ sub reload { # Check if main handler initialization has been done unless ( %$self->api->tsv ) { eval { $self->api->checkConf() }; - $self->lmLog( $@, 'error' ) if ($@); + $self->logger->error($@) if ($@); } return sub { my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] ); @@ -134,7 +134,7 @@ sub _authAndTrace { return [ $res, $req->{respHeaders}, [] ]; } else { - $self->lmLog( 'User authenticated, calling handler()', 'debug' ); + $self->logger->debug('User authenticated, calling handler()'); $res = $self->handler($req); push @{ $res->[1] }, @{ $req->{respHeaders} }; } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/SecureToken.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/SecureToken.pm index 9c5fb82f7..2589fd420 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/SecureToken.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/SecureToken.pm @@ -56,30 +56,28 @@ sub run { foreach (qw/secureTokenMemcachedServers secureTokenUrls/) { no strict 'refs'; unless ( ref ${$_} eq "ARRAY" ) { - $class->lmLog( "Transform $_ value into an array reference", - 'debug' ); + $class->logger->debug("Transform $_ value into an array reference"); my @array = split( /\s+/, ${$_} ); ${$_} = \@array; } } # Display found values in debug mode - $class->lmLog( "secureTokenMemcachedServers: @$secureTokenMemcachedServers", - 'debug' ); - $class->lmLog( "secureTokenExpiration: $secureTokenExpiration", 'debug' ); - $class->lmLog( "secureTokenAttribute: $secureTokenAttribute", 'debug' ); - $class->lmLog( "secureTokenUrls: @$secureTokenUrls", 'debug' ); - $class->lmLog( "secureTokenHeader: $secureTokenHeader", 'debug' ); - $class->lmLog( "secureTokenAllowOnError: $secureTokenAllowOnError", - 'debug' ); + $class->logger->debug( + "secureTokenMemcachedServers: @$secureTokenMemcachedServers"); + $class->logger->debug("secureTokenExpiration: $secureTokenExpiration"); + $class->logger->debug("secureTokenAttribute: $secureTokenAttribute"); + $class->logger->debug("secureTokenUrls: @$secureTokenUrls"); + $class->logger->debug("secureTokenHeader: $secureTokenHeader"); + $class->logger->debug("secureTokenAllowOnError: $secureTokenAllowOnError"); # Return if we are not on a secure token URL my $checkurl = 0; foreach (@$secureTokenUrls) { if ( $uri =~ m#$_# ) { $checkurl = 1; - $class->lmLog( "URL $uri detected as an Secure Token URL (rule $_)", - 'debug' ); + $class->logger->debug( + "URL $uri detected as an Secure Token URL (rule $_)"); last; } } @@ -138,7 +136,7 @@ sub _createMemcachedConnection { 'debug' => 0, }; - $class->lmLog( "Memcached connection created", 'debug' ); + $class->logger->debug("Memcached connection created"); return $memd; } @@ -162,7 +160,7 @@ sub _setToken { return; } - $class->lmLog( "Set $value in token $key", 'info' ); + $class->logger->info("Set $value in token $key"); return $key; } @@ -180,7 +178,7 @@ sub _deleteToken { $class->( "Unable to delete secure token $key", 'error' ); } else { - $class->lmLog( "Token $key deleted", 'info' ); + $class->logger->info("Token $key deleted"); } return $res; @@ -228,12 +226,12 @@ sub _returnError { # Redirect or Forbidden? if ( $class->tsv->{useRedirectOnError} ) { - $class->lmLog( "Use redirect for error", 'debug' ); + $class->logger->debug("Use redirect for error"); return $class->goToPortal( '/', 'lmError=500' ); } else { - $class->lmLog( "Return error", 'debug' ); + $class->logger->debug("Return error"); return $class->SERVER_ERROR; } } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/Status.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/Status.pm index ed53cf3a2..3e7e06f57 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/Status.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/Status.pm @@ -157,7 +157,7 @@ sub run { if ( my ( $cacheModule, $cacheOptions ) = ( $1, $2 ) ) { eval "use $cacheModule;" . "\$cache = new $cacheModule(\$cacheOptions);"; - print STDERR "$@\n" if ($@); # TODO: use lmLog instead + print STDERR "$@\n" if ($@); # TODO: use logger instead } else { $cache = undef; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm index 35f167cd4..4543f33a9 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm @@ -18,8 +18,8 @@ our $VERSION = '2.0.0'; # Overload main run method sub run { - my($class,$req) = @_; - my $ret = $class->SUPER::run($req); + my ( $class, $req ) = @_; + my $ret = $class->SUPER::run($req); # Continue only if user is authorized return $ret unless ( $ret == $class->OK ); @@ -37,19 +37,19 @@ sub run { my $timeout = $localConfig->{'timeout'} || '0'; # Display found values in debug mode - $class->lmLog( "zimbraPreAuthKey: $zimbraPreAuthKey", 'debug' ); - $class->lmLog( "zimbraAccountKey: $zimbraAccountKey", 'debug' ); - $class->lmLog( "zimbraBy: $zimbraBy", 'debug' ); - $class->lmLog( "zimbraUrl: $zimbraUrl", 'debug' ); - $class->lmLog( "zimbraSsoUrl: $zimbraSsoUrl", 'debug' ); - $class->lmLog( "timeout: $timeout", 'debug' ); + $class->logger->debug("zimbraPreAuthKey: $zimbraPreAuthKey"); + $class->logger->debug("zimbraAccountKey: $zimbraAccountKey"); + $class->logger->debug("zimbraBy: $zimbraBy"); + $class->logger->debug("zimbraUrl: $zimbraUrl"); + $class->logger->debug("zimbraSsoUrl: $zimbraSsoUrl"); + $class->logger->debug("timeout: $timeout"); # Return if we are not on a Zimbra SSO URI return $class->OK unless ( $uri =~ $zimbraSsoUrl ); # Check mandatory parameters unless ($zimbraPreAuthKey) { - $class->lmLog( "No Zimbra preauth key configured", 'error' ); + $class->logger->error("No Zimbra preauth key configured"); return $class->SERVER_ERROR; } @@ -88,15 +88,14 @@ sub _buildZimbraPreAuthUrl { my $computed_value = hmac_sha1_hex( "$account|$by|$expires|$timestamp", $key ); - $class->lmLog( - "Compute value $account|$by|$expires|$timestamp into $computed_value", - 'debug' ); + $class->logger->debug( + "Compute value $account|$by|$expires|$timestamp into $computed_value"); # Build PreAuth URL my $zimbra_url = "$url?account=$account&by=$by×tamp=$timestamp&expires=$expires&preauth=$computed_value"; - $class->lmLog( "Build Zimbra URL: $zimbra_url", 'debug' ); + $class->logger->debug("Build Zimbra URL: $zimbra_url"); return $zimbra_url; } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm index 3d66d69c5..19417dfa1 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm @@ -38,7 +38,7 @@ sub build_jail { $self->customFunctions ? split( /\s+/, $self->customFunctions ) : (); foreach (@t) { no warnings 'redefine'; - $api->lmLog( "Custom function : $_", 'debug' ); + $api->logger->debug("Custom function : $_"); my $sub = $_; unless (/::/) { $sub = "$self\::$_"; @@ -51,7 +51,7 @@ sub build_jail { my \$uri = $api\::uri_with_args(); return $sub(\$uri,\@_) }"; - $api->lmLog( $@, 'error' ) if ($@); + $api->logger->error($@) if ($@); $_ = "&$_"; } @@ -149,7 +149,8 @@ sub jail_reval { my $res; eval { $res = ( - SAFEWRAP and $self->useSafeJail + SAFEWRAP + and $self->useSafeJail ? $self->jail->wrap_code_ref( $self->jail->reval($reval) ) : $self->jail->reval($reval) ); diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm index ccab8921b..492a4dc9a 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm @@ -37,37 +37,32 @@ sub checkConf { { local => !$force, localPrm => $class->localConfig } ); unless ( ref($conf) ) { - $class->lmLog( -"$class: Unable to load configuration: $Lemonldap::NG::Common::Conf::msg", - 'error' + $class->logger->error( +"$class: Unable to load configuration: $Lemonldap::NG::Common::Conf::msg" ); return $force ? 0 : $class->cfgNum ? 1 : 0; } if ( !$class->cfgNum or $class->cfgNum != $conf->{cfgNum} ) { - $class->lmLog( -"Get configuration $conf->{cfgNum} ($Lemonldap::NG::Common::Conf::msg)", - 'debug' + $class->logger->debug( +"Get configuration $conf->{cfgNum} ($Lemonldap::NG::Common::Conf::msg)" ); $class->lastCheck( time() ); unless ( $class->cfgNum( $conf->{cfgNum} ) ) { - $class->lmLog( 'No configuration available', 'error' ); + $class->logger->error('No configuration available'); return 0; } $class->configReload($conf); } - $class->lmLog( "$class: configuration is up to date", 'debug' ); + $class->logger->debug("$class: configuration is up to date"); foreach (@_onReload) { my ( $obj, $sub ) = @$_; if ($obj) { - $class->lmLog( 'Launching ' . ref($obj) . "->$sub(conf)", 'debug' ); + $class->logger->debug( 'Launching ' . ref($obj) . "->$sub(conf)" ); unless ( $obj->$sub($conf) ) { - $class->lmLog( - "Underlying object can't load conf (" + $class->logger->error( "Underlying object can't load conf (" . ref($obj) - . "->$sub)", - 'error' - ); + . "->$sub)" ); } } } @@ -83,7 +78,7 @@ sub checkConf { # @return Apache constant ($class->OK or $class->SERVER_ERROR) sub reload { my $class = shift; - $class->lmLog( "Request for configuration reload", 'notice' ); + $class->logger->notice("Request for configuration reload"); return $class->checkConf(1) ? $class->DONE : $class->SERVER_ERROR; } @@ -150,15 +145,15 @@ sub reload { # @param $tsv reference to the thread-shared parameters conf sub configReload { my ( $class, $conf ) = @_; - $class->lmLog( "Loading configuration $conf->{cfgNum} for process $$", - "info" ); + $class->logger->info( + "Loading configuration $conf->{cfgNum} for process $$"); foreach my $sub ( qw( jailInit defaultValuesInit portalInit locationRulesInit sessionStorageInit headersInit postUrlInit aliasInit ) ) { - $class->lmLog( "Process $$ calls $sub", "debug" ); + $class->logger->debug("Process $$ calls $sub"); $class->$sub($conf); } return 1; @@ -211,8 +206,8 @@ sub defaultValuesInit { # Keep default value if $val is negative if ( defined $val and $val >= 0 ) { - $class->lmLog( "Options $opt for vhost $vhost: $val", - 'debug' ); + $class->logger->debug( + "Options $opt for vhost $vhost: $val"); $class->tsv->{$opt}->{$vhost} = $val; } } @@ -233,7 +228,7 @@ sub defaultValuesInit { sub portalInit { my ( $class, $conf ) = @_; unless ( $conf->{portal} ) { - $class->lmLog( "portal parameter required", 'error' ); + $class->logger->error("portal parameter required"); return 0; } if ( $conf->{portal} =~ /[\$\(&\|"']/ ) { @@ -267,11 +262,9 @@ sub locationRulesInit { my ( $cond, $prot ) = $class->conditionSub( $rules->{$url} ); unless ($cond) { $class->tsv->{maintenance}->{$vhost} = 1; - $class->lmLog( + $class->logger->error( "Unable to build rule '$rules->{$url}': " - . $class->tsv->{jail}->error, - 'error' - ); + . $class->tsv->{jail}->error ); next; } @@ -307,7 +300,7 @@ sub locationRulesInit { sub sessionStorageInit { my ( $class, $conf ) = @_; unless ( $class->tsv->{sessionStorageModule} = $conf->{globalStorage} ) { - $class->lmLog( "globalStorage required", 'error' ); + $class->logger->error("globalStorage required"); return 0; } eval "use " . $class->tsv->{sessionStorageModule}; @@ -355,10 +348,8 @@ sub headersInit { $class->buildSub($sub) ) { $class->tsv->{maintenance}->{$vhost} = 1; - $class->lmLog( - "$class Unable to forge headers: " . $class->tsv->{jail}->error, - 'error' - ); + $class->logger->error( "$class Unable to forge headers: " + . $class->tsv->{jail}->error ); } } return 1; @@ -376,7 +367,7 @@ sub postUrlInit { # Browse all POST URI foreach my $url ( keys %{ $conf->{post}->{$vhost} } ) { my $d = $conf->{post}->{$vhost}->{$url}; - $class->lmLog( "Compiling POST data for $url", 'debug' ); + $class->logger->debug("Compiling POST data for $url"); # Where to POST $d->{target} ||= $url; @@ -392,11 +383,9 @@ sub postUrlInit { $class->buildSub($sub) ) { $class->tsv->{maintenance}->{$vhost} = 1; - $class->lmLog( + $class->logger->error( "$class: Unable to build post datas: " - . $class->tsv->{jail}->error, - 'error' - ); + . $class->tsv->{jail}->error ); } $class->tsv->{postFormParams}->{$vhost}->{$url} = $d; @@ -457,8 +446,8 @@ sub conditionSub { if ( $cond =~ /^logout_app/i and not $class->isa('Lemonldap::NG::Handler::ApacheMP2::Main') ) { - $class->lmLog( "Rules logout_app and logout_app_sso require Apache>=2", - 'info' ); + $class->logger->info( + "Rules logout_app and logout_app_sso require Apache>=2"); return ( sub { 1 }, 0 ); } @@ -509,11 +498,8 @@ sub conditionSub { $cond = $class->substitute($cond); my $sub; unless ( $sub = $class->buildSub($cond) ) { - $class->lmLog( - "$class: Unable to build condition ($cond): " - . $class->tsv->{jail}->error, - 'error' - ); + $class->logger->error( "$class: Unable to build condition ($cond): " + . $class->tsv->{jail}->error ); } # Return sub and protected flag @@ -530,7 +516,7 @@ sub aliasInit { if ( my $aliases = $conf->{vhostOptions}->{$vhost}->{vhostAliases} ) { foreach ( split /\s+/, $aliases ) { $class->tsv->{vhostAlias}->{$_} = $vhost; - $class->lmLog( "Registering $_ as alias of $vhost", 'debug' ); + $class->logger->debug("Registering $_ as alias of $vhost"); } } } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm index b95d8b15d..9b4f2ba2c 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm @@ -39,7 +39,7 @@ sub status { # Return Handler::Lib::Status output sub getStatus { my ($class) = @_; - $class->lmLog( "Request for status", 'debug' ); + $class->logger->debug("Request for status"); my $statusPipe = $class->tsv->{statusPipe}; my $statusOut = $class->tsv->{statusOut}; return $class->abort("$class: status page can not be displayed") @@ -90,12 +90,11 @@ sub run { if ( $class->checkMaintenanceMode ) { if ( $class->tsv->{useRedirectOnError} ) { - $class->lmLog( "Got to portal with maintenance error code", - 'debug' ); + $class->logger->debug("Go to portal with maintenance error code"); return $class->goToPortal( '/', 'lmError=' . $class->MAINTENANCE ); } else { - $class->lmLog( "Return maintenance error code", 'debug' ); + $class->logger->debug("Return maintenance error code"); return $class->MAINTENANCE; } } @@ -107,18 +106,16 @@ sub run { and $uri =~ s/[\?&;]${cn}cda=(\w+)$//oi ) { if ( $class->fetchId and $session = $class->retrieveSession($id) ) { - $class->lmLog( - 'CDA asked for an already available session, skipping', - 'info' ); + $class->logger->info( + 'CDA asked for an already available session, skipping'); } else { my $cdaid = $1; - $class->lmLog( "CDA request with id $cdaid", 'debug' ); + $class->logger->debug("CDA request with id $cdaid"); my $cdaInfos = $class->getCDAInfos($cdaid); unless ( $cdaInfos->{cookie_value} and $cdaInfos->{cookie_name} ) { - $class->lmLog( "CDA request for id $cdaid is not valid", - 'error' ); + $class->logger->error("CDA request for id $cdaid is not valid"); return $class->FORBIDDEN; } @@ -151,7 +148,7 @@ sub run { unless ( defined $protection ); if ( $protection == $class->SKIP ) { - $class->lmLog( "Access control skipped", 'debug' ); + $class->logger->debug("Access control skipped"); $class->updateStatus('SKIP'); $class->hideCookie; $class->cleanHeaders; @@ -182,7 +179,7 @@ sub run { # Store local macros if ( keys %$session > $kc ) { - $class->lmLog( "Update local cache", 'debug' ); + $class->logger->debug("Update local cache"); $class->session->update( $session, { updateCache => 2 } ); } @@ -190,12 +187,9 @@ sub run { $class->hideCookie; # Log access granted - $class->lmLog( - "User " + $class->logger->debug( "User " . $session->{ $class->tsv->{whatToTrace} } - . " was granted to access to $uri", - 'debug' - ); + . " was granted to access to $uri" ); # Catch POST rules $class->postOutputFilter( $session, $uri ); @@ -207,7 +201,7 @@ sub run { elsif ( $protection == $class->UNPROTECT ) { # Ignore unprotected URIs - $class->lmLog( "No valid session but unprotected access", 'debug' ); + $class->logger->debug("No valid session but unprotected access"); $class->updateStatus('UNPROTECT'); $class->hideCookie; $class->cleanHeaders; @@ -217,7 +211,7 @@ sub run { else { # Redirect user to the portal - $class->lmLog( "No cookie found", 'info' ) + $class->logger->info("No cookie found") unless ($id); # if the cookie was fetched, a log is sent by retrieveSession() @@ -274,7 +268,7 @@ sub checkMaintenanceMode { : $class->tsv->{maintenance}->{_}; if ($_maintenance) { - $class->lmLog( "Maintenance mode activated", 'debug' ); + $class->logger->debug("Maintenance mode activated"); return 1; } return 0; @@ -292,23 +286,19 @@ sub grant { $vhost ||= $class->resolveAlias; for ( my $i = 0 ; $i < $class->tsv->{locationCount}->{$vhost} ; $i++ ) { if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) { - $class->lmLog( - 'Regexp "' + $class->logger->debug( 'Regexp "' . $class->tsv->{locationConditionText}->{$vhost}->[$i] - . '" match', - 'debug' - ); + . '" match' ); return $class->tsv->{locationCondition}->{$vhost}->[$i]->($session); } } unless ( $class->tsv->{defaultCondition}->{$vhost} ) { - $class->lmLog( - "User rejected because VirtualHost \"$vhost\" has no configuration", - 'warn' + $class->logger->warn( + "User rejected because VirtualHost \"$vhost\" has no configuration" ); return 0; } - $class->lmLog( "$vhost: Apply default rule", 'debug' ); + $class->logger->debug("$vhost: Apply default rule"); return $class->tsv->{defaultCondition}->{$vhost}->($session); } @@ -331,21 +321,18 @@ sub forbidden { } # Log forbidding - $class->lmLog( - "User " + $class->userLogger->notice( "User " . $session->{ $class->tsv->{whatToTrace} } - . " was forbidden to access to $vhost$uri", - "notice" - ); + . " was forbidden to access to $vhost$uri" ); $class->updateStatus( 'REJECT', $session->{ $class->tsv->{whatToTrace} } ); # Redirect or Forbidden? if ( $class->tsv->{useRedirectOnForbidden} ) { - $class->lmLog( "Use redirect for forbidden access", 'debug' ); + $class->logger->debug("Use redirect for forbidden access"); return $class->goToPortal( $uri, 'lmError=403' ); } else { - $class->lmLog( "Return forbidden access", 'debug' ); + $class->logger->debug("Return forbidden access"); return $class->FORBIDDEN; } } @@ -354,7 +341,7 @@ sub forbidden { # Hide Lemonldap::NG cookie to the protected application. sub hideCookie { my $class = shift; - $class->lmLog( "removing cookie", 'debug' ); + $class->logger->debug("removing cookie"); my $cookie = $class->header_in('Cookie'); my $cn = $class->tsv->{cookieName}; $cookie =~ s/$cn(http)?=[^,;]*[,;\s]*//og; @@ -384,9 +371,8 @@ sub goToPortal { my ( $class, $url, $arg ) = @_; my ( $ret, $msg ); my $urlc_init = $class->encodeUrl($url); - $class->lmLog( - "Redirect " . $class->remote_ip . " to portal (url was $url)", - 'debug' ); + $class->logger->debug( + "Redirect " . $class->remote_ip . " to portal (url was $url)" ); $class->set_header_out( 'Location' => $class->tsv->{portal}->() . "?url=$urlc_init" . ( $arg ? "&$arg" : "" ) ); @@ -418,8 +404,8 @@ sub fetchId { elsif ( $value =~ s/^c:// ) { $value = $class->tsv->{cipher}->decrypt($value); unless ( $value =~ s/^(.*)? (.*)$/$1/ and $2 eq $vhost ) { - $class->lmLog( "Bad CDA cookie: available for $2 instead od $vhost", - 'error' ); + $class->userLogger->error( + "Bad CDA cookie: available for $2 instead od $vhost"); return undef; } } @@ -439,7 +425,7 @@ sub retrieveSession { and $id eq $class->datas->{_session_id} and ( $now - $class->datasUpdate < 60 ) ) { - $class->lmLog( "Get session $id from Handler internal cache", 'debug' ); + $class->logger->debug("Get session $id from Handler internal cache"); return $class->datas; } @@ -461,7 +447,7 @@ sub retrieveSession { $class->datas( $session->data ); - $class->lmLog( "Get session $id", 'debug' ); + $class->logger->debug("Get session $id"); # Verify that session is valid if ( @@ -472,7 +458,7 @@ sub retrieveSession { $class->tsv->{timeoutActivity} ) ) { - $class->lmLog( "Session $id expired", 'info' ); + $class->logger->info("Session $id expired"); # Clean cached data $class->datas( {} ); @@ -489,11 +475,11 @@ sub retrieveSession { $class->session->update( { '_lastSeen' => $now } ); if ( $session->error ) { - $class->lmLog( "Cannot update session $id", 'error' ); - $class->lmLog( $class->session->error, 'error' ); + $class->logger->error("Cannot update session $id"); + $class->logger->error( $class->session->error ); } else { - $class->lmLog( "Update _lastSeen with $now", 'debug' ); + $class->logger->debug("Update _lastSeen with $now"); } } @@ -501,8 +487,8 @@ sub retrieveSession { return $session->data; } else { - $class->lmLog( "Session $id can't be retrieved", 'info' ); - $class->lmLog( $session->error, 'info' ); + $class->logger->info("Session $id can't be retrieved"); + $class->logger->info( $session->error ); return 0; } @@ -528,7 +514,7 @@ sub getCDAInfos { ); unless ( $cdaSession->error ) { - $class->lmLog( "Get CDA session $id", 'debug' ); + $class->logger->debug("Get CDA session $id"); $infos->{cookie_value} = $cdaSession->data->{cookie_value}; $infos->{cookie_name} = $cdaSession->data->{cookie_name}; @@ -536,8 +522,8 @@ sub getCDAInfos { $cdaSession->remove; } else { - $class->lmLog( "CDA Session $id can't be retrieved", 'info' ); - $class->lmLog( $cdaSession->error, 'info' ); + $class->logger->info("CDA Session $id can't be retrieved"); + $class->logger->info( $cdaSession->error ); } return $infos; @@ -564,7 +550,7 @@ sub _buildUrl { or ( !$_https && $portString == 80 ) ) ? '' : ":$portString"; my $url = "http" . ( $_https ? "s" : "" ) . "://$vhost$portString$s"; - $class->lmLog( "Build URL $url", 'debug' ); + $class->logger->debug("Build URL $url"); return $url; } @@ -595,10 +581,10 @@ sub sendHeaders { my %headers = $class->tsv->{forgeHeaders}->{$vhost}->($session); foreach my $h ( sort keys %headers ) { if ( defined( my $v = $headers{$h} ) ) { - $class->lmLog( "Send header $h with value $v", 'debug' ); + $class->logger->debug("Send header $h with value $v"); } else { - $class->lmLog( "Send header $h with empty value", 'debug' ); + $class->logger->debug("Send header $h with empty value"); } } $class->set_header_in(%headers); @@ -637,11 +623,11 @@ sub abort { eval { my $uri = $class->unparsed_uri; - $class->lmLog( $msg, 'error' ); + $class->logger->error($msg); # Redirect or die if ( $class->tsv->{useRedirectOnError} ) { - $class->lmLog( "Use redirect for error", 'debug' ); + $class->logger->debug("Use redirect for error"); return $class->goToPortal( $uri, 'lmError=500' ); } else { @@ -655,7 +641,7 @@ sub abort { # Delete current user from local cache entry. sub localUnlog { my ( $class, $id ) = @_; - $class->lmLog( 'Local handler logout', 'debug' ); + $class->logger->debug('Local handler logout'); if ( $id //= $class->fetchId ) { # Delete thread datas @@ -682,7 +668,7 @@ sub postOutputFilter { my $vhost = $class->resolveAlias; if ( defined( $class->tsv->{outputPostData}->{$vhost}->{$uri} ) ) { - $class->lmLog( "Filling a html form with fake data", "debug" ); + $class->logger->debug("Filling a html form with fake data"); $class->unset_header_in("Accept-Encoding"); my %postdata = @@ -701,7 +687,7 @@ sub postInputFilter { my $vhost = $class->resolveAlias; if ( defined( $class->tsv->{inputPostData}->{$vhost}->{$uri} ) ) { - $class->lmLog( "Replacing fake data with real form data", "debug" ); + $class->logger->debug("Replacing fake data with real form data"); my %data = $class->tsv->{inputPostData}->{$vhost}->{$uri}->($session); foreach ( keys %data ) { diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm index 763979c60..71d44b69b 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm @@ -9,10 +9,10 @@ extends 'Lemonldap::NG::Handler::Lib::PSGI', 'Lemonldap::NG::Common::PSGI'; our $VERSION = '2.0.0'; sub init { - my ($self,$args)=@_; + my ( $self, $args ) = @_; $self->api('Lemonldap::NG::Handler::PSGI::Main') unless ( $self->api ); - my $tmp = ( $self->Lemonldap::NG::Common::PSGI::init( $args ) - and $self->Lemonldap::NG::Handler::Lib::PSGI::init( $args ) ); + my $tmp = ( $self->Lemonldap::NG::Common::PSGI::init($args) + and $self->Lemonldap::NG::Handler::Lib::PSGI::init($args) ); return $tmp; } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Main.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Main.pm index e55bf208a..13a2e04ad 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Main.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Main.pm @@ -14,7 +14,7 @@ use constant DONE => 0; use constant SERVER_ERROR => 500; use constant AUTH_REQUIRED => 401; use constant MAINTENANCE => 503; -use constant defaultLogger => 'Lemonldap::NG::Common::Logger::Std'; +use constant defaultLogger => 'Lemonldap::NG::Common::Logger::Std'; our $request; @@ -179,9 +179,8 @@ sub cgiName { sub addToHtmlHead { my $self = shift; - $self->lmLog( - 'Features like form replay or logout_app can only be used with Apache', - 'error' + $self->logger->error( + 'Features like form replay or logout_app can only be used with Apache' ), ; } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm index 76fb39a8c..0efb92080 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm @@ -24,14 +24,14 @@ sub addRoute { sub addAuthRoute { my $self = shift; $self->routes( $self->authRoutes ); - $self->lmLog( 'Declaring auth route', 'debug' ); + $self->logger->debug('Declaring auth route'); return $self->SUPER::addRoute(@_); } sub addUnauthRoute { my $self = shift; $self->routes( $self->unAuthRoutes ); - $self->lmLog( 'Declaring unauth route', 'debug' ); + $self->logger->debug('Declaring unauth route'); return $self->SUPER::addRoute(@_); } @@ -60,9 +60,8 @@ sub _run { } else { # Unset headers (handler adds a Location header) - $self->lmLog( - "User not authenticated, Try in use, cancel redirection", - 'debug' ); + $self->logger->debug( + "User not authenticated, Try in use, cancel redirection"); $req->userData( {} ); $req->respHeaders( [] ); $self->routes( $self->unAuthRoutes ); diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm index bf5d6f0ed..8afb993c8 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm @@ -28,7 +28,7 @@ sub _run { my $self = shift; return sub { my $req = $_[0]; - $self->lmLog( 'New request', 'debug' ); + $self->logger->debug('New request'); my $res = $self->_authAndTrace( Lemonldap::NG::Common::PSGI::Request->new($req) ); diff --git a/lemonldap-ng-handler/t/10-Lemonldap-NG-Handler-SharedConf.t b/lemonldap-ng-handler/t/10-Lemonldap-NG-Handler-SharedConf.t index fb3cec0e5..1155d2ce3 100644 --- a/lemonldap-ng-handler/t/10-Lemonldap-NG-Handler-SharedConf.t +++ b/lemonldap-ng-handler/t/10-Lemonldap-NG-Handler-SharedConf.t @@ -55,7 +55,7 @@ my $h = 'Lemonldap::NG::Handler::Test'; ok( $h->init(), 'Initialize handler' ); -ok( $h->checkType($apacheRequest) eq 'Main', 'Get Main type'); +ok( $h->checkType($apacheRequest) eq 'Main', 'Get Main type' ); ok( $ret = $h->run($apacheRequest), 'run Handler with basic configuration and no cookie' ); diff --git a/lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Jail.t b/lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Jail.t index 5b9951f40..232885e42 100644 --- a/lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Jail.t +++ b/lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Jail.t @@ -31,22 +31,28 @@ ok( ( defined($basic) ), 'basic extended function is defined' ); $sub = "sub { return ( encode_base64('test','') ) }"; my $code = $jail->jail_reval($sub); -ok( ( defined($code) and ref($code) eq 'CODE' ), - 'encode_base64 function is defined' ); +ok( + ( defined($code) and ref($code) eq 'CODE' ), + 'encode_base64 function is defined' +); ok( $res = &$code, "Function works" ); ok( $res eq 'dGVzdA==', 'Get good result' ); -$sub = "sub { return(checkDate('20000000000000','21000000000000')) }"; +$sub = "sub { return(checkDate('20000000000000','21000000000000')) }"; $code = $jail->jail_reval($sub); -ok( ( defined($code) and ref($code) eq 'CODE' ), - 'checkDate extended function is defined' ); +ok( + ( defined($code) and ref($code) eq 'CODE' ), + 'checkDate extended function is defined' +); ok( $res = &$code, "Function works" ); ok( $res == 1, 'Get good result' ); -$sub = "sub { return (hostname()) }"; +$sub = "sub { return (hostname()) }"; $code = $jail->jail_reval($sub); -ok( ( defined($code) and ref($code) eq 'CODE' ), - 'hostname api function is defined' ); +ok( + ( defined($code) and ref($code) eq 'CODE' ), + 'hostname api function is defined' +); ok( $res = &$code, "Function works $res" ); ok( $res eq 'test1.example.com', 'Get good result' ); diff --git a/lemonldap-ng-handler/t/63-Lemonldap-NG-Handler-PSGI-Try.t b/lemonldap-ng-handler/t/63-Lemonldap-NG-Handler-PSGI-Try.t index 9e0307d91..22c48b920 100644 --- a/lemonldap-ng-handler/t/63-Lemonldap-NG-Handler-PSGI-Try.t +++ b/lemonldap-ng-handler/t/63-Lemonldap-NG-Handler-PSGI-Try.t @@ -64,7 +64,7 @@ count(3); # Pad path test -ok($res = $client->_get('/[]/test'), 'Try a bad path'); +ok( $res = $client->_get('/[]/test'), 'Try a bad path' ); ok( $res->[0] == 400, 'Response is 400' ); count(2); diff --git a/lemonldap-ng-handler/t/test.pm b/lemonldap-ng-handler/t/test.pm index 0c3c5ac83..d3bb70fd7 100644 --- a/lemonldap-ng-handler/t/test.pm +++ b/lemonldap-ng-handler/t/test.pm @@ -1,6 +1,6 @@ package main; -sub hostname { 'test1.example.com' }; +sub hostname { 'test1.example.com' } package Lemonldap::NG::Handler::Test; @@ -11,9 +11,10 @@ our $header; use constant defaultLogger => 'Lemonldap::NG::Common::Logger::Std'; use constant REDIRECT => 302; + #sub hostname { 'test1.example.com' } *hostname = \&main::hostname; -*logger = \&Lemonldap::NG::Handler::Main::logger; +*logger = \&Lemonldap::NG::Handler::Main::logger; sub newRequest { 1 } sub header_in { "" } sub is_initial_req { '1' } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm index 1daf27ff8..e5d339d6e 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm @@ -33,7 +33,7 @@ sub init { if ( my $localconf = $self->confAcc->getLocalConf(MANAGERSECTION) ) { $self->{$_} = $args->{$_} //= $localconf->{$_} - foreach ( grep {$_ !~ /^(?:l|userL)ogger$/} keys %$localconf ); + foreach ( grep { $_ !~ /^(?:l|userL)ogger$/ } keys %$localconf ); } # Manager needs to keep new Ajax behaviour @@ -59,14 +59,14 @@ sub init { for ( my $i = 0 ; $i < @enabledModules ; $i++ ) { my $mod = $enabledModules[$i]; no strict 'refs'; - if ( &{"${mod}::addRoutes"}($self,$conf) ) { - $self->lmLog( "Module $mod enabled", 'debug' ); + if ( &{"${mod}::addRoutes"}( $self, $conf ) ) { + $self->logger->debug("Module $mod enabled"); push @working, $mod; } else { $links[$i] = undef; - $self->lmLog( "Module $mod can not be enabled: " . $self->error, - 'error' ); + $self->logger->error( + "Module $mod can not be enabled: " . $self->error ); } } return 0 unless (@working); @@ -114,9 +114,11 @@ sub javascript { return 'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";' . ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' ) - . ( $self->menuLinks + . ( + $self->menuLinks ? 'var menulinks=' . to_json( $self->menuLinks ) . ';' - : '' ); + : '' + ); } 1; diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm index dd044bd82..974b6c241 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm @@ -25,7 +25,8 @@ sub cTrees { help => 'configvhost.html#options', nodes => [ 'vhostPort', 'vhostHttps', - 'vhostMaintenance', 'vhostAliases', 'vhostType', + 'vhostMaintenance', 'vhostAliases', + 'vhostType', ], }, ], diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm index b16dbf471..dbaeb1062 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm @@ -252,8 +252,7 @@ sub tree { { title => 'combinationParams', help => 'authcombination.html', - nodes => - [ 'combination', 'combModules' ] + nodes => [ 'combination', 'combModules' ] }, { title => 'nullParams', @@ -439,9 +438,8 @@ sub tree { title => 'logParams', help => 'logs.html', form => 'simpleInputContainer', - nodes => [ - 'trustedProxies', 'whatToTrace', 'hiddenAttributes' - ] + nodes => + [ 'trustedProxies', 'whatToTrace', 'hiddenAttributes' ] }, { title => 'cookieParams', diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm index 87fc60d2a..dc0c30424 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf.pm @@ -27,7 +27,7 @@ our $VERSION = '2.0.0'; use constant defaultRoute => 'manager.html'; sub addRoutes { - my($self,$conf) = @_; + my ( $self, $conf ) = @_; # HTML template $self->addRoute( 'manager.html', undef, ['GET'] ) @@ -167,7 +167,7 @@ sub getConfByNum { } else { $tmp = $self->SUPER::getConfByNum( $cfgNum, @args ); - return undef unless (defined $tmp); + return undef unless ( defined $tmp ); } } return $cfgNum; diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm index 60809a8dc..d3bfb3ded 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Notifications.pm @@ -232,8 +232,8 @@ sub notification { my ( $uid, $ref ) = ( $id =~ /([^_]+?)_(.+)/ ); my $n = $self->notifAccess->get( $uid, $ref ); unless ($n) { - $self->lmLog( "Notification $ref not found for user $uid", - 'notice' ); + $self->userLogger->notice( + "Notification $ref not found for user $uid"); return $self->sendJSONresponse( $req, { @@ -291,14 +291,14 @@ sub newNotification { delete $json->{xml}; }; if ($@) { - $self->lmLog( "Notification malformed $@", 'error' ); + $self->logger->error("Notification malformed $@"); return $self->sendError( $req, "Notification malformed: $@", 200 ); } $newNotif = to_json($json); } unless ( eval { $self->notifAccess->newNotification($newNotif) } ) { - $self->lmLog( "Notification not created: $@", 'error' ); + $self->logger->error("Notification not created: $@"); return $self->sendError( $req, "Notification not created: $@", 200 ); } else { @@ -323,7 +323,7 @@ sub updateNotification { my ( $uid, $ref ) = ( $id =~ /([^_]+?)_(.+)/ ); my ( $n, $res ); unless ( $n = $self->notifAccess->get( $uid, $ref ) ) { - $self->lmLog( "Notification $ref not found for user $uid", 'notice' ); + $self->logger->notice("Notification $ref not found for user $uid"); return $self->sendError( $req, "Notification $ref not found for user $uid" ); } @@ -335,13 +335,13 @@ sub updateNotification { } unless ($status) { - $self->lmLog( "Notification $ref for user $uid not deleted", 'error' ); + $self->logger->error("Notification $ref for user $uid not deleted"); return $self->sendError( $req, "Notification $ref for user $uid not deleted" ); } else { - $self->lmLog( "Notification $ref deleted for user $uid", 'info' ); + $self->logger->info("Notification $ref deleted for user $uid"); return $self->sendJSONresponse( $req, { result => 1 } ); } } @@ -355,12 +355,12 @@ sub deleteDoneNotification { my ( $uid, $ref, $date ) = ( $id =~ /([^_]+?)_([^_]+?)_(.+)/ ); my $identifier = $self->notifAccess->getIdentifier( $uid, $ref, $date ); unless ( eval { $self->notifAccess->purge($identifier) } ) { - $self->lmLog( "Notification $identifier not purged ($@)", 'warn' ); + $self->logger->warn("Notification $identifier not purged ($@)"); return $self->sendError( $req, "Notification $identifier not purged ($@)", 400 ); } - $self->lmLog( "Notification $identifier purged", 'info' ); + $self->logger->info("Notification $identifier purged"); return $self->sendJSONresponse( $req, { result => 1 } ); } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm index 4da55c171..204d47a91 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm @@ -25,7 +25,7 @@ our $VERSION = '2.0.0'; use constant defaultRoute => 'sessions.html'; sub addRoutes { - my($self,$conf) = @_; + my ( $self, $conf ) = @_; # HTML template $self->addRoute( 'sessions.html', undef, ['GET'] ) diff --git a/lemonldap-ng-manager/t/15-combination.t b/lemonldap-ng-manager/t/15-combination.t index 04b9a4edc..dfb85402c 100644 --- a/lemonldap-ng-manager/t/15-combination.t +++ b/lemonldap-ng-manager/t/15-combination.t @@ -24,12 +24,17 @@ ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" ); ok( $resBody->{result} == 1, "JSON response contains \"result:1\"" ) or print STDERR Dumper($res); -ok( $res = &client->_get( '/confs/2/combModules', 'application/json' ), 'Get combModules'); +ok( $res = &client->_get( '/confs/2/combModules', 'application/json' ), + 'Get combModules' ); ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" ); -ok( $res = &client->_get( '/confs/2/ldapServer', 'application/json' ), 'Get combModules'); +ok( $res = &client->_get( '/confs/2/ldapServer', 'application/json' ), + 'Get combModules' ); ok( $resBody = from_json( $res->[2]->[0] ), "Result body contains JSON text" ); -ok( $resBody->{value} eq 'ldap://192.168.1.1', 'Key ldapServer has been modified'); +ok( + $resBody->{value} eq 'ldap://192.168.1.1', + 'Key ldapServer has been modified' +); count(9); diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST index 57a89a9a8..6deb34170 100644 --- a/lemonldap-ng-portal/MANIFEST +++ b/lemonldap-ng-portal/MANIFEST @@ -7,8 +7,6 @@ example/soaperrortest.pl example/soaptest.pl KINEMATIC.md lib/Lemonldap/NG/Portal.pm -lib/Lemonldap/NG/Portal/_i18n.pm -lib/Lemonldap/NG/Portal/_Multi.pm lib/Lemonldap/NG/Portal/Auth/_WebForm.pm lib/Lemonldap/NG/Portal/Auth/AD.pm lib/Lemonldap/NG/Portal/Auth/Apache.pm @@ -34,7 +32,6 @@ lib/Lemonldap/NG/Portal/Auth/WebID.pm lib/Lemonldap/NG/Portal/Auth/Yubikey.pm lib/Lemonldap/NG/Portal/AuthMulti.pm lib/Lemonldap/NG/Portal/CDC.pm -lib/Lemonldap/NG/Portal/Display.pm lib/Lemonldap/NG/Portal/Issuer/CAS.pm lib/Lemonldap/NG/Portal/Issuer/Get.pm lib/Lemonldap/NG/Portal/Issuer/OpenID.pm @@ -71,7 +68,6 @@ lib/Lemonldap/NG/Portal/Main/Plugins.pm lib/Lemonldap/NG/Portal/Main/Process.pm lib/Lemonldap/NG/Portal/Main/Request.pm lib/Lemonldap/NG/Portal/Main/Run.pm -lib/Lemonldap/NG/Portal/Menu.pm lib/Lemonldap/NG/Portal/Password/Base.pm lib/Lemonldap/NG/Portal/Password/Choice.pm lib/Lemonldap/NG/Portal/Password/DBI.pm @@ -90,7 +86,6 @@ lib/Lemonldap/NG/Portal/Register/AD.pm lib/Lemonldap/NG/Portal/Register/Demo.pm lib/Lemonldap/NG/Portal/Register/LDAP.pm lib/Lemonldap/NG/Portal/Register/U2F.pm -lib/Lemonldap/NG/Portal/Simple.pm lib/Lemonldap/NG/Portal/UserDB/AD.pm lib/Lemonldap/NG/Portal/UserDB/Choice.pm lib/Lemonldap/NG/Portal/UserDB/Combination.pm diff --git a/lemonldap-ng-portal/example/soapconfigtest.pl b/lemonldap-ng-portal/example/soapconfigtest.pl index 428a486ac..25e820539 100755 --- a/lemonldap-ng-portal/example/soapconfigtest.pl +++ b/lemonldap-ng-portal/example/soapconfigtest.pl @@ -11,8 +11,7 @@ use SOAP::Lite; use Data::Dumper; # Service -my $soap = - SOAP::Lite->new( proxy => 'http://auth.example.com/config' ); +my $soap = SOAP::Lite->new( proxy => 'http://auth.example.com/config' ); $soap->default_ns('urn:Lemonldap/NG/Common/CGI/SOAPService'); # Call SOAP methods diff --git a/lemonldap-ng-portal/example/soaptest.pl b/lemonldap-ng-portal/example/soaptest.pl index 92136ba4c..83ff9a67f 100755 --- a/lemonldap-ng-portal/example/soaptest.pl +++ b/lemonldap-ng-portal/example/soaptest.pl @@ -14,8 +14,7 @@ use Data::Dumper; my $session_id = shift @ARGV; # Service -my $soap = - SOAP::Lite->new( proxy => 'http://auth.example.com/sessions' ); +my $soap = SOAP::Lite->new( proxy => 'http://auth.example.com/sessions' ); $soap->default_ns('urn:Lemonldap/NG/Common/CGI/SOAPService'); # Call some SOAP methods diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm index 6416d8ac8..42af9ca46 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm @@ -108,7 +108,9 @@ portal main object. Some main methods are mapped to the plugin namespace: =over -=item lmLog() +=item logger() accessor to log + +=item userLogger() accessor to log user actions =item error() accessor (use it to store error during initialization) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm index e570020b5..471273a19 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/AD.pm @@ -51,9 +51,9 @@ sub init { if ( $self->adPwdExpireWarning > $self->adPwdMaxAge ) { $self->adPwdExpireWarning( $self->adPwdMaxAge ); - $self->lmLog( + $self->logger->warn( "Error: ADPwdExpireWarning > ADPwdMaxAge, this should not happen", - 'warn' ); + ); } return $self->SUPER::init(); } @@ -73,14 +73,14 @@ sub authenticate { my $expired_flag = 0x800000; # 8 at 6th position for flag UF_PASSWORD_EXPIRED to be set if ( ( $computed & $mask ) == $expired_flag ) { - $self->lmLog( "[AD] Password has expired", 'warn' ); + $self->logger->warn("[AD] Password has expired"); $res = PE_PP_PASSWORD_EXPIRED; } # Password must be changed if pwdLastSet 0 if ( defined $pls and $pls == 0 ) { - $self->lmLog( "[AD] Password reset. User must change his password", - 'warn' ); + $self->userLogger->warn( + "[AD] Password reset. User must change his password"); $res = PE_PP_CHANGE_AFTER_RESET; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Apache.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Apache.pm index 2eab28b9f..0255033d4 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Apache.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Apache.pm @@ -19,8 +19,7 @@ sub init { sub extractFormInfo { my ( $self, $req ) = @_; unless ( $req->{user} = $req->env->{REMOTE_USER} ) { - $self->lmLog( 'Apache is not configured to authenticate users!', - 'error' ); + $self->logger->error('Apache is not configured to authenticate users!'); return PE_ERROR; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Base.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Base.pm index 7289e9bd8..123bcae70 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Base.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Base.pm @@ -78,7 +78,9 @@ Lemonldap::NG portal. They must provides methods described below. =item conf: configuration hash (as reference) -=item lmLog: alias for p->lmLog method +=item logger alias for p->logger accessor + +=item userLogger alias for p->userLogger accessor =item error: alias for p->error method @@ -147,6 +149,35 @@ Last method called during authentication process. =head4 authLogout($req) +=head1 LOGGING + +Logging is provided by $self->logger and $self->userLogger. The following rules +must be applied: + +=over + +=item logger->debug: technical debugging messages + +=item logger->info: simple technical information + +=item logger->notice: technical information that could interest administrators + +=item logger->warn: technical warning + +=item logger->error: error that must be reported to administrator + +=item userLogger->info: simple information about user's action + +=item userLogger->notice: information that may be registered (auth success,...) + +=item userLogger->warn: bad action of a user (auth failure). Auth/Combination +transform it to "info" when another authentication scheme is available + +=item userLogger->error: bad action of a user that must be reported, (even if +another backend is available with Combination) + +=back + =head1 AUTHORS =over diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm index 3cfc668d7..499844336 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm @@ -72,7 +72,7 @@ sub extractFormInfo { and %{ $req->{portalHiddenFormValues} } ) { - $self->lmLog( "Add hidden values to CAS redirect URL\n", 'debug' ); + $self->logger->debug("Add hidden values to CAS redirect URL\n"); foreach ( keys %{ $req->{portalHiddenFormValues} } ) { $local_url .= @@ -83,7 +83,7 @@ sub extractFormInfo { } if ( $self->proxy ) { - $self->lmLog( "CAS: Proxy mode activated", 'debug' ); + $self->logger->debug("CAS: Proxy mode activated"); my $proxy_url = $self->p->fullUrl($req) . '?casProxy=1'; if ( $self->conf->{authChoiceParam} @@ -92,7 +92,7 @@ sub extractFormInfo { $proxy_url .= '&' . $self->conf->{authChoiceParam} . "=$tmp"; } - $self->lmLog( "CAS Proxy URL: $proxy_url", 'debug' ); + $self->logger->debug("CAS Proxy URL: $proxy_url"); $self->cas->proxyMode( pgtFile => $self->conf->{CAS_pgtFile}, @@ -102,7 +102,7 @@ sub extractFormInfo { # Catch proxy callback if ( $req->param('casProxy') ) { - $self->lmLog( "CAS: Proxy callback detected", 'debug' ); + $self->logger->debug("CAS: Proxy callback detected"); my $pgtIou = $req->param('pgtIou'); my $pgtId = $req->param('pgtId'); @@ -111,11 +111,11 @@ sub extractFormInfo { # Store pgtId and pgtIou unless ( $self->cas->storePGT( $pgtIou, $pgtId ) ) { - $self->lmLog( "CAS: error " . &AuthCAS::get_errors(), 'error' ); + $self->logger->error( "CAS: error " . &AuthCAS::get_errors() ); } else { - $self->lmLog( "CAS: Store pgtIou $pgtIou and pgtId $pgtId", - 'debug' ); + $self->logger->debug( + "CAS: Store pgtIou $pgtIou and pgtId $pgtId"); } } @@ -134,21 +134,21 @@ sub extractFormInfo { # Unless a ticket has been found, we redirect the user unless ($ticket) { - $self->lmLog( "CAS: Redirect user to $login_url", 'debug' ); + $self->logger->debug("CAS: Redirect user to $login_url"); $req->{urldc} = $login_url; $req->steps( [] ); return PE_REDIRECT; } - $self->lmLog( "CAS: Service Ticket received: $ticket", 'debug' ); + $self->logger->debug("CAS: Service Ticket received: $ticket"); # Ticket found, try to validate it unless ( $req->{user} = $self->cas->validateST( $local_url, $ticket ) ) { - $self->lmLog( "CAS: error " . &AuthCAS::get_errors(), 'error' ); + $self->logger->error( "CAS: error " . &AuthCAS::get_errors() ); return PE_ERROR; } else { - $self->lmLog( "CAS: User $req->{user} found", 'debug' ); + $self->logger->debug("CAS: User $req->{user} found"); } # Request proxy tickets for proxied services @@ -158,8 +158,8 @@ sub extractFormInfo { my $pgtId = $self->cas->{pgtId}; unless ($pgtId) { - $self->lmLog( "CAS: Proxy mode activated, but no PGT received", - 'error' ); + $self->logger->error( + "CAS: Proxy mode activated, but no PGT received"); return PE_ERROR; } @@ -169,14 +169,13 @@ sub extractFormInfo { my $pt = $self->cas->retrievePT($service); unless ($pt) { - $self->lmLog( - "CAS: No proxy ticket recevied for service $service", - 'error' ); + $self->logger->error( + "CAS: No proxy ticket recevied for service $service"); return PE_ERROR; } - $self->lmLog( "CAS: Received proxy ticket $pt for service $service", - 'debug' ); + $self->logger->debug( + "CAS: Received proxy ticket $pt for service $service"); # Store it in session $req->{sessionInfo}->{ '_casPT' . $_ } = $pt; @@ -205,7 +204,7 @@ sub authLogout { my $logout_url = $self->cas->getServerLogoutURL( uri_escape( $self->p->fullUrl($req) ) ); - $self->lmLog( "Build CAS logout URL: $logout_url", 'debug' ); + $self->logger->debug("Build CAS logout URL: $logout_url"); # Register CAS logout URL in logoutServices $req->datas->{logoutServices}->{CASserver} = $logout_url; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm index 55b0de0a6..e73ef9c52 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm @@ -124,7 +124,7 @@ sub getStack { return $req->datas->{multiStack} if ( $req->datas->{multiStack} ); my $stack = $req->datas->{multiStack} = $self->stackSub->( $req->env ); unless ($stack) { - $self->lmLog( 'No authentication scheme for this user', 'error' ); + $self->logger->error('No authentication scheme for this user'); } @{ $req->datas->{multiSteps} } = ( @steps, @{ $req->steps } ); $req->datas->{multiTry} = 0; @@ -145,8 +145,8 @@ sub try { # On error, restart authentication with next scheme if ( $res > PE_OK ) { - $self->lmLog( qq'Scheme "$name" has return $res, trying next', - 'info' ); + $self->logger->info( + qq'Scheme "$name" has return $res, trying next'); $req->datas->{multiTry}++; $req->steps( [ @{ $req->datas->{multiSteps} } ] ); return PE_OK; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Demo.pm index bbdaa6b76..0cd5fcad6 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Demo.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Demo.pm @@ -21,9 +21,8 @@ sub init { my $self = shift; # Add warning in log - $self->lmLog( - "Using demonstration mode, go to Manager to edit the configuration", - 'warn' ); + $self->logger->warn( + "Using demonstration mode, go to Manager to edit the configuration"); return $self->Lemonldap::NG::Portal::Auth::_WebForm::init(); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Facebook.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Facebook.pm index dff068640..1d9817ab7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Facebook.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Facebook.pm @@ -61,14 +61,13 @@ sub extractFormInfo { { fields => join( ',', @fields ) } )->as_hash; unless ( ref $datas ) { - $self->lmLog( "Unable to get any Facebook field", 'error' ); + $self->logger->error("Unable to get any Facebook field"); return PE_ERROR; } if ( $datas->{error} ) { my $tmp = pop @fields; - $self->lmLog( -"Unable to get some Facebook fields ($datas->{error}->{message}). Retrying without $tmp", - 'warn' + $self->logger->warn( +"Unable to get some Facebook fields ($datas->{error}->{message}). Retrying without $tmp" ); } else { @@ -76,13 +75,13 @@ sub extractFormInfo { } } unless (@fields) { - $self->lmLog( "Unable to get any Facebook field", 'error' ); + $self->logger->error("Unable to get any Facebook field"); return PE_ERROR; } # Use id fieldto trace user unless ( $req->{user} = $datas->{id} ) { - $self->lmLog( 'Unable to get Facebook id', 'error' ); + $self->logger->error('Unable to get Facebook id'); return PE_ERROR; } $req->datas->{_facebookDatas} = $datas; @@ -97,8 +96,7 @@ sub extractFormInfo { # 1.2 Bad responses if ( my $error_code = $req->param('error_code') ) { my $error_message = $req->param('error_message'); - $self->lmLog( "Facebook error code $error_code: $error_message", - 'error' ); + $self->logger->error("Facebook error code $error_code: $error_message"); return PE_ERROR; } @@ -160,7 +158,7 @@ sub fb { callback => $ret, ); }; - $self->lmLog( $@, 'error' ) if ($@); + $self->logger->error($@) if ($@); return $fb; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenID.pm index 15b837e07..8a908962d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenID.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenID.pm @@ -93,7 +93,7 @@ sub extractFormInfo { # Remote error unless ( $csr->is_server_response() ) { - $self->lmLog( 'No OpenID valid message found', 'info' ); + $self->logger->info('No OpenID valid message found'); return PE_BADCREDENTIALS; } @@ -106,22 +106,22 @@ sub extractFormInfo { # Check if user has refused to share his authentication elsif ( $csr->user_cancel() ) { - $self->lmLog( 'OpenID request cancelled by user', 'info' ); + $self->logger->info('OpenID request cancelled by user'); return PE_FIRSTACCESS; } # TODO: check verified identity elsif ( $req->datas->{vident} = $csr->verified_identity ) { $req->user( $req->datas->{vident}->url() ); - $self->lmLog( "OpenID good authentication for $req->{user}", - 'debug' ); + $self->userLogger->notice( + "OpenID good authentication for $req->{user}"); $req->{mustRedirect} = 1; return PE_OK; } # Other errors else { - $self->lmLog( 'OpenID error: ' . $csr->err, 'warn' ); + $self->logger->warn( 'OpenID error: ' . $csr->err ); return PE_ERROR; } } @@ -138,12 +138,12 @@ sub extractFormInfo { # Check if url is valid unless ($claimed_identity) { - $self->lmLog( 'OpenID error : ' . $req->{csr}->err(), 'warn' ); + $self->logger->warn( 'OpenID error : ' . $req->{csr}->err() ); return PE_BADCREDENTIALS; } # Build the redirection - $self->lmLog( "OpenID redirection to $url", 'debug' ); + $self->logger->debug("OpenID redirection to $url"); my $check_url = $claimed_identity->check_url( return_to => $self->conf->{portal} . '?openid=1&' @@ -175,9 +175,8 @@ sub extractFormInfo { else { push @o, $k } } else { - $self->lmLog( -qq'Unknown "OpenID Simple Registration Extension" field name: $k', - 'warn' + $self->logger->warn( +qq'Unknown "OpenID Simple Registration Extension" field name: $k' ); } } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm index 8bbc2e1f1..62b7711fb 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm @@ -26,7 +26,7 @@ sub init { return 0 unless ( $self->loadOPs and $self->refreshJWKSdata ); my @tab = ( sort keys %{ $self->oidcOPList } ); unless (@tab) { - $self->lmLog( "No OP configured", 'error' ); + $self->logger->error("No OP configured"); return 0; } $self->opNumber( scalar @tab ); @@ -69,8 +69,8 @@ sub extractFormInfo { # Check callback if ( $req->param( $self->conf->{oidcRPCallbackGetParam} ) ) { - $self->lmLog( 'OpenIDConnect callback URI detected: ' . $req->uri, - 'debug' ); + $self->logger->debug( + 'OpenIDConnect callback URI detected: ' . $req->uri ); # AuthN Response my $state = $req->param('state'); @@ -78,10 +78,10 @@ sub extractFormInfo { # Restore state if ($state) { if ( $self->extractState( $req, $state ) ) { - $self->lmLog( "State $state extracted", 'debug' ); + $self->logger->debug("State $state extracted"); } else { - $self->lmLog( "Unable to extract state $state", 'error' ); + $self->logger->error("Unable to extract state $state"); return PE_ERROR; } } @@ -90,11 +90,11 @@ sub extractFormInfo { my $op = $req->datas->{_oidcOPCurrent}; unless ($op) { - $self->lmLog( "OpenID Provider not found", 'error' ); + $self->logger->error("OpenID Provider not found"); return PE_ERROR; } - $self->lmLog( "Using OpenID Provider $op", 'debug' ); + $self->logger->debug("Using OpenID Provider $op"); # Check error my $error = $req->param("error"); @@ -102,10 +102,10 @@ sub extractFormInfo { my $error_description = $req->param("error_description"); my $error_uri = $req->param("error_uri"); - $self->lmLog( "Error returned by $op Provider: $error", 'error' ); - $self->lmLog( "Error description: $error_description", 'error' ) + $self->logger->error("Error returned by $op Provider: $error"); + $self->logger->error("Error description: $error_description") if $error_description; - $self->lmLog( "Error URI: $error_uri", 'error' ) if $error_uri; + $self->logger->error("Error URI: $error_uri") if $error_uri; return PE_ERROR; } @@ -125,38 +125,37 @@ sub extractFormInfo { my $json = $self->decodeJSON($content); if ( $json->{error} ) { - $self->lmLog( "Error in token response:" . $json->{error}, - 'error' ); + $self->logger->error( "Error in token response:" . $json->{error} ); return PE_ERROR; } # Check validity of token response unless ( $self->checkTokenResponseValidity($json) ) { - $self->lmLog( "Token response is not valid", 'error' ); + $self->logger->error("Token response is not valid"); return PE_ERROR; } else { - $self->lmLog( "Token response is valid", 'debug' ); + $self->logger->debug("Token response is valid"); } my $access_token = $json->{access_token}; my $id_token = $json->{id_token}; - $self->lmLog( "Access token: $access_token", 'debug' ); - $self->lmLog( "ID token: $id_token", 'debug' ); + $self->logger->debug("Access token: $access_token"); + $self->logger->debug("ID token: $id_token"); # Verify JWT signature if ( $self->conf->{oidcOPMetaDataOptions}->{$op} ->{oidcOPMetaDataOptionsCheckJWTSignature} ) { unless ( $self->verifyJWTSignature( $id_token, $op ) ) { - $self->lmLog( "JWT signature verification failed", 'error' ); + $self->logger->error("JWT signature verification failed"); return PE_ERROR; } - $self->lmLog( "JWT signature verified", 'debug' ); + $self->logger->debug("JWT signature verified"); } else { - $self->lmLog( "JWT signature check disabled", 'debug' ); + $self->logger->debug("JWT signature check disabled"); } my $id_token_payload = $self->extractJWT($id_token)->[1]; @@ -168,25 +167,24 @@ sub extractFormInfo { my $at_hash = $id_token_payload_hash->{at_hash}; if ($at_hash) { unless ( $self->verifyHash( $access_token, $at_hash, $id_token ) ) { - $self->lmLog( "Access token hash verification failed", - 'error' ); + $self->userLogger->error( + "Access token hash verification failed"); return PE_ERROR; } - $self->lmLog( "Access token hash verified", 'debug' ); + $self->logger->debug("Access token hash verified"); } else { - $self->lmLog( - "No at_hash in ID Token, access token will not be verified", - 'debug' ); + $self->logger->debug( + "No at_hash in ID Token, access token will not be verified"); } # Check validity of ID Token unless ( $self->checkIDTokenValidity( $op, $id_token_payload_hash ) ) { - $self->lmLog( 'ID Token not valid', 'error' ); + $self->logger->error('ID Token not valid'); return PE_ERROR; } else { - $self->lmLog( 'ID Token is valid', 'debug' ); + $self->logger->debug('ID Token is valid'); } # Get user id defined in 'sub' field @@ -196,7 +194,7 @@ sub extractFormInfo { $req->datas->{access_token} = $access_token; $req->datas->{id_token} = $id_token; - $self->lmLog( "Found user_id: " . $user_id, 'debug' ); + $self->logger->debug( "Found user_id: " . $user_id ); $req->user($user_id); return PE_OK; @@ -206,12 +204,12 @@ sub extractFormInfo { my $op; unless ( $op = $req->param("idp") ) { - $self->lmLog( "Redirecting user to OP list", 'debug' ); + $self->logger->debug("Redirecting user to OP list"); # Auto select provider if there is only one if ( $self->opNumber == 1 ) { $op = $self->opList->[0]->{val}; - $self->lmLog( "Selecting the only defined OP: $op", 'debug' ); + $self->logger->debug("Selecting the only defined OP: $op"); } else { @@ -231,12 +229,12 @@ sub extractFormInfo { } # Provider is choosen - $self->lmLog( "OpenID Provider $op choosen", 'debug' ); + $self->logger->debug("OpenID Provider $op choosen"); $req->datas->{_oidcOPCurrent} = $op; # AuthN Request - $self->lmLog( "Build OpenIDConnect AuthN Request", 'debug' ); + $self->logger->debug("Build OpenIDConnect AuthN Request"); # Save state my $state = $self->storeState( $req, qw/urldc checkLogins _oidcOPCurrent/ ); @@ -245,7 +243,7 @@ sub extractFormInfo { $req->urldc( $self->buildAuthorizationCodeAuthnRequest( $req, $op, $state ) ); - $self->lmLog( "Redirect user to " . $req->{urldc}, 'debug' ); + $self->logger->debug( "Redirect user to " . $req->{urldc} ); $req->continue(1); $req->steps( [] ); @@ -270,11 +268,11 @@ sub setAuthSessionInfo { my $store_IDToken = $self->conf->{oidcOPMetaDataOptions}->{$op} ->{oidcOPMetaDataOptionsStoreIDToken}; if ($store_IDToken) { - $self->lmLog( "Store ID Token in session", 'debug' ); + $self->logger->debug("Store ID Token in session"); $req->{sessionInfo}->{OpenIDConnect_IDToken} = $req->datas->{id_token}; } else { - $self->lmLog( "ID Token will not be stored in session", 'debug' ); + $self->logger->debug("ID Token will not be stored in session"); } PE_OK; @@ -298,12 +296,11 @@ sub authLogout { ) ); - $self->lmLog( - "OpenID Connect logout to $op will be done on " . $req->urldc, - 'debug' ); + $self->logger->debug( + "OpenID Connect logout to $op will be done on " . $req->urldc ); } else { - $self->lmLog( "No end session endpoint found for $op", 'debug' ); + $self->logger->debug("No end session endpoint found for $op"); } PE_OK; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Radius.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Radius.pm index 91da0699e..e604086d5 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Radius.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Radius.pm @@ -17,9 +17,12 @@ our $VERSION = '2.0.0'; has radius => ( is => 'rw' ); -has authnLevel => ( is => 'rw', default => sub { - $_[0]->conf->{radiusAuthnLevel}; -}); +has authnLevel => ( + is => 'rw', + default => sub { + $_[0]->conf->{radiusAuthnLevel}; + } +); sub initRadius { $_[0]->radius( @@ -44,11 +47,11 @@ sub init { sub authenticate { my ( $self, $req ) = @_; - $self->initRadius unless($self->radius); - return PE_RADIUSCONNECTFAILED unless($self->radius); + $self->initRadius unless ( $self->radius ); + return PE_RADIUSCONNECTFAILED unless ( $self->radius ); - my $res = $self->radius->check_pwd($req->user, $req->datas->{password}); - unless($res==1){ + my $res = $self->radius->check_pwd( $req->user, $req->datas->{password} ); + unless ( $res == 1 ) { $self->p->userNotice("Unable to authenticate $req->{user} !"); return PE_BADCREDENTIALS; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm index 6cf638955..79da96444 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm @@ -85,8 +85,8 @@ sub extractFormInfo { # 1.1 SSO assertion consumer if ( $url =~ $self->sloAssConsumerRe ) { - $self->lmLog( "URL $url detected as an SSO assertion consumer URL", - 'debug' ); + $self->logger->debug( + "URL $url detected as an SSO assertion consumer URL"); # Check SAML Message my ( $request, $response, $method, $relaystate, $artifact ) = @@ -111,29 +111,28 @@ sub extractFormInfo { } unless ($result) { - $self->lmLog( "SSO: Fail to process authentication response", - 'error' ); + $self->logger->error( + "SAML SSO: Fail to process authentication response"); return PE_SAML_SSO_ERROR; } - $self->lmLog( "SSO: authentication response is valid", 'debug' ); + $self->logger->debug("SSO: authentication response is valid"); # Get IDP entityID my $idp = $login->remote_providerID(); - $self->lmLog( "Found entityID $idp in SAML message", 'debug' ); + $self->logger->debug("Found entityID $idp in SAML message"); # IDP conf key my $idpConfKey = $self->idpList->{$idp}->{confKey}; unless ($idpConfKey) { - $self->lmLog( "$idp do not match any IDP in configuration", - 'error' ); + $self->userLogger->error( + "$idp do not match any IDP in configuration"); return PE_SAML_UNKNOWN_ENTITY; } - $self->lmLog( "$idp match $idpConfKey IDP in configuration", - 'debug' ); + $self->logger->debug("$idp match $idpConfKey IDP in configuration"); # Do we check signature? my $checkSSOMessageSignature = @@ -153,22 +152,21 @@ sub extractFormInfo { } unless ($result) { - $self->lmLog( "Signature is not valid", 'error' ); + $self->logger->error("Signature is not valid"); return PE_SAML_SIGNATURE_ERROR; } else { - $self->lmLog( "Signature is valid", 'debug' ); + $self->logger->debug("Signature is valid"); } } else { - $self->lmLog( "Message signature will not be checked", - 'debug' ); + $self->logger->debug("Message signature will not be checked"); } # Get SAML response my $saml_response = $login->response(); unless ($saml_response) { - $self->lmLog( "No SAML response found", 'error' ); + $self->logger->error("No SAML response found"); return PE_SAML_SSO_ERROR; } @@ -183,9 +181,8 @@ sub extractFormInfo { # Assertion was already consumed or is expired # Force authentication replay - $self->lmLog( -"Message $assertion_responded already used or expired, replay authentication", - 'error' + $self->userLogger->error( +"Message $assertion_responded already used or expired, replay authentication" ); delete $req->{urldc}; $req->mustRedirect(1); @@ -194,9 +191,8 @@ sub extractFormInfo { } } else { - $self->lmLog( -"Assertion is not a response to a created authentication request, do not control replay", - 'debug' + $self->logger->debug( +"Assertion is not a response to a created authentication request, do not control replay" ); } @@ -204,13 +200,12 @@ sub extractFormInfo { my $assertion = $self->getAssertion($login); unless ($assertion) { - $self->lmLog( "No assertion found", 'error' ); + $self->logger->error("No assertion found"); return PE_SAML_SSO_ERROR; } # Do we check conditions? - my $checkTime = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $checkTime = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsCheckTime}; my $checkAudience = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} @@ -224,7 +219,7 @@ sub extractFormInfo { ) ) { - $self->lmLog( "Conditions not validated", 'error' ); + $self->logger->error("Conditions not validated"); return PE_SAML_CONDITIONS_ERROR; } @@ -234,7 +229,7 @@ sub extractFormInfo { # Extract RelayState information if ( $self->extractRelayState( $relaystate, $relayStateURL ) ) { - $self->lmLog( "RelayState $relaystate extracted", 'debug' ); + $self->logger->debug("RelayState $relaystate extracted"); } # Check if we accept direct login from IDP @@ -242,9 +237,8 @@ sub extractFormInfo { $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsAllowLoginFromIDP}; if ( !$assertion_responded and !$allowLoginFromIDP ) { - $self->lmLog( - "Direct login from IDP $idpConfKey is not allowed", - 'error' ); + $self->userLogger->error( + "Direct login from IDP $idpConfKey is not allowed"); return PE_SAML_IDPSSOINITIATED_NOTALLOWED; } @@ -256,15 +250,13 @@ sub extractFormInfo { ->AuthnContextClassRef(); }; if ($@) { - $self->lmLog( - "Unable to get authentication context from $idpConfKey", - 'debug' ); + $self->logger->debug( + "Unable to get authentication context from $idpConfKey"); $responseAuthnContext = $self->getAuthnContext("unspecified"); } else { - $self->lmLog( - "Found authentication context: $responseAuthnContext", - 'debug' ); + $self->logger->debug( + "Found authentication context: $responseAuthnContext"); } # Map authentication context to authentication level @@ -282,10 +274,10 @@ sub extractFormInfo { $session_index = $assertion->AuthnStatement()->SessionIndex(); }; if ( $@ or !defined($session_index) ) { - $self->lmLog( "No SessionIndex found", 'debug' ); + $self->logger->debug("No SessionIndex found"); } else { - $self->lmLog( "Found SessionIndex $session_index", 'debug' ); + $self->logger->debug("Found SessionIndex $session_index"); } # Get NameID @@ -295,11 +287,11 @@ sub extractFormInfo { my $user = $nameid->content; unless ($user) { - $self->lmLog( "No NameID value found", 'error' ); + $self->logger->error("No NameID value found"); return PE_SAML_SSO_ERROR; } - $self->lmLog( "Found NameID: $user", 'debug' ); + $self->logger->debug("Found NameID: $user"); $req->user($user); # Store Lasso objects @@ -312,7 +304,7 @@ sub extractFormInfo { # Store Token my $saml_token = $assertion->export_to_xml; - $self->lmLog( "SAML Token: $saml_token", 'debug' ); + $self->logger->debug("SAML Token: $saml_token"); $req->datas->{_samlToken} = $saml_token; @@ -329,9 +321,8 @@ sub extractFormInfo { # Warning if more than one session found if ( $#saml_sessions_keys > 0 ) { - $self->lmLog( -"More than one SAML proxy session found for ID $assertion_responded", - 'warn' + $self->logger->warn( +"More than one SAML proxy session found for ID $assertion_responded" ); } @@ -339,9 +330,8 @@ sub extractFormInfo { my $saml_session = shift @saml_sessions_keys; # Get session - $self->lmLog( -"Retrieve SAML proxy session $saml_session for ID $assertion_responded", - 'debug' + $self->logger->debug( +"Retrieve SAML proxy session $saml_session for ID $assertion_responded" ); my $samlSessionInfo = $self->getSamlSession($saml_session); @@ -364,16 +354,15 @@ sub extractFormInfo { elsif ($request) { # Do nothing - $self->lmLog( - "This module do not manage SSO request, see IssuerDBSAML", - 'debug' ); + $self->logger->debug( + "This module do not manage SSO request, see IssuerDBSAML"); return PE_OK; } else { # This should not happen - $self->lmLog( "SSO request or response was not found", 'error' ); + $self->logger->error("SSO request or response was not found"); return PE_SAML_ERROR; } @@ -382,7 +371,7 @@ sub extractFormInfo { # 1.2 SLO elsif ( $url =~ $self->sloRe ) { - $self->lmLog( "URL $url detected as an SLO URL", 'debug' ); + $self->logger->debug("URL $url detected as an SLO URL"); # TODO: call authLogout instead of duplicating SLO $req->steps( [ @{ $self->p->beforeLogout }, 'deleteSession' ] ); @@ -404,11 +393,11 @@ sub extractFormInfo { my $result = $self->processLogoutResponseMsg( $logout, $response ); unless ($result) { - $self->lmLog( "Fail to process logout response", 'error' ); + $self->logger->error("Fail to process logout response"); return PE_SAML_SLO_ERROR; } - $self->lmLog( "Logout response is valid", 'debug' ); + $self->logger->debug("Logout response is valid"); # Check Destination return PE_SAML_DESTINATION_ERROR @@ -417,19 +406,18 @@ sub extractFormInfo { # Get IDP entityID my $idp = $logout->remote_providerID(); - $self->lmLog( "Found entityID $idp in SAML message", 'debug' ); + $self->logger->debug("Found entityID $idp in SAML message"); # IDP conf key my $idpConfKey = $self->idpList->{$idp}->{confKey}; unless ($idpConfKey) { - $self->lmLog( "$idp do not match any IDP in configuration", - 'error' ); + $self->userLogger->error( + "$idp do not match any IDP in configuration"); return PE_SAML_UNKNOWN_ENTITY; } - $self->lmLog( "$idp match $idpConfKey IDP in configuration", - 'debug' ); + $self->logger->debug("$idp match $idpConfKey IDP in configuration"); # Do we check signature? my $checkSLOMessageSignature = @@ -443,16 +431,15 @@ sub extractFormInfo { $result = $self->processLogoutResponseMsg( $logout, $response ); unless ($result) { - $self->lmLog( "Signature is not valid", 'error' ); + $self->logger->error("Signature is not valid"); return PE_SAML_SIGNATURE_ERROR; } else { - $self->lmLog( "Signature is valid", 'debug' ); + $self->logger->debug("Signature is valid"); } } else { - $self->lmLog( "Message signature will not be checked", - 'debug' ); + $self->logger->debug("Message signature will not be checked"); } # Replay protection @@ -461,16 +448,16 @@ sub extractFormInfo { unless ( $self->replayProtection($samlID) ) { # Logout request was already consumed or is expired - $self->lmLog( "Message $samlID already used or expired", - 'error' ); + $self->userLogger->error( + "Message $samlID already used or expired"); return PE_SAML_SLO_ERROR; } # If URL in RelayState, different from portal, redirect user if ( $self->extractRelayState($relaystate) ) { - $self->lmLog( "RelayState $relaystate extracted", 'debug' ); - $self->lmLog( "URL " . $req->urldc . " found in RelayState", - 'debug' ); + $self->logger->debug("RelayState $relaystate extracted"); + $self->logger->debug( + "URL " . $req->urldc . " found in RelayState" ); } if ( $req->urldc @@ -496,11 +483,11 @@ sub extractFormInfo { # Process logout request unless ( $self->processLogoutRequestMsg( $logout, $request ) ) { - $self->lmLog( "Fail to process logout request", 'error' ); + $self->logger->error("Fail to process logout request"); $logout_error = 1; } - $self->lmLog( "Logout request is valid", 'debug' ); + $self->logger->debug("Logout request is valid"); # Check Destination return PE_SAML_DESTINATION_ERROR @@ -509,19 +496,18 @@ sub extractFormInfo { # Get IDP entityID my $idp = $logout->remote_providerID(); - $self->lmLog( "Found entityID $idp in SAML message", 'debug' ); + $self->logger->debug("Found entityID $idp in SAML message"); # IDP conf key my $idpConfKey = $self->idpList->{$idp}->{confKey}; unless ($idpConfKey) { - $self->lmLog( "$idp do not match any IDP in configuration", - 'error' ); + $self->userLogger->error( + "$idp do not match any IDP in configuration"); return PE_SAML_UNKNOWN_ENTITY; } - $self->lmLog( "$idp match $idpConfKey IDP in configuration", - 'debug' ); + $self->logger->debug("$idp match $idpConfKey IDP in configuration"); # Do we check signature? my $checkSLOMessageSignature = @@ -530,16 +516,15 @@ sub extractFormInfo { if ($checkSLOMessageSignature) { unless ( $self->checkSignatureStatus($logout) ) { - $self->lmLog( "Signature is not valid", 'error' ); + $self->logger->error("Signature is not valid"); return PE_SAML_SIGNATURE_ERROR; } else { - $self->lmLog( "Signature is valid", 'debug' ); + $self->logger->debug("Signature is valid"); } } else { - $self->lmLog( "Message signature will not be checked", - 'debug' ); + $self->logger->debug("Message signature will not be checked"); } # Get NameID and SessionIndex @@ -548,12 +533,12 @@ sub extractFormInfo { my $user = $name_id->content; unless ($name_id) { - $self->lmLog( "Fail to get NameID from logout request", - 'error' ); + $self->userLogger->error( + "Fail to get NameID from logout request"); $logout_error = 1; } - $self->lmLog( "Logout request NameID content: $user", 'debug' ); + $self->logger->debug("Logout request NameID content: $user"); # Get SAML sessions with the same NameID my $moduleOptions = $self->conf->{samlStorageOptions} || {}; @@ -571,9 +556,8 @@ sub extractFormInfo { my $local_session = $_; # Get session - $self->lmLog( - "Retrieve SAML session $local_session for user $user", - 'debug' ); + $self->logger->debug( + "Retrieve SAML session $local_session for user $user"); my $sessionInfo = $self->getSamlSession($local_session); @@ -583,9 +567,8 @@ sub extractFormInfo { and $session_index ne $sessionInfo->data->{_sessionIndex} ) { - $self->lmLog( -"Session $local_session has not the good session index, skipping", - 'debug' + $self->logger->debug( +"Session $local_session has not the good session index, skipping" ); next; } @@ -607,9 +590,8 @@ sub extractFormInfo { if ( $ssoSession && $ssoSession->data->{_lassoSessionDump} ) { - $self->lmLog( -"Get Lasso::Session dump from session $real_session", - 'debug' + $self->logger->debug( +"Get Lasso::Session dump from session $real_session" ); $session_dump = $ssoSession->data->{_lassoSessionDump}; @@ -620,9 +602,8 @@ sub extractFormInfo { # Delete SAML session my $del_saml_result = $sessionInfo->remove(); - $self->lmLog( -"Delete SAML session $local_session result: $del_saml_result", - 'debug' + $self->logger->debug( +"Delete SAML session $local_session result: $del_saml_result" ); $logout_error = 1 unless $del_saml_result; @@ -631,8 +612,8 @@ sub extractFormInfo { # Set session from dump unless ( $self->setSessionFromDump( $logout, $session_dump ) ) { - $self->lmLog( "Cannot set session from dump in logout", - 'error' ); + $self->userLogger->error( + "Cannot set session from dump in logout"); $logout_error = 1; } @@ -640,7 +621,7 @@ sub extractFormInfo { else { # No corresponding session found - $self->lmLog( "No SAML session found for user $user", 'debug' ); + $self->logger->debug("No SAML session found for user $user"); $logout_error = 1; @@ -649,14 +630,14 @@ sub extractFormInfo { # Validate request if no previous error unless ($logout_error) { unless ( $self->validateLogoutRequest($logout) ) { - $self->lmLog( "SLO request is not valid", 'error' ); + $self->logger->error("SLO request is not valid"); } } # Set RelayState if ($relaystate) { $logout->msg_relayState($relaystate); - $self->lmLog( "Set $relaystate in RelayState", 'debug' ); + $self->logger->debug("Set $relaystate in RelayState"); } # Do we set signature? @@ -665,26 +646,24 @@ sub extractFormInfo { ->{samlIDPMetaDataOptionsSignSLOMessage}; if ( $signSLOMessage == 0 ) { - $self->lmLog( - "SLO message to IDP $idpConfKey will not be signed", - 'debug' ); + $self->logger->debug( + "SLO message to IDP $idpConfKey will not be signed"); $self->disableSignature($logout); } elsif ( $signSLOMessage == 1 ) { - $self->lmLog( "SLO message to IDP $idpConfKey will be signed", - 'debug' ); + $self->logger->debug( + "SLO message to IDP $idpConfKey will be signed"); $self->forceSignature($logout); } else { - $self->lmLog( -"SLO message to IDP $idpConfKey signature according to metadata", - 'debug' + $self->logger->debug( +"SLO message to IDP $idpConfKey signature according to metadata" ); } # Logout response unless ( $self->buildLogoutResponseMsg($logout) ) { - $self->lmLog( "Unable to build SLO response", 'error' ); + $self->logger->error("Unable to build SLO response"); return PE_SAML_SLO_ERROR; } @@ -695,7 +674,7 @@ sub extractFormInfo { # Redirect user to response URL my $slo_url = $logout->msg_url; - $self->lmLog( "Redirect user to $slo_url", 'debug' ); + $self->logger->debug("Redirect user to $slo_url"); $req->urldc($slo_url); @@ -726,7 +705,7 @@ sub extractFormInfo { my $slo_body = $logout->msg_body; - $self->lmLog( "SOAP response $slo_body", 'debug' ); + $self->logger->debug("SOAP response $slo_body"); $req->response( [ @@ -758,7 +737,7 @@ sub extractFormInfo { else { # This should not happen - $self->lmLog( "SLO request or response was not found", 'error' ); + $self->logger->error("SLO request or response was not found"); # Redirect user $req->mustRedirect(1); @@ -770,8 +749,8 @@ sub extractFormInfo { # 1.3 Artifact elsif ( $url =~ $self->artRe ) { - $self->lmLog( "URL $url detected as an artifact resolution service URL", - 'debug' ); + $self->logger->debug( + "URL $url detected as an artifact resolution service URL"); # Artifact request are sent with SOAP trough POST my $art_request = $req->content; @@ -782,8 +761,8 @@ sub extractFormInfo { # Process request message unless ( $self->processArtRequestMsg( $login, $art_request ) ) { - $self->lmLog( "Unable to process artifact request message", - 'error' ); + $self->userLogger->error( + "Unable to process artifact request message"); return PE_SAML_ART_ERROR; } @@ -794,8 +773,7 @@ sub extractFormInfo { # Create artifact response unless ( $art_response = $self->createArtifactResponse( $req, $login ) ) { - $self->lmLog( "Unable to create artifact response message", - 'error' ); + $self->logger("Unable to create artifact response message"); return PE_SAML_ART_ERROR; } @@ -824,7 +802,7 @@ sub extractFormInfo { # If confirmation is -1 from resolved IDP screen, # or IDP was not resolve, let the user choose its IDP if ( $confirm_flag == -1 or !$idp ) { - $self->lmLog( "Redirecting user to IDP list", 'debug' ); + $self->logger->debug("Redirecting user to IDP list"); # Control url parameter my $urlcheck = $self->p->controlUrl($req); @@ -860,7 +838,7 @@ sub extractFormInfo { # If IDP is found but not confirmed, let the user confirm it elsif ( $confirm_flag != 1 ) { - $self->lmLog( "IDP $idp selected, need user confirmation", 'debug' ); + $self->logger->debug("IDP $idp selected, need user confirmation"); # Control url parameter my $urlcheck = $self->p->controlUrl($req); @@ -889,7 +867,7 @@ sub extractFormInfo { # Here confirmation is OK (confirm_flag == 1), store choosen IDP in cookie unless ( $idp_cookie and $idp eq $idp_cookie ) { - $self->lmLog( "Build cookie to remember $idp as IDP choice", 'debug' ); + $self->logger->debug("Build cookie to remember $idp as IDP choice"); # Control url parameter my $urlcheck = $self->p->controlUrl($req); @@ -915,36 +893,31 @@ sub extractFormInfo { my $idpConfKey = $self->idpList->{$idp}->{confKey}; unless ($idpConfKey) { - $self->lmLog( "$idp do not match any IDP in configuration", 'error' ); + $self->logger->error("$idp do not match any IDP in configuration"); return PE_SAML_UNKNOWN_ENTITY; } - $self->lmLog( "$idp match $idpConfKey IDP in configuration", 'debug' ); + $self->logger->debug("$idp match $idpConfKey IDP in configuration"); # IDP ForceAuthn - my $forceAuthn = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $forceAuthn = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsForceAuthn}; # IDP IsPassive - my $isPassive = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $isPassive = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsIsPassive}; # IDP NameIDFormat - my $nameIDFormat = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $nameIDFormat = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsNameIDFormat}; $nameIDFormat = $self->getNameIDFormat($nameIDFormat) if $nameIDFormat; # IDP ProxyRestriction - my $allowProxiedAuthn = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $allowProxiedAuthn = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsAllowProxiedAuthn}; # IDP HTTP method - my $method = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $method = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsSSOBinding}; $method = $self->getHttpMethod($method); @@ -958,21 +931,17 @@ sub extractFormInfo { # Failback to HTTP-REDIRECT unless ( defined $method and $method != -1 ) { - $self->lmLog( "No method found with IDP $idpConfKey for SSO profile", - 'debug' ); + $self->logger->debug( + "No method found with IDP $idpConfKey for SSO profile"); $method = $self->getHttpMethod("redirect"); } - $self->lmLog( - "Use method " + $self->logger->debug( "Use method " . $self->getHttpMethodString($method) - . " with IDP $idpConfKey for SSO profile", - 'debug' - ); + . " with IDP $idpConfKey for SSO profile" ); # Set signature - my $signSSOMessage = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $signSSOMessage = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsSignSSOMessage} // -1; # Authentication Context @@ -991,17 +960,17 @@ sub extractFormInfo { ); unless ($login) { - $self->lmLog( "Could not create authentication request on $idpConfKey", - 'error' ); + $self->logger->error( + "Could not create authentication request on $idpConfKey"); return PE_SAML_SSO_ERROR; } - $self->lmLog( "Authentication request created", 'debug' ); + $self->logger->debug("Authentication request created"); # Keep assertion ID in memory to prevent replay my $samlID = $login->request()->ID; unless ( $self->storeReplayProtection($samlID) ) { - $self->lmLog( "Unable to store assertion ID", 'error' ); + $self->logger->error("Unable to store assertion ID"); return PE_SAML_SSO_ERROR; } @@ -1024,8 +993,8 @@ sub extractFormInfo { $samlSessionInfo->update($infos); - $self->lmLog( "Keep initial SAML request data in memory for ID $samlID", - 'debug' ); + $self->logger->debug( + "Keep initial SAML request data in memory for ID $samlID"); } # Send SSO request depending on request method @@ -1036,7 +1005,7 @@ sub extractFormInfo { # Redirect user to response URL my $sso_url = $login->msg_url; - $self->lmLog( "Redirect user to $sso_url", 'debug' ); + $self->logger->debug("Redirect user to $sso_url"); $req->urldc($sso_url); @@ -1089,13 +1058,12 @@ sub setAuthSessionInfo { my $assertion = $self->getAssertion($login); unless ($assertion) { - $self->lmLog( "No assertion found", 'error' ); + $self->logger->error("No assertion found"); return PE_SAML_SSO_ERROR; } # Force UTF-8 - my $force_utf8 = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $force_utf8 = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsForceUTF8}; # Try to get attributes if attribute statement is present in assertion @@ -1140,7 +1108,7 @@ sub setAuthSessionInfo { }; if ( $@ or !$sessionNotOnOrAfter ) { - $self->lmLog( "No SessionNotOnOrAfter value found", 'debug' ); + $self->logger->debug("No SessionNotOnOrAfter value found"); } else { @@ -1156,9 +1124,8 @@ sub setAuthSessionInfo { # Use SAML time to determine the start of the session my $new_utime = $samltime - $timeout; $req->{sessionInfo}->{_utime} = $new_utime; - $self->lmLog( -"Adapt _utime with SessionNotOnOrAfter value, new _utime: $new_utime", - 'debug' + $self->logger->debug( +"Adapt _utime with SessionNotOnOrAfter value, new _utime: $new_utime" ); } @@ -1166,8 +1133,8 @@ sub setAuthSessionInfo { # Establish federation (required for attribute request in UserDBSAML) unless ( $self->acceptSSO($login) ) { - $self->lmLog( "Error while accepting SSO from IDP $idpConfKey", - 'error' ); + $self->userLogger->error( + "Error while accepting SSO from IDP $idpConfKey"); return PE_SAML_SSO_ERROR; } @@ -1180,15 +1147,14 @@ sub setAuthSessionInfo { $req->{sessionInfo}->{_lassoIdentityDump} = $identity->dump() if $identity; # Keep SAML Token in session - my $store_samlToken = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $store_samlToken = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsStoreSAMLToken}; if ($store_samlToken) { - $self->lmLog( "Store SAML Token in session", 'debug' ); + $self->logger->debug("Store SAML Token in session"); $req->{sessionInfo}->{_samlToken} = $req->datas->{_samlToken}; } else { - $self->lmLog( "SAML Token will not be stored in session", 'debug' ); + $self->logger->debug("SAML Token will not be stored in session"); } $req->datas->{_lassoLogin} = $login; @@ -1210,12 +1176,9 @@ sub authFinish { my $nameid = $req->datas->{_nameID}; my $session_index = $req->datas->{_sessionIndex}; - $self->lmLog( - "Store NameID " + $self->logger->debug( "Store NameID " . $nameid->dump - . " and SessionIndex $session_index for session $id", - 'debug' - ); + . " and SessionIndex $session_index for session $id" ); # Save SAML session my $samlSessionInfo = $self->getSamlSession(); @@ -1233,7 +1196,7 @@ sub authFinish { my $session_id = $samlSessionInfo->id; - $self->lmLog( "Link session $id to SAML session $session_id", 'debug' ); + $self->logger->debug("Link session $id to SAML session $session_id"); return PE_OK; } @@ -1253,13 +1216,12 @@ sub authLogout { my $session_dump = $req->{sessionInfo}->{_lassoSessionDump}; unless ($session_dump) { - $self->lmLog( "Could not get session dump from session", 'error' ); + $self->logger->error("Could not get session dump from session"); return PE_SAML_SLO_ERROR; } # IDP HTTP method - $method = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + $method = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsSLOBinding}; $method = $self->getHttpMethod($method); @@ -1273,21 +1235,17 @@ sub authLogout { # Skip SLO if no method found unless ( defined $method and $method != -1 ) { - $self->lmLog( "No method found with IDP $idpConfKey for SLO profile", - 'debug' ); + $self->logger->debug( + "No method found with IDP $idpConfKey for SLO profile"); return PE_OK; } - $self->lmLog( - "Use method " + $self->logger->debug( "Use method " . $self->getHttpMethodString($method) - . " with IDP $idpConfKey for SLO profile", - 'debug' - ); + . " with IDP $idpConfKey for SLO profile" ); # Set signature - my $signSLOMessage = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $signSLOMessage = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsSignSLOMessage} // 0; # Build Logout Request @@ -1295,15 +1253,15 @@ sub authLogout { $self->createLogoutRequest( $req, $self->lassoServer, $session_dump, $method, $signSLOMessage ); unless ($logout) { - $self->lmLog( "Could not create logout request", 'error' ); + $self->logger->error("Could not create logout request"); return PE_SAML_SLO_ERROR; } - $self->lmLog( "Logout request created", 'debug' ); + $self->logger->debug("Logout request created"); # Keep request ID in memory to prevent replay unless ( $self->storeReplayProtection( $logout->request()->ID ) ) { - $self->lmLog( "Unable to store Logout request ID", 'error' ); + $self->logger->error("Unable to store Logout request ID"); return PE_SAML_SLO_ERROR; } @@ -1315,7 +1273,7 @@ sub authLogout { # Redirect user to response URL my $slo_url = $logout->msg_url; - $self->lmLog( "Redirect user to $slo_url", 'debug' ); + $self->logger->debug("Redirect user to $slo_url"); $req->urldc($slo_url); @@ -1331,7 +1289,7 @@ sub authLogout { # Use autosubmit form my $slo_url = $logout->msg_url; my $slo_body = $logout->msg_body; - $self->lmLog( "Redirect user to $slo_url using autoPost", 'debug' ); + $self->logger->debug("Redirect user to $slo_url using autoPost"); $req->postUrl($slo_url); $req->postFields( { 'SAMLRequest' => $slo_body } ); @@ -1355,7 +1313,7 @@ sub authLogout { my $response = $self->sendSOAPMessage( $slo_url, $slo_body ); unless ($response) { - $self->lmLog( "No logout response to SOAP request", 'error' ); + $self->logger->error("No logout response to SOAP request"); return PE_SAML_SLO_ERROR; } @@ -1366,11 +1324,11 @@ sub authLogout { my $result = $self->processLogoutResponseMsg( $logout, $response ); unless ($result) { - $self->lmLog( "Fail to process logout response", 'error' ); + $self->logger->error("Fail to process logout response"); return PE_SAML_SLO_ERROR; } - $self->lmLog( "Logout response is valid", 'debug' ); + $self->logger->debug("Logout response is valid"); # Replay protection my $samlID = $logout->response()->InResponseTo; @@ -1378,14 +1336,14 @@ sub authLogout { unless ( $self->replayProtection($samlID) ) { # Logout request was already consumed or is expired - $self->lmLog( "Message $samlID already used or expired", 'error' ); + $self->logger->error("Message $samlID already used or expired"); return PE_SAML_SLO_ERROR; } return PE_OK; } else { - $self->lmLog( "Lasso method $method not implemented here", 'error' ); + $self->logger->error("Lasso method $method not implemented here"); return PE_SAML_SLO_ERROR; } } @@ -1431,10 +1389,8 @@ sub getIDP { my $idpConfKey = $self->idpList->{$_}->{confKey}; if ( $idpName eq $idpConfKey ) { $idp = $_; - $self->lmLog( - "IDP $idp found from idpName URL Parameter ($idpName)", - 'debug' - ); + $self->logger->debug( + "IDP $idp found from idpName URL Parameter ($idpName)"); last; } } @@ -1442,7 +1398,7 @@ sub getIDP { # Case 3: Recover IDP from cookie if ( !$idp and $idp = $idp_cookie ) { - $self->lmLog( "IDP $idp found in IDP resolution cookie", 'debug' ); + $self->logger->debug("IDP $idp found in IDP resolution cookie"); } # Case 4: check all IDP resolution rules @@ -1450,13 +1406,12 @@ sub getIDP { else { foreach ( keys %{ $self->idpList } ) { my $idpConfKey = $self->idpList->{$_}->{confKey}; - my $cond = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $cond = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsResolutionRule}; next unless defined $cond; if ( $self->safe->reval($cond) ) { - $self->lmLog( "IDP $idpConfKey resolution rule match", - 'debug' ); + $self->logger->debug( + "IDP $idpConfKey resolution rule match"); $idp = $_; last; } @@ -1468,9 +1423,8 @@ sub getIDP { and $self->conf->{samlCommonDomainCookieActivation} and $self->conf->{samlCommonDomainCookieReader} ) { - $self->lmLog( - "Will try to use Common Domain Cookie for IDP resolution", - 'debug' ); + $self->logger->debug( + "Will try to use Common Domain Cookie for IDP resolution"); # Add current URL to CDC Reader URL my $return_url = encode_base64( $self->self_url(), '' ); @@ -1483,7 +1437,7 @@ sub getIDP { : '?url=' . $return_url ); - $self->lmLog( "Redirect user to $cdc_reader_url", 'debug' ); + $self->logger->debug("Redirect user to $cdc_reader_url"); $req->urldc($cdc_reader_url); @@ -1491,7 +1445,7 @@ sub getIDP { return PE_REDIRECT; } - $self->lmLog( 'No IDP found', 'debug' ) unless ($idp); + $self->logger->debug('No IDP found') unless ($idp); } # Alert when selected IDP is unknown diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Slave.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Slave.pm index ce16205ea..66ba3907d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Slave.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Slave.pm @@ -28,8 +28,8 @@ sub extractFormInfo { $user_header =~ s/\-/_/g; unless ( $req->{user} = $req->env->{$user_header} ) { - $self->lmLog( "No header " . $self->conf->{slaveUserHeader} . " found", - 'error' ); + $self->userLogger->error( + "No header " . $self->conf->{slaveUserHeader} . " found" ); return PE_USERNOTFOUND; } PE_OK; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Twitter.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Twitter.pm index 1d7351fb5..783e1db3d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Twitter.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Twitter.pm @@ -56,7 +56,7 @@ sub extractFormInfo { # 1. Request to authenticate unless ( $req->param('twitterback') ) { - $self->lmLog( 'Redirection to Twitter', 'debug' ); + $self->logger->debug('Redirection to Twitter'); # 1.1 Try to get token to dialog with Twitter my $callback_url = $self->url(); @@ -80,8 +80,7 @@ sub extractFormInfo { # Forward hidden fields if ( exists $req->{portalHiddenFormValues} ) { - $self->lmLog( "Add hidden values to Twitter redirect URL", - 'debug' ); + $self->logger->debug("Add hidden values to Twitter redirect URL"); foreach ( keys %{ $req->{portalHiddenFormValues} } ) { $callback_url .= @@ -106,10 +105,10 @@ sub extractFormInfo { my $request_url = $request->to_url; - $self->lmLog( "POST $request_url to Twitter", 'debug' ); + $self->logger->debug("POST $request_url to Twitter"); my $res = $self->ua()->post($request_url); - $self->lmLog( "Twitter response: " . $res->as_string, 'debug' ); + $self->logger->debug( "Twitter response: " . $res->as_string ); if ( $res->is_success ) { my $response = Net::OAuth->response('request token') @@ -131,8 +130,8 @@ sub extractFormInfo { $self->quit(); } else { - $self->lmLog( 'Twitter OAuth protocol error: ' . $res->content, - 'error' ); + $self->logger->error( + 'Twitter OAuth protocol error: ' . $res->content ); return PE_ERROR; } } @@ -141,13 +140,12 @@ sub extractFormInfo { my $request_token = $req->param('oauth_token'); my $verifier = $req->param('oauth_verifier'); unless ( $request_token and $verifier ) { - $self->lmLog( 'Twitter OAuth protocol error', 'error' ); + $self->logger->error('Twitter OAuth protocol error'); return PE_ERROR; } - $self->lmLog( - "Get token $request_token and verifier $verifier from Twitter", - 'debug' ); + $self->logger->debug( + "Get token $request_token and verifier $verifier from Twitter"); # 2.1 Reconnect to Twitter my $access = Net::OAuth->request("access token")->new( @@ -166,10 +164,10 @@ sub extractFormInfo { my $access_url = $access->to_url; - $self->lmLog( "POST $access_url to Twitter", 'debug' ); + $self->logger->debug("POST $access_url to Twitter"); my $res_access = $self->ua()->post($access_url); - $self->lmLog( "Twitter response: " . $res_access->as_string, 'debug' ); + $self->logger->debug( "Twitter response: " . $res_access->as_string ); if ( $res_access->is_success ) { my $response = Net::OAuth->response('access token') @@ -180,23 +178,20 @@ sub extractFormInfo { $req->datas->{_twitterScreenName} = $response->{extra_params}->{screen_name}; - $self->lmLog( - "Get user id " + $self->logger->debug( "Get user id " . $req->datas->{_twitterUserId} . " and screen name " - . $req->datas->{_twitterScreenName}, - 'debug' - ); + . $req->datas->{_twitterScreenName} ); } else { - $self->lmLog( 'Twitter OAuth protocol error: ' . $res_access->content, - 'error' ); + $self->logger->error( + 'Twitter OAuth protocol error: ' . $res_access->content ); return PE_ERROR; } # 2.4 Set $req->{user} to screen name $req->user( $req->datas->{_twitterScreenName} ); - $self->lmLog( "Good Twitter authentication for $req->{user}", 'debug' ); + $self->logger->debug("Good Twitter authentication for $req->{user}"); # Force redirection to avoid displaying OAuth datas $req->{mustRedirect} = 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/WebID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/WebID.pm index 5c83fa541..9c9c1e6ba 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/WebID.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/WebID.pm @@ -40,7 +40,7 @@ sub init { } my $re = Regexp::Assemble->new(); foreach my $h (@hosts) { - $self->lmLog( "Add $h in WebID whitelist", 'debug' ); + $self->logger->debug("Add $h in WebID whitelist"); $h = quotemeta($h); $h =~ s/\\\*/\.\*\?/g; $re->add($h); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Yubikey.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Yubikey.pm index b3dfcabba..4401e7ecc 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Yubikey.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Yubikey.pm @@ -24,8 +24,8 @@ sub init { unless ($self->conf->{yubikeyClientID} and $self->conf->{yubikeySecretKey} ) { - $self->lmLog( "Missing mandatory parameters (Client ID and secret key)", - 'error' ); + $self->logger->error( + "Missing mandatory parameters (Client ID and secret key)"); return 0; } $self->conf->{yubikeyPublicIDSize} ||= 12; @@ -39,7 +39,7 @@ sub extractFormInfo { my $otp = $req->param('yubikeyOTP'); return PE_FORMEMPTY unless $otp; - $self->lmLog( "Received Yubikey OTP $otp", 'debug' ); + $self->logger->debug("Received Yubikey OTP $otp"); # Verify OTP my $result = Auth::Yubikey_WebClient::yubikey_webclient( diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm index af82f8baa..e1772ef37 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm @@ -113,7 +113,7 @@ sub extractFormInfo { $self->p->userNotice("Captcha failed: wrong or expired code"); return PE_CAPTCHAERROR; } - $self->lmLog( "Captcha code verified", 'debug' ); + $self->logger->debug("Captcha code verified"); } elsif ( $self->ott ) { unless ( $self->ott->getToken($token) ) { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm index 55c9deb2f..a1e3047eb 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm @@ -40,12 +40,9 @@ sub init { } $self->cdc_name( $conf->{samlCommonDomainCookieName} || '_saml_idp' ); $self->cdc_domain( $conf->{samlCommonDomainCookieDomain} ); - $self->lmLog( "[CDC] Cookie name: " . $self->cdc_name, 'debug' ); - $self->lmLog( - "[CDC] Domain name: " - . ( $self->cdc_domain ? $self->cdc_domain : '' ), - 'debug' - ); + $self->logger->debug( "[CDC] Cookie name: " . $self->cdc_name ); + $self->logger->debug( "[CDC] Domain name: " + . ( $self->cdc_domain ? $self->cdc_domain : '' ) ); foreach (qw(httpOnly cookieExpiration oldStyleUrl)) { $self->$_( $conf->{$_} ); @@ -71,7 +68,7 @@ sub handler { # TODO: Control URL #my $control_url = $self->_sub('controlUrlOrigin'); #unless ( $control_url == PE_OK ) { - # $self->lmLog( "[CDC] Bad URL", 'error' ); + # $self->logger->error( "[CDC] Bad URL"); # return $control_url; #} @@ -81,7 +78,7 @@ sub handler { $cdc_cookie = $cookies{ $self->cdc_name } if %cookies; if ($cdc_cookie) { - $self->lmLog( "[CDC] Cookie found with value $cdc_cookie", 'debug' ); + $self->logger->debug("[CDC] Cookie found with value $cdc_cookie"); } # Write request @@ -90,7 +87,7 @@ sub handler { # Append IDP to common domain cookie if ( $action eq 'write' ) { - $self->lmLog( "[CDC] Write request detected", 'debug' ); + $self->logger->debug("[CDC] Write request detected"); # Check IDP value unless ($idp) { @@ -98,7 +95,7 @@ sub handler { } # Add IDP value - $self->lmLog( "[CDC] Will add IDP $idp to IDP list", 'debug' ); + $self->logger->debug("[CDC] Will add IDP $idp to IDP list"); my $encoded_idp = encode_base64( $idp, '' ); @@ -109,9 +106,8 @@ sub handler { $cdc_cookie .= ( $cdc_cookie ? " " : "" ); $cdc_cookie .= $encoded_idp; - $self->lmLog( - "[CDC] Build cookie $self->{cdc_name} with value $cdc_cookie", - 'debug' ); + $self->logger->debug( + "[CDC] Build cookie $self->{cdc_name} with value $cdc_cookie"); # Build cookie $req->addCookie( @@ -130,15 +126,15 @@ sub handler { elsif ( $action eq 'read' ) { - $self->lmLog( "[CDC] Read request detected", 'debug' ); + $self->logger->debug("[CDC] Read request detected"); # Get last IDP from cookie if ($cdc_cookie) { $cdc_idp = decode_base64( ( split /\s+/, $cdc_cookie )[-1] ); - $self->lmLog( "[CDC] Get value $cdc_idp", 'debug' ); + $self->logger->debug("[CDC] Get value $cdc_idp"); } else { - $self->lmLog( "[CDC] No cookie, set a default value", 'debug' ); + $self->logger->debug("[CDC] No cookie, set a default value"); $cdc_idp = 'notfound'; } } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm deleted file mode 100644 index 65a3ed5e8..000000000 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Display.pm +++ /dev/null @@ -1,341 +0,0 @@ -## @file -# Display functions for LemonLDAP::NG Portal - -## @class -# Display functions for LemonLDAP::NG Portal -package Lemonldap::NG::Portal::Display; - -use strict; -use Lemonldap::NG::Portal::Simple; -use utf8; - -our $VERSION = '2.0.0'; - -## @method array display() -# Call portal process and set template parameters -# @return template name and template parameters -sub display { - my $self = shift; - - my $skin_dir = $self->getApacheHtdocsPath() . "/skins"; - my ( $skinfile, %templateParams ); - my $http_error = $self->param('lmError'); - - # 0. Display error page - if ($http_error) { - - $skinfile = 'error.tpl'; - - # Error code - my $error500 = 1 if ( $http_error eq "500" ); - my $error403 = 1 if ( $http_error eq "403" ); - my $error503 = 1 if ( $http_error eq "503" ); - - # Check URL - $self->_sub('controlUrlOrigin'); - - # Load session content - $self->_sub('controlExistingSession'); - - %templateParams = ( - PORTAL_URL => $self->{portal}, - LOGOUT_URL => $self->{portal} . "?logout=1", - URL => $self->{urldc}, - ERROR403 => $error403, - ERROR500 => $error500, - ERROR503 => $error503, - ); - - } - - # 1. Good authentication - elsif ( $self->process() ) { - - # 1.1 Image mode - if ( $self->{error} == PE_IMG_OK || $self->{error} == PE_IMG_NOK ) { - $skinfile = "$skin_dir/common/" - . ( - $self->{error} == PE_IMG_OK - ? 'ok.png' - : 'warning.png' - ); - $self->printImage( $skinfile, 'image/png' ); - exit; - } - - # 1.2 Case : there is a message to display - elsif ( my $info = $self->info() ) { - $skinfile = 'info.tpl'; - %templateParams = ( - AUTH_ERROR_TYPE => $self->error_type, - MSG => $info, - URL => $self->{urldc}, - HIDDEN_INPUTS => $self->buildHiddenForm(), - ACTIVE_TIMER => $self->{activeTimer}, - FORM_METHOD => $self->{infoFormMethod}, - ); - } - - # 1.3 Redirection - elsif ( $self->{error} == PE_REDIRECT ) { - $skinfile = "redirect.tpl"; - %templateParams = ( - URL => $self->{urldc}, - HIDDEN_INPUTS => $self->buildHiddenForm(), - FORM_METHOD => $self->{redirectFormMethod}, - ); - } - - # 1.4 Case : display menu - else { - - # Initialize menu elements - $self->_sub('menuInit'); - - $skinfile = 'menu.tpl'; - my $auth_user = $self->{sessionInfo}->{ $self->{portalUserAttr} }; - utf8::decode($auth_user); - - %templateParams = ( - AUTH_USER => $auth_user, - NEWWINDOW => $self->{portalOpenLinkInNewWindow}, - AUTH_ERROR => $self->error( $self->{menuError} ), - AUTH_ERROR_TYPE => $self->error_type( $self->{menuError} ), - DISPLAY_TAB => $self->{menuDisplayTab}, - LOGOUT_URL => "$ENV{SCRIPT_NAME}?logout=1", - REQUIRE_OLDPASSWORD => $self->{portalRequireOldPassword}, - HIDE_OLDPASSWORD => - 0, # Do not hide old password if it is required - DISPLAY_MODULES => $self->{menuDisplayModules}, - APPSLIST_MENU => $self->{menuAppslistMenu}, # For old templates - APPSLIST_DESC => $self->{menuAppslistDesc}, # For old templates - SCRIPT_NAME => $ENV{SCRIPT_NAME}, - APPSLIST_ORDER => $self->{sessionInfo}->{'appsListOrder'}, - PING => $self->{portalPingInterval}, - ); - - } - } - - # 2. Authentication not complete - - # 2.1 A notification has to be done (session is created but hidden and unusable - # until the user has accept the message) - elsif ( my $notif = $self->notification ) { - $skinfile = 'notification.tpl'; - %templateParams = ( - AUTH_ERROR_TYPE => $self->error_type, - NOTIFICATION => $notif, - HIDDEN_INPUTS => $self->buildHiddenForm(), - AUTH_URL => $self->get_url, - CHOICE_PARAM => $self->{authChoiceParam}, - CHOICE_VALUE => $self->{_authChoice}, - ); - } - - # 2.2 An authentication (or userDB) module needs to ask a question - # before processing to the request - elsif ( $self->{error} == PE_CONFIRM ) { - $skinfile = 'confirm.tpl'; - %templateParams = ( - AUTH_ERROR => $self->error, - AUTH_ERROR_TYPE => $self->error_type, - AUTH_URL => $self->get_url, - MSG => $self->info(), - HIDDEN_INPUTS => $self->buildHiddenForm(), - ACTIVE_TIMER => $self->{activeTimer}, - FORM_METHOD => $self->{confirmFormMethod}, - CHOICE_PARAM => $self->{authChoiceParam}, - CHOICE_VALUE => $self->{_authChoice}, - CHECK_LOGINS => $self->{portalCheckLogins} && $self->{login}, - ASK_LOGINS => $self->{checkLogins}, - CONFIRMKEY => $self->stamp(), - LIST => $self->{list} || [], - REMEMBER => $self->{confirmRemember}, - ); - } - - # 2.3 There is a message to display - elsif ( my $info = $self->info() ) { - $skinfile = 'info.tpl'; - %templateParams = ( - AUTH_ERROR => $self->error, - AUTH_ERROR_TYPE => $self->error_type, - MSG => $info, - URL => $self->{urldc}, - HIDDEN_INPUTS => $self->buildHiddenForm(), - ACTIVE_TIMER => $self->{activeTimer}, - FORM_METHOD => $self->{infoFormMethod}, - CHOICE_PARAM => $self->{authChoiceParam}, - CHOICE_VALUE => $self->{_authChoice}, - ); - } - - # 2.4 OpenID menu page - elsif ($self->{error} == PE_OPENID_EMPTY - or $self->{error} == PE_OPENID_BADID ) - { - $skinfile = 'openid.tpl'; - my $p = $self->{portal} . $self->{issuerDBOpenIDPath}; - $p =~ s#(? $self->error, - AUTH_ERROR_TYPE => $self->error_type, - PROVIDERURI => $p, - ID => $self->{_openidPortal} - . $self->{sessionInfo} - ->{ $self->{openIdAttr} || $self->{whatToTrace} }, - PORTAL_URL => $self->{portal}, - MSG => $self->info(), - ); - } - - # 2.5 Authentication has been refused OR this is the first access - else { - $skinfile = 'login.tpl'; - %templateParams = ( - AUTH_ERROR => $self->error, - AUTH_ERROR_TYPE => $self->error_type, - AUTH_URL => $self->get_url, - LOGIN => $self->get_user, - CHECK_LOGINS => $self->{portalCheckLogins}, - ASK_LOGINS => $self->{checkLogins}, - DISPLAY_RESETPASSWORD => $self->{portalDisplayResetPassword}, - DISPLAY_REGISTER => $self->{portalDisplayRegister}, - MAIL_URL => $self->{mailUrl}, - REGISTER_URL => $self->{registerUrl}, - HIDDEN_INPUTS => $self->buildHiddenForm(), - LOGIN_INFO => $self->loginInfo(), - ); - - # Display captcha if it's enabled - if ( $self->{captcha_login_enabled} ) { - %templateParams = ( - %templateParams, - CAPTCHA_IMG => $self->{captcha_img}, - CAPTCHA_CODE => $self->{captcha_code}, - CAPTCHA_SIZE => $self->{captcha_size} - ); - } - - # Show password form if password policy error - if ( - - $self->{error} == PE_PP_CHANGE_AFTER_RESET - or $self->{error} == PE_PP_MUST_SUPPLY_OLD_PASSWORD - or $self->{error} == PE_PP_INSUFFICIENT_PASSWORD_QUALITY - or $self->{error} == PE_PP_PASSWORD_TOO_SHORT - or $self->{error} == PE_PP_PASSWORD_TOO_YOUNG - or $self->{error} == PE_PP_PASSWORD_IN_HISTORY - or $self->{error} == PE_PASSWORD_MISMATCH - or $self->{error} == PE_BADOLDPASSWORD - or $self->{error} == PE_PASSWORDFORMEMPTY - or ( $self->{error} == PE_PP_PASSWORD_EXPIRED - and $self->{ldapAllowResetExpiredPassword} ) - ) - { - %templateParams = ( - %templateParams, - REQUIRE_OLDPASSWORD => - 1, # Old password is required to check user credentials - DISPLAY_FORM => 0, - DISPLAY_OPENID_FORM => 0, - DISPLAY_YUBIKEY_FORM => 0, - DISPLAY_PASSWORD => 1, - DISPLAY_RESETPASSWORD => 0, - AUTH_LOOP => [], - CHOICE_PARAM => $self->{authChoiceParam}, - CHOICE_VALUE => $self->{_authChoice}, - OLDPASSWORD => - $self->checkXSSAttack( 'oldpassword', $self->{oldpassword} ) - ? "" - : $self->{oldpassword}, - HIDE_OLDPASSWORD => $self->{hideOldPassword}, - ); - } - - # Disable all forms on: - # * Logout message - # * Bad URL error - elsif ($self->{error} == PE_LOGOUT_OK - or $self->{error} == PE_BADURL ) - { - %templateParams = ( - %templateParams, - DISPLAY_RESETPASSWORD => 0, - DISPLAY_FORM => 0, - DISPLAY_OPENID_FORM => 0, - DISPLAY_YUBIKEY_FORM => 0, - AUTH_LOOP => [], - PORTAL_URL => $self->{portal}, - MSG => $self->info(), - ); - - } - - # Display authentifcation form - else { - - # Authentication loop - if ( $self->{authLoop} ) { - %templateParams = ( - %templateParams, - AUTH_LOOP => $self->{authLoop}, - CHOICE_PARAM => $self->{authChoiceParam}, - CHOICE_VALUE => $self->{_authChoice}, - DISPLAY_FORM => 0, - DISPLAY_OPENID_FORM => 0, - DISPLAY_YUBIKEY_FORM => 0, - ); - } - - # Choose what form to display if not in a loop - else { - - my $displayType = $self->getDisplayType(); - - $self->lmLog( "Display type $displayType ", 'debug' ); - - %templateParams = ( - %templateParams, - DISPLAY_FORM => $displayType eq "standardform" ? 1 : 0, - DISPLAY_OPENID_FORM => $displayType eq "openidform" ? 1 : 0, - DISPLAY_YUBIKEY_FORM => $displayType eq "yubikeyform" ? 1 - : 0, - DISPLAY_LOGO_FORM => $displayType eq "logo" ? 1 : 0, - module => $displayType eq "logo" ? $self->get_module('auth') - : "", - AUTH_LOOP => [], - PORTAL_URL => $displayType eq "logo" ? $self->{portal} : 0, - MSG => $self->info(), - ); - - } - - } - - } - - ## Common template params - my $skin = $self->getSkin(); - my $portalPath = $self->{portal}; - $portalPath =~ s#^https?://[^/]+/?#/#; - $portalPath =~ s#[^/]+\.fcgi$##; - %templateParams = ( - %templateParams, - SKIN_PATH => $portalPath . "skins", - SKIN => $skin, - ANTIFRAME => $self->{portalAntiFrame}, - SKIN_BG => $self->{portalSkinBackground}, - ); - - ## Custom template params - if ( my $customParams = $self->getCustomTemplateParameters() ) { - %templateParams = ( %templateParams, %$customParams ); - } - - return ( "$skin_dir/$skin/$skinfile", %templateParams ); - -} - -1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm index 27c8113a2..ed3ded9fa 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm @@ -61,7 +61,7 @@ sub run { # 1. LOGIN if ( $target eq $cas_login ) { - $self->lmLog( "URL $url detected as an CAS LOGIN URL", 'debug' ); + $self->logger->debug("URL $url detected as an CAS LOGIN URL"); # GET parameters my $service = $self->p->getHiddenFormValue( $req, 'service' ) @@ -76,7 +76,7 @@ sub run { if ( $renew and $renew eq 'true' ) { # Authentication must be replayed - $self->lmLog( "Authentication renew requested", 'debug' ); + $self->logger->debug("Authentication renew requested"); $self->{updateSession} = 1; $req->steps( [ @@ -92,7 +92,7 @@ sub run { # If no service defined, exit unless ( defined $service ) { - $self->lmLog( "No service defined in CAS URL", 'debug' ); + $self->logger->debug("No service defined in CAS URL"); return PE_OK; } @@ -100,36 +100,34 @@ sub run { my $casAccessControlPolicy = $self->conf->{casAccessControlPolicy}; if ( $casAccessControlPolicy =~ /^(error|faketicket)$/i ) { - $self->lmLog( "CAS access control requested on service $service", - 'debug' ); + $self->logger->debug( + "CAS access control requested on service $service"); ## HERE unless ( $service =~ m#^https?://([^/]+)(/.*)?$# ) { - $self->lmLog( "Bad service $service", 'error' ); + $self->logger->error("Bad service $service"); return PE_ERROR; } my ( $host, $uri ) = ( $1, $2 ); if ( $self->p->HANDLER->grant( $req->sessionInfo, $1, undef, $2 ) ) { - $self->lmLog( "CAS service $service access allowed", 'debug' ); + $self->logger->debug("CAS service $service access allowed"); } else { - $self->lmLog( "CAS service $service access not allowed", - 'error' ); + $self->userLogger->error( + "CAS service $service access not allowed"); if ( $casAccessControlPolicy =~ /^(error)$/i ) { - $self->lmLog( -"Return error instead of redirecting user on CAS service", - 'debug' + $self->logger->debug( +"Return error instead of redirecting user on CAS service" ); return PE_CAS_SERVICE_NOT_ALLOWED; } else { - $self->lmLog( - "Redirect user on CAS service with a fake ticket", - 'debug' ); + $self->logger->debug( + "Redirect user on CAS service with a fake ticket"); $casServiceTicket = "ST-F4K3T1CK3T"; } } @@ -145,21 +143,20 @@ sub run { time() - $last_authn_utime < $self->conf->{portalForceAuthnInterval} ) { - $self->lmLog( - "Authentication is recent, will set CAS renew flag to true", - 'debug' + $self->logger->debug( + "Authentication is recent, will set CAS renew flag to true" ); $casRenewFlag = 1; } # Create a service ticket - $self->lmLog( "Create a CAS service ticket for service $service", - 'debug' ); + $self->logger->debug( + "Create a CAS service ticket for service $service"); my $casServiceSession = $self->getCasSession(); unless ($casServiceSession) { - $self->lmLog( "Unable to create CAS session", 'error' ); + $self->logger->error("Unable to create CAS session"); return PE_ERROR; } @@ -175,8 +172,8 @@ sub run { my $casServiceSessionID = $casServiceSession->id; $casServiceTicket = "ST-" . $casServiceSessionID; - $self->lmLog( "CAS service session $casServiceSessionID created", - 'debug' ); + $self->logger->debug( + "CAS service session $casServiceSessionID created"); } # Redirect to service @@ -187,7 +184,7 @@ sub run { : '?ticket=' . $casServiceTicket ); - $self->lmLog( "Redirect user to $service_url", 'debug' ); + $self->logger->debug("Redirect user to $service_url"); $req->{urldc} = $service_url; @@ -198,7 +195,7 @@ sub run { # 2. LOGOUT if ( $target eq $cas_logout ) { - $self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' ); + $self->logger->debug("URL $url detected as an CAS LOGOUT URL"); # Disable Content-Security-Policy header since logout can be embedded # in a frame @@ -213,14 +210,14 @@ sub run { # Delete local session if ( my $session = $self->p->getApacheSession($session_id) ) { unless ( $self->p->_deleteSession( $req, $session ) ) { - $self->lmLog( "Fail to delete session $session_id ", 'error' ); + $self->logger->error("Fail to delete session $session_id "); } if ($logout_url) { # Display a link to the provided URL - $self->lmLog( "Logout URL $logout_url will be displayed", - 'debug' ); + $self->logger->debug( + "Logout URL $logout_url will be displayed"); $req->info( '

The application you just logged out of has provided a link it would like you to follow

' @@ -232,7 +229,7 @@ sub run { } } else { - $self->lmLog( "Unknown session $session_id", 'info' ); + $self->logger->info("Unknown session $session_id"); } return PE_LOGOUT_OK; @@ -242,12 +239,11 @@ sub run { # 3. VALIDATE [CAS 1.0] if ( $target eq $cas_validate ) { - $self->lmLog( "URL $url detected as an CAS VALIDATE URL", 'debug' ); + $self->logger->debug("URL $url detected as an CAS VALIDATE URL"); # This URL must not be called by authenticated users - $self->lmLog( - "CAS VALIDATE URL called by authenticated user, ignore it", - 'info' ); + $self->userLogger->info( + "CAS VALIDATE URL called by authenticated user, ignore it"); return PE_OK; } @@ -255,14 +251,12 @@ sub run { # 4. SERVICE VALIDATE [CAS 2.0] if ( $target eq $cas_serviceValidate ) { - $self->lmLog( "URL $url detected as an CAS SERVICE VALIDATE URL", - 'debug' ); + $self->logger->debug( + "URL $url detected as an CAS SERVICE VALIDATE URL"); # This URL must not be called by authenticated users - $self->lmLog( - "CAS SERVICE VALIDATE URL called by authenticated user, ignore it", - 'info' - ); + $self->userLogger->info( + "CAS SERVICE VALIDATE URL called by authenticated user, ignore it"); return PE_OK; } @@ -270,13 +264,11 @@ sub run { # 5. PROXY VALIDATE [CAS 2.0] if ( $target eq $cas_proxyValidate ) { - $self->lmLog( "URL $url detected as an CAS PROXY VALIDATE URL", - 'debug' ); + $self->logger->debug("URL $url detected as an CAS PROXY VALIDATE URL"); # This URL must not be called by authenticated users - $self->lmLog( - "CAS PROXY VALIDATE URL called by authenticated user, ignore it", - 'info' ); + $self->userLogger->info( + "CAS PROXY VALIDATE URL called by authenticated user, ignore it"); return PE_OK; } @@ -284,11 +276,11 @@ sub run { # 6. PROXY [CAS 2.0] if ( $target eq $cas_proxy ) { - $self->lmLog( "URL $url detected as an CAS PROXY URL", 'debug' ); + $self->logger->debug("URL $url detected as an CAS PROXY URL"); # This URL must not be called by authenticated users - $self->lmLog( "CAS PROXY URL called by authenticated user, ignore it", - 'info' ); + $self->userLogger->info( + "CAS PROXY URL called by authenticated user, ignore it"); return PE_OK; } @@ -312,8 +304,8 @@ sub logout { sub validate { my ( $self, $req ) = @_; - $self->lmLog( 'URL ' . $req->uri . ' detected as an CAS VALIDATE URL', - 'debug' ); + $self->logger->debug( + 'URL ' . $req->uri . ' detected as an CAS VALIDATE URL' ); # GET parameters my $service = $req->param('service'); @@ -322,27 +314,26 @@ sub validate { # Required parameters: service and ticket unless ( $service and $ticket ) { - $self->lmLog( "Service and Ticket parameters required", 'error' ); + $self->logger->error("Service and Ticket parameters required"); return $self->returnCasValidateError(); } - $self->lmLog( - "Get validate request with ticket $ticket for service $service", - 'debug' ); + $self->logger->debug( + "Get validate request with ticket $ticket for service $service"); unless ( $ticket =~ s/^ST-// ) { - $self->lmLog( "Provided ticket is not a service ticket (ST)", 'error' ); + $self->logger->error("Provided ticket is not a service ticket (ST)"); return $self->returnCasValidateError(); } my $casServiceSession = $self->getCasSession($ticket); unless ($casServiceSession) { - $self->lmLog( "Service ticket session $ticket not found", 'error' ); + $self->logger->error("Service ticket session $ticket not found"); return $self->returnCasValidateError(); } - $self->lmLog( "Service ticket session $ticket found", 'debug' ); + $self->logger->debug("Service ticket session $ticket found"); my $service1_uri = URI->new($service); my $service2_uri = URI->new( $casServiceSession->data->{service} ); @@ -354,38 +345,32 @@ sub validate { if ( $service1_uri->rel($service2_uri) eq "./" or $service2_uri->rel($service1_uri) eq "./" ) { - $self->lmLog( + $self->logger->notice( "Submitted service $service1_uri does not exactly match initial service " . $service2_uri - . ' but difference is tolerated.', - 'warn' - ); + . ' but difference is tolerated.' ); } else { - $self->lmLog( + $self->logger->error( "Submitted service $service does not match initial service " - . $casServiceSession->data->{service}, - 'error' - ); + . $casServiceSession->data->{service} ); $self->deleteCasSession($casServiceSession); return $self->returnCasValidateError(); } } else { - $self->lmLog( "Submitted service $service math initial servce", - 'debug' ); + $self->logger->debug("Submitted service $service math initial servce"); } # Check renew if ( $renew and $renew eq 'true' ) { # We should check the ST was delivered with primary credentials - $self->lmLog( "Renew flag detected ", 'debug' ); + $self->logger->debug("Renew flag detected "); unless ( $casServiceSession->data->{renew} ) { - $self->lmLog( -"Authentication renew requested, but not done in former authentication process", - 'error' + $self->logger->error( +"Authentication renew requested, but not done in former authentication process" ); $self->deleteCasSession($casServiceSession); return $self->returnCasValidateError(); @@ -397,12 +382,9 @@ sub validate { $self->p->getApacheSession( $casServiceSession->data->{_cas_id} ); unless ($localSession) { - $self->lmLog( - "Local session " + $self->logger->warn( "Local session " . $casServiceSession->data->{_cas_id} - . " notfound", - 'error' - ); + . " notfound" ); $self->deleteCasSession($casServiceSession); return $self->returnCasValidateError(); } @@ -412,7 +394,7 @@ sub validate { $localSession->data->{ $self->conf->{casAttr} || $self->conf->{whatToTrace} }; - $self->lmLog( "Get username $username", 'debug' ); + $self->logger->debug("Get username $username"); # Return success message $self->deleteCasSession($casServiceSession); @@ -437,9 +419,8 @@ sub proxyValidate { sub _validate2 { my ( $self, $urlType, $req ) = @_; - $self->lmLog( - 'URL ' . $req->uri . " detected as an CAS $urlType VALIDATE URL", - 'debug' ); + $self->logger->debug( + 'URL ' . $req->uri . " detected as an CAS $urlType VALIDATE URL" ); # GET parameters my $service = $req->param('service'); @@ -452,27 +433,24 @@ sub _validate2 { # Required parameters: service and ticket unless ( $service and $ticket ) { - $self->lmLog( "Service and Ticket parameters required", 'error' ); + $self->logger->error("Service and Ticket parameters required"); return $self->returnCasServiceValidateError( 'INVALID_REQUEST', 'Missing mandatory parameters (service, ticket)' ); } - $self->lmLog( - "Get " + $self->logger->debug( "Get " . lc($urlType) - . " validate request with ticket $ticket for service $service", - 'debug' - ); + . " validate request with ticket $ticket for service $service" ); # Get CAS session corresponding to ticket if ( $urlType eq 'SERVICE' and !( $ticket =~ s/^ST-// ) ) { - $self->lmLog( "Provided ticket is not a service ticket (ST)", 'error' ); + $self->logger->error("Provided ticket is not a service ticket (ST)"); return $self->returnCasServiceValidateError( 'INVALID_TICKET', 'Provided ticket is not a service ticket' ); } elsif ( $urlType eq 'PROXY' and !( $ticket =~ s/^(P|S)T-// ) ) { - $self->lmLog( "Provided ticket is not a service or proxy ticket ($1T)", - 'error' ); + $self->userLogger->error( + "Provided ticket is not a service or proxy ticket ($1T)"); return $self->returnCasServiceValidateError( 'INVALID_TICKET', 'Provided ticket is not a service or proxy ticket' ); } @@ -480,12 +458,12 @@ sub _validate2 { my $casServiceSession = $self->getCasSession($ticket); unless ($casServiceSession) { - $self->lmLog( "$urlType ticket session $ticket not found", 'error' ); + $self->logger->error("$urlType ticket session $ticket not found"); return $self->returnCasServiceValidateError( 'INVALID_TICKET', 'Ticket not found' ); } - $self->lmLog( "$urlType ticket session $ticket found", 'debug' ); + $self->logger->debug("$urlType ticket session $ticket found"); my $service1_uri = URI->new($service); my $service2_uri = URI->new( $casServiceSession->data->{service} ); @@ -497,39 +475,34 @@ sub _validate2 { if ( $service1_uri->rel($service2_uri) eq "./" or $service2_uri->rel($service1_uri) eq "./" ) { - $self->lmLog( + $self->logger->notice( "Submitted service $service1_uri does not exactly match initial service " . $service2_uri - . ' but difference is tolerated.', - 'warn' - ); + . ' but difference is tolerated.' ); } else { - $self->lmLog( + $self->userLogger->error( "Submitted service $service does not match initial service " - . $casServiceSession->data->{service}, - 'error' - ); + . $casServiceSession->data->{service} ); $self->deleteCasSession($casServiceSession); return $self->returnCasServiceValidateError( 'INVALID_SERVICE', 'Submitted service does not match initial service' ); } } else { - $self->lmLog( "Submitted service $service match initial service", - 'debug' ); + $self->logger->debug( + "Submitted service $service match initial service"); } # Check renew if ( $renew and $renew eq 'true' ) { # We should check the ST was delivered with primary credentials - $self->lmLog( "Renew flag detected ", 'debug' ); + $self->logger->debug("Renew flag detected "); unless ( $casServiceSession->data->{renew} ) { - $self->lmLog( -"Authentication renew requested, but not done in former authentication process", - 'error' + $self->logger->error( +"Authentication renew requested, but not done in former authentication process" ); $self->deleteCasSession($casServiceSession); return $self->returnCasValidateError(); @@ -544,8 +517,8 @@ sub _validate2 { if ($pgtUrl) { # Create a proxy granting ticket - $self->lmLog( "Create a CAS proxy granting ticket for service $service", - 'debug' ); + $self->logger->debug( + "Create a CAS proxy granting ticket for service $service"); my $casProxyGrantingSession = $self->getCasSession(); @@ -571,9 +544,8 @@ sub _validate2 { $casProxyGrantingSession->update($PGinfos); - $self->lmLog( - "CAS proxy granting session $casProxyGrantingSessionID created", - 'debug' + $self->logger->debug( + "CAS proxy granting session $casProxyGrantingSessionID created" ); # Generate the proxy granting ticket IOU @@ -583,9 +555,8 @@ sub _validate2 { $casProxyGrantingTicketIOU = "PGTIOU-" . $tmpCasSession->id; $self->deleteCasSession($tmpCasSession); - $self->lmLog( -"Generate proxy granting ticket IOU $casProxyGrantingTicketIOU", - 'debug' + $self->logger->debug( +"Generate proxy granting ticket IOU $casProxyGrantingTicketIOU" ); # Request pgtUrl @@ -596,22 +567,20 @@ sub _validate2 { ) ) { - $self->lmLog( - "Proxy granting URL $pgtUrl called with success", - 'debug' ); + $self->logger->debug( + "Proxy granting URL $pgtUrl called with success"); } else { - $self->lmLog( "Error calling proxy granting URL $pgtUrl", - 'warn' ); + $self->logger->error( + "Error calling proxy granting URL $pgtUrl"); $casProxyGrantingTicketIOU = undef; } } } else { - $self->lmLog( - "Error in proxy granting ticket management, bypass it", - 'warn' ); + $self->logger->warn( + "Error in proxy granting ticket management, bypass it"); } } @@ -620,12 +589,9 @@ sub _validate2 { $self->p->getApacheSession( $casServiceSession->data->{_cas_id} ); unless ($localSession) { - $self->lmLog( - "Local session " + $self->userLogger->error( "Local session " . $casServiceSession->data->{_cas_id} - . " notfound", - 'error' - ); + . " notfound" ); $self->deleteCasSession($casServiceSession); return $self->returnCasServiceValidateError( 'INTERNAL_ERROR', 'No session associated to ticket' ); @@ -636,7 +602,7 @@ sub _validate2 { $localSession->data->{ $self->conf->{casAttr} || $self->conf->{whatToTrace} }; - $self->lmLog( "Get username $username", 'debug' ); + $self->logger->debug("Get username $username"); # Get attributes [CAS 3.0] my $attributes = {}; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm index 2226d384f..ad2ba9f96 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/Get.pm @@ -22,19 +22,19 @@ sub run { $req->path =~ m#^$self->{conf}->{issuerDBGetPath}/(log(?:in|out))#; my $logInOut = $1 || 'login'; if ( $logInOut eq 'login' ) { - $self->lmLog( "IssuerGet: request for login", 'debug' ); + $self->logger->debug("IssuerGet: request for login"); $self->computeGetParams($req); return PE_OK; } elsif ( $logInOut eq 'logout' ) { - $self->lmLog( "IssuerGet: request for logout", 'debug' ); + $self->logger->debug("IssuerGet: request for logout"); # TODO # Display a link to the provided URL return PE_OK; } else { - $self->lmLog( "IssuerGet: bad url", 'error' ); + $self->logger->error("IssuerGet: bad url"); return PE_BADURL; } } @@ -53,21 +53,21 @@ sub computeGetParams { my @getPrms; if ( exists $self->conf->{issuerDBGetParameters} ) { unless ( $req->urldc =~ m#^https?://([^/]+)# ) { - $self->lmLog( "Malformed url $req->urldc", 'error' ); + $self->logger->error("Malformed url $req->urldc"); return; } my $vhost = $1; my $prms = $self->conf->{issuerDBGetParameters}->{$vhost}; unless ($prms) { - $self->lmLog( "IssuerGet: $vhost has no configuration", 'warn' ); + $self->logger->warn("IssuerGet: $vhost has no configuration"); return ''; } foreach my $param ( keys %$prms ) { my $value = eval { uri_escape( $req->{sessionInfo}->{ $prms->{$param} } ) }; if ($@) { - $self->lmLog( "IssuerGet: unable to compute $param ($@)", - 'error' ); + $self->logger->error( + "IssuerGet: unable to compute $param ($@)"); return; } $value =~ s/[\r\n\t]//; @@ -75,7 +75,7 @@ sub computeGetParams { } } else { - $self->lmLog( "IssuerGet: no configuration", 'warn' ); + $self->logger->warn("IssuerGet: no configuration"); return; } my $getVars = join '&', @getPrms; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm index ec7e1d3dd..52de59499 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenID.pm @@ -72,7 +72,7 @@ sub forUnauthUser { my ( $self, $req ) = @_; my $mode = $req->param('openid.mode'); unless ($mode) { - $self->lmLog( 'OpenID SP test', 'debug' ); + $self->logger->debug('OpenID SP test'); return PE_OPENID_EMPTY; } if ( $mode eq 'associate' ) { @@ -91,14 +91,13 @@ sub run { my $mode = $req->param('openid.mode'); unless ($mode) { - $self->lmLog( 'OpenID SP test', 'debug' ); + $self->logger->debug('OpenID SP test'); return PE_OPENID_EMPTY; } unless ( $mode =~ /^checkid_(?:immediate|setup)/ ) { - $self->lmLog( -"OpenID error : $mode is not known at this step (issuerForAuthUser)", - 'error' + $self->logger->error( + "OpenID error : $mode is not known at this step (issuerForAuthUser)" ); return PE_ERROR; } @@ -149,13 +148,13 @@ sub openIDServer { my $tmp = $trust_root; $tmp =~ s#^http://(.*?)/#$1#; if ( $tmp =~ $self->spList xor $self->listIsWhite ) { - $self->lmLog( "$trust_root is forbidden for openID exchange", - 'warn' ); + $self->userLogger->warn( + "$trust_root is forbidden for openID exchange"); $req->datas->{_openIdForbidden} = 1; return 0; } elsif ( $req->{sessionInfo}->{"_openidTrust$trust_root"} ) { - $self->lmLog( 'OpenID request already trusted', 'debug' ); + $self->logger->debug('OpenID request already trusted'); return 1; } elsif ( $req->param("confirm") and $req->param("confirm") == 1 ) { @@ -169,7 +168,7 @@ sub openIDServer { return 0; } else { - $self->lmLog( 'OpenID request not trusted', 'debug' ); + $self->logger->debug('OpenID request not trusted'); $req->datas->{_openIdTrustRequired} = 1; return 0; } @@ -194,7 +193,7 @@ sub _openIDResponse { # Redirect if ( $type eq 'redirect' ) { - $self->lmLog( "OpenID redirection to $data", 'debug' ); + $self->logger->debug("OpenID redirection to $data"); $req->{urldc} = $data; return PE_REDIRECT; } @@ -209,7 +208,7 @@ sub _openIDResponse { $req->info('

'); $req->info( $req->datas->{_openIdTrustExtMsg} ) if ( $req->datas->{_openIdTrustExtMsg} ); - $self->lmLog( 'OpenID confirmation', 'debug' ); + $self->logger->debug('OpenID confirmation'); return PE_CONFIRM; } elsif ( $req->datas->{_badOpenIdentity} ) { @@ -231,7 +230,7 @@ sub _openIDResponse { } } elsif ($type) { - $self->lmLog( "OpenID generated page ($type)", 'debug' ); + $self->logger->debug("OpenID generated page ($type)"); $req->response( [ 200, [ 'Content-Type' => $type ], [$data] ] ); } else { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm index b7973a4d3..500d59ca7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm @@ -90,8 +90,8 @@ sub run { # AUTHORIZE if ( $path eq $self->conf->{oidcServiceMetaDataAuthorizeURI} ) { - $self->lmLog( "URL detected as an OpenID Connect AUTHORIZE URL", - 'debug' ); + $self->logger->debug( + "URL detected as an OpenID Connect AUTHORIZE URL"); # Get and save parameters my $oidc_request = {}; @@ -103,11 +103,8 @@ sub run { { if ( $req->param($param) ) { $oidc_request->{$param} = $req->param($param); - $self->lmLog( - "OIDC request parameter $param: " - . $oidc_request->{$param}, - 'debug' - ); + $self->logger->debug( "OIDC request parameter $param: " + . $oidc_request->{$param} ); } } @@ -116,13 +113,11 @@ sub run { my $flow = $self->getFlowType($response_type); unless ($flow) { - $self->lmLog( "Unknown response type: $response_type", - 'error' ); + $self->logger->error("Unknown response type: $response_type"); return PE_ERROR; } - $self->lmLog( - "OIDC $flow flow requested (response type: $response_type)", - 'debug' ); + $self->logger->debug( + "OIDC $flow flow requested (response type: $response_type)"); # Extract request_uri/request parameter if ( $oidc_request->{'request_uri'} ) { @@ -133,8 +128,7 @@ sub run { $oidc_request->{'request'} = $request; } else { - $self->lmLog( "Error with Request URI resolution", - 'error' ); + $self->logger->error("Error with Request URI resolution"); return PE_ERROR; } } @@ -145,9 +139,8 @@ sub run { # Override OIDC parameters by request content foreach ( keys %$request ) { - $self->lmLog( -"Override $_ OIDC param by value present in request parameter", - 'debug' + $self->logger->debug( +"Override $_ OIDC param by value present in request parameter" ); $oidc_request->{$_} = $request->{$_}; $self->p->setHiddenFormValue( $_, $request->{$_}, '' ); @@ -156,11 +149,11 @@ sub run { # Check all required parameters unless ( $oidc_request->{'redirect_uri'} ) { - $self->lmLog( "Redirect URI is required", 'error' ); + $self->logger->error("Redirect URI is required"); return PE_ERROR; } unless ( $oidc_request->{'scope'} ) { - $self->lmLog( "Scope is required", 'error' ); + $self->logger->error("Scope is required"); $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, @@ -172,7 +165,7 @@ sub run { ); } unless ( $oidc_request->{'client_id'} ) { - $self->lmLog( "Client ID is required", 'error' ); + $self->logger->error("Client ID is required"); return $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, @@ -185,7 +178,7 @@ sub run { } if ( $flow eq "implicit" and not defined $oidc_request->{'nonce'} ) { - $self->lmLog( "Nonce is required for implicit flow", 'error' ); + $self->logger->error("Nonce is required for implicit flow"); return $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, "invalid_request", "nonce required", @@ -197,8 +190,8 @@ sub run { if ( $flow eq "authorizationcode" and not $self->conf->{oidcServiceAllowAuthorizationCodeFlow} ) { - $self->lmLog( "Authorization code flow is not allowed", - 'error' ); + $self->userLogger->error( + "Authorization code flow is not allowed"); return $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, "server_error", "Authorization code flow not allowed", @@ -209,7 +202,7 @@ sub run { if ( $flow eq "implicit" and not $self->conf->{oidcServiceAllowImplicitFlow} ) { - $self->lmLog( "Implicit flow is not allowed", 'error' ); + $self->logger->error("Implicit flow is not allowed"); return $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, "server_error", "Implicit flow not allowed", @@ -220,7 +213,7 @@ sub run { if ( $flow eq "hybrid" and not $self->conf->{oidcServiceAllowHybridFlow} ) { - $self->lmLog( "Hybrid flow is not allowed", 'error' ); + $self->logger->error("Hybrid flow is not allowed"); return $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, "server_error", "Hybrid flow not allowed", @@ -233,9 +226,8 @@ sub run { my $reauthentication = 0; my $prompt = $oidc_request->{'prompt'}; if ( $prompt and $prompt =~ /\blogin\b/ ) { - $self->lmLog( -"Reauthentication requested by Relying Party in prompt parameter", - 'debug' + $self->logger->debug( +"Reauthentication requested by Relying Party in prompt parameter" ); $reauthentication = 1; } @@ -243,9 +235,8 @@ sub run { my $max_age = $oidc_request->{'max_age'}; my $_lastAuthnUTime = $req->{sessionInfo}->{_lastAuthnUTime}; if ( $max_age && time > $_lastAuthnUTime + $max_age ) { - $self->lmLog( -"Reauthentication forced cause authentication time ($_lastAuthnUTime) is too old (>$max_age s)", - 'debug' + $self->logger->debug( +"Reauthentication forced cause authentication time ($_lastAuthnUTime) is too old (>$max_age s)" ); $reauthentication = 1; } @@ -272,7 +263,7 @@ sub run { # Check openid scope unless ( $oidc_request->{'scope'} =~ /\bopenid\b/ ) { - $self->lmLog( "No openid scope found", 'debug' ); + $self->logger->debug("No openid scope found"); #TODO manage standard OAuth request return PE_OK; @@ -280,15 +271,14 @@ sub run { # Check client_id my $client_id = $oidc_request->{'client_id'}; - $self->lmLog( "Request from client id $client_id", 'debug' ); + $self->logger->debug("Request from client id $client_id"); # Verify that client_id is registered in configuration my $rp = $self->getRP($client_id); unless ($rp) { - $self->lmLog( -"No registered Relying Party found with client_id $client_id", - 'error' + $self->logger->error( +"No registered Relying Party found with client_id $client_id" ); return $self->returnRedirectError( $req, @@ -301,7 +291,7 @@ sub run { ); } else { - $self->lmLog( "Client id $client_id match RP $rp", 'debug' ); + $self->logger->debug("Client id $client_id match RP $rp"); } # Check Request JWT signature @@ -313,12 +303,12 @@ sub run { ) ) { - $self->lmLog( "Request JWT signature could not be verified", - 'error' ); + $self->logger->error( + "Request JWT signature could not be verified"); return PE_ERROR; } else { - $self->lmLog( "Request JWT signature verified", 'debug' ); + $self->logger->debug("Request JWT signature verified"); } } @@ -333,8 +323,8 @@ sub run { $redirect_uri_allowed = 1 if $redirect_uri eq $_; } unless ($redirect_uri_allowed) { - $self->lmLog( "Redirect URI $redirect_uri not allowed", - 'error' ); + $self->userLogger->error( + "Redirect URI $redirect_uri not allowed"); return PE_BADURL; } } @@ -343,7 +333,7 @@ sub run { my $id_token_hint = $oidc_request->{'id_token_hint'}; if ($id_token_hint) { - $self->lmLog( "Check sub of ID Token $id_token_hint", 'debug' ); + $self->logger->debug("Check sub of ID Token $id_token_hint"); # Check that id_token_hint sub match current user my $sub = $self->getIDTokenSub($id_token_hint); @@ -353,9 +343,8 @@ sub run { || $self->conf->{whatToTrace}; my $user_id = $req->{sessionInfo}->{$user_id_attribute}; unless ( $sub eq $user_id ) { - $self->lmLog( - "ID Token hint sub $sub do not match user $user_id", - 'error' ); + $self->userLogger->error( + "ID Token hint sub $sub do not match user $user_id"); return $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, @@ -367,8 +356,8 @@ sub run { ); } else { - $self->lmLog( "ID Token hint sub $sub match current user", - 'debug' ); + $self->logger->debug( + "ID Token hint sub $sub match current user"); } } @@ -376,9 +365,8 @@ sub run { my $bypassConsent = $self->conf->{oidcRPMetaDataOptions}->{$rp} ->{oidcRPMetaDataOptionsBypassConsent}; if ($bypassConsent) { - $self->lmLog( - "Consent is disabled for RP $rp, user will not be prompted", - 'debug' + $self->logger->debug( + "Consent is disabled for RP $rp, user will not be prompted" ); } else { @@ -392,9 +380,8 @@ sub run { my $consent_scope = $req->{sessionInfo}->{"_oidc_consent_scope_$rp"}; - $self->lmLog( -"Consent already given for Relying Party $rp (time: $consent_time, scope: $consent_scope)", - 'debug' + $self->logger->debug( +"Consent already given for Relying Party $rp (time: $consent_time, scope: $consent_scope)" ); # Check accepted scope @@ -402,14 +389,12 @@ sub run { split( /\s+/, $oidc_request->{'scope'} ) ) { if ( $consent_scope =~ /\b$requested_scope\b/ ) { - $self->lmLog( - "Scope $requested_scope already accepted", - 'debug' ); + $self->logger->debug( + "Scope $requested_scope already accepted"); } else { - $self->lmLog( -"Scope $requested_scope was not previously accepted", - 'debug' + $self->logger->debug( +"Scope $requested_scope was not previously accepted" ); $ask_for_consent = 1; last; @@ -431,15 +416,14 @@ sub run { $oidc_request->{'scope'} } ); - $self->lmLog( "Consent given for Relying Party $rp", - 'debug' ); + $self->logger->debug( + "Consent given for Relying Party $rp"); } elsif ( $req->param('confirm') and $req->param('confirm') == -1 ) { - $self->lmLog( - "User refused consent for Relying party $rp", - 'debug' ); + $self->logger->debug( + "User refused consent for Relying party $rp"); return $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, @@ -451,15 +435,13 @@ sub run { ); } else { - $self->lmLog( - "Obtain user consent for Relying Party $rp", - 'debug' ); + $self->logger->debug( + "Obtain user consent for Relying Party $rp"); # Return error if prompt is none if ( $prompt and $prompt =~ /\bnone\b/ ) { - $self->lmLog( - "Consent is needed but prompt is none", - 'debug' ); + $self->logger->debug( + "Consent is needed but prompt is none"); return $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, @@ -526,7 +508,7 @@ qq'

The application $display_name would li my $codeSession = $self->getOpenIDConnectSession(); my $code = $codeSession->id(); - $self->lmLog( "Generated code: $code", 'debug' ); + $self->logger->debug("Generated code: $code"); # Store data in session $codeSession->update( @@ -546,7 +528,7 @@ qq'

The application $display_name would li $session_state ); - $self->lmLog( "Redirect user to $response_url", 'debug' ); + $self->logger->debug("Redirect user to $response_url"); $req->urldc($response_url); return PE_REDIRECT; @@ -564,9 +546,8 @@ qq'

The application $display_name would li my $accessTokenSession = $self->getOpenIDConnectSession; unless ($accessTokenSession) { - $self->lmLog( - "Unable to create OIDC session for access_token", - "error" ); + $self->logger->error( + "Unable to create OIDC session for access_token"); $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, "server_error", undef, undef, @@ -585,8 +566,8 @@ qq'

The application $display_name would li $access_token = $accessTokenSession->id; - $self->lmLog( "Generated access token: $access_token", - 'debug' ); + $self->logger->debug( + "Generated access token: $access_token"); # Compute hash to store in at_hash my $alg = $self->conf->{oidcRPMetaDataOptions}->{$rp} @@ -642,7 +623,7 @@ qq'

The application $display_name would li my $id_token = $self->createIDToken( $id_token_payload_hash, $rp ); - $self->lmLog( "Generated id token: $id_token", 'debug' ); + $self->logger->debug("Generated id token: $id_token"); # Send token response my $expires_in = $self->conf->{oidcRPMetaDataOptions}->{$rp} @@ -656,7 +637,7 @@ qq'

The application $display_name would li $session_state ); - $self->lmLog( "Redirect user to $response_url", 'debug' ); + $self->logger->debug("Redirect user to $response_url"); $req->urldc($response_url); return PE_REDIRECT; @@ -679,7 +660,7 @@ qq'

The application $display_name would li my $codeSession = $self->getOpenIDConnectSession(); my $code = $codeSession->id(); - $self->lmLog( "Generated code: $code", 'debug' ); + $self->logger->debug("Generated code: $code"); # Store data in session $codeSession->update( @@ -701,9 +682,8 @@ qq'

The application $display_name would li my $accessTokenSession = $self->getOpenIDConnectSession; unless ($accessTokenSession) { - $self->lmLog( - "Unable to create OIDC session for access_token", - "error" ); + $self->logger->error( + "Unable to create OIDC session for access_token"); return $self->returnRedirectError( $req, $oidc_request->{'redirect_uri'}, "server_error", undef, undef, @@ -722,8 +702,8 @@ qq'

The application $display_name would li $access_token = $accessTokenSession->id; - $self->lmLog( "Generated access token: $access_token", - 'debug' ); + $self->logger->debug( + "Generated access token: $access_token"); # Compute hash to store in at_hash $at_hash = $self->createHash( $access_token, $hash_level ); @@ -769,7 +749,7 @@ qq'

The application $display_name would li $id_token = $self->createIDToken( $id_token_payload_hash, $rp ); - $self->lmLog( "Generated id token: $id_token", 'debug' ); + $self->logger->debug("Generated id token: $id_token"); } my $expires_in = $self->conf->{oidcRPMetaDataOptions}->{$rp} @@ -783,30 +763,27 @@ qq'

The application $display_name would li $session_state ); - $self->lmLog( "Redirect user to $response_url", 'debug' ); + $self->logger->debug("Redirect user to $response_url"); $req->urldc($response_url); return PE_REDIRECT; } - $self->lmLog( "No flow has been selected", 'debug' ); + $self->logger->debug("No flow has been selected"); return PE_OK; } # LOGOUT elsif ( $path eq $self->conf->{oidcServiceMetaDataEndSessionURI} ) { - $self->lmLog( "URL detected as an OpenID Connect END SESSION URL", - 'debug' ); + $self->logger->debug( + "URL detected as an OpenID Connect END SESSION URL"); # Set hidden fields my $oidc_request = {}; foreach my $param (qw/id_token_hint post_logout_redirect_uri state/) { if ( $oidc_request->{$param} = $req->param($param) ) { - $self->lmLog( - "OIDC request parameter $param: " - . $oidc_request->{$param}, - 'debug' - ); + $self->logger->debug( "OIDC request parameter $param: " + . $oidc_request->{$param} ); $self->p->setHiddenFormValue( $param, $oidc_request->{$param}, '' ); } @@ -830,7 +807,7 @@ qq'

The application $display_name would li $self->buildLogoutResponse( $post_logout_redirect_uri, $state ); - $self->lmLog( "Redirect user to $response_url", 'debug' ); + $self->logger->debug("Redirect user to $response_url"); $req->urldc($response_url); return PE_REDIRECT; } @@ -844,23 +821,22 @@ qq'

The application $display_name would li return PE_CONFIRM; } } - $self->lmLog( "Unknown OIDC endpoint $path, skipping", 'error' ); + $self->logger->error("Unknown OIDC endpoint $path, skipping"); return PE_ERROR; } # Handle token endpoint sub token { my ( $self, $req ) = @_; - $self->lmLog( "URL detected as an OpenID Connect TOKEN URL", 'debug' ); + $self->logger->debug("URL detected as an OpenID Connect TOKEN URL"); # Check authentication my ( $client_id, $client_secret ) = $self->getEndPointAuthenticationCredentials($req); unless ( $client_id && $client_secret ) { - $self->lmLog( -"No authentication provided to get token, or authentication type not supported", - "error" + $self->logger->error( +"No authentication provided to get token, or authentication type not supported" ); return $self->p->sendError( $req, 'unauthorized_client', 401 ); } @@ -869,43 +845,39 @@ sub token { my $rp = $self->getRP($client_id); unless ($rp) { - $self->lmLog( - "No registered Relying Party found with client_id $client_id", - 'error' ); + $self->userLogger->error( + "No registered Relying Party found with client_id $client_id"); return $self->p->sendError( $req, "unauthorized_client", 403 ); } else { - $self->lmLog( "Client id $client_id match RP $rp", 'debug' ); + $self->logger->debug("Client id $client_id match RP $rp"); } # Check client_secret unless ( $client_secret eq $self->conf->{oidcRPMetaDataOptions}->{$rp} ->{oidcRPMetaDataOptionsClientSecret} ) { - $self->lmLog( "Wrong credentials for $rp", "error" ); + $self->logger->error("Wrong credentials for $rp"); return $self->p->sendError( "access_denied", 403 ); } # Get code session my $code = $req->param('code'); - $self->lmLog( "OpenID Connect Code: $code", 'debug' ); + $self->logger->debug("OpenID Connect Code: $code"); my $codeSession = $self->getOpenIDConnectSession($code); unless ($codeSession) { - $self->lmLog( "Unable to find OIDC session $code", "error" ); + $self->logger->error("Unable to find OIDC session $code"); $self->p->sendError( $req, "invalid_grant", 400 ); } # Check we have the same redirect_uri value unless ( $req->param("redirect_uri") eq $codeSession->data->{redirect_uri} ) { - $self->lmLog( - "Provided redirect_uri is different from " - . $codeSession->{redirect_uri}, - "error" - ); + $self->userLogger->error( "Provided redirect_uri is different from " + . $codeSession->{redirect_uri} ); $self->p->sendError( $req, "invalid_request", 400 ); } @@ -915,9 +887,8 @@ sub token { noInfo => 1 ); unless ($apacheSession) { - $self->lmLog( - "Unable to find user session linked to OIDC session $code", - "error" ); + $self->userLogger->error( + "Unable to find user session linked to OIDC session $code"); $codeSession->remove(); $self->p->sendError( $req, "invalid_request", 400 ); } @@ -928,14 +899,14 @@ sub token { || $self->conf->{whatToTrace}; my $user_id = $apacheSession->data->{$user_id_attribute}; - $self->lmLog( "Found corresponding user: $user_id", 'debug' ); + $self->logger->debug("Found corresponding user: $user_id"); # Generate access_token my $accessTokenSession = $self->getOpenIDConnectSession; unless ($accessTokenSession) { - $self->lmLog( "Unable to create OIDC session for access_token", - "error" ); + $self->userLogger->error( + "Unable to create OIDC session for access_token"); $codeSession->remove(); $self->p->sendError( $req, "invalid_request", 400 ); } @@ -952,7 +923,7 @@ sub token { my $access_token = $accessTokenSession->id; - $self->lmLog( "Generated access token: $access_token", 'debug' ); + $self->logger->debug("Generated access token: $access_token"); # Compute hash to store in at_hash my $alg = $self->conf->{oidcRPMetaDataOptions}->{$rp} @@ -973,8 +944,8 @@ sub token { aud => [$client_id], # Audience exp => $id_token_exp, # expiration iat => time, # Issued time - auth_time => - $apacheSession->data->{_lastAuthnUTime}, # Authentication time + auth_time => $apacheSession->data->{_lastAuthnUTime} + , # Authentication time acr => $id_token_acr, # Authentication Context Class Reference azp => $client_id, # Authorized party # TODO amr @@ -987,7 +958,7 @@ sub token { # Create ID Token my $id_token = $self->createIDToken( $id_token_payload_hash, $rp ); - $self->lmLog( "Generated id token: $id_token", 'debug' ); + $self->logger->debug("Generated id token: $id_token"); # Send token response my $expires_in = $self->conf->{oidcRPMetaDataOptions}->{$rp} @@ -1000,7 +971,7 @@ sub token { id_token => $id_token, }; - $self->lmLog( "Send token response", 'debug' ); + $self->logger->debug("Send token response"); $codeSession->remove(); return $self->p->sendJSONresponse( $req, $token_response ); @@ -1009,23 +980,23 @@ sub token { # Handle uerinfo endpoint sub userInfo { my ( $self, $req ) = @_; - $self->lmLog( "URL detected as an OpenID Connect USERINFO URL", 'debug' ); + $self->logger->debug("URL detected as an OpenID Connect USERINFO URL"); my $access_token = $self->getEndPointAccessToken($req); unless ($access_token) { - $self->lmLog( "Unable to get access_token", "error" ); + $self->logger->error("Unable to get access_token"); return $self->returnBearerError( "invalid_request", "Access token not found in request" ); } - $self->lmLog( "Received Access Token $access_token", 'debug' ); + $self->logger->debug("Received Access Token $access_token"); my $accessTokenSession = $self->getOpenIDConnectSession($access_token); unless ($accessTokenSession) { - $self->lmLog( "Unable to get access token session for id $access_token", - "error" ); + $self->userLogger->error( + "Unable to get access token session for id $access_token"); return $self->returnBearerError( "invalid_token", "Access Token not found or expired" ); } @@ -1050,7 +1021,7 @@ sub userInfo { else { my $userinfo_jwt = $self->createJWT( $userinfo_response, $userinfo_sign_alg, $rp ); - $self->lmLog( "Return UserInfo as JWT: $userinfo_jwt", 'debug' ); + $self->logger->debug("Return UserInfo as JWT: $userinfo_jwt"); return [ 200, [ @@ -1065,7 +1036,7 @@ sub userInfo { # Handle jwks endpoint sub jwks { my ( $self, $req ) = @_; - $self->lmLog( "URL detected as an OpenID Connect JWKS URL", 'debug' ); + $self->logger->debug("URL detected as an OpenID Connect JWKS URL"); my $jwks = { keys => [] }; @@ -1078,26 +1049,25 @@ sub jwks { $key->{kid} = $key_id_sig if $key_id_sig; push @{ $jwks->{keys} }, $key; } - $self->lmLog( "Send JWKS response sent", 'debug' ); + $self->logger->debug("Send JWKS response sent"); return $self->p->sendJSONresponse( $req, $jwks ); } # Handle register endpoint sub registration { my ( $self, $req ) = @_; - $self->lmLog( "URL detected as an OpenID Connect REGISTRATION URL", - 'debug' ); + $self->logger->debug("URL detected as an OpenID Connect REGISTRATION URL"); # TODO: check Initial Access Token # Specific message to allow DOS detection my $source_ip = $req->address; - $self->lmLog( "OpenID Connect Registration request from $source_ip", - 'warn' ); + $self->logger->notice( + "OpenID Connect Registration request from $source_ip"); # Check dynamic registration is allowed unless ( $self->conf->{oidcServiceAllowDynamicRegistration} ) { - $self->lmLog( "Dynamic registration is not allowed", 'error' ); + $self->logger->error("Dynamic registration is not allowed"); $self->p->sendError( $req, 'server_error' ); } @@ -1107,14 +1077,14 @@ sub registration { return $self->p->sendError( $req, 'Missing POST datas', 400 ); } - $self->lmLog( "Client metadata received: $client_metadata_json", 'debug' ); + $self->logger->debug("Client metadata received: $client_metadata_json"); my $client_metadata = $self->decodeJSON($client_metadata_json); my $registration_response = {}; # Check redirect_uris unless ( $client_metadata->{redirect_uris} ) { - $self->lmLog( "Field redirect_uris is mandatory", 'error' ); + $self->logger->error("Field redirect_uris is mandatory"); return $self->p->sendError( $req, 'invalid_client_metadata', 400 ); } @@ -1179,13 +1149,12 @@ sub registration { if defined $userinfo_signed_response_alg; } else { - $self->lmLog( - "Configuration not saved: $Lemonldap::NG::Common::Conf::msg", - 'error' ); + $self->logger->error( + "Configuration not saved: $Lemonldap::NG::Common::Conf::msg"); return $self->p->sendError( $req, 'server_error', 500 ); } - $self->lmLog( "Registration response sent", 'debug' ); + $self->logger->debug("Registration response sent"); return $self->p->sendJSONresponse( $req, $registration_response, code => 201 ); } @@ -1193,9 +1162,8 @@ sub registration { # Handle logout endpoint for unauthenticated users sub endSessionDone { my ( $self, $req ) = @_; - $self->lmLog( "URL detected as an OpenID Connect END SESSION URL", - 'debug' ); - $self->lmLog( "User is already logged out", 'debug' ); + $self->logger->debug("URL detected as an OpenID Connect END SESSION URL"); + $self->logger->debug("User is already logged out"); my $post_logout_redirect_uri = $req->param('post_logout_redirect_uri'); my $state = $req->param('state'); @@ -1206,7 +1174,7 @@ sub endSessionDone { my $response_url = $self->buildLogoutResponse( $post_logout_redirect_uri, $state ); - $self->lmLog( "Redirect user to $response_url", 'debug' ); + $self->logger->debug("Redirect user to $response_url"); return [ 302, [ Location => $response_url ], [] ]; } @@ -1217,8 +1185,8 @@ sub endSessionDone { # Handle checksession endpoint sub checkSession { my ( $self, $req ) = @_; - $self->lmLog( "URL detected as an OpenID Connect CHECK SESSION URL", - 'debug' ); + $self->logger->debug( + "URL detected as an OpenID Connect CHECK SESSION URL"); # TODO: access_control_allow_origin => '*' $req->frame(1); @@ -1252,7 +1220,7 @@ sub addRouteFromConf { my $sub = $subs{$_}; my $path = $self->conf->{$_}; unless ($path) { - $self->lmLog( "$_ parameter not defined", 'error' ); + $self->logger->error("$_ parameter not defined"); next; } $self->$adder( $self->path => { $path => $sub }, [ 'GET', 'POST' ] ); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm index 80b2b3d87..eae7edcd0 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/SAML.pm @@ -151,7 +151,7 @@ sub run { # 1.1. SSO (SSO URL or Proxy Mode) if ( $url =~ $self->ssoUrlRe or $req->datas->{_proxiedRequest} ) { - $self->lmLog( "URL $url detected as an SSO request URL", 'debug' ); + $self->logger->debug("URL $url detected as an SSO request URL"); # Check message my ( $request, $response, $method, $relaystate, $artifact ) = @@ -172,18 +172,18 @@ sub run { if ($session) { unless ( $self->setSessionFromDump( $login, $session ) ) { - $self->lmLog( "Unable to load Lasso Session", 'error' ); + $self->logger->error("Unable to load Lasso Session"); return PE_SAML_SSO_ERROR; } - $self->lmLog( "Lasso Session loaded", 'debug' ); + $self->logger->debug("Lasso Session loaded"); } if ($identity) { unless ( $self->setIdentityFromDump( $login, $identity ) ) { - $self->lmLog( "Unable to load Lasso Identity", 'error' ); + $self->logger->error("Unable to load Lasso Identity"); return PE_SAML_SSO_ERROR; } - $self->lmLog( "Lasso Identity loaded", 'debug' ); + $self->logger->debug("Lasso Identity loaded"); } my $result; @@ -193,9 +193,8 @@ sub run { # Need sp or spConfKey parameter unless ( $idp_initiated_sp or $idp_initiated_spConfKey ) { - $self->lmLog( -"sp or spConfKey parameter needed to make IDP initiated SSO", - 'error' + $self->userLogger->warn( +"sp or spConfKey parameter needed to make IDP initiated SSO" ); return PE_SAML_SSO_ERROR; } @@ -214,8 +213,8 @@ sub run { } else { unless ( defined $self->spList->{$idp_initiated_sp} ) { - $self->lmLog( "SP $idp_initiated_sp not known", - 'error' ); + $self->userLogger->error( + "SP $idp_initiated_sp not known"); return PE_SAML_UNKNOWN_ENTITY; } $idp_initiated_spConfKey = @@ -227,9 +226,8 @@ sub run { ->{$idp_initiated_spConfKey} ->{samlSPMetaDataOptionsEnableIDPInitiatedURL} ) { - $self->lmLog( -"IDP Initiated SSO not allowed for SP $idp_initiated_spConfKey", - 'error' + $self->userLogger->error( +"IDP Initiated SSO not allowed for SP $idp_initiated_spConfKey" ); return PE_SAML_SSO_ERROR; } @@ -238,9 +236,8 @@ sub run { $self->initIdpInitiatedAuthnRequest( $login, $idp_initiated_sp ); unless ($result) { - $self->lmLog( -"SSO: Fail to init IDP Initiated authentication request", - 'error' + $self->logger->error( + "SSO: Fail to init IDP Initiated authentication request" ); return PE_SAML_SSO_ERROR; } @@ -268,26 +265,26 @@ sub run { } unless ($result) { - $self->lmLog( "SSO: Fail to process authentication request", - 'error' ); + $self->logger->error( + "SSO: Fail to process authentication request"); return PE_SAML_SSO_ERROR; } # Get SP entityID my $sp = $request ? $login->remote_providerID() : $idp_initiated_sp; - $self->lmLog( "Found entityID $sp in SAML message", 'debug' ); + $self->logger->debug("Found entityID $sp in SAML message"); # SP conf key my $spConfKey = $self->spList->{$sp}->{confKey}; unless ($spConfKey) { - $self->lmLog( "$sp do not match any SP in configuration", - 'error' ); + $self->userLogger->error( + "$sp do not match any SP in configuration"); return PE_SAML_UNKNOWN_ENTITY; } - $self->lmLog( "$sp match $spConfKey SP in configuration", 'debug' ); + $self->logger->debug("$sp match $spConfKey SP in configuration"); # Do we check signature? my $checkSSOMessageSignature = @@ -306,39 +303,37 @@ sub run { } unless ($result) { - $self->lmLog( "Signature is not valid", 'error' ); + $self->logger->error("Signature is not valid"); return PE_SAML_SIGNATURE_ERROR; } else { - $self->lmLog( "Signature is valid", 'debug' ); + $self->logger->debug("Signature is valid"); } } else { - $self->lmLog( "Message signature will not be checked", - 'debug' ); + $self->logger->debug("Message signature will not be checked"); } # Validate request unless ( $self->validateRequestMsg( $login, 1, 1 ) ) { - $self->lmLog( "Unable to validate SSO request message", - 'error' ); + $self->logger->error("Unable to validate SSO request message"); return PE_SAML_SSO_ERROR; } - $self->lmLog( "SSO: authentication request is valid", 'debug' ); + $self->logger->debug("SSO: authentication request is valid"); # Get ForceAuthn flag my $force_authn; eval { $force_authn = $login->request()->ForceAuthn(); }; if ($@) { - $self->lmLog( "Unable to get ForceAuthn flag, set it to false", - 'warn' ); + $self->logger->warn( + "Unable to get ForceAuthn flag, set it to false"); $force_authn = 0; } - $self->lmLog( "Found ForceAuthn flag with value $force_authn", - 'debug' ); + $self->logger->debug( + "Found ForceAuthn flag with value $force_authn"); # Get ForceAuthn sessions for this session_id my $moduleOptions = $self->conf->{samlStorageOptions} || {}; @@ -359,9 +354,8 @@ sub run { # Warning if more than one session found if ( $#forceAuthn_sessions_keys > 0 ) { - $self->lmLog( -"More than one ForceAuthn session found for session $session_id", - 'warn' + $self->logger->warn( +"More than one ForceAuthn session found for session $session_id" ); } @@ -369,9 +363,8 @@ sub run { $forceAuthn_session = shift @forceAuthn_sessions_keys; # Get session - $self->lmLog( -"Retrieve ForceAuthn session $forceAuthn_session for session $session_id", - 'debug' + $self->logger->debug( +"Retrieve ForceAuthn session $forceAuthn_session for session $session_id" ); $forceAuthnSessionInfo = @@ -380,17 +373,15 @@ sub run { # Check forceAuthn flag for current SP if ( $forceAuthnSessionInfo->data->{$spConfKey} ) { - $self->lmLog( -"User was already forced to reauthenticate for SP $spConfKey", - 'debug' + $self->logger->debug( +"User was already forced to reauthenticate for SP $spConfKey" ); $force_authn = 1; } } else { - $self->lmLog( - "No ForceAuthn session found for session $session_id", - 'debug' ); + $self->logger->debug( + "No ForceAuthn session found for session $session_id"); } # Force authentication if flag is on, or previous flag still active @@ -408,14 +399,12 @@ sub run { $forceInfos->{'_utime'} = $time; $forceAuthnSessionInfo->update($forceInfos); $forceAuthn_session = $forceAuthnSessionInfo->id; - $self->lmLog( - "Create ForceAuthn session $forceAuthn_session", - 'debug' ); + $self->logger->debug( + "Create ForceAuthn session $forceAuthn_session"); } - $self->lmLog( -"Set ForceAuthn flag for SP $spConfKey in ForceAuthn session $forceAuthn_session", - 'debug' + $self->logger->debug( +"Set ForceAuthn flag for SP $spConfKey in ForceAuthn session $forceAuthn_session" ); # Replay authentication process @@ -437,9 +426,8 @@ sub run { $self->getSamlSession($forceAuthn_session); $forceAuthnSessionInfo->update( { $spConfKey => 0 } ); - $self->lmLog( -"Unset ForceAuthn flag for SP $spConfKey in ForceAuthn session $forceAuthn_session", - 'debug' + $self->logger->debug( +"Unset ForceAuthn flag for SP $spConfKey in ForceAuthn session $forceAuthn_session" ); } @@ -456,7 +444,7 @@ sub run { $authn_context = $self->authnLevel2authnContext($authenticationLevel); - $self->lmLog( "Authentication context is $authn_context", 'debug' ); + $self->logger->debug("Authentication context is $authn_context"); # Get SP options notOnOrAfterTimeout my $notOnOrAfterTimeout = @@ -470,11 +458,11 @@ sub run { ) ) { - $self->lmLog( "Unable to build assertion", 'error' ); + $self->logger->error("Unable to build assertion"); return PE_SAML_SSO_ERROR; } - $self->lmLog( "SSO: assertion is built", 'debug' ); + $self->logger->debug("SSO: assertion is built"); # Get default NameID Format from configuration # Set to "email" if no value in configuration @@ -486,8 +474,8 @@ sub run { # Check NameID Policy in request if ( $login->request()->NameIDPolicy ) { $nameIDFormat = $login->request()->NameIDPolicy->Format(); - $self->lmLog( "Get NameID format $nameIDFormat from request", - 'debug' ); + $self->logger->debug( + "Get NameID format $nameIDFormat from request"); } # NameID unspecified is forced to default NameID format @@ -553,11 +541,10 @@ sub run { $login->nameIdentifier($nameIdentifier); } - $self->lmLog( "NameID Format is " . $login->nameIdentifier->Format, - 'debug' ); - $self->lmLog( - "NameID Content is " . $login->nameIdentifier->content, - 'debug' ); + $self->logger->debug( + "NameID Format is " . $login->nameIdentifier->Format ); + $self->logger->debug( + "NameID Content is " . $login->nameIdentifier->content ); # Push mandatory attributes my @attributes; @@ -581,32 +568,30 @@ sub run { # Do not send attribute if not mandatory unless ($mandatory) { - $self->lmLog( "SAML2 attribute $name is not mandatory", - 'debug' ); + $self->logger->debug( + "SAML2 attribute $name is not mandatory"); next; } # Error if corresponding attribute is not in user session my $value = $req->{sessionInfo}->{$_}; unless ( defined $value ) { - $self->lmLog( -"Session key $_ is required to set SAML $name attribute", - 'error' + $self->logger->warn( + "Session key $_ is required to set SAML $name attribute" ); return PE_SAML_SSO_ERROR; } - $self->lmLog( - "SAML2 attribute $name will be set with $_ session key", - 'debug' ); + $self->logger->debug( + "SAML2 attribute $name will be set with $_ session key"); # SAML2 attribute my $attribute = $self->createAttribute( $name, $format, $friendly_name ); unless ($attribute) { - $self->lmLog( "Unable to create a new SAML attribute", - 'error' ); + $self->logger->error( + "Unable to create a new SAML attribute"); return PE_SAML_SSO_ERROR; } @@ -622,16 +607,15 @@ sub run { ->{samlSPMetaDataOptionsForceUTF8} ); unless ($saml2value) { - $self->lmLog( - "Unable to create a new SAML attribute value", - 'error' ); + $self->logger->error( + "Unable to create a new SAML attribute value"); $self->checkLassoError($@); return PE_SAML_SSO_ERROR; } push @saml2values, $saml2value; - $self->lmLog( "Push $_ in SAML attribute $name", 'debug' ); + $self->logger->debug("Push $_ in SAML attribute $name"); } @@ -646,7 +630,7 @@ sub run { my @response_assertions = $login->response->Assertion; unless ( $response_assertions[0] ) { - $self->lmLog( "Unable to get response assertion", 'error' ); + $self->logger->error("Unable to get response assertion"); return PE_SAML_SSO_ERROR; } @@ -665,7 +649,7 @@ sub run { $oneTimeUse ); }; if ($@) { - $self->lmLog( "Basic conditions not set: $@", 'debug' ); + $self->logger->debug("Basic conditions not set: $@"); } # Create attribute statement @@ -699,9 +683,8 @@ sub run { my $sessionIndex = $self->conf->{cipher}->encrypt($session_id); $authn_statements[0]->SessionIndex($sessionIndex); - $self->lmLog( - "Set sessionIndex $sessionIndex (encrypted from $session_id)", - 'debug' ); + $self->logger->debug( + "Set sessionIndex $sessionIndex (encrypted from $session_id)"); # Set SessionNotOnOrAfter my $sessionNotOnOrAfterTimeout = @@ -712,8 +695,8 @@ sub run { my $sessionNotOnOrAfter = $self->timestamp2samldate($timeout); $authn_statements[0]->SessionNotOnOrAfter($sessionNotOnOrAfter); - $self->lmLog( "Set sessionNotOnOrAfter $sessionNotOnOrAfter", - 'debug' ); + $self->logger->debug( + "Set sessionNotOnOrAfter $sessionNotOnOrAfter"); # Register AuthnStatement in assertion $response_assertions[0]->AuthnStatement(@authn_statements); @@ -727,16 +710,16 @@ sub run { ->{samlSPMetaDataOptionsSignSSOMessage} // -1; if ( $signSSOMessage == 0 ) { - $self->lmLog( "SSO response will not be signed", 'debug' ); + $self->logger->debug("SSO response will not be signed"); $self->disableSignature($login); } elsif ( $signSSOMessage == 1 ) { - $self->lmLog( "SSO response will be signed", 'debug' ); + $self->logger->debug("SSO response will be signed"); $self->forceSignature($login); } else { - $self->lmLog( "SSO response signature according to metadata", - 'debug' ); + $self->logger->debug( + "SSO response signature according to metadata"); } # log that a SAML authn response is build @@ -783,13 +766,12 @@ sub run { # Build artifact message unless ( $self->buildArtifactMsg( $login, $artifact_method ) ) { - $self->lmLog( - "Unable to build SSO artifact response message", - 'error' ); + $self->logger->error( + "Unable to build SSO artifact response message"); return PE_SAML_ART_ERROR; } - $self->lmLog( "SSO: artifact response is built", 'debug' ); + $self->logger->debug("SSO: artifact response is built"); # Get artifact ID and Content, and store them my $artifact_id = $login->get_artifact; @@ -803,13 +785,12 @@ sub run { else { unless ( $self->buildAuthnResponseMsg($login) ) { - $self->lmLog( "Unable to build SSO response message", - 'error' ); + $self->logger->error( + "Unable to build SSO response message"); return PE_SAML_SSO_ERROR; } - $self->lmLog( "SSO: authentication response is built", - 'debug' ); + $self->logger->debug("SSO: authentication response is built"); } @@ -817,14 +798,14 @@ sub run { if ( $login->is_identity_dirty ) { # Update session - $self->lmLog( "Save Lasso identity in session", 'debug' ); + $self->logger->debug("Save Lasso identity in session"); $self->updatePersistentSession( { _lassoIdentityDump => $login->get_identity->dump }, undef, $session_id ); } if ( $login->is_session_dirty ) { - $self->lmLog( "Save Lasso session in session", 'debug' ); + $self->logger->debug("Save Lasso session in session"); $self->p->updateSession( $req, { _lassoSessionDump => $login->get_session->dump }, $session_id ); @@ -833,12 +814,9 @@ sub run { # Keep SAML elements for later queries my $nameid = $login->nameIdentifier; - $self->lmLog( - "Store NameID " + $self->logger->debug( "Store NameID " . $nameid->dump - . " and SessionIndex $sessionIndex for session $session_id", - 'debug' - ); + . " and SessionIndex $sessionIndex for session $session_id" ); my $samlSessionInfo = $self->getSamlSession(); @@ -856,9 +834,8 @@ sub run { my $saml_session_id = $samlSessionInfo->id; - $self->lmLog( - "Link session $session_id to SAML session $saml_session_id", - 'debug' ); + $self->logger->debug( + "Link session $session_id to SAML session $saml_session_id"); # Send SSO Response @@ -868,9 +845,8 @@ sub run { { my $cdc_idp = $self->getMetaDataURL( "samlEntityID", 0, 1 ); - $self->lmLog( - "Will register IDP $cdc_idp in Common Domain Cookie", - 'debug' ); + $self->logger->debug( + "Will register IDP $cdc_idp in Common Domain Cookie"); # Redirection to CDC Writer page in a hidden iframe my $cdc_writer_url = @@ -936,7 +912,7 @@ sub run { # Redirect user to response URL my $sso_url = $login->msg_url; - $self->lmLog( "Redirect user to $sso_url", 'debug' ); + $self->logger->debug("Redirect user to $sso_url"); $req->{urldc} = $sso_url; $req->mustRedirect(1); @@ -948,9 +924,8 @@ sub run { } elsif ($response) { - $self->lmLog( - "Authentication responses are not managed by this module", - 'debug' ); + $self->logger->debug( + "Authentication responses are not managed by this module"); return PE_OK; } @@ -958,7 +933,7 @@ sub run { # No request or response # This should not happen - $self->lmLog( "No request or response found", 'debug' ); + $self->logger->debug("No request or response found"); return PE_OK; } @@ -971,9 +946,8 @@ sub run { sub artifactServer { my ( $self, $req ) = @_; - $self->lmLog( - "URL $req->uri detected as an artifact resolution service URL", - 'debug' ); + $self->logger->debug( + "URL $req->uri detected as an artifact resolution service URL"); # Artifact request are sent with SOAP trough POST my $art_request = $req->content; @@ -1002,7 +976,7 @@ sub artifactServer { $self->{SOAPMessage} = $art_response; # Return SOAP message - $self->lmLog( "Send SOAP Message: $art_response", 'debug' ); + $self->logger->debug("Send SOAP Message: $art_response"); return [ 200, [ @@ -1019,7 +993,7 @@ sub soapSloServer { my $request_method = $req->param('issuerMethod') || $req->method; my $content_type = $req->content_type(); - $self->lmLog( "URL $url detected as an SLO URL", 'debug' ); + $self->logger->debug("URL $url detected as an SLO URL"); # Check SAML Message my ( $request, $response, $method, $relaystate, $artifact ) = @@ -1040,7 +1014,7 @@ sub soapSloServer { "SLO: Fail to process logout request", 400 ); } - $self->lmLog( "SLO: Logout request is valid", 'debug' ); + $self->logger->debug("SLO: Logout request is valid"); # We accept only SOAP here unless ( $method eq $self->getHttpMethod('soap') ) { @@ -1051,7 +1025,7 @@ sub soapSloServer { # Get SP entityID my $sp = $logout->remote_providerID(); - $self->lmLog( "Found entityID $sp in SAML message", 'debug' ); + $self->logger->debug("Found entityID $sp in SAML message"); # SP conf key my $spConfKey = $self->spList->{$sp}->{confKey}; @@ -1061,7 +1035,7 @@ sub soapSloServer { "$sp do not match any SP in configuration", 400 ); } - $self->lmLog( "$sp match $spConfKey SP in configuration", 'debug' ); + $self->logger->debug("$sp match $spConfKey SP in configuration"); # Do we check signature? my $checkSLOMessageSignature = @@ -1077,11 +1051,11 @@ sub soapSloServer { 400 ); } else { - $self->lmLog( "Signature is valid", 'debug' ); + $self->logger->debug("Signature is valid"); } } else { - $self->lmLog( "Message signature will not be checked", 'debug' ); + $self->logger->debug("Message signature will not be checked"); } # Get SAML request @@ -1107,10 +1081,8 @@ sub soapSloServer { # Decrypt session index my $local_session_id = $self->conf->{cipher}->decrypt($session_index); - $self->lmLog( - "Get session id $local_session_id (decrypted from $session_index)", - 'debug' - ); + $self->logger->debug( + "Get session id $local_session_id (decrypted from $session_index)"); # Open local session my $local_session = $self->p->getApacheSession($local_session_id); @@ -1128,7 +1100,7 @@ sub soapSloServer { return $self->p->sendError( $req, "Unable to load Lasso Session", 400 ); } - $self->lmLog( "Lasso Session loaded", 'debug' ); + $self->logger->debug("Lasso Session loaded"); } if ($identity) { @@ -1136,7 +1108,7 @@ sub soapSloServer { return $self->p->sendError( $req, "Unable to load Lasso Identity", 400 ); } - $self->lmLog( "Lasso Identity loaded", 'debug' ); + $self->logger->debug("Lasso Identity loaded"); } # Close SAML sessions @@ -1166,40 +1138,39 @@ sub soapSloServer { $self->getHttpMethod('soap'), 0 ); if ($rstatus) { - $self->lmLog( "SOAP SLO successful on $providerID", 'debug' ); + $self->logger->debug("SOAP SLO successful on $providerID"); } else { - $self->lmLog( "SOAP SLO error on $providerID", 'debug' ); + $self->logger->debug("SOAP SLO error on $providerID"); } } # Set RelayState if ($relaystate) { $logout->msg_relayState($relaystate); - $self->lmLog( "Set $relaystate in RelayState", 'debug' ); + $self->logger->debug("Set $relaystate in RelayState"); } # Signature - my $signSLOMessage = - $self->{samlSPMetaDataOptions}->{$spConfKey} + my $signSLOMessage = $self->{samlSPMetaDataOptions}->{$spConfKey} ->{samlSPMetaDataOptionsSignSLOMessage} // 0; if ( $signSLOMessage == 0 ) { - $self->lmLog( "SLO response will not be signed", 'debug' ); + $self->logger->debug("SLO response will not be signed"); $self->disableSignature($logout); } elsif ( $signSLOMessage == 1 ) { - $self->lmLog( "SLO response will be signed", 'debug' ); + $self->logger->debug("SLO response will be signed"); $self->forceSignature($logout); } else { - $self->lmLog( "SLO response signature according to metadata", - 'debug' ); + $self->logger->debug( + "SLO response signature according to metadata"); } # Send logout response unless ( $self->buildLogoutResponseMsg($logout) ) { - $self->lmLog( "Unable to build SLO response", 'error' ); + $self->logger->error("Unable to build SLO response"); return $self->p->sendError( $req, 'Unable to build SLO response', 400 ); } @@ -1225,7 +1196,7 @@ sub logout { # Close SAML sessions unless ( $self->deleteSAMLSecondarySessions($session_id) ) { - $self->lmLog( "Fail to delete SAML sessions", 'error' ); + $self->logger->error("Fail to delete SAML sessions"); } # Create Logout object @@ -1237,25 +1208,25 @@ sub logout { if ($session) { unless ( $self->setSessionFromDump( $logout, $session ) ) { - $self->lmLog( "Unable to load Lasso Session", 'error' ); + $self->logger->error("Unable to load Lasso Session"); return PE_SAML_SLO_ERROR; } - $self->lmLog( "Lasso Session loaded", 'debug' ); + $self->logger->debug("Lasso Session loaded"); } # No need to initiate logout requests on SP, if no SAML session is # available into the session. else { - $self->lmLog( 'No SAML session available into this session', 'debug' ); + $self->logger->debug('No SAML session available into this session'); return PE_OK; } if ($identity) { unless ( $self->setIdentityFromDump( $logout, $identity ) ) { - $self->lmLog( "Unable to load Lasso Identity", 'error' ); + $self->logger->error("Unable to load Lasso Identity"); return PE_SAML_SLO_ERROR; } - $self->lmLog( "Lasso Identity loaded", 'debug' ); + $self->logger->debug("Lasso Identity loaded"); } # Proceed to logout on all others SP. @@ -1273,29 +1244,29 @@ sub logout { sub sloRelaySoap { my ( $self, $req ) = @_; - $self->lmLog( "URL " . $req->uri . " detected as a SOAP relay service URL", - 'debug' ); + $self->logger->debug( + "URL " . $req->uri . " detected as a SOAP relay service URL" ); # Check if relay parameter is present (mandatory) my $relayID; unless ( $relayID = $req->param('relay') ) { - $self->lmLog( "No relayID detected", 'error' ); + $self->logger->error("No relayID detected"); return $self->imgnok($req); } # Retrieve the corresponding data from samlStorage my $relayInfos = $self->getSamlSession($relayID); unless ($relayInfos) { - $self->lmLog( "Could not get relay session $relayID", 'error' ); + $self->logger->error("Could not get relay session $relayID"); return $self->imgnok($req); } - $self->lmLog( "Found relay session $relayID", 'debug' ); + $self->logger->debug("Found relay session $relayID"); # Rebuild the logout object my $logout; unless ( $logout = $self->createLogout( $self->lassoServer ) ) { - $self->lmLog( "Could not rebuild logout object", 'error' ); + $self->logger->error("Could not rebuild logout object"); return $self->imgnok($req); } @@ -1308,18 +1279,18 @@ sub sloRelaySoap { if ($session) { unless ( $self->setSessionFromDump( $logout, $session ) ) { - $self->lmLog( "Unable to load Lasso Session", 'error' ); + $self->logger->error("Unable to load Lasso Session"); return $self->imgnok($req); } - $self->lmLog( "Lasso Session loaded", 'debug' ); + $self->logger->debug("Lasso Session loaded"); } if ($identity) { unless ( $self->setIdentityFromDump( $logout, $identity ) ) { - $self->lmLog( "Unable to load Lasso Identity", 'error' ); + $self->logger->error("Unable to load Lasso Identity"); return $self->imgnok($req); } - $self->lmLog( "Lasso Identity loaded", 'debug' ); + $self->logger->debug("Lasso Identity loaded"); } # Send the logout request @@ -1328,8 +1299,8 @@ sub sloRelaySoap { Lasso::Constants::HTTP_METHOD_SOAP, undef, $relayState ); unless ($rstatus) { - $self->lmLog( "Fail to process SOAP logout request to $providerID", - 'error' ); + $self->logger->error( + "Fail to process SOAP logout request to $providerID"); return $self->imgnok($req); } @@ -1338,28 +1309,26 @@ sub sloRelaySoap { if ($sloStatusSessionInfos) { $sloStatusSessionInfos->update( { $spConfKey => 1 } ); - $self->lmLog( "Store SLO status for $spConfKey in session $relayState", - 'debug' ); + $self->logger->debug( + "Store SLO status for $spConfKey in session $relayState"); } else { - $self->lmLog( - "Unable to store SLO status for $spConfKey in session $relayState", - 'warn' - ); + $self->logger->warn( + "Unable to store SLO status for $spConfKey in session $relayState"); } # Delete relay session $relayInfos->remove(); # SLO response is OK - $self->lmLog( "Display OK status for SLO on $spConfKey", 'debug' ); + $self->logger->debug("Display OK status for SLO on $spConfKey"); return $self->imgok($req); } sub sloRelayPost { my ( $self, $req ) = @_; - $self->lmLog( "URL " . $req->uri . " detected as a POST relay service URL", - 'debug' ); + $self->logger->debug( + "URL " . $req->uri . " detected as a POST relay service URL" ); # Check if relay parameter is present (mandatory) my $relayID; @@ -1374,7 +1343,7 @@ sub sloRelayPost { "Could not get relay session $relayID" ); } - $self->lmLog( "Found relay session $relayID", 'debug' ); + $self->logger->debug("Found relay session $relayID"); # Get data to build POST form $req->{postUrl} = $relayInfos->data->{url}; @@ -1398,7 +1367,7 @@ sub sloServer { my $url = $req->uri; my $request_method = $req->param('issuerMethod') || $req->method; my $content_type = $req->content_type(); - $self->lmLog( "URL $url detected as an SLO URL", 'debug' ); + $self->logger->debug("URL $url detected as an SLO URL"); # Check SAML Message my ( $request, $response, $method, $relaystate, $artifact ) = @@ -1423,12 +1392,12 @@ sub sloServer { "SLO: Fail to process logout request", 400 ); } - $self->lmLog( "SLO: Logout request is valid", 'debug' ); + $self->logger->debug("SLO: Logout request is valid"); # Get SP entityID my $sp = $logout->remote_providerID(); - $self->lmLog( "Found entityID $sp in SAML message", 'debug' ); + $self->logger->debug("Found entityID $sp in SAML message"); # SP conf key my $spConfKey = $self->spList->{$sp}->{confKey}; @@ -1438,7 +1407,7 @@ sub sloServer { "$sp do not match any SP in configuration", 400 ); } - $self->lmLog( "$sp match $spConfKey SP in configuration", 'debug' ); + $self->logger->debug("$sp match $spConfKey SP in configuration"); # Load Session and Identity if they exist my ( $session, $session_index, $identity, $local_session_id ); @@ -1447,15 +1416,13 @@ sub sloServer { # SLO requests without session index are not accepted unless ( defined $session_index ) { - $self->lmLog( "No session index in SLO request from $spConfKey SP", - 'error' ); + $self->logger->error( + "No session index in SLO request from $spConfKey SP"); return $self->sendSLOErrorResponse( $logout, $method ); } $local_session_id = $self->conf->{cipher}->decrypt($session_index); - $self->lmLog( - "Get session id $local_session_id (decrypted from $session_index)", - 'debug' - ); + $self->logger->debug( + "Get session id $local_session_id (decrypted from $session_index)"); if ( $req->{sessionInfo} ) { $session = $req->{sessionInfo}->{_lassoSessionDump}; @@ -1467,7 +1434,7 @@ sub sloServer { my $local_session = $self->p->getApacheSession($local_session_id); unless ($local_session) { - $self->lmLog( "No local session found", 'error' ); + $self->logger->error("No local session found"); return $self->sendSLOErrorResponse( $logout, $method ); } @@ -1486,7 +1453,7 @@ sub sloServer { return $self->p->sendError( $req, "Unable to load Lasso Session", 400 ); } - $self->lmLog( "Lasso Session loaded", 'debug' ); + $self->logger->debug("Lasso Session loaded"); } if ($identity) { @@ -1494,7 +1461,7 @@ sub sloServer { return $self->p->sendError( $req, "Unable to load Lasso Identity", 400 ); } - $self->lmLog( "Lasso Identity loaded", 'debug' ); + $self->logger->debug("Lasso Identity loaded"); } # Do we check signature? @@ -1511,11 +1478,11 @@ sub sloServer { 400 ); } else { - $self->lmLog( "Signature is valid", 'debug' ); + $self->logger->debug("Signature is valid"); } } else { - $self->lmLog( "Message signature will not be checked", 'debug' ); + $self->logger->debug("Message signature will not be checked"); } # Check Destination @@ -1530,7 +1497,7 @@ sub sloServer { # Set RelayState if ($relaystate) { $logout->msg_relayState($relaystate); - $self->lmLog( "Set $relaystate in RelayState", 'debug' ); + $self->logger->debug("Set $relaystate in RelayState"); } # Create SLO status session and get ID @@ -1552,7 +1519,7 @@ sub sloServer { # Close SAML sessions unless ( $self->deleteSAMLSecondarySessions($local_session_id) ) { - $self->lmLog( "Fail to delete SAML sessions", 'error' ); + $self->logger->error("Fail to delete SAML sessions"); } # Close local session @@ -1563,20 +1530,19 @@ sub sloServer { $self->p->do( $req, [ @{ $self->p->beforeLogout }, 'deleteSession' ] ); # Signature - my $signSLOMessage = - $self->conf->{samlSPMetaDataOptions}->{$spConfKey} + my $signSLOMessage = $self->conf->{samlSPMetaDataOptions}->{$spConfKey} ->{samlSPMetaDataOptionsSignSLOMessage}; unless ($signSLOMessage) { - $self->lmLog( "Do not sign this SLO response", 'debug' ); + $self->logger->debug("Do not sign this SLO response"); return $self->sendSLOErrorResponse( $logout, $method ) unless ( $self->disableSignature($logout) ); } # If no waiting SP, return directly SLO response unless ($provider_nb) { - return $self->sendLogoutResponseToServiceProvider( $req, - $logout, $method ); + return $self->sendLogoutResponseToServiceProvider( $req, $logout, + $method ); } # Else build SLO status relay URL and display info @@ -1593,9 +1559,8 @@ sub sloServer { # No SLO response should be here # else it means SSO session was not closed: launching it - $self->lmLog( - "SLO response found on an active SSO session, ignoring it", - 'debug' ); + $self->logger->debug( + "SLO response found on an active SSO session, ignoring it"); $req->datas->{samlSLOCalled} = 1; return $self->p->do( $req, [ @{ $self->p->beforeLogout }, 'deleteSession' ] ); @@ -1612,7 +1577,7 @@ sub sloServer { sub attributeServer { my ( $self, $req, ) = @_; my $url = $req->uri; - $self->lmLog( "URL $url detected as an attribute service URL", 'debug' ); + $self->logger->debug("URL $url detected as an attribute service URL"); # Attribute request are sent with SOAP trough POST my $att_request = $req->content; @@ -1629,7 +1594,7 @@ sub attributeServer { # Get SP entityID my $sp = $query->remote_providerID(); - $self->lmLog( "Found entityID $sp in SAML message", 'debug' ); + $self->logger->debug("Found entityID $sp in SAML message"); # SP conf key my $spConfKey = $self->spList->{$sp}->{confKey}; @@ -1639,7 +1604,7 @@ sub attributeServer { "$sp do not match any SP in configuration", 400 ); } - $self->lmLog( "$sp match $spConfKey SP in configuration", 'debug' ); + $self->logger->debug("$sp match $spConfKey SP in configuration"); # Check Destination unless ( $self->checkDestination( $query->request, $url ) ) { @@ -1674,24 +1639,24 @@ sub attributeServer { # Warning if more than one session found if ( $#saml_sessions_keys > 0 ) { - $self->lmLog( "More than one SAML session found for user $user", - 'warn' ); + $self->logger->warn( + "More than one SAML session found for user $user"); } # Take the first session my $saml_session = shift @saml_sessions_keys; # Get session - $self->lmLog( "Retrieve SAML session $saml_session for user $user", - 'debug' ); + $self->logger->debug( + "Retrieve SAML session $saml_session for user $user"); my $samlSessionInfo = $self->getSamlSession($saml_session); # Get real session my $real_session = $samlSessionInfo->data->{_saml_id}; - $self->lmLog( "Retrieve real session $real_session for user $user", - 'debug' ); + $self->logger->debug( + "Retrieve real session $real_session for user $user"); $sessionInfo = $self->p->getApacheSession($real_session); @@ -1746,20 +1711,19 @@ sub attributeServer { if ( $rfriendly_name and $rfriendly_name !~ /^$friendly_name$/ ); - $self->lmLog( - "SP $spConfKey is authorized to access attribute $rname", - 'debug' ); + $self->logger->debug( + "SP $spConfKey is authorized to access attribute $rname"); - $self->lmLog( "Attribute $rname is linked to $sp_attr session key", - 'debug' ); + $self->logger->debug( + "Attribute $rname is linked to $sp_attr session key"); # Check if values are given my $rvalue = $self->getAttributeValue( $rname, $rformat, $rfriendly_name, [$req_attr] ); - $self->lmLog( "Some values are explicitely requested: $rvalue", - 'debug' ) + $self->logger->debug( + "Some values are explicitely requested: $rvalue") if defined $rvalue; # Get session value @@ -1792,9 +1756,8 @@ sub attributeServer { ) ) ) { - $self->lmLog( -"$local_value value is not in requested values, it will not be sent", - 'warn' + $self->logger->warn( +"$local_value value is not in requested values, it will not be sent" ); next; } @@ -1812,8 +1775,8 @@ sub attributeServer { push @saml2values, $saml2value; - $self->lmLog( "Push $local_value in SAML attribute $name", - 'debug' ); + $self->logger->debug( + "Push $local_value in SAML attribute $name"); } @@ -1824,7 +1787,7 @@ sub attributeServer { } else { - $self->lmLog( "No session value for $sp_attr", 'debug' ); + $self->logger->debug("No session value for $sp_attr"); } } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm index 618651abc..7f3ed7614 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm @@ -49,8 +49,8 @@ sub getCasSession { $self->p->userInfo("CAS session $id isn't yet available"); } else { - $self->lmLog( "Unable to create new CAS session", 'error' ); - $self->lmLog( $casSession->error, 'error' ); + $self->logger->error("Unable to create new CAS session"); + $self->logger->error( $casSession->error ); } return undef; } @@ -62,7 +62,7 @@ sub getCasSession { sub returnCasValidateError { my ( $self, $req ) = @_; - $self->lmLog( "Return CAS validate error", 'debug' ); + $self->logger->debug("Return CAS validate error"); return [ 200, [ 'Content-Length' => 4 ], ["no\n\n"] ]; } @@ -71,8 +71,7 @@ sub returnCasValidateError { sub returnCasValidateSuccess { my ( $self, $req, $username ) = @_; - $self->lmLog( "Return CAS validate success with username $username", - 'debug' ); + $self->logger->debug("Return CAS validate success with username $username"); return $self->sendSoapResponse( $req, "yes\n$username\n" ); } @@ -84,7 +83,7 @@ sub returnCasServiceValidateError { $code ||= 'INTERNAL_ERROR'; $text ||= 'No description provided'; - $self->lmLog( "Return CAS service validate error $code ($text)", 'debug' ); + $self->logger->debug("Return CAS service validate error $code ($text)"); return $self->sendSoapResponse( $req, " @@ -99,8 +98,8 @@ sub returnCasServiceValidateError { sub returnCasServiceValidateSuccess { my ( $self, $req, $username, $pgtIou, $proxies, $attributes ) = @_; - $self->lmLog( "Return CAS service validate success with username $username", - 'debug' ); + $self->logger->debug( + "Return CAS service validate success with username $username"); my $s = " \t @@ -121,13 +120,12 @@ sub returnCasServiceValidateSuccess { $s .= "\t\t\n"; } if ( defined $pgtIou ) { - $self->lmLog( "Add proxy granting ticket $pgtIou in response", - 'debug' ); + $self->logger->debug("Add proxy granting ticket $pgtIou in response"); $s .= "\t\t$pgtIou\n"; } if ($proxies) { - $self->lmLog( "Add proxies $proxies in response", 'debug' ); + $self->logger->debug("Add proxies $proxies in response"); $s .= "\t\t\n\t\t\t$_\n" foreach ( split( /$self->{multiValuesSeparator}/, $proxies ) ); $s .= "\t\t\n"; @@ -144,7 +142,7 @@ sub returnCasProxyError { $code ||= 'INTERNAL_ERROR'; $text ||= 'No description provided'; - $self->lmLog( "Return CAS proxy error $code ($text)", 'debug' ); + $self->logger->debug("Return CAS proxy error $code ($text)"); return $self->sendSoapResponse( $req, " @@ -159,7 +157,7 @@ sub returnCasProxyError { sub returnCasProxySuccess { my ( $self, $req, $ticket ) = @_; - $self->lmLog( "Return CAS proxy success with ticket $ticket", 'debug' ); + $self->logger->debug("Return CAS proxy success with ticket $ticket"); return $self->sendSoapResponse( $req, " @@ -188,7 +186,7 @@ sub deleteCasSecondarySessions { foreach my $cas_session (@cas_sessions_keys) { # Get session - $self->lmLog( "Retrieve CAS session $cas_session", 'debug' ); + $self->logger->debug("Retrieve CAS session $cas_session"); my $casSession = $self->getCasSession($cas_session); @@ -197,8 +195,7 @@ sub deleteCasSecondarySessions { } } else { - $self->lmLog( "No CAS session found for session $session_id ", - 'debug' ); + $self->logger->debug("No CAS session found for session $session_id "); } return $result; @@ -211,7 +208,7 @@ sub deleteCasSession { # Check session object unless ( $session && $session->data ) { - $self->lmLog( "No session to delete", 'error' ); + $self->logger->error("No session to delete"); return 0; } @@ -220,11 +217,11 @@ sub deleteCasSession { # Delete session unless ( $session->remove ) { - $self->lmLog( $session->error, 'error' ); + $self->logger->error( $session->error ); return 0; } - $self->lmLog( "CAS session $session_id deleted", 'debug' ); + $self->logger->debug("CAS session $session_id deleted"); return 1; } @@ -237,7 +234,7 @@ sub callPgtUrl { my $url = $pgtUrl . ( $pgtUrl =~ /\?/ ? '&' : '?' ) . "pgtIou=$pgtIou&pgtId=$pgtId"; - $self->lmLog( "Call URL $url", 'debug' ); + $self->logger->debug("Call URL $url"); # GET URL my $response = $self->ua->get($url); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm index fb433b514..81184db29 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Captcha.pm @@ -58,21 +58,21 @@ sub validateCaptcha { my ( $self, $token, $value ) = @_; my $s = $self->ott->getToken($token); unless ($s) { - $self->lmLog( "Captcha token $token isn't valid", 'warn' ); + $self->logger->warn("Captcha token $token isn't valid"); return 0; } unless ( $s->{captcha} == $value ) { - $self->lmLog( 'Bad captcha response', 'notice' ); + $self->logger->notice('Bad captcha response'); return 0; } - $self->lmLog( 'Good captcha response', 'debug' ); + $self->logger->debug('Good captcha response'); return 1; } sub setCaptcha { my ( $self, $req ) = @_; my ( $token, $image ) = $self->getCaptcha; - $self->lmLog( 'Prepare captcha', 'debug' ); + $self->logger->debug('Prepare captcha'); $req->token($token); $req->captcha($image); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm index 0a50e163c..205ea56a7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm @@ -37,16 +37,13 @@ sub init { . $mods[$type]; if ( $module = $self->loadPlugin( $name, $module ) ) { $self->modules->{$name} = $module; - $self->p->lmLog( + $self->logger->debug( [qw(Authentication User Password)]->[$type] - . " module $name selected", - 'debug' - ); + . " module $name selected" ); } else { - $self->lmLog( - "Choice: unable to load $name, disabling it: " . $self->error, - 'error' ); + $self->logger->error( + "Choice: unable to load $name, disabling it: " . $self->error ); $self->error(''); } } @@ -65,7 +62,7 @@ sub checkChoice { or return 0; return $name if ( $req->datas->{ "enabledMods" . $self->type } ); unless ( defined $self->modules->{$name} ) { - $self->lmLog( "Unknown choice '$name'", 'error' ); + $self->logger->error("Unknown choice '$name'"); return 0; } $req->sessionInfo->{_choice} = $name; @@ -94,7 +91,7 @@ sub _buildAuthLoop { # Test authentication choices unless ( ref $self->conf->{authChoiceModules} eq 'HASH' ) { - $self->lmLog( "No authentication choices defined", 'warn' ); + $self->logger->warn("No authentication choices defined"); return []; } @@ -121,7 +118,7 @@ sub _buildAuthLoop { # Default URL $url = ( defined $url ? $url .= $req->env->{'REQUEST_URI'} : '#' ); - $self->lmLog( "Use URL $url", 'debug' ); + $self->logger->debug("Use URL $url"); # Options to store in the loop my $optionsLoop = @@ -132,8 +129,7 @@ sub _buildAuthLoop { my $displayType = "Lemonldap::NG::Portal::Auth::${auth}" ->can('getDisplayType')->( undef, $req ); - $self->lmLog( "Display type $displayType for module $auth", - 'debug' ); + $self->logger->debug("Display type $displayType for module $auth"); $optionsLoop->{$displayType} = 1; # If displayType is logo, check if key.png is available @@ -151,8 +147,8 @@ sub _buildAuthLoop { # Register item in loop push @authLoop, $optionsLoop; - $self->lmLog( "Authentication choice $name will be displayed", - 'debug' ); + $self->logger->debug( + "Authentication choice $name will be displayed"); } else { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm index 7f9f40346..bea9592b4 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm @@ -31,7 +31,7 @@ sub dbh { ); }; if ($@) { - $_[0]->{p}->lmLog( "DBI connection error: $@", 'error' ); + $_[0]->{p}->logger->error("DBI connection error: $@"); return 0; } return $_[0]->{_dbh}; @@ -54,12 +54,12 @@ sub init { sub hash_password { my ( $self, $password, $hash ) = @_; if ( $hash =~ /^(md5|sha|sha1|encrypt)$/i ) { - $self->lmLog( "Using " . uc($hash) . " to hash password", 'debug' ); + $self->logger->debug( "Using " . uc($hash) . " to hash password" ); return uc($hash) . "($password)"; } else { - $self->lmLog( "No valid password hash, using clear text for password", - 'warn' ); + $self->logger->notice( + "No valid password hash, using clear text for password"); return $password; } @@ -115,12 +115,12 @@ sub check_password { if ($@) { # If connection isn't available, error is displayed by dbh() - $self->lmLog( "DBI error: $@", 'error' ) if ( $self->_dbh ); + $self->logger->error("DBI error: $@") if ( $self->_dbh ); return 0; } if ( @rows == 1 ) { - $self->lmLog( "One row returned by SQL query", 'debug' ); + $self->logger->debug("One row returned by SQL query"); return 1; } else { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm index cb7c9c94c..056fb0fcf 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm @@ -29,16 +29,16 @@ sub newLdap { ) { if ( $msg->code != 0 ) { - $self->lmLog( "LDAP error: " . $msg->error, 'error' ); + $self->logger->error( "LDAP error: " . $msg->error ); } else { if ( $self->{conf}->{ldapPpolicyControl} and not $ldap->loadPP() ) { - $self->lmLog( "LDAP password policy error", 'error' ); + $self->logger->error("LDAP password policy error"); } } } else { - $self->lmLog( "LDAP error: $@", 'error' ); + $self->logger->error("LDAP error: $@"); } return $ldap; } @@ -51,7 +51,7 @@ has filter => ( sub buildFilter { my $conf = $_[0]->{conf}; - $_[0]->{p}->lmLog( "LDAP Search base: $_[0]->{conf}->{ldapBase}", 'debug' ); + $_[0]->{p}->logger->debug("LDAP Search base: $_[0]->{conf}->{ldapBase}"); # TODO : mailLDAPFilter my $filter = @@ -63,7 +63,7 @@ sub buildFilter { $filter =~ s/\$req->\{sessionInfo\}->\{user\}/\$req->{user}/g; $filter =~ s/\$req->\{sessionInfo\}->\{(_?password|mail)\}/\$req->{datas}->{$1}/g; - $_[0]->{p}->lmLog( "LDAP transformed filter: $filter", 'debug' ); + $_[0]->{p}->logger->debug("LDAP transformed filter: $filter"); $filter = "sub{my(\$req)=\$_[0];return \"$filter\";}"; return eval $filter; } @@ -74,6 +74,7 @@ sub init { my ($self) = @_; $self->ldap and $self->filter; } + # RUNNING METHODS # Test LDAP connection before trying to bind @@ -84,10 +85,10 @@ sub bind { { $self->ldap( $self->newLdap ); } - return undef unless($self->ldap); + return undef unless ( $self->ldap ); my $msg = $self->ldap->bind(@_); if ( $msg->code ) { - $self->lmLog( $msg->error, 'error' ); + $self->logger->error( $msg->error ); return undef; } return 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm index bc2da4f09..ef3c0b604 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Net/LDAP.pm @@ -55,7 +55,7 @@ sub new { ( $conf->{caPath} ? ( capath => $conf->{caPath} ) : () ), ); unless ($self) { - $portal->lmLog( $@, 'error' ); + $portal->logger->error($@); return 0; } bless $self, $class; @@ -65,7 +65,7 @@ sub new { $h{capath} = $conf->{caPath} if ( $conf->{caPath} ); my $mesg = $self->start_tls(%h); if ( $mesg->code ) { - $portal->lmLog( 'StartTLS failed', 'error' ); + $portal->logger->error('StartTLS failed'); return 0; } } @@ -122,7 +122,7 @@ sub unbind { my $self = shift; my $ldap_uri = $self->uri; - $self->{portal}->lmLog( "Unbind and disconnect from $ldap_uri", 'debug' ); + $self->{portal}->logger->debug("Unbind and disconnect from $ldap_uri"); my $mesg = $self->SUPER::unbind(); $self->SUPER::disconnect(); @@ -147,9 +147,8 @@ sub loadPP { # Require Perl module eval { require Net::LDAP::Control::PasswordPolicy }; if ($@) { - $self->{portal}->lmLog( - "Module Net::LDAP::Control::PasswordPolicy not found in @INC", - 'error' ); + $self->{portal}->logger->error( + "Module Net::LDAP::Control::PasswordPolicy not found in @INC"); return 0; } $ppLoaded = 1; @@ -261,7 +260,7 @@ sub userModifyPassword { $oldpassword = utf8( chr(34) . $oldpassword . chr(34) )->utf16le(); } - $self->{portal}->lmLog( "Active Directory mode enabled", 'debug' ); + $self->{portal}->logger->debug("Active Directory mode enabled"); } @@ -275,7 +274,7 @@ sub userModifyPassword { $mesg = $self->bind( $dn, password => $oldpassword ); if ( $mesg->code != 0 ) { - $self->{portal}->lmLog( "Bad old password", 'debug' ); + $self->{portal}->userLogger->notice("Bad old password"); return PE_BADOLDPASSWORD; } } @@ -296,7 +295,7 @@ sub userModifyPassword { # Catch the "Unwilling to perform" error if ( $mesg->code == 53 ) { - $self->{portal}->lmLog( "Bad old password", 'debug' ); + $self->{portal}->userLogger->notice("Bad old password"); return PE_BADOLDPASSWORD; } } @@ -334,7 +333,7 @@ sub userModifyPassword { # 52e: password is incorrect unless ( ( $1 eq '532' ) || ( $1 eq '773' ) ) { $self->{portal} - ->lmLog( "Bad old password", 'warn' ); + ->userLogger->warn("Bad old password"); return PE_BADOLDPASSWORD; } } @@ -345,7 +344,7 @@ sub userModifyPassword { { # this is not AD, a 0 error code means good old password if ( $mesg->code != 0 ) { $self->{portal} - ->lmLog( "Bad old password", 'warn' ); + ->userLogger->warn('Bad old password'); return PE_BADOLDPASSWORD; } } @@ -361,7 +360,7 @@ sub userModifyPassword { } } $self->{portal} - ->lmLog( "Modification return code: " . $mesg->code, 'debug' ); + ->logger->debug( 'Modification return code: ' . $mesg->code ); return PE_WRONGMANAGERACCOUNT if ( $mesg->code == 50 || $mesg->code == 8 ); return PE_PP_INSUFFICIENT_PASSWORD_QUALITY @@ -395,7 +394,7 @@ sub userModifyPassword { unless ( defined $bind_resp ) { if ( $mesg->code != 0 ) { - $self->{portal}->lmLog( "Bad old password", 'debug' ); + $self->{portal}->logger->debug("Bad old password"); return PE_BADOLDPASSWORD; } } @@ -407,15 +406,13 @@ sub userModifyPassword { and $pp_error == 0 and $self->{conf}->{ldapAllowResetExpiredPassword} ) { - $self->{portal}->lmLog( -"Password is expired but user is allowed to change it", - 'debug' + $self->{portal}->logger->debug( +"Password is expired but user is allowed to change it" ); } else { if ( $mesg->code != 0 ) { - $self->{portal} - ->lmLog( "Bad old password", 'debug' ); + $self->{portal}->logger->debug("Bad old password"); return PE_BADOLDPASSWORD; } } @@ -442,7 +439,7 @@ sub userModifyPassword { # Catch the "Unwilling to perform" error if ( $mesg->code == 53 ) { - $self->{portal}->lmLog( "Bad old password", 'debug' ); + $self->{portal}->logger->debug("Bad old password"); return PE_BADOLDPASSWORD; } } @@ -459,7 +456,7 @@ sub userModifyPassword { unless ( defined $bind_resp ) { if ( $mesg->code != 0 ) { - $self->{portal}->lmLog( "Bad old password", 'debug' ); + $self->{portal}->logger->debug("Bad old password"); return PE_BADOLDPASSWORD; } } @@ -471,15 +468,13 @@ sub userModifyPassword { and $pp_error == 0 and $self->{conf}->{ldapAllowResetExpiredPassword} ) { - $self->{portal}->lmLog( -"Password is expired but user is allowed to change it", - 'debug' + $self->{portal}->logger->debug( +"Password is expired but user is allowed to change it" ); } else { if ( $mesg->code != 0 ) { - $self->{portal} - ->lmLog( "Bad old password", 'debug' ); + $self->{portal}->logger->debug("Bad old password"); return PE_BADOLDPASSWORD; } } @@ -502,7 +497,7 @@ sub userModifyPassword { my ($resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1"); $self->{portal} - ->lmLog( "Modification return code: " . $mesg->code, 'debug' ); + ->logger->debug( "Modification return code: " . $mesg->code ); return PE_WRONGMANAGERACCOUNT if ( $mesg->code == 50 || $mesg->code == 8 ); if ( $mesg->code == 0 ) { @@ -549,14 +544,14 @@ sub ldap { and my $mesg = $self->{ldap}->bind ) { if ( $mesg->code != 0 ) { - $self->lmLog( "LDAP error: " . $mesg->error, 'error' ); + $self->logger->error( "LDAP error: " . $mesg->error ); $self->{ldap}->unbind; } else { if ( $self->{ldapPpolicyControl} and not $self->{ldap}->loadPP() ) { - $self->lmLog( "LDAP password policy error", 'error' ); + $self->logger->error("LDAP password policy error"); $self->{ldap}->unbind; } else { @@ -566,7 +561,7 @@ sub ldap { } } else { - $self->lmLog( "LDAP error: $@", 'error' ); + $self->logger->error("LDAP error: $@"); } return 0; } @@ -591,7 +586,7 @@ sub searchGroups { } $searchFilter .= "))"; - $self->{p}->lmLog( "Group search filter: $searchFilter", 'debug' ); + $self->{p}->logger->debug("Group search filter: $searchFilter"); # Search my $mesg = $self->search( @@ -606,7 +601,7 @@ sub searchGroups { foreach my $entry ( $mesg->all_entries ) { $self->{p} - ->lmLog( "Matching group " . $entry->dn() . " found", 'debug' ); + ->logger->debug( "Matching group " . $entry->dn() . " found" ); # If recursive search is activated, do it here if ( $self->{conf}->{ldapGroupRecursive} ) { @@ -620,7 +615,7 @@ sub searchGroups { if ($group_value) { $self->{p} - ->lmLog( "Recursive search for $group_value", 'debug' ); + ->logger->debug("Recursive search for $group_value"); my $recursive_groups = $self->searchGroups( $base, $key, $group_value, @@ -646,8 +641,8 @@ sub searchGroups { my $data = $entry->get_value( $_, asref => 1 ); if ($data) { - $self->{p}->lmLog( "Store values of $_ in group $groupName", - 'debug' ); + $self->{p} + ->logger->debug("Store values of $_ in group $groupName"); $groups->{$groupName}->{$_} = $data; } } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm index 36d89fe4f..18a2789ee 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/JSON.pm @@ -45,14 +45,14 @@ sub checkForNotifications { # Get the reference my $reference = $notif->{reference}; - $self->lmLog( "Get reference $reference", 'debug' ); + $self->logger->debug("Get reference $reference"); # Check it in session if ( exists $req->{sessionInfo}->{"notification_$reference"} ) { # The notification was already accepted - $self->lmLog( "Notification $reference was already accepted", - 'debug' ); + $self->logger->debug( + "Notification $reference was already accepted"); next LOOP; } push @res, $notif; @@ -146,9 +146,8 @@ sub getNotifBack { # Current pending notification has not been found in # request $result = $fileResult = 0; - $self->lmLog( - 'Current pending notification has not been found', - 'debug' ); + $self->logger->debug( + 'Current pending notification has not been found'); next; } @@ -157,15 +156,14 @@ sub getNotifBack { "$uid has accepted notification $reference"); $self->p->updatePersistentSession( $req, { "notification_$reference" => time() } ); - $self->lmLog( - "Notification $reference registered in persistent session", - 'debug' + $self->logger->debug( + "Notification $reference registered in persistent session" ); } # Notifications accepted for this file, delete it unless it's a wildcard if ( $fileResult and exists $forUser->{$fileName} ) { - $self->lmLog( "Notification file deleted", 'debug' ); + $self->logger->debug("Notification file deleted"); $self->notifObject->delete($fileName); } } @@ -174,22 +172,21 @@ sub getNotifBack { # One pending notification has been found and not accepted, # restart process to display pending notifications # TODO: is it a good idea to launch all 'afterDatas' subs ? - $self->lmLog( - 'Pending notification has been found and not accepted', - 'debug' ); + $self->logger->debug( + 'Pending notification has been found and not accepted'); return $self->p->do( $req, $self->p->afterDatas ); } # All pending notifications have been accepted, restore cookies and # launch 'controlUrl' to restore "urldc" using do() - $self->lmLog( 'All pending notifications have been accepted', 'debug' ); + $self->logger->debug('All pending notifications have been accepted'); $self->p->rebuildCookies($req); return $self->p->do( $req, ['controlUrl'] ); } else { # No notifications checked here, this entry point must not be called. # Redirecting to portal - $self->lmLog( 'No notifications checked', 'debug' ); + $self->logger->debug('No notifications checked'); $req->mustRedirect(1); return $self->p->do( $req, [] ); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm index c8bb1fa74..821c93a74 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Notifications/XML.pm @@ -70,14 +70,14 @@ sub checkForNotifications { # Get the reference my $reference = $notif->getAttribute('reference'); - $self->lmLog( "Get reference $reference", 'debug' ); + $self->logger->debug("Get reference $reference"); # Check it in session if ( exists $req->{sessionInfo}->{"notification_$reference"} ) { # The notification was already accepted - $self->lmLog( "Notification $reference was already accepted", - 'debug' ); + $self->logger->debug( + "Notification $reference was already accepted"); # Remove it from XML $notif->unbindNode(); @@ -89,11 +89,10 @@ sub checkForNotifications { if ($condition) { - $self->lmLog( "Get condition $condition", 'debug' ); + $self->logger->debug("Get condition $condition"); unless ( $self->p->HANDLER->safe->reval($condition) ) { - $self->lmLog( "Notification condition not accepted", - 'debug' ); + $self->logger->debug("Notification condition not accepted"); # Remove it from XML $notif->unbindNode(); @@ -113,8 +112,8 @@ sub checkForNotifications { $form .= $self->stylesheet->output_string($results); } if ($@) { - $self->lmLog( "Bad XML file: a notification for $uid was not done ($@)", - 'warn' ); + $self->userLogger->warn( + "Bad XML file: a notification for $uid was not done ($@)"); return 0; } @@ -197,7 +196,7 @@ sub getNotifBack { # Current pending notification has not been found in # request $result = $fileResult = 0; - $self->lmLog( + $self->logger->debulogger->debug( 'Current pending notification has not been found', 'debug' ); next; @@ -208,15 +207,14 @@ sub getNotifBack { "$uid has accepted notification $reference"); $self->p->updatePersistentSession( $req, { "notification_$reference" => time() } ); - $self->lmLog( - "Notification $reference registered in persistent session", - 'debug' + $self->logger->debug( + "Notification $reference registered in persistent session" ); } # Notifications accepted for this file, delete it unless it's a wildcard if ( $fileResult and exists $forUser->{$fileName} ) { - $self->lmLog( "Notification file deleted", 'debug' ); + $self->logger->debug("Notification file deleted"); $self->notifObject->delete($fileName); } } @@ -225,22 +223,21 @@ sub getNotifBack { # One pending notification has been found and not accepted, # restart process to display pending notifications # TODO: is it a good idea to launch all 'afterDatas' subs ? - $self->lmLog( - 'Pending notification has been found and not accepted', - 'debug' ); + $self->logger->debug( + 'Pending notification has been found and not accepted'); return $self->p->do( $req, $self->p->afterDatas ); } # All pending notifications have been accepted, restore cookies and # launch 'controlUrl' to restore "urldc" using do() - $self->lmLog( 'All pending notifications have been accepted', 'debug' ); + $self->logger->debug('All pending notifications have been accepted'); $self->p->rebuildCookies($req); return $self->p->do( $req, ['controlUrl'] ); } else { # No notifications checked here, this entry point must not be called. # Redirecting to portal - $self->lmLog( 'No notifications checked', 'debug' ); + $self->logger->debug('No notifications checked'); $req->mustRedirect(1); return $self->p->do( $req, [] ); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm index b2a45c39c..dedec622f 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm @@ -43,14 +43,14 @@ sub createToken { sub getToken { my ( $self, $id ) = @_; unless ($id) { - $self->lmLog( 'getToken called without id', 'error' ); + $self->logger->error('getToken called without id'); return undef; } # Get token session my $tsession = $self->p->getApacheSession($id); unless ($tsession) { - $self->lmLog( "Bad (or expired) token $id", 'notice' ); + $self->logger->notice("Bad (or expired) token $id"); return undef; } my %h = %{ $tsession->{data} }; @@ -60,7 +60,7 @@ sub getToken { sub setToken { my ( $self, $req, $info ) = @_; - $self->lmLog( 'Prepare token', 'debug' ); + $self->logger->debug('Prepare token'); $req->token( $self->createToken($info) ); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm index ec7aa65e9..516699fd1 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm @@ -29,7 +29,7 @@ sub sregHook { # If identity is not trusted, does nothing return ( 0, $prm ) unless ( $is_id and $is_trusted ); - $self->lmLog( "SREG start", 'debug' ); + $self->logger->debug("SREG start"); my $accepted = 1; @@ -40,7 +40,8 @@ sub sregHook { if ( $k eq 'policy_url' ) { if ( $v =~ Lemonldap::NG::Common::Regexp::HTTP_URI ) { $req->datas->{_openIdTrustExtMsg} .= - '
' . " :
$v
"; + '
' + . " :
$v
"; # Question: is it important to notify policy changes ? # if yes, uncomment this @@ -49,24 +50,25 @@ sub sregHook { #$accepted = 0 unless ( $p and $p eq $v ); } else { - $self->lmLog( "Bad policy url", 'error' ); + $self->logger->error("Bad policy url"); } } # Parse required attributes elsif ( $k eq 'required' ) { - $self->lmLog( "Required attr $v", 'debug' ); + $self->logger->debug("Required attr $v"); push @req, split( /,/, $v ); } # Parse optional attributes elsif ( $k eq 'optional' ) { - $self->lmLog( "Optional attr $v", 'debug' ); - push @opt, grep { defined $self->conf->{"openIdSreg_$trust_root$_"} } + $self->logger->debug("Optional attr $v"); + push @opt, + grep { defined $self->conf->{"openIdSreg_$trust_root$_"} } split( /,/, $v ); } else { - $self->lmLog( "Unknown OpenID SREG request $k", 'error' ); + $self->logger->error("Unknown OpenID SREG request $k"); } } @@ -81,12 +83,11 @@ sub sregHook { # If a required data is not available, returns nothing foreach my $k (@req) { unless ( $self->conf->{"openIdSreg_$k"} ) { - $self->lmLog( -"Parameter $k is required by $trust_root but not defined in configuration", - 'notice' + $self->logger->notice( +"Parameter $k is required by $trust_root but not defined in configuration" ); - $req->info( qq'

'); + $req->info(qq'

'); return ( 0, {} ); } } @@ -202,7 +203,7 @@ sub sregHook { $req->datas->{_openIdTrustExtMsg} .= "\n"; - $self->lmLog( 'Building validation form', 'debug' ); + $self->logger->debug('Building validation form'); return ( 0, $prm ); } } @@ -231,12 +232,9 @@ sub sregfilter { # Warn if some parameters are rejected if (@rej) { - $self->lmLog( - "Requested parameter(s) " + $self->logger->warn( "Requested parameter(s) " . join( ',', @rej ) - . "is(are) not valid OpenID SREG parameter(s)", - 'warn' - ); + . "is(are) not valid OpenID SREG parameter(s)" ); } # Return valid SREG parameters diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/Server.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/Server.pm index a8fd8dc25..acf058589 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/Server.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/Server.pm @@ -17,7 +17,8 @@ our $VERSION = '2.0.0'; use constant OPENID2_NS => 'http://specs.openid.net/auth/2.0'; -use constant OPENID2_ID_SELECT => 'http://specs.openid.net/auth/2.0/identifier_select'; +use constant OPENID2_ID_SELECT => + 'http://specs.openid.net/auth/2.0/identifier_select'; *_push_url_arg = ( $Net::OpenID::Server::VERSION >= 1.09 ) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm index bc0e9a973..6c7fe6484 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm @@ -64,8 +64,8 @@ sub loadOPs { unless ( $self->conf->{oidcOPMetaDataJSON} and keys %{ $self->conf->{oidcOPMetaDataJSON} } ) { - $self->lmLog( "No OpenID Connect Provider found in configuration", - 'warn' ); + $self->logger->warn( + "No OpenID Connect Provider found in configuration"); } # Extract JSON data @@ -88,8 +88,8 @@ sub loadRPs { unless ( $self->conf->{oidcRPMetaDataOptions} and keys %{ $self->conf->{oidcRPMetaDataOptions} } ) { - $self->lmLog( "No OpenID Connect Relying Party found in configuration", - 'warn' ); + $self->logger->warn( + "No OpenID Connect Relying Party found in configuration"); } $self->oidcRPList( $self->conf->{oidcRPMetaDataOptions} ); foreach my $rp ( keys %{ $self->oidcRPList } ) { @@ -106,7 +106,7 @@ sub loadRPs { if ($extraClaims) { foreach my $claim ( keys %$extraClaims ) { - $self->lmLog( "Using extra claim $claim for $rp", 'debug' ); + $self->logger->debug("Using extra claim $claim for $rp"); my @extraAttributes = split( /\s/, $extraClaims->{$claim} ); $attributes->{$claim} = \@extraAttributes; } @@ -125,9 +125,8 @@ sub refreshJWKSdata { unless ( $self->conf->{oidcOPMetaDataJSON} and keys %{ $self->conf->{oidcOPMetaDataJSON} } ) { - $self->lmLog( - "No OpenID Provider configured, JWKS data will not be refreshed", - 'debug' ); + $self->logger->debug( + "No OpenID Provider configured, JWKS data will not be refreshed"); return 1; } @@ -143,33 +142,30 @@ sub refreshJWKSdata { my $jwksUri = $self->oidcOPList->{$_}->{conf}->{jwks_uri}; unless ($jwksTimeout) { - $self->lmLog( "No JWKS refresh timeout defined for $_, skipping...", - 'debug' ); + $self->logger->debug( + "No JWKS refresh timeout defined for $_, skipping..."); next; } unless ($jwksUri) { - $self->lmLog( "No JWKS URI defined for $_, skipping...", 'debug' ); + $self->logger->debug("No JWKS URI defined for $_, skipping..."); next; } if ( $self->oidcOPList->{$_}->{jwks}->{time} + $jwksTimeout > time ) { - $self->lmLog( "JWKS data still valid for $_, skipping...", - 'debug' ); + $self->logger->debug("JWKS data still valid for $_, skipping..."); next; } - $self->lmLog( "Refresh JWKS data for $_ from $jwksUri", 'debug' ); + $self->logger->debug("Refresh JWKS data for $_ from $jwksUri"); my $response = $self->ua->get($jwksUri); if ( $response->is_error ) { - $self->lmLog( + $self->logger->warn( "Unable to get JWKS data for $_ from $jwksUri: " - . $response->message, - "warn" - ); - $self->lmLog( $response->content, 'debug' ); + . $response->message ); + $self->logger->debug( $response->content ); next; } @@ -222,7 +218,7 @@ sub getCallbackUri { $req->param( $self->conf->{authChoiceParam} ) ); } - $self->lmLog( "OpenIDConnect Callback URI: $callback_uri", 'debug' ); + $self->logger->debug("OpenIDConnect Callback URI: $callback_uri"); return $callback_uri; } @@ -285,9 +281,8 @@ sub buildAuthorizationCodeAuthnRequest { ( defined $acr_values ? ( acr_values => $acr_values ) : () ) ); - $self->lmLog( - "OpenIDConnect Authorization Code Flow Authn Request: $authn_uri", - 'debug' ); + $self->logger->debug( + "OpenIDConnect Authorization Code Flow Authn Request: $authn_uri"); return $authn_uri; } @@ -391,13 +386,12 @@ sub getAuthorizationCodeAccessToken { my $grant_type = "authorization_code"; unless ( $auth_method =~ /^client_secret_(basic|post)$/o ) { - $self->lmLog( "Bad authentication method on token endpoint", 'error' ); + $self->logger->error("Bad authentication method on token endpoint"); return 0; } - $self->lmLog( - "Using auth method $auth_method to token endpoint $access_token_uri", - 'debug' ); + $self->logger->debug( + "Using auth method $auth_method to token endpoint $access_token_uri"); my $response; @@ -429,13 +423,13 @@ sub getAuthorizationCodeAccessToken { "Content-Type" => 'application/x-www-form-urlencoded' ); } else { - $self->lmLog( "Unknown auth method $auth_method", 'error' ); + $self->logger->error("Unknown auth method $auth_method"); } if ( $response->is_error ) { - $self->lmLog( "Bad authorization response: " . $response->message, - "error" ); - $self->lmLog( $response->content, 'debug' ); + $self->logger->error( + "Bad authorization response: " . $response->message ); + $self->logger->debug( $response->content ); return 0; } return $response->decoded_content; @@ -448,15 +442,14 @@ sub checkTokenResponseValidity { # token_type MUST be Bearer unless ( $json->{token_type} eq "Bearer" ) { - $self->lmLog( - "Token type is " . $json->{token_type} . " but must be Bearer", - 'error' ); + $self->logger->error( + "Token type is " . $json->{token_type} . " but must be Bearer" ); return 0; } # id_token MUST be present unless ( $json->{id_token} ) { - $self->lmLog( "No id_token", 'error' ); + $self->logger->error("No id_token"); return 0; } @@ -486,7 +479,7 @@ sub checkIDTokenValidity { # Check issuer unless ( $id_token->{iss} eq $self->oidcOPList->{$op}->{conf}->{issuer} ) { - $self->lmLog( "Issuer mismatch", 'error' ); + $self->logger->error("Issuer mismatch"); return 0; } @@ -494,29 +487,28 @@ sub checkIDTokenValidity { if ( ref $id_token->{aud} ) { my @audience = @{ $id_token->{aud} }; unless ( grep $_ eq $client_id, @audience ) { - $self->lmLog( "Client ID not found in audience array", 'error' ); + $self->logger->error("Client ID not found in audience array"); return 0; } if ( $#audience > 1 ) { unless ( $id_token->{azp} eq $client_id ) { - $self->lmLog( - "More than one audience, and azp not equal to client ID", - 'error' ); + $self->logger->error( + "More than one audience, and azp not equal to client ID"); return 0; } } } else { unless ( $id_token->{aud} eq $client_id ) { - $self->lmLog( "Audience mismatch", 'error' ); + $self->logger->error("Audience mismatch"); return 0; } } # Check time unless ( time < $id_token->{exp} ) { - $self->lmLog( "ID token expired", 'error' ); + $self->logger->error("ID token expired"); return 0; } @@ -524,8 +516,8 @@ sub checkIDTokenValidity { my $iat = $id_token->{iat}; if ($id_token_max_age) { unless ( $iat + $id_token_max_age > time ) { - $self->lmLog( "ID token too old (Max age: $id_token_max_age)", - 'error' ); + $self->logger->error( + "ID token too old (Max age: $id_token_max_age)"); return 0; } } @@ -534,19 +526,19 @@ sub checkIDTokenValidity { if ($use_nonce) { my $nonce = $id_token->{nonce}; unless ($nonce) { - $self->lmLog( "Nonce was not returned by OP $op", 'error' ); + $self->logger->error("Nonce was not returned by OP $op"); return 0; } else { # Get nonce session my $nonceSession = $self->getOpenIDConnectSession($nonce); unless ($nonceSession) { - $self->lmLog( "Nonce $nonce verification failed", 'error' ); + $self->logger->error("Nonce $nonce verification failed"); return 0; } else { $nonceSession->remove; - $self->lmLog( "Nonce $nonce deleted", 'debug' ); + $self->logger->debug("Nonce $nonce deleted"); } } } @@ -555,13 +547,12 @@ sub checkIDTokenValidity { my $acr = $id_token->{acr}; if ( defined $acr_values ) { unless ($acr) { - $self->lmLog( "ACR was not returned by OP $op", 'error' ); + $self->logger->error("ACR was not returned by OP $op"); return 0; } unless ( $acr_values =~ /\b$acr\b/i ) { - $self->lmLog( - "ACR $acr not listed in request ACR values ($acr_values)", - 'error' ); + $self->logger->error( + "ACR $acr not listed in request ACR values ($acr_values)"); return 0; } } @@ -570,13 +561,12 @@ sub checkIDTokenValidity { my $auth_time = $id_token->{auth_time}; if ($max_age) { unless ($auth_time) { - $self->lmLog( "Auth time was not returned by OP $op", 'error' ); + $self->logger->error("Auth time was not returned by OP $op"); return 0; } if ( $auth_time + $max_age > time ) { - $self->lmLog( -"Authentication time ($auth_time) is too old (Max age: $max_age)", - 'error' + $self->userLogger->error( +"Authentication time ($auth_time) is too old (Max age: $max_age)" ); return 0; } @@ -594,20 +584,19 @@ sub getUserInfo { $self->oidcOPList->{$op}->{conf}->{userinfo_endpoint}; unless ($userinfo_uri) { - $self->lmLog( "UserInfo URI not found in $op configuration", 'error' ); + $self->logger->error("UserInfo URI not found in $op configuration"); return 0; } - $self->lmLog( - "Request User Info on $userinfo_uri with access token $access_token", - 'debug' ); + $self->logger->debug( + "Request User Info on $userinfo_uri with access token $access_token"); my $response = $self->ua->get( $userinfo_uri, "Authorization" => "Bearer $access_token" ); if ( $response->is_error ) { - $self->lmLog( "Bad userinfo response: " . $response->message, "error" ); - $self->lmLog( $response->content, 'debug' ); + $self->logger->error( "Bad userinfo response: " . $response->message ); + $self->logger->debug( $response->content ); return 0; } @@ -661,9 +650,8 @@ sub getOpenIDConnectSession { $self->p->userInfo("OpenIDConnect session $id isn't yet available"); } else { - $self->lmLog( "Unable to create new OpenIDConnect session", - 'error' ); - $self->lmLog( $oidcSession->error, 'error' ); + $self->logger->error("Unable to create new OpenIDConnect session"); + $self->logger->error( $oidcSession->error ); } return undef; } @@ -730,17 +718,17 @@ sub extractState { $req->$_($tmp); } else { - $self->lmLog( "Unknown request property $_, skipping", 'warn' ); + $self->logger->warn("Unknown request property $_, skipping"); } } # Delete state session if ( $stateSession->remove ) { - $self->lmLog( "State $state was deleted", 'debug' ); + $self->logger->debug("State $state was deleted"); } else { - $self->lmLog( "Unable to delete state $state", 'error' ); - $self->lmLog( $stateSession->error, 'error' ); + $self->logger->error("Unable to delete state $state"); + $self->logger->error( $stateSession->error ); } return 1; @@ -761,7 +749,7 @@ sub extractJWT { sub verifyJWTSignature { my ( $self, $jwt, $op, $rp ) = @_; - $self->lmLog( "Verification of JWT signature: $jwt", 'debug' ); + $self->logger->debug("Verification of JWT signature: $jwt"); # Extract JWT parts my $jwt_parts = $self->extractJWT($jwt); @@ -774,18 +762,15 @@ sub verifyJWTSignature { # Get signature algorithm my $alg = $jwt_header_hash->{alg}; - $self->lmLog( "JWT signature algorithm: $alg", 'debug' ); + $self->logger->debug("JWT signature algorithm: $alg"); if ( $alg eq "none" ) { # If none alg, signature should be empty if ( $jwt_parts->[2] ) { - $self->lmLog( - "Signature " + $self->logger->debug( "Signature " . $jwt_parts->[2] - . " is present but algorithm is 'none'", - 'debug' - ); + . " is present but algorithm is 'none'" ); return 0; } return 1; @@ -829,9 +814,8 @@ sub verifyJWTSignature { $digest =~ s/\//_/g; unless ( $digest eq $jwt_parts->[2] ) { - $self->lmLog( - "Digest $digest not equal to signature " . $jwt_parts->[2], - 'debug' ); + $self->logger->debug( + "Digest $digest not equal to signature " . $jwt_parts->[2] ); return 0; } return 1; @@ -840,14 +824,14 @@ sub verifyJWTSignature { if ( $alg eq "RS256" or $alg eq "RS384" or $alg eq "RS512" ) { if ($rp) { - $self->lmLog( "Algorithm $alg not supported", 'debug' ); + $self->logger->debug("Algorithm $alg not supported"); return 0; } # The public key is needed unless ( $self->oidcOPList->{$op}->{jwks} ) { - $self->lmLog( "Cannot verify $alg signature: no JWKS data found", - 'error' ); + $self->logger->error( + "Cannot verify $alg signature: no JWKS data found"); return 0; } @@ -858,7 +842,7 @@ sub verifyJWTSignature { my $kid = $jwt_header_hash->{kid}; if ($kid) { - $self->lmLog( "Search key with id $kid", 'debug' ); + $self->logger->debug("Search key with id $kid"); foreach (@$keys) { if ( $_->{kid} eq $kid ) { $key_hash = $_; @@ -871,14 +855,14 @@ sub verifyJWTSignature { } unless ($key_hash) { - $self->lmLog( "No key found in JWKS data", 'error' ); + $self->logger->error("No key found in JWKS data"); return 0; } - $self->lmLog( "Found public key parameter n: " . $key_hash->{n}, - 'debug' ); - $self->lmLog( "Found public key parameter e: " . $key_hash->{e}, - 'debug' ); + $self->logger->debug( + "Found public key parameter n: " . $key_hash->{n} ); + $self->logger->debug( + "Found public key parameter e: " . $key_hash->{e} ); # Create public key my $n = @@ -909,7 +893,7 @@ sub verifyJWTSignature { } # Other algorithms not managed - $self->lmLog( "Algorithm $alg not known", 'debug' ); + $self->logger->debug("Algorithm $alg not known"); return 0; } @@ -924,7 +908,7 @@ sub verifyJWTSignature { sub verifyHash { my ( $self, $value, $hash, $id_token ) = @_; - $self->lmLog( "Verification of value $value with hash $hash", 'debug' ); + $self->logger->debug("Verification of value $value with hash $hash"); # Extract ID token parts my $jwt_parts = $self->extractJWT($id_token); @@ -937,13 +921,12 @@ sub verifyHash { # Get signature algorithm my $alg = $jwt_header_hash->{alg}; - $self->lmLog( "ID Token signature algorithm: $alg", 'debug' ); + $self->logger->debug("ID Token signature algorithm: $alg"); if ( $alg eq "none" ) { # Not supported - $self->lmLog( "Cannot check hash without signature algorithm", - 'debug' ); + $self->logger->debug("Cannot check hash without signature algorithm"); return 0; } @@ -952,20 +935,20 @@ sub verifyHash { # Hash Level my $hash_level = $1; - $self->lmLog( "Use SHA $hash_level to check hash", 'debug' ); + $self->logger->debug("Use SHA $hash_level to check hash"); my $cHash = $self->createHash( $value, $hash_level ); # Compare values unless ( $cHash eq $hash ) { - $self->lmLog( "Hash $hash not equal to hash $cHash", 'debug' ); + $self->logger->debug("Hash $hash not equal to hash $cHash"); return 0; } return 1; } # Other algorithms not managed - $self->lmLog( "Algorithm $alg not known", 'debug' ); + $self->logger->debug("Algorithm $alg not known"); return 0; } @@ -977,7 +960,7 @@ sub verifyHash { sub createHash { my ( $self, $value, $hash_level ) = @_; - $self->lmLog( "Use SHA $hash_level to hash $value", 'debug' ); + $self->logger->debug("Use SHA $hash_level to hash $value"); my $hash; @@ -1059,15 +1042,15 @@ sub getEndPointAuthenticationCredentials { my $authorization = $req->authorization; if ( $authorization and $authorization =~ /^Basic (\w+)/i ) { - $self->lmLog( "Method client_secret_basic used", 'debug' ); + $self->logger->debug("Method client_secret_basic used"); eval { ( $client_id, $client_secret ) = split( /:/, decode_base64($1) ); }; - $self->lmLog( "Bad authentication header: $@", 'error' ) if ($@); + $self->logger->error("Bad authentication header: $@") if ($@); } elsif ( $req->param('client_id') and $req->param('client_secret') ) { - $self->lmLog( "Method client_secret_post used", 'debug' ); + $self->logger->debug("Method client_secret_post used"); $client_id = $req->param('client_id'); $client_secret = $req->param('client_secret'); } @@ -1083,11 +1066,11 @@ sub getEndPointAccessToken { my $authorization = $req->authorization; if ( $authorization =~ /^Bearer (\w+)/i ) { - $self->lmLog( "Bearer access token", 'debug' ); + $self->logger->debug("Bearer access token"); $access_token = $1; } elsif ( $access_token = $req->param('access_token') ) { - $self->lmLog( "GET/POST access token", 'debug' ); + $self->logger->debug("GET/POST access token"); } return $access_token; @@ -1115,7 +1098,7 @@ sub buildUserInfoResponse { my $apacheSession = $self->p->getApacheSession($user_session_id); unless ($apacheSession) { - $self->lmLog( "Unable to find user session", "error" ); + $self->logger->error("Unable to find user session"); return undef; } my $user_id_attribute = @@ -1124,14 +1107,14 @@ sub buildUserInfoResponse { || $self->conf->{whatToTrace}; my $user_id = $apacheSession->data->{$user_id_attribute}; - $self->lmLog( "Found corresponding user: $user_id", 'debug' ); + $self->logger->debug("Found corresponding user: $user_id"); $userinfo_response->{sub} = $user_id; # Parse scope and return allowed attributes foreach my $claim ( split( /\s/, $scope ) ) { next if ( $claim eq "openid" ); - $self->lmLog( "Get attributes linked to claim $claim", 'debug' ); + $self->logger->debug("Get attributes linked to claim $claim"); my $list = $self->getAttributesListFromClaim( $rp, $claim ); next unless $list; foreach my $attribute (@$list) { @@ -1233,7 +1216,7 @@ sub createJWT { return $jwt_header . "." . $jwt_payload . "." . $digest; } - $self->lmLog( "Algorithm $alg not supported to sign JWT", 'debug' ); + $self->logger->debug("Algorithm $alg not supported to sign JWT"); return; } @@ -1248,7 +1231,7 @@ sub createIDToken { # Get signature algorithm my $alg = $self->conf->{oidcRPMetaDataOptions}->{$rp} ->{oidcRPMetaDataOptionsIDTokenSignAlg}; - $self->lmLog( "ID Token signature algorithm: $alg", 'debug' ); + $self->logger->debug("ID Token signature algorithm: $alg"); return $self->createJWT( $payload, $alg, $rp ); } @@ -1371,7 +1354,7 @@ sub getRequestJWT { my $response = $self->ua->get($request_uri); if ( $response->is_error ) { - $self->lmLog( "Unable to get request JWT on $request_uri", 'error' ); + $self->logger->error("Unable to get request JWT on $request_uri"); return; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm index 5b12498d2..88a0ac6ae 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/RESTProxy.pm @@ -35,20 +35,19 @@ no warnings 'once'; sub getUser { my ( $self, $req ) = @_; return PE_OK if ( $req->datas->{_proxyQueryDone} ); - $self->lmLog( 'Proxy push auth to ' . $self->conf->{proxyAuthService}, - 'debug' ); + $self->logger->debug( + 'Proxy push auth to ' . $self->conf->{proxyAuthService} ); my $resp = $self->ua->post( $self->conf->{proxyAuthService}, { user => $req->{user}, password => $req->datas->{password} } ); unless ( $resp->is_success ) { - $self->lmLog( - 'Unable to query authentication service: ' . $resp->status_line, - 'error' ); + $self->logger->error( + 'Unable to query authentication service: ' . $resp->status_line ); return PE_ERROR; } - $self->lmLog( 'Proxy gets a response', 'debug' ); + $self->logger->debug('Proxy gets a response'); my $res = eval { JSON::from_json( $resp->content ) }; if ($@) { - $self->lmLog("Bad content: $@"); + $self->logger->error("Bad content: $@"); return PE_ERROR; } $req->sessionInfo->{_proxyQueryDone}++; @@ -58,11 +57,9 @@ sub getUser { } $req->sessionInfo->{_proxyCookies} = join '; ', map { s/;.*$//; $_ } $resp->header('Set-Cookie'); - $self->lmLog( - 'Store remote cookies in session (' - . $req->sessionInfo->{_proxyCookies} . ')', - 'debug' - ); + $self->logger->debug( 'Store remote cookies in session (' + . $req->sessionInfo->{_proxyCookies} + . ')' ); PE_OK; } @@ -78,14 +75,14 @@ sub setSessionInfo { ); my $resp = $self->ua->request($q); unless ( $resp->is_success ) { - $self->lmLog( 'Unable to query session service: ' . $resp->status_line, - 'error' ); + $self->logger->error( + 'Unable to query session service: ' . $resp->status_line ); return PE_ERROR; } - $self->lmLog( 'Proxy gets a response', 'debug' ); + $self->logger->debug('Proxy gets a response'); my $res = eval { JSON::from_json( $resp->content ) }; if ($@) { - $self->lmLog("Bad content: $@"); + $self->logger->error("Bad content: $@"); return PE_ERROR; } foreach ( keys %$res ) { @@ -97,7 +94,8 @@ sub setSessionInfo { sub authLogout { my ( $self, $req ) = @_; - $self->lmLog( 'Proxy ask logout to '. $self->conf->{proxyAuthService},'debug'); + $self->logger->debug( + 'Proxy ask logout to ' . $self->conf->{proxyAuthService} ); my $q = HTTP::Request->new( GET => $self->conf->{proxyAuthService} . '?logout=1', [ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Remote.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Remote.pm index 95c9a2c68..7c20eb6a1 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Remote.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Remote.pm @@ -56,8 +56,8 @@ sub checkRemoteId { ); if ( $remoteSession->error ) { - $self->lmLog( "Remote session error", 'error' ); - $self->lmLog( $remoteSession->error, 'error' ); + $self->logger->error("Remote session error"); + $self->logger->error( $remoteSession->error ); return PE_ERROR; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm index 667a028ad..c211b9375 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm @@ -106,18 +106,18 @@ sub init { } unless (LASSOTHINSESSIONS) { - $self->lmLog( 'Lasso thin-sessions flag could not be set', 'warn' ); + $self->logger->warn('Lasso thin-sessions flag could not be set'); } else { - $self->lmLog( 'Lasso thin-sessions flag set', 'debug' ); + $self->logger->debug('Lasso thin-sessions flag set'); } if (GLIB) { Glib::Log->set_handler( "Lasso", [qw/ error critical warning message info debug /], sub { - $self->lmLog( $_[0] . " error " . $_[1] . ": " . $_[2], - 'debug' ); + $self->logger->debug( + $_[0] . " error " . $_[1] . ": " . $_[2] ); } ); } @@ -154,12 +154,12 @@ sub loadService { and $self->conf->{samlServicePublicKeySig} =~ /CERTIFICATE/ ) { $serviceCertificate = $self->conf->{samlServicePublicKeySig}; - $self->lmLog( 'Certificate will be used in SAML responses', 'debug' ); + $self->logger->debug('Certificate will be used in SAML responses'); } # Get metadata from configuration - $self->lmLog( "Get Metadata for this service", 'debug' ); + $self->logger->debug("Get Metadata for this service"); my $service_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new(); # Create Lasso server with service metadata @@ -188,7 +188,7 @@ sub loadService { $self->error('Unable to create Lasso server'); return 0; } - $self->lmLog( "Service created", 'debug' ); + $self->logger->debug("Service created"); return $server; } @@ -200,7 +200,7 @@ sub loadIDPs { unless ( $self->conf->{samlIDPMetaDataXML} and keys %{ $self->conf->{samlIDPMetaDataXML} } ) { - $self->lmLog( "No IDP found in configuration", 'warn' ); + $self->logger->warn("No IDP found in configuration"); } # Load identity provider metadata @@ -212,7 +212,7 @@ sub loadIDPs { # TODO: QUESTION: do we have to return 0 (<=> block initialization) if one # IdP load fails ? foreach ( keys %{ $self->conf->{samlIDPMetaDataXML} } ) { - $self->lmLog( "Get Metadata for IDP $_", 'debug' ); + $self->logger->debug("Get Metadata for IDP $_"); my $idp_metadata = $self->conf->{samlIDPMetaDataXML}->{$_}->{samlIDPMetaDataXML}; @@ -261,10 +261,9 @@ sub loadIDPs { return 0; } - $self->lmLog( "Set encryption mode $encryption_mode on IDP $_", - 'debug' ); + $self->logger->debug("Set encryption mode $encryption_mode on IDP $_"); - $self->lmLog( "IDP $_ added", 'debug' ); + $self->logger->debug("IDP $_ added"); } return 1; } @@ -276,7 +275,7 @@ sub loadSPs { unless ( $self->conf->{samlSPMetaDataXML} and keys %{ $self->conf->{samlSPMetaDataXML} } ) { - $self->lmLog( "No SP found in configuration", 'warn' ); + $self->logger->warn("No SP found in configuration"); } # Load service provider metadata @@ -286,7 +285,7 @@ sub loadSPs { $self->spList( {} ); foreach ( keys %{ $self->conf->{samlSPMetaDataXML} } ) { - $self->lmLog( "Get Metadata for SP $_", 'debug' ); + $self->logger->debug("Get Metadata for SP $_"); my $sp_metadata = $self->conf->{samlSPMetaDataXML}->{$_}->{samlSPMetaDataXML}; @@ -335,10 +334,9 @@ sub loadSPs { return 0; } - $self->lmLog( "Set encryption mode $encryption_mode on SP $_", - 'debug' ); + $self->logger->debug("Set encryption mode $encryption_mode on SP $_"); - $self->lmLog( "SP $_ added", 'debug' ); + $self->logger->debug("SP $_ added"); } return 1; @@ -365,13 +363,13 @@ sub checkMessage { if ( $request_method eq 'GET' ) { $method = Lasso::Constants::HTTP_METHOD_REDIRECT; - $self->lmLog( "SAML method: HTTP-REDIRECT", 'debug' ); + $self->logger->debug("SAML method: HTTP-REDIRECT"); if ( $req->param('SAMLResponse') ) { # Response in query string $response = $self->getQueryString($req); - $self->lmLog( "HTTP-REDIRECT: SAML Response $response", 'debug' ); + $self->logger->debug("HTTP-REDIRECT: SAML Response $response"); } @@ -379,7 +377,7 @@ sub checkMessage { # Request in query string $request = $self->getQueryString($req); - $self->lmLog( "HTTP-REDIRECT: SAML Request $request", 'debug' ); + $self->logger->debug("HTTP-REDIRECT: SAML Request $request"); } @@ -387,7 +385,7 @@ sub checkMessage { # Artifact in query string $artifact = $self->getQueryString($req); - $self->lmLog( "HTTP-REDIRECT: SAML Artifact $artifact", 'debug' ); + $self->logger->debug("HTTP-REDIRECT: SAML Artifact $artifact"); # Resolve Artifact $method = Lasso::Constants::HTTP_METHOD_ARTIFACT_GET; @@ -411,13 +409,13 @@ sub checkMessage { if ( $content_type !~ /xml/ ) { $method = Lasso::Constants::HTTP_METHOD_POST; - $self->lmLog( "SAML method: HTTP-POST", 'debug' ); + $self->logger->debug("SAML method: HTTP-POST"); if ( $req->param('SAMLResponse') ) { # Response in body part $response = $req->param('SAMLResponse'); - $self->lmLog( "HTTP-POST: SAML Response $response", 'debug' ); + $self->logger->debug("HTTP-POST: SAML Response $response"); } @@ -425,7 +423,7 @@ sub checkMessage { # Request in body part $request = $req->param('SAMLRequest'); - $self->lmLog( "HTTP-POST: SAML Request $request", 'debug' ); + $self->logger->debug("HTTP-POST: SAML Request $request"); } @@ -433,7 +431,7 @@ sub checkMessage { # Artifact in SAMLart param $artifact = $req->param('SAMLart'); - $self->lmLog( "HTTP-POST: SAML Artifact $artifact", 'debug' ); + $self->logger->debug("HTTP-POST: SAML Artifact $artifact"); # Resolve Artifact $method = Lasso::Constants::HTTP_METHOD_ARTIFACT_POST; @@ -456,11 +454,11 @@ sub checkMessage { else { $method = Lasso::Constants::HTTP_METHOD_SOAP; - $self->lmLog( "SAML method: HTTP-SOAP", 'debug' ); + $self->logger->debug("SAML method: HTTP-SOAP"); # SOAP is always a request $request = $req->content; - $self->lmLog( "HTTP-SOAP: SAML Request $request", 'debug' ); + $self->logger->debug("HTTP-SOAP: SAML Request $request"); } @@ -482,13 +480,13 @@ sub checkLassoError { # If $error is not a Lasso::Error object, display error string unless ( ref($error) and $error->isa("Lasso::Error") ) { return 1 unless $error; - $self->lmLog( "Lasso error: $error", $level ); + $self->p->lmLog( "Lasso error: $error", $level ); return 0; } # Else check error code and error message if ( $error->{code} ) { - $self->lmLog( + $self->p->lmLog( "Lasso error code " . $error->{code} . ": " . $error->{message}, $level ); return 0; @@ -696,14 +694,14 @@ sub createAuthnRequest { my $login = $self->createLogin($server); unless ($login) { - $self->lmLog( 'Unable to create Lasso login', 'error' ); + $self->logger->error('Unable to create Lasso login'); return; } # Init authentication request unless ( $self->initAuthnRequest( $login, $idp, $method ) ) { - $self->lmLog( "Could not initiate authentication request on $idp", - 'error' ); + $self->logger->error( + "Could not initiate authentication request on $idp"); return; } @@ -712,7 +710,7 @@ sub createAuthnRequest { $self->storeRelayState( $req, 'urldc', 'checkLogins' ) ) { $login->msg_relayState($relaystate); - $self->lmLog( "Set $relaystate in RelayState", 'debug' ); + $self->logger->debug("Set $relaystate in RelayState"); } # Customize request @@ -724,7 +722,7 @@ sub createAuthnRequest { # * Forward some authn constraints if ( $req->datas->{_proxiedSamlRequest} ) { - $self->lmLog( "IDP Proxy mode detected", 'debug' ); + $self->logger->debug("IDP Proxy mode detected"); # Get ProxyCount value eval { @@ -735,12 +733,12 @@ sub createAuthnRequest { # Deny request if ProxyCount eq 0 if ( defined $proxyCount ) { - $self->lmLog( "Found proxyCount $proxyCount in proxied request", - 'debug' ); + $self->logger->debug( + "Found proxyCount $proxyCount in proxied request"); if ( $proxyCount eq 0 ) { - $self->lmLog( "SAML request cannot be proxied (ProxyCount 0)", - 'error' ); + $self->userLogger->error( + "SAML request cannot be proxied (ProxyCount 0)"); return; } else { @@ -767,7 +765,7 @@ sub createAuthnRequest { # NameIDFormat if ($nameIDFormat) { - $self->lmLog( "Use NameIDFormat $nameIDFormat", 'debug' ); + $self->logger->debug("Use NameIDFormat $nameIDFormat"); $request->NameIDPolicy()->Format($nameIDFormat); } @@ -776,19 +774,19 @@ sub createAuthnRequest { # Force authentication if ($forceAuthn) { - $self->lmLog( "Force authentication on IDP", 'debug' ); + $self->logger->debug("Force authentication on IDP"); $request->ForceAuthn(1); } # Passive authentication if ($isPassive) { - $self->lmLog( "Passive authentication on IDP", 'debug' ); + $self->logger->debug("Passive authentication on IDP"); $request->IsPassive(1); } # Allow proxy unless ($allowProxiedAuthn) { - $self->lmLog( "Do not allow this request to be proxied", 'debug' ); + $self->logger->debug("Do not allow this request to be proxied"); eval { my $proxyRestriction = Lasso::Saml2ProxyRestriction->new(); $proxyRestriction->Audience($idp); @@ -806,25 +804,24 @@ sub createAuthnRequest { # Signature if ( $signSSOMessage == 0 ) { - $self->lmLog( "SSO request will not be signed", 'debug' ); + $self->logger->debug("SSO request will not be signed"); $self->disableSignature($login); } elsif ( $signSSOMessage == 1 ) { - $self->lmLog( "SSO request will be signed", 'debug' ); + $self->logger->debug("SSO request will be signed"); $self->forceSignature($login); } else { - $self->lmLog( "SSO request signature according to metadata", 'debug' ); + $self->logger->debug("SSO request signature according to metadata"); } # Requested authentication context if ($proxyRequestedAuthnContext) { - $self->lmLog( "Use RequestedAuthnContext from proxied request", - 'debug' ); + $self->logger->debug("Use RequestedAuthnContext from proxied request"); $request->RequestedAuthnContext($proxyRequestedAuthnContext); } elsif ($requestedAuthnContext) { - $self->lmLog( "Request $requestedAuthnContext context", 'debug' ); + $self->logger->debug("Request $requestedAuthnContext context"); eval { my $context = Lasso::Samlp2RequestedAuthnContext->new(); $context->AuthnContextClassRef($requestedAuthnContext); @@ -839,8 +836,7 @@ sub createAuthnRequest { # Build authentication request unless ( $self->buildAuthnRequestMsg($login) ) { - $self->lmLog( "Could not build authentication request on $idp", - 'error' ); + $self->logger->error("Could not build authentication request on $idp"); return; } @@ -1145,7 +1141,7 @@ sub extractRelayState { return 0 unless $relaystate; if ( $relayStateURL and $relaystate =~ /^https?:\/\// ) { - $self->lmLog( "RelayState is a redirection URL: $relaystate", 'debug' ); + $self->logger->debug("RelayState is a redirection URL: $relaystate"); $req->{urldc} = $relaystate; return 1; } @@ -1164,11 +1160,11 @@ sub extractRelayState { # delete relaystate session if ( $samlSessionInfo->remove ) { - $self->lmLog( "Relaystate $relaystate was deleted", 'debug' ); + $self->logger->debug("Relaystate $relaystate was deleted"); } else { - $self->lmLog( "Unable to delete relaystate $relaystate", 'error' ); - $self->lmLog( $samlSessionInfo->error, 'error' ); + $self->logger->error("Unable to delete relaystate $relaystate"); + $self->logger->error( $samlSessionInfo->error ); } } @@ -1258,8 +1254,7 @@ sub validateConditions { # Time if ($checkTime) { eval { - $status = - Lasso::Saml2Assertion::validate_time_checks( $assertion, + $status = Lasso::Saml2Assertion::validate_time_checks( $assertion, $tolerance ); }; @@ -1269,15 +1264,14 @@ sub validateConditions { } unless ( $status eq Lasso::Constants::SAML2_ASSERTION_VALID ) { - $self->lmLog( "Time conditions validations result: $status", - 'error' ); + $self->logger->error("Time conditions validations result: $status"); return 0; } - $self->lmLog( "Time conditions validated", 'debug' ); + $self->logger->debug("Time conditions validated"); } else { - $self->lmLog( "Time conditions not checked", 'debug' ); + $self->logger->debug("Time conditions not checked"); } # Audience @@ -1293,15 +1287,15 @@ sub validateConditions { } unless ( $status eq Lasso::Constants::SAML2_ASSERTION_VALID ) { - $self->lmLog( "Audience conditions validations result: $status", - 'error' ); + $self->logger->error( + "Audience conditions validations result: $status"); return 0; } - $self->lmLog( "Audience conditions validated", 'debug' ); + $self->logger->debug("Audience conditions validated"); } else { - $self->lmLog( "Audience conditions not checked", 'debug' ); + $self->logger->debug("Audience conditions not checked"); } return 1; @@ -1322,39 +1316,38 @@ sub createLogoutRequest { my $logout = $self->createLogout($server); unless ( $self->setSessionFromDump( $logout, $session_dump ) ) { - $self->lmLog( "Could not fill Lasso::Logout with session dump", - 'error' ); + $self->logger->error("Could not fill Lasso::Logout with session dump"); return; } # Init logout request unless ( $self->initLogoutRequest( $logout, undef, $method ) ) { - $self->lmLog( "Could not initiate logout request", 'error' ); + $self->logger->error("Could not initiate logout request"); return; } # Set RelayState if ( my $relaystate = $self->storeRelayState( $req, 'urldc' ) ) { $logout->msg_relayState($relaystate); - $self->lmLog( "Set $relaystate in RelayState", 'debug' ); + $self->logger->debug("Set $relaystate in RelayState"); } # Signature if ( $signSLOMessage == 0 ) { - $self->lmLog( "SLO request will not be signed", 'debug' ); + $self->logger->debug("SLO request will not be signed"); $self->disableSignature($logout); } elsif ( $signSLOMessage == 1 ) { - $self->lmLog( "SLO request will be signed", 'debug' ); + $self->logger->debug("SLO request will be signed"); $self->forceSignature($logout); } else { - $self->lmLog( "SLO request signature according to metadata", 'debug' ); + $self->logger->debug("SLO request signature according to metadata"); } # Build logout request unless ( $self->buildLogoutRequestMsg($logout) ) { - $self->lmLog( "Could not build logout request", 'error' ); + $self->logger->error("Could not build logout request"); return; } @@ -1420,7 +1413,7 @@ sub buildLogoutRequestMsg { sub setSessionFromDump { my ( $self, $profile, $dump ) = @_; - $self->lmLog( "Loading Session dump: $dump", 'debug' ); + $self->logger->debug("Loading Session dump: $dump"); eval { Lasso::Profile::set_session_from_dump( $profile, $dump ); }; @@ -1475,7 +1468,7 @@ sub getRouteFromMetaDataURL { my ( $self, $key, $index, $sub ) = @_; my $uri = $self->getMetaDataURL( $key, $index, 0 ); unless ( $uri =~ m#^/\w# ) { - $self->lmLog( "$key has no index $index", 'debug' ); + $self->logger->debug("$key has no index $index"); return (); } my @t = grep /\w/, split( /\//, $uri ); @@ -1539,8 +1532,7 @@ sub processLogoutRequestMsg { return 1 if ( $@ or !$notOnOrAfter ); - $self->lmLog( "Found NotOnOrAfter $notOnOrAfter in logout request", - 'debug' ); + $self->logger->debug("Found NotOnOrAfter $notOnOrAfter in logout request"); my $expirationTime = $self->samldate2timestamp($notOnOrAfter); @@ -1597,8 +1589,8 @@ sub storeReplayProtection { my $session_id = $samlSessionInfo->id; - $self->lmLog( "Keep request ID $samlID in assertion session $session_id", - 'debug' ); + $self->logger->debug( + "Keep request ID $samlID in assertion session $session_id"); return 1; } @@ -1611,8 +1603,8 @@ sub replayProtection { my ( $self, $samlID ) = @_; unless ($samlID) { - $self->lmLog( "Cannot verify replay because no SAML ID given", - 'error' ); + $self->userLogger->error( + "Cannot verify replay because no SAML ID given"); return 0; } @@ -1639,18 +1631,16 @@ sub replayProtection { } if ( $samlSessionInfo->remove ) { - $self->lmLog( -"Assertion session $session (Message ID $samlID) was deleted", - 'debug' + $self->logger->debug( +"Assertion session $session (Message ID $samlID) was deleted" ); return $result; } else { - $self->lmLog( -"Unable to delete assertion session $session (Message ID $samlID)", - 'error' + $self->logger->error( +"Unable to delete assertion session $session (Message ID $samlID)" ); - $self->lmLog( $samlSessionInfo->error, 'error' ); + $self->logger->error( $samlSessionInfo->error ); return 0; } } @@ -1681,7 +1671,7 @@ sub resolveArtifact { return unless $self->checkLassoError($@); unless ( $profile->msg_url ) { - $self->lmLog( "No artifact resolution URL found", 'error' ); + $self->logger->error("No artifact resolution URL found"); return; } @@ -1690,15 +1680,14 @@ sub resolveArtifact { $request->header( Accept => 'application/xml' ); $request->content( $profile->msg_body ); - $self->lmLog( - "Send message " . $profile->msg_body . " to " . $profile->msg_url, - 'debug' ); + $self->logger->debug( + "Send message " . $profile->msg_body . " to " . $profile->msg_url ); # SOAP call my $soap_answer = $self->ua->request($request); if ( $soap_answer->code() == "200" ) { $message = $soap_answer->content(); - $self->lmLog( "Get message $message", 'debug' ); + $self->logger->debug("Get message $message"); } } @@ -1730,7 +1719,7 @@ sub storeArtifact { my $art_session_id = $samlSessionInfo->id; - $self->lmLog( "Keep artifact $id in session $art_session_id", 'debug' ); + $self->logger->debug("Keep artifact $id in session $art_session_id"); return 1; } @@ -1744,7 +1733,7 @@ sub loadArtifact { my $art_session; unless ($id) { - $self->lmLog( "Cannot load artifact because no id given", 'error' ); + $self->logger->error("Cannot load artifact because no id given"); return; } @@ -1758,7 +1747,7 @@ sub loadArtifact { my $nb_sessions = $#keys + 1; - $self->lmLog( "Found $nb_sessions sessions for artifact $id", 'debug' ); + $self->logger->debug("Found $nb_sessions sessions for artifact $id"); # There should only be 1 result return if ( $nb_sessions != 1 ); @@ -1778,15 +1767,15 @@ sub loadArtifact { # Delete session if ( $samlSessionInfo->remove ) { - $self->lmLog( "Artifact session $session (ID $id) was deleted", - 'debug' ); + $self->logger->debug( + "Artifact session $session (ID $id) was deleted"); return $art_session; } else { - $self->lmLog( "Unable to delete artifact session $session (ID $id)", - 'error' ); - $self->lmLog( $samlSessionInfo->error, 'error' ); + $self->logger->error( + "Unable to delete artifact session $session (ID $id)"); + $self->logger->error( $samlSessionInfo->error ); return; } } @@ -1808,21 +1797,20 @@ sub createArtifactResponse { eval { $login->set_artifact_message( $art_session->{message} ); }; if ($@) { $self->checkLassoError($@); - $self->lmLog( "Cannot load artifact message", 'error' ); + $self->logger->error("Cannot load artifact message"); return; } - $self->lmLog( "Response loaded", 'debug' ); + $self->logger->debug("Response loaded"); # Try to get Lasso session my $session_id = $art_session->{_saml_id}; if ($session_id) { - $self->lmLog( "Find session_id $session_id in artifact session", - 'debug' ); + $self->logger->debug("Find session_id $session_id in artifact session"); my $session = $self->p->getApacheSession($session_id); unless ($session) { - $self->lmLog( "Unable to open session $session_id", 'error' ); + $self->logger->error("Unable to open session $session_id"); return; } @@ -1830,29 +1818,29 @@ sub createArtifactResponse { if ($lassoSession) { unless ( $self->setSessionFromDump( $login, $lassoSession ) ) { - $self->lmLog( "Unable to load Lasso Session", 'error' ); + $self->logger->error("Unable to load Lasso Session"); return; } - $self->lmLog( "Lasso Session loaded", 'debug' ); + $self->logger->debug("Lasso Session loaded"); } } else { - $self->lmLog( "No session_id in artifact session", 'debug' ); + $self->logger->debug("No session_id in artifact session"); } # Build artifact response eval { Lasso::Login::build_response_msg($login); }; if ($@) { $self->checkLassoError($@); - $self->lmLog( "Cannot build artifact response", 'error' ); + $self->logger->error("Cannot build artifact response"); return; } - $self->lmLog( "Artifact response built", 'debug' ); + $self->logger->debug("Artifact response built"); # Store Lasso session if session opened if ( $session_id and $login->is_session_dirty ) { - $self->lmLog( "Save Lasso session in session", 'debug' ); + $self->logger->debug("Save Lasso session in session"); $self->updateSession( $req, { _lassoSessionDump => $login->get_session->dump }, $session_id ); } @@ -1913,16 +1901,16 @@ sub sendSOAPMessage { $request->header( Accept => 'application/xml' ); $request->content($message); - $self->lmLog( "Send SOAP message $message to $endpoint", 'debug' ); + $self->logger->debug("Send SOAP message $message to $endpoint"); # SOAP call my $soap_answer = $self->ua()->request($request); if ( $soap_answer->code() == "200" ) { $response = $soap_answer->content(); - $self->lmLog( "Get response $response", 'debug' ); + $self->logger->debug("Get response $response"); } else { - $self->lmLog( "No response to SOAP request", 'debug' ); + $self->logger->debug("No response to SOAP request"); return; } @@ -1961,7 +1949,7 @@ sub createAttributeRequest { # Create assertion query return unless ( $query = $self->createAssertionQuery($server) ); - $self->lmLog( "Assertion query created", 'debug' ); + $self->logger->debug("Assertion query created"); # Init request my $method = Lasso::Constants::HTTP_METHOD_SOAP; @@ -1974,7 +1962,7 @@ sub createAttributeRequest { return; } - $self->lmLog( "Assertion query request initiated", 'debug' ); + $self->logger->debug("Assertion query request initiated"); # Set NameID eval { $query->request()->Subject()->NameID($nameid); }; @@ -1983,8 +1971,8 @@ sub createAttributeRequest { return; } - $self->lmLog( "Set NameID " . $nameid->dump . " in assertion query", - 'debug' ); + $self->logger->debug( + "Set NameID " . $nameid->dump . " in assertion query" ); # Store attributes in request my @requested_attributes; @@ -2053,7 +2041,7 @@ sub processAttributeRequest { # Create assertion query return unless ( $query = $self->createAssertionQuery($server) ); - $self->lmLog( "Assertion query created", 'debug' ); + $self->logger->debug("Assertion query created"); # Process response eval { Lasso::AssertionQuery::process_request_msg( $query, $request ); }; @@ -2062,7 +2050,7 @@ sub processAttributeRequest { return; } - $self->lmLog( "Attribute request is valid", 'debug' ); + $self->logger->debug("Attribute request is valid"); return $query; } @@ -2096,7 +2084,7 @@ sub processAttributeResponse { # Create assertion query return unless ( $query = $self->createAssertionQuery($server) ); - $self->lmLog( "Assertion query created", 'debug' ); + $self->logger->debug("Assertion query created"); # Process response eval { Lasso::AssertionQuery::process_response_msg( $query, $response ); }; @@ -2105,7 +2093,7 @@ sub processAttributeResponse { return; } - $self->lmLog( "Attribute response is valid", 'debug' ); + $self->logger->debug("Attribute response is valid"); return $query; } @@ -2305,8 +2293,8 @@ sub timestamp2samldate { my @t = gmtime($timestamp); my $samldate = strftime( "%Y-%m-%dT%TZ", @t ); - $self->lmLog( "Convert timestamp $timestamp in SAML2 date: $samldate", - 'debug' ); + $self->logger->debug( + "Convert timestamp $timestamp in SAML2 date: $samldate"); return $samldate; } @@ -2318,15 +2306,14 @@ sub timestamp2samldate { sub samldate2timestamp { my ( $self, $samldate ) = @_; - my ( $year, $mon, $mday, $hour, $min, $sec, $msec, $ztime ) = - ( $samldate =~ + my ( $year, $mon, $mday, $hour, $min, $sec, $msec, $ztime ) = ( $samldate =~ /(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(\.\d+)?(Z)?/ ); my $timestamp = timegm( $sec, $min, $hour, $mday, $mon - 1, $year - 1900, 0 ); - $self->lmLog( "Convert SAML2 date $samldate in timestamp: $timestamp", - 'debug' ); + $self->logger->debug( + "Convert SAML2 date $samldate in timestamp: $timestamp"); return $timestamp; } @@ -2403,7 +2390,7 @@ sub sendLogoutRequestToProvider { # Find EntityID in spList or idpList unless ( defined $self->{ lc($type) . 'List' }->{$providerID} ) { - $self->lmLog( "$providerID does not match any known $type", 'error' ); + $self->logger->error("$providerID does not match any known $type"); return ( 0, undef, undef ); } @@ -2429,56 +2416,54 @@ sub sendLogoutRequestToProvider { ->{ 'saml' . $type . 'MetaDataOptionsSignSLOMessage' }; if ( $signSLOMessage == 0 ) { - $self->lmLog( "SLO request will not be signed", 'debug' ); + $self->logger->debug("SLO request will not be signed"); $self->disableSignature($logout); } elsif ( $signSLOMessage == 1 ) { - $self->lmLog( "SLO request will be signed", 'debug' ); + $self->logger->debug("SLO request will be signed"); $self->forceSignature($logout); } else { - $self->lmLog( "SLO request signature according to metadata", 'debug' ); + $self->logger->debug("SLO request signature according to metadata"); } # Relay State if ($relayState) { eval { $logout->msg_relayState($relayState); }; if ($@) { - $self->lmLog( -"Unable to set Relay State $relayState in SLO request for $confKey", - 'error' + $self->logger->error( +"Unable to set Relay State $relayState in SLO request for $confKey" ); return ( 0, $method, undef ); } - $self->lmLog( 'Relay state set', 'debug' ); + $self->logger->debug('Relay state set'); } # Build the request unless ( $logout->request() ) { - $self->lmLog( "No logout request found, build it", 'debug' ); + $self->logger->debug("No logout request found, build it"); # Initiate the logout request unless ( $self->initLogoutRequest( $logout, $providerID, $method ) ) { - $self->lmLog( "Initiate logout request failed for $providerID", - 'error' ); + $self->logger->error( + "Initiate logout request failed for $providerID"); return ( 0, $method, undef ); } # Build request message unless ( $self->buildLogoutRequestMsg($logout) ) { - $self->lmLog( "Build logout request failed for $providerID", - 'error' ); + $self->logger->error("Build logout request failed for $providerID"); return ( 0, $method, undef ); } - $self->lmLog( "Request built for $providerID", 'debug' ); + $self->logger->debug("Request built for $providerID"); } # Keep message ID in memory to prevent replay my $samlID = $logout->request()->ID; unless ( $self->storeReplayProtection($samlID) ) { - $self->lmLog( "Unable to store message ID", 'error' ); + $self->logger->error("Unable to store message ID"); return ( 0, $method, undef ); } @@ -2490,8 +2475,8 @@ sub sendLogoutRequestToProvider { # HTTP-REDIRECT if ( $method == Lasso::Constants::HTTP_METHOD_REDIRECT ) { - $self->lmLog( "Send HTTP-REDIRECT logout request to $providerID", - 'debug' ); + $self->logger->debug( + "Send HTTP-REDIRECT logout request to $providerID"); # Redirect user to response URL my $slo_url = $logout->msg_url; @@ -2507,8 +2492,7 @@ sub sendLogoutRequestToProvider { # HTTP-POST elsif ( $method == Lasso::Constants::HTTP_METHOD_POST ) { - $self->lmLog( "Build POST relay logout request to $providerID", - 'debug' ); + $self->logger->debug("Build POST relay logout request to $providerID"); # Create a new relay session my $relayInfos = $self->getSamlSession(); @@ -2544,8 +2528,8 @@ sub sendLogoutRequestToProvider { # Build a relay request, to be used after SLO process is done if ($relay) { - $self->lmLog( "Build SOAP relay logout request for $providerID", - 'debug' ); + $self->logger->debug( + "Build SOAP relay logout request for $providerID"); # Create a new relay session my $relayInfos = $self->getSamlSession(); @@ -2580,7 +2564,7 @@ sub sendLogoutRequestToProvider { # Send the request directly else { - $self->lmLog( "Send SOAP logout request to $providerID", 'debug' ); + $self->logger->debug("Send SOAP logout request to $providerID"); my $slo_url = $logout->msg_url; my $slo_body = $logout->msg_body; @@ -2589,7 +2573,7 @@ sub sendLogoutRequestToProvider { my $sp_response = $self->sendSOAPMessage( $slo_url, $slo_body ); unless ($sp_response) { - $self->lmLog( "No logout response to SOAP request", 'error' ); + $self->logger->error("No logout response to SOAP request"); return ( 0, $method, undef ); } @@ -2598,7 +2582,7 @@ sub sendLogoutRequestToProvider { $self->processLogoutResponseMsg( $logout, $sp_response ); unless ($sp_result) { - $self->lmLog( "Fail to process logout response", 'error' ); + $self->logger->error("Fail to process logout response"); return ( 0, $method, undef ); } @@ -2607,18 +2591,16 @@ sub sendLogoutRequestToProvider { if ($sloStatusSessionInfos) { $sloStatusSessionInfos->update( { $confKey => 1 } ); - $self->lmLog( - "Store SLO status for $confKey in session $relayState", - 'debug' ); + $self->logger->debug( + "Store SLO status for $confKey in session $relayState"); } else { - $self->lmLog( -"Unable to store SLO status for $confKey in session $relayState", - 'warn' + $self->logger->warn( +"Unable to store SLO status for $confKey in session $relayState" ); } - $self->lmLog( "Logout response is valid", 'debug' ); + $self->logger->debug("Logout response is valid"); } @@ -2704,8 +2686,9 @@ sub authnContext2authnLevel { return $self->conf->{samlAuthnContextMapPassword} if ( $authnContext eq $self->getAuthnContext("password") ); return $self->conf->{samlAuthnContextMapPasswordProtectedTransport} - if ( $authnContext eq - $self->getAuthnContext("password-protected-transport") ); + if ( + $authnContext eq $self->getAuthnContext("password-protected-transport") + ); return $self->conf->{samlAuthnContextMapKerberos} if ( $authnContext eq $self->getAuthnContext("kerberos") ); return $self->conf->{samlAuthnContextMapTLSClient} @@ -2748,11 +2731,11 @@ sub checkDestination { # Ok if no Destination if ( $@ or !$destination ) { - $self->lmLog( "No Destination in SAML message", 'debug' ); + $self->logger->debug("No Destination in SAML message"); return 1; } - $self->lmLog( "Destination $destination found in SAML message", 'debug' ); + $self->logger->debug("Destination $destination found in SAML message"); # Retrieve full URL my $portal = $self->conf->{portal}; @@ -2762,11 +2745,11 @@ sub checkDestination { # Compare Destination and URL if ( $destination eq $url ) { - $self->lmLog( "Destination match URL $url", 'debug' ); + $self->logger->debug("Destination match URL $url"); return 1; } - $self->lmLog( "Destination does not match URL $url", 'error' ); + $self->logger->error("Destination does not match URL $url"); return 0; } @@ -2794,8 +2777,8 @@ sub getSamlSession { $self->userInfo("SAML session $id isn't yet available"); } else { - $self->lmLog( "Unable to create new SAML session", 'error' ); - $self->lmLog( $samlSession->error, 'error' ); + $self->logger->error("Unable to create new SAML session"); + $self->logger->error( $samlSession->error ); } return undef; } @@ -2849,9 +2832,9 @@ sub createAttributeValue { return unless defined $value; # Decode UTF-8 - $self->lmLog( "Decode UTF8 value $value", 'debug' ) if $force_utf8; + $self->logger->debug("Decode UTF8 value $value") if $force_utf8; $value = decode( "utf8", $value ) if $force_utf8; - $self->lmLog( "Create attribute value $value", 'debug' ); + $self->logger->debug("Create attribute value $value"); # SAML2 attribute value eval { $saml2value = Lasso::Saml2AttributeValue->new(); }; @@ -2931,25 +2914,24 @@ sub deleteSAMLSecondarySessions { foreach my $saml_session (@saml_sessions_keys) { # Get session - $self->lmLog( "Retrieve SAML session $saml_session", 'debug' ); + $self->logger->debug("Retrieve SAML session $saml_session"); my $samlSessionInfo = $self->getSamlSession($saml_session); # Delete session if ( $samlSessionInfo->remove ) { - $self->lmLog( "SAML session $saml_session deleted", 'debug' ); + $self->logger->debug("SAML session $saml_session deleted"); } else { - $self->lmLog( "Unable to delete SAML session $saml_session", - 'error' ); - $self->lmLog( $samlSessionInfo->error, "error" ); + $self->logger->error( + "Unable to delete SAML session $saml_session"); + $self->logger->error( $samlSessionInfo->error ); $result = 0; } } } else { - $self->lmLog( "No SAML session found for session $session_id ", - 'debug' ); + $self->logger->debug("No SAML session found for session $session_id "); } return $result; @@ -2992,7 +2974,7 @@ sub sendSLOSoapErrorResponse { "Could not set empty session in logout object" ); } my $slo_body = $logout->msg_body; - $self->lmLog( "SOAP response $slo_body", 'debug' ); + $self->logger->debug("SOAP response $slo_body"); return [ 200, [ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm index 71fa64f02..04c30daa9 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm @@ -42,19 +42,19 @@ sub gen_password { # @return boolean result sub send_mail { my ( $self, $mail, $subject, $body, $html ) = @_; - $self->lmLog( "send_mail called to send \"$subject\" to $mail", 'debug' ); + $self->logger->debug("send_mail called to send \"$subject\" to $mail"); # Encode the body with the given charset $body = encode( $self->charset, decode( 'utf-8', $body ) ); $subject = encode( $self->charset, decode( 'utf-8', $subject ) ); # Debug messages - $self->lmLog( "SMTP From " . $self->conf->{mailFrom}, 'debug' ); - $self->lmLog( "SMTP To " . $mail, 'debug' ); - $self->lmLog( "SMTP Subject " . $subject, 'debug' ); - $self->lmLog( "SMTP Body " . $body, 'debug' ); - $self->lmLog( "SMTP HTML flag " . ( $html ? "on" : "off" ), 'debug' ); - $self->lmLog( "SMTP Reply-To " . $self->conf->{mailReplyTo}, 'debug' ) + $self->logger->debug( "SMTP From " . $self->conf->{mailFrom} ); + $self->logger->debug( "SMTP To " . $mail ); + $self->logger->debug( "SMTP Subject " . $subject ); + $self->logger->debug( "SMTP Body " . $body ); + $self->logger->debug( "SMTP HTML flag " . ( $html ? "on" : "off" ) ); + $self->logger->debug( "SMTP Reply-To " . $self->conf->{mailReplyTo} ) if $self->conf->{mailReplyTo}; # Encode the subject @@ -130,7 +130,7 @@ sub send_mail { : $message->send(); }; if ($@) { - $self->lmLog( "Send message failed: $@", 'error' ); + $self->logger->error("Send message failed: $@"); return 0; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm index d28838499..e7340aeab 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SOAPProxy.pm @@ -34,11 +34,8 @@ sub getUser { ->uri('urn:Lemonldap/NG/Common/PSGI/SOAPService'); my $r = $soap->getCookies( $req->{user}, $req->datas->{password} ); if ( $r->fault ) { - $self->lmLog( - "Unable to query authentication service: " - . $r->fault->{faultstring}, - 'error' - ); + $self->logger->error( "Unable to query authentication service: " + . $r->fault->{faultstring} ); return PE_ERROR; } my $res = $r->result(); @@ -52,7 +49,7 @@ sub getUser { unless ( $req->datas->{_remoteId} = $res->{cookies}->{ $self->conf->{remoteCookieName} } ) { - $self->lmLog( "No cookie named $self->{remoteCookieName}", 'error' ); + $self->logger->error("No cookie named $self->{remoteCookieName}"); return PE_ERROR; } $req->datas->{_proxyQueryDone}++; @@ -66,10 +63,8 @@ sub setSessionInfo { ->uri('urn:Lemonldap/NG/Common/PSGI/SOAPService'); my $r = $soap->getAttributes( $req->datas->{_remoteId} ); if ( $r->fault ) { - $self->lmLog( - "Unable to query authentication service" . $r->fault->{faultstring}, - 'error' - ); + $self->logger->error( "Unable to query authentication service" + . $r->fault->{faultstring} ); } my $res = $r->result(); if ( $res->{error} ) { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm index c0c905bea..24b242f02 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm @@ -20,11 +20,9 @@ sub displayInit { [ $self->conf->{portalSkinRules}->{$skinRule}, $sub ]; } else { - $self->lmLog( + $self->logger->error( qq(Skin rule "$skinRule" returns an error: ) - . HANDLER->tsv->{jail}->error, - 'error' - ); + . HANDLER->tsv->{jail}->error ); } } } @@ -190,10 +188,7 @@ sub display { ); } if ( $req->token ) { - %templateParams = ( - %templateParams, - TOKEN => $req->token, - ); + %templateParams = ( %templateParams, TOKEN => $req->token, ); } # Show password form if password policy error @@ -274,7 +269,7 @@ sub display { my $displayType = $self->_authentication->getDisplayType($req); - $self->lmLog( "Display type $displayType ", 'debug' ); + $self->logger->debug("Display type $displayType "); %templateParams = ( %templateParams, @@ -317,7 +312,7 @@ sub display { %templateParams = ( %templateParams, %$customParams ); } - $self->lmLog( "Skin returned: $skinfile", 'debug' ); + $self->logger->debug("Skin returned: $skinfile"); return ( $skinfile, \%templateParams ); } @@ -381,7 +376,7 @@ sub getSkin { foreach my $rule ( @{ $self->conf->{skinRules} } ) { if ( $rule->[1]->( $req->sessionInfo ) ) { $skin = $rule->[0]; - $self->lmLog( "Skin $skin selected from skin rule", 'debug' ); + $self->logger->debug("Skin $skin selected from skin rule"); } } @@ -389,7 +384,7 @@ sub getSkin { my $skinParam = $req->param('skin'); if ( defined $skinParam && !$self->checkXSSAttack( 'skin', $skinParam ) ) { $skin = $skinParam; - $self->lmLog( "Skin $skin selected from GET/POST parameter", 'debug' ); + $self->logger->debug("Skin $skin selected from GET/POST parameter"); } return $skin; @@ -406,8 +401,8 @@ sub getCustomTemplateParameters { next unless ( $_ =~ /^tpl_(.+)$/ ); my $tplParam = $1; my $tplValue = $conf->{$_}; - $self->lmLog( "Set custom template parameter $tplParam with $tplValue", - 'debug' ); + $self->logger->debug( + "Set custom template parameter $tplParam with $tplValue"); $customTplParams->{$tplParam} = $tplValue; } @@ -439,9 +434,9 @@ sub mkSessionArray { foreach my $session (@$sessions) { $tmp .= "" - .($displayUser ? "$session->{user}" : '') - . qq'' - . "$session->{ipAddr}"; + . ( $displayUser ? "$session->{user}" : '' ) + . qq'' + . "$session->{ipAddr}"; $tmp .= "" . ( $session->{$_} || "" ) . "" foreach ( keys %{ $self->conf->{sessionDataToRemember} } ); $tmp .= "$session->{error}" if ($displayError); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm index 43a36d5fd..dda741b9e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm @@ -93,7 +93,7 @@ sub init { # Purge loaded module list $self->loadedModules( {} ); Lemonldap::NG::Handler::Main->onReload( $self, 'reloadConf' ); - return 0 unless ( $self->SUPER::init($self->localConfig) ); + return 0 unless ( $self->SUPER::init( $self->localConfig ) ); return 0 if ( $self->error ); # Handle requests (other path may be declared in enabled plugins) @@ -205,7 +205,7 @@ sub reloadConf { foreach ( split( /\s+/, $td ) ) { next unless ($td); s#^\.#([^/]+\.)?#; - $self->lmLog( "Domain $_ added in trusted domains", 'debug' ); + $self->logger->debug("Domain $_ added in trusted domains"); s/\./\\./g; # This regexp is valid for the followings hosts: @@ -219,14 +219,14 @@ sub reloadConf { } } foreach my $vhost ( keys %{ $self->conf->{locationRules} } ) { - $self->lmLog( "Vhost $vhost added in trusted domains", 'debug' ); + $self->logger->debug("Vhost $vhost added in trusted domains"); $re->add( quotemeta($vhost) ); if ( my $tmp = $self->conf->{vhostOptions}->{$vhost}->{vhostAliases} ) { foreach my $alias ( split /\s+/, $tmp ) { - $self->lmLog( "Alias $alias added in trusted domains", - 'debug' ); + $self->logger->debug( + "Alias $alias added in trusted domains"); $re->add( quotemeta($alias) ); } } @@ -247,20 +247,16 @@ sub reloadConf { $self->{"_$type"}->{$name} = $sub; } else { - $self->lmLog( - "$type $name returns an error: " - . HANDLER->tsv->{jail}->error, - 'error' - ); + $self->logger->error( "$type $name returns an error: " + . HANDLER->tsv->{jail}->error ); } } } } $self->{_jsRedirect} = HANDLER->buildSub( HANDLER->substitute( $self->conf->{jsRedirect} ) ) - or $self->lmLog( - 'jsRedirect returns an error: ' . HANDLER->tsv->{jail}->error, - 'error' ); + or $self->logger->error( + 'jsRedirect returns an error: ' . HANDLER->tsv->{jail}->error ); $self->menu( $self->loadPlugin('::Main::Menu') ); $self->displayInit; @@ -287,15 +283,15 @@ sub findEP { qw(beforeAuth betweenAuthAndDatas afterDatas forAuthUser beforeLogout)) { if ( $obj->can($sub) ) { - $self->lmLog( " Found $sub entry point:", 'debug' ); + $self->logger->debug(" Found $sub entry point:"); if ( my $callback = $obj->$sub ) { push @{ $self->{$sub} }, sub { $obj->$callback( $_[0] ) }; - $self->lmLog( " -> $callback", 'debug' ); + $self->logger->debug(" -> $callback"); } } } ( $obj and $obj->init ) or return 0; - $self->lmLog( "Plugin $plugin initializated", 'debug' ); + $self->logger->debug("Plugin $plugin initializated"); return $obj; } @@ -307,12 +303,12 @@ sub loadModule { eval "require $module"; if ($@) { - $self->lmLog( "$module load error: $@", 'error' ); + $self->logger->error("$module load error: $@"); return 0; } eval { $obj = $module->new( { p => $self, conf => $conf } ); - $self->lmLog( "Module $module loaded", 'debug' ); + $self->logger->debug("Module $module loaded"); }; if ($@) { $self->error("Unable to build $module object: $@"); @@ -323,7 +319,7 @@ sub loadModule { } sub fail { - $_[0]->lmLog( $_[0]->error, 'error' ); + $_[0]->userLogger->error( $_[0]->error ); $_[0]->addUnauthRoute( '*' => 'displayError' ); $_[0]->addAuthRoute( '*' => 'displayError' ); return 0; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm index 819422de8..83f2b0514 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm @@ -37,11 +37,17 @@ sub init { if ( my $path = $self->conf->{"issuerDB${type}Path"} ) { $path =~ s/^.*?(\w+).*?$/$1/; $self->path($path); - $self->addUnauthRoute( $path => { '*' => '_redirect' }, ['GET','POST'] ); - $self->addAuthRoute( $path => { '*' => "_forAuthUser" }, ['GET','POST'] ); + $self->addUnauthRoute( + $path => { '*' => '_redirect' }, + [ 'GET', 'POST' ] + ); + $self->addAuthRoute( + $path => { '*' => "_forAuthUser" }, + [ 'GET', 'POST' ] + ); } else { - $self->lmLog( "No path declared for issuer $type. Skipping", 'debug' ); + $self->logger->debug("No path declared for issuer $type. Skipping"); } } @@ -51,13 +57,14 @@ sub init { sub _redirect { my ( $self, $req, @path ) = @_; - $self->lmLog( 'Processing _redirect', 'debug' ); + $self->logger->debug('Processing _redirect'); my $prms = $req->parameters; foreach my $k ( keys %$prms ) { $self->p->setHiddenFormValue( $req, $k, $prms->{$k}, '', 0 ); } $self->p->setHiddenFormValue( $req, 'issuerMethod', $req->method, '', 0 ); - $self->p->setHiddenFormValue( $req, 'issuerQuery', $req->query_string, '', 0 ); + $self->p->setHiddenFormValue( $req, 'issuerQuery', $req->query_string, '', + 0 ); $req->{urldc} = $self->conf->{portal} . $req->path @@ -83,7 +90,7 @@ sub _redirect { # Case 3: authentified user, launch sub _forAuthUser { my ( $self, $req, @path ) = @_; - $self->lmLog( 'Processing _forAuthUser', 'debug' ); + $self->logger->debug('Processing _forAuthUser'); return $self->p->do( $req, [ diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Menu.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Menu.pm index 81a6eef5d..04e2c0be8 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Menu.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Menu.pm @@ -18,8 +18,7 @@ has menuModules => ( my @res; foreach (qw(Appslist ChangePassword LoginHistory Logout)) { my $cond = $conf->{"portalDisplay$_"} // 1; - $_[0] - ->p->lmLog( "Evaluate condition $cond for module $_", 'debug' ); + $_[0]->p->logger->debug("Evaluate condition $cond for module $_"); my $tmp = $_[0]->{p}->HANDLER->buildSub($cond); push @res, [ $_, $tmp ] if ($tmp); @@ -31,7 +30,8 @@ has menuModules => ( has imgPath => ( is => 'rw', builder => sub { - return $_[0]->{conf}->{impgPath} || $_[0]->{conf}->{staticPrefix} . '/logos'; + return $_[0]->{conf}->{impgPath} + || $_[0]->{conf}->{staticPrefix} . '/logos'; } ); @@ -104,7 +104,7 @@ sub displayModules { # Foreach module, eval condition # Store module in result if condition is valid foreach my $module ( @{ $self->menuModules } ) { - $self->lmLog( "Check if $module->[0] has to be displayed", 'debug' ); + $self->logger->debug("Check if $module->[0] has to be displayed"); if ( $module->[1]->() ) { my $moduleHash = { $module->[0] => 1 }; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm index 0dea3ce66..b794cc3b9 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm @@ -33,7 +33,7 @@ sub enabledPlugins { # Search for Issuer* modules enabled foreach my $key (qw(SAML OpenID CAS OpenIDConnect Get)) { if ( $self->conf->{"issuerDB${key}Activation"} ) { - $self->lmLog( "Issuer${key} enabled", 'debug' ); + $self->logger->debug("Issuer${key} enabled"); push @res, "::Issuer::$key"; } } @@ -62,8 +62,8 @@ sub enabledPlugins { # Check if custom plugins are required # TODO: change this name if ( $self->conf->{customPlugins} ) { - $self->lmLog( 'Custom plugins: ' . $self->conf->{customPlugins}, - 'debug' ); + $self->logger->debug( + 'Custom plugins: ' . $self->conf->{customPlugins} ); push @res, grep ( /\w/, split( /,\s*/, $self->conf->{customPlugins} ) ); } return @res; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm index 427107057..1b30e8f5a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm @@ -21,15 +21,15 @@ sub process { my $err = PE_OK; while ( my $sub = shift @{ $req->steps } ) { if ( ref $sub ) { - $self->lmLog( "Processing code ref", 'debug' ); + $self->logger->debug("Processing code ref"); last if ( $err = $sub->($req) ); } else { - $self->lmLog( "Processing $sub", 'debug' ); + $self->logger->debug("Processing $sub"); last if ( $err = $self->$sub($req) ); } } - $self->lmLog( "Returned error: $err", 'debug' ) if ($err); + $self->logger->debug("Returned error: $err") if ($err); return $err; } @@ -64,11 +64,11 @@ sub controlUrl { if ( $self->conf->{cipher} and $2 ne "1" ) { my $time = time() - $self->conf->{cipher}->decrypt($2); if ( $time < 600 ) { - $self->lmLog( "Confirm parameter accepted $c", 'debug' ); + $self->logger->debug("Confirm parameter accepted $c"); $req->set_param( 'confirm', $c ); } else { - $self->lmLog( 'Confirmation to old, refused', 'notice' ); + $self->logger->notice('Confirmation to old, refused'); $req->set_param( 'confirm', 0 ); } } @@ -82,9 +82,8 @@ sub controlUrl { } else { if ( $url =~ m#[^A-Za-z0-9\+/=]# ) { - $self->lmLog( - "Value must be in BASE64 (param: url | value: $url)", - "warn" ); + $self->userLogger->error( + "Value must be in BASE64 (param: url | value: $url)"); return PE_BADURL; } $req->{urldc} = decode_base64($url); @@ -112,12 +111,10 @@ sub controlUrl { # Non protected hosts if ( $tmp and !$self->isTrustedUrl($tmp) ) { - $self->lmLog( - "URL contains a non protected host (param: " + $self->userLogger->error( + "URL contains a non protected host (param: " . ( $req->param('logout') ? 'HTTP Referer' : 'urldc' ) - . " | value: $tmp)", - "warn" - ); + . " | value: $tmp)" ); delete $req->{urldc}; return PE_BADURL; } @@ -147,16 +144,16 @@ sub deleteSession { my $apacheSession = $self->getApacheSession( $req->id ); my $id = $req->id; unless ($apacheSession) { - $self->lmLog( "Session $id already deleted", 'debug' ); + $self->logger->debug("Session $id already deleted"); return PE_OK; } unless ( $self->_deleteSession( $req, $apacheSession ) ) { - $self->lmLog( "Unable to delete session $id", 'error' ); - $self->lmLog( $apacheSession->error, 'error' ); + $self->logger->error("Unable to delete session $id"); + $self->logger->error( $apacheSession->error ); return PE_ERROR; } else { - $self->lmLog( "Session $id deleted from global storage", 'debug' ); + $self->logger->debug("Session $id deleted from global storage"); } # TODO @@ -164,7 +161,7 @@ sub deleteSession { if ( $req->datas->{logoutServices} and %{ $req->datas->{logoutServices} } ) { - $self->lmLog( "Create iFrames to forward logout to services", 'debug' ); + $self->logger->debug("Create iFrames to forward logout to services"); $req->info('

'); @@ -173,11 +170,8 @@ sub deleteSession { my $logoutServiceUrl = $req->datas->{logoutServices}->{$logoutServiceName}; - $self->lmLog( - "Find logout service $logoutServiceName ($logoutServiceUrl)", - - 'debug' - ); + $self->logger->debug( + "Find logout service $logoutServiceName ($logoutServiceUrl)"); my $iframe = qq'"; - - $self->info($iframe); - } - - # Redirect on logout page if no other target defined - if ( !$self->{urldc} and !$self->{postUrl} ) { - $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1"; - } - } - - # Redirect or Post if asked by authLogout - return $self->_subProcess(qw(autoRedirect)) - if ( $self->{urldc} - and $self->{urldc} ne $self->{portal} ); - - return $self->_subProcess(qw(autoPost)) - if ( $self->{postUrl} ); - - # Display logout message - return PE_LOGOUT_OK; - } - - # If the user wants to purge other sessions - elsif ( $self->param('removeOther') ) { - $self->{notifyDeleted} = 1; - $self->{singleSession} = 1; - $self->_sub( 'removeOther', $id ); - } - - # Special ajax request "ping" to check if session is available - if ( $self->param('ping') ) { - print $self->header( -type => 'application/json' ) - . '{"auth":true}'; - $self->quit(); - } - - # Special ajax request "storeAppsListOrder" - if ( $self->param('storeAppsListOrder') ) { - my $order = $self->param('storeAppsListOrder'); - $self->lmLog( "Get new apps list order: $order", 'debug' ); - $self->updatePersistentSession( { appsListOrder => $order } ); - $self->quit(); - } - - $self->{id} = $id; - - # A session has been found => call existingSession - my $r = $self->_sub( 'existingSession', $id, $self->{sessionInfo} ); - if ( $r == PE_DONE ) { - $self->{user} = $self->{sessionInfo} - ->{ $self->{whatToTrace} || '_whatToTrace' }; - $self->{error} = $self->_subProcess( - qw(checkNotification issuerDBInit authInit issuerForAuthUser authFinish autoRedirect) - ); - return $self->{error} || PE_DONE; - } - else { - return $r; - } - } - } - - # Special ajax request "ping" to check if session is available - if ( $self->param('ping') ) { - print $self->header( -type => 'application/json' ) . '{"auth":false}'; - $self->quit(); - } - - # Display logout success if logout asked - # and we do not have valid session - return PE_LOGOUT_OK if $self->param('logout'); - - # Else continue authentication process - PE_OK; -} - -## @method int existingSession() -# Launched by controlExistingSession() to know what to do with existing -# sessions. -# Can return: -# - PE_DONE: session is unchanged and process() return true -# - PE_OK: process() return false to display the form -#@return Lemonldap::NG::Portal constant -sub existingSession { - my $self = shift; - my $forceAuthn; - - # Check portalForceAuthn parameter - # and authForce method - eval { $forceAuthn = $self->_sub('authForce'); }; - if ($@) { - $self->lmLog( "Error when calling authForce: $@", 'debug' ); - } - - $forceAuthn = 1 if ( $self->{portalForceAuthn} ); - - if ($forceAuthn) { - my $referer = $self->referer(); - my $id = $self->{id}; - - # Do not force authentication when password is modified - return PE_DONE if $self->param('newpassword'); - - # Do not force authentication if last successful authentication is recent - my $last_authn_utime = $self->{sessionInfo}->{_lastAuthnUTime} || 0; - if ( time() - $last_authn_utime < $self->{portalForceAuthnInterval} ) { - $self->lmLog( -"Authentication is recent, so do not force authentication for session $id", - 'debug' - ); - return PE_DONE; - } - - # If coming from the portal follow the normal process to update the session - if ( $referer ? ( $referer =~ m#$self->{portal}#i ) : 0 ) { - $self->lmLog( "Portal referer detected for session $id", 'debug' ); - - # Set flag to update session timestamp - $self->{updateSession} = 1; - - # Process - $self->{error} = $self->_subProcess( - qw(issuerDBInit authInit issuerForUnAuthUser extractFormInfo - userDBInit getUser setAuthSessionInfo setSessionInfo - setMacros setGroups setPersistentSessionInfo - setLocalGroups authenticate authFinish userDBFinish store authPostStore) - ); - return $self->{error} || PE_DONE; - } - else { - $self->lmLog( "Force reauthentication for session $id", 'debug' ); - return PE_OK; - } - } - - # Else return PE_DONE - PE_DONE; -} - -# issuerDBInit(): must be implemented in IssuerDB* module - -# authInit(): must be implemented in Auth* module - -# issuerForUnAuthUser(): must be implemented in IssuerDB* module - -##@apmethod int extractFormInfo() -# Extract data common to all authentication modules, -# and call extractFormInfo() in Auth* module -# Auth*::extractFormInfo set $self->{user} and in some cases -# authenticate user (done in authenticate() else) -#@return Lemonldap::NG::Portal constant -sub extractFormInfo { - my $self = shift; - return PE_OK if $self->{skipExtractFormInfo}; - $self->{checkLogins} = $self->param('checkLogins'); - return $self->SUPER::extractFormInfo; -} - -# getUser(): must be implemented in UserDB* module - -## @apmethod int setAuthSessionInfo() -# Set _auth -# call setAuthSessionInfo in Auth* module -#@return Lemonldap::NG::Portal constant -sub setAuthSessionInfo { - my $self = shift; - - # Get the current authentication module - $self->{sessionInfo}->{_auth} = $self->get_module("auth"); - - return $self->SUPER::setAuthSessionInfo(); -} - -## @apmethod int passwordDBInit() -# Set _passwordDB -# call passwordDBInit in passwordDB* module -# @return Lemonldap::NG::Portal constant -sub passwordDBInit { - my $self = shift; - - # Get the current password module - $self->{sessionInfo}->{_passwordDB} = $self->get_module("password"); - - return $self->SUPER::passwordDBInit(); -} - -## @apmethod int modifyPassword() -# Call modifyPassword from PasswordDB* module -# Continue auth process if password change is ok -# @return Lemonldap::NG::Portal constant -sub modifyPassword { - my $self = shift; - - my $res = $self->SUPER::modifyPassword(); - - if ( $res == PE_PASSWORD_OK ) { - - # Update password in session if needed - $self->lmLog( "Update password in session for " . $self->{user}, - 'debug' ); - - my $infos; - $infos->{_password} = $self->{newpassword}; - $self->updateSession($infos) if ( $self->{storePassword} ); - - # Set a flag to ignore password change in Menu - $self->{ignorePasswordChange} = 1; - - # Set a flag to allow sending a mail - $self->{passwordWasChanged} = 1; - - # Continue process if password change is ok - return PE_OK; - } - - return $res; -} - -##@apmethod int setSessionInfo() -# Set ipAddr, startTime, updateTime, _utime and _userDB -# Set _lastSeen if activity timeout is configured -# Call setSessionInfo() in UserDB* module -#@return Lemonldap::NG::Portal constant -sub setSessionInfo { - my $self = shift; - - # Get the current user module - $self->{sessionInfo}->{_userDB} = $self->get_module("user"); - - # Store IP address from remote address or X-FORWARDED-FOR header - $self->{sessionInfo}->{ipAddr} = $self->ipAddr; - - # Date and time - if ( $self->{updateSession} ) { - $self->{sessionInfo}->{updateTime} = - strftime( "%Y%m%d%H%M%S", localtime() ); - } - else { - $self->{sessionInfo}->{_utime} ||= time(); - $self->{sessionInfo}->{startTime} = - strftime( "%Y%m%d%H%M%S", localtime() ); - $self->{sessionInfo}->{_lastSeen} = time() if $self->{timeoutActivity}; - } - - # Get environment variables matching exportedVars - foreach ( keys %{ $self->{exportedVars} } ) { - if ( my $tmp = $ENV{ $self->{exportedVars}->{$_} } ) { - $tmp =~ s/[\r\n]/ /gs; - $self->{sessionInfo}->{$_} = $tmp; - delete $self->{exportedVars}->{$_}; - } - } - - # Store URL origin in session - $self->{sessionInfo}->{_url} = $self->{urldc}; - - # Call UserDB setSessionInfo - if ( my $res = $self->SUPER::setSessionInfo() ) { - return $res; - } - - PE_OK; -} - -##@apmethod int setMacros() -# Macro mechanism. -# * store macro results in $self->{sessionInfo} -#@return Lemonldap::NG::Portal constant -sub setMacros { - my $self = shift; - $self->{sessionInfo}->{groups} = ''; - $self->{sessionInfo}->{hGroups} = {}; - foreach ( sort keys %{ $self->{macros} } ) { - $self->{sessionInfo}->{$_} = - $self->safe->reval( $self->{macros}->{$_} ); - } - PE_OK; -} - -##@apmethod int setLocalGroups() -# Groups mechanism. -# * store all groups name that the user match in $self->{sessionInfo}->{groups} -#@return Lemonldap::NG::Portal constant -sub setLocalGroups { - my $self = shift; - foreach ( sort keys %{ $self->{groups} } ) { - if ( $self->safe->reval( $self->{groups}->{$_} ) ) { - $self->{sessionInfo}->{groups} .= - $self->{multiValuesSeparator} . $_; - $self->{sessionInfo}->{hGroups}->{$_}->{name} = $_; - } - } - - # Clear values separator at the beginning - if ( $self->{sessionInfo}->{groups} ) { - $self->{sessionInfo}->{groups} =~ - s/^\Q$self->{multiValuesSeparator}\E//; - } - PE_OK; -} - -# setGroups(): must be implemented in UserDB* module - -##@apmethod int setPersistentSessionInfo() -# Restore persistent session info -#@return Lemonldap::NG::Portal constant -sub setPersistentSessionInfo { - my $self = shift; - - # Do not restore infos if session already opened - unless ( $self->{id} ) { - my $key = $self->{sessionInfo}->{ $self->{whatToTrace} }; - - return PE_OK unless ( $key and length($key) ); - - my $persistentSession = $self->getPersistentSession($key); - - if ($persistentSession) { - $self->lmLog( "Persistent session found for $key", 'debug' ); - foreach my $k ( keys %{ $persistentSession->data } ) { - - # Do not restore some parameters - next if $k =~ /^_(?:utime|session_(?:u?id|kind))$/; - $self->lmLog( "Restore persistent parameter $k", 'debug' ); - $self->{sessionInfo}->{$k} = $persistentSession->data->{$k}; - } - } - } - - PE_OK; -} - -## @apmethod sendPasswordMail -# Call sendPasswordMail from MailReset if option is configured -# @return Lemonldap::NG::Portal constant -sub sendPasswordMail { - my $self = shift; - - if ( $self->{mailOnPasswordChange} && $self->{passwordWasChanged} ) { - - $self->lmLog( "Send password by mail requested", 'debug' ); - - eval "require Lemonldap::NG::Portal::MailReset"; - &Lemonldap::NG::Portal::MailReset::smtpInit($self); - &Lemonldap::NG::Portal::MailReset::sendPasswordMail($self); - } - - # Never stop the process here - return PE_OK; -} - -##@apmethod int authenticate() -# Call authenticate() in Auth* module, and registerLogin() -# if authentication failed, userNotice() if it succeeded. -#@return Lemonldap::NG::Portal constant -sub authenticate { - my $self = shift; - if ( my $errorCode = $self->SUPER::authenticate() ) { - $self->registerLogin($errorCode); - return $errorCode; - } - - # Log good authentication - my $user = $self->{sessionInfo}->{ $self->{whatToTrace} }; - $self->_sub( 'userNotice', - "Good authentication for $user by $self->{sessionInfo}->{_auth}" ) - if $user; - - # Set _lastAuthnUTime - $self->{sessionInfo}->{_lastAuthnUTime} = time(); - - PE_OK; -} - -##@method registerLogin -# Store current login in login history -# @param $errorCode Code returned by authenticate() -sub registerLogin { - my ( $self, $errorCode ) = @_; - - if ( $self->{loginHistoryEnabled} ) { - my $history = $self->{sessionInfo}->{loginHistory} ||= {}; - - foreach ( @{ $history->{failedLogin} } ) { - utf8::decode( $_->{error} ); - } - - my $type = ( $errorCode ? "failed" : "success" ) . "Login"; - $history->{$type} ||= []; - $self->lmLog( "Current login saved into $type", "debug" ); - - # Gather current login's parameters - my $login = $self->_sumUpSession( $self->{sessionInfo}, 1 ); - $login->{error} = $self->error($errorCode) - if ($errorCode); - - # Add current login into history - unshift @{ $history->{$type} }, $login; - - # Forget oldest logins - splice @{ $history->{$type} }, $self->{ $type . "Number" } - if ( scalar @{ $history->{$type} } > $self->{ $type . "Number" } ); - - # Save into persistent session - $self->updatePersistentSession( { loginHistory => $history, } ); - } -} - -##@apmethod int removeOther() -# check singleSession or singleIP parameters, and remove other sessions if needed -#@return Lemonldap::NG::Portal constant -sub removeOther { - my ( $self, $current ) = @_; - $self->{deleted} = []; - $self->{otherSessions} = []; - - my $moduleOptions = $self->{globalStorageOptions} || {}; - $moduleOptions->{backend} = $self->{globalStorage}; - my $module = "Lemonldap::NG::Common::Apache::Session"; - - if ( $self->{singleSession} - or $self->{singleIP} - or $self->{notifyOther} ) - { - my $sessions = - $module->searchOn( $moduleOptions, $self->{whatToTrace}, - $self->{sessionInfo}->{ $self->{whatToTrace} } ); - foreach my $id ( keys %$sessions ) { - next if ( $current and ( $current eq $id ) ); - my $session = $self->getApacheSession( $id, 1 ) or next; - if ( - $self->{singleSession} - or ( $self->{singleIP} - and $self->{sessionInfo}->{ipAddr} ne - $session->data->{ipAddr} ) - ) - { - push @{ $self->{deleted} }, - $self->_sumUpSession( $session->data ); - $self->_deleteSession( $session, 1 ); - } - else { - push @{ $self->{otherSessions} }, - $self->_sumUpSession( $session->data ); - } - } - } - if ( $self->{singleUserByIP} ) { - my $sessions = - $module->searchOn( $moduleOptions, 'ipAddr', $self->ipAddr ); - foreach my $id ( keys %$sessions ) { - next if ( $current and $current eq $id ); - my $session = $self->getApacheSession( $id, 1 ) or next; - unless ( $self->{sessionInfo}->{ $self->{whatToTrace} } eq - $session->data->{ $self->{whatToTrace} } ) - { - push @{ $self->{deleted} }, - $self->_sumUpSession( $session->data ); - $self->_deleteSession( $session, 1 ); - } - } - } - $self->info( - $self->mkSessionArray( - $self->{deleted}, $self->msg(PM_SESSIONS_DELETED), 1 - ) - ) if ( $self->{notifyDeleted} and @{ $self->{deleted} } ); - $self->info( - $self->mkSessionArray( $self->{otherSessions}, - $self->msg(PM_OTHER_SESSIONS), 1 ) - . $self->_mkRemoveOtherLink() - ) if ( $self->{notifyOther} and @{ $self->{otherSessions} } ); - - $self->info( - ( - $self->{sessionInfo}->{loginHistory}->{successLogin} - ? $self->mkSessionArray( - $self->{sessionInfo}->{loginHistory}->{successLogin}, - $self->msg(PM_LAST_LOGINS), - 0, 0 - ) - : "" - ) - . ( - $self->{sessionInfo}->{loginHistory}->{failedLogin} - ? $self->mkSessionArray( - $self->{sessionInfo}->{loginHistory}->{failedLogin}, - $self->msg(PM_LAST_FAILED_LOGINS), - 0, 1 - ) - : "" - ) - ) if ( $self->{checkLogins} ); - - PE_OK; -} - -##@method private hashref _sumUpSession(Lemonldap::NG::Common::Session session) -# put main session data into a hash ref -# @param hashref $session The session to sum up -# @return hashref -sub _sumUpSession { - my ( $self, $session, $withoutUser ) = @_; - my $res = - $withoutUser - ? {} - : { user => $session->{ $self->{whatToTrace} } }; - $res->{$_} = $session->{$_} - foreach ( "_utime", "ipAddr", keys %{ $self->{sessionDataToRemember} } ); - return $res; -} - -##@method private string mkSessionArray(string title,array datas) -# Build an HTML array to display sessions -# @param $sessions Array ref of hash ref containing sessions datas -# @param $title Title of the array -# @param $displayUser To display "User" column -# @param $displaError To display "Error" column -# @return HTML string -sub mkSessionArray { - my ( $self, $sessions, $title, $displayUser, $displayError ) = @_; - - return "" unless ( ref $sessions eq "ARRAY" and @$sessions ); - - my $tmp = $title ? "

$title

" : ""; - $tmp .= ""; - - $tmp .= ""; - $tmp .= "" - if ($displayUser); - $tmp .= ""; - $tmp .= ""; - $tmp .= "" - foreach ( keys %{ $self->{sessionDataToRemember} } ); - $tmp .= '' - if ($displayError); - $tmp .= ''; - - foreach my $session (@$sessions) { - $tmp .= ""; - $tmp .= "" if ($displayUser); - $tmp .= -""; - $tmp .= ""; - $tmp .= "" - foreach ( keys %{ $self->{sessionDataToRemember} } ); - $tmp .= "" if ($displayError); - $tmp .= ""; - } - $tmp .= '
" . $self->msg(PM_USER) . "" . $self->msg(PM_DATE) . "" . $self->msg(PM_IP) . "" . $self->{sessionDataToRemember}->{$_} . "' . $self->msg(PM_ERROR_MSG) . '
$session->{user}$session->{ipAddr}" . ( $session->{$_} || "" ) . "$session->{error}
'; - return $tmp; -} - -## @method private string _mkRemoveOtherLink() -# Build the removeOther link -# Last part of URL is built trough javascript -# @return removeOther link in HTML code -sub _mkRemoveOtherLink { - my $self = shift; - - my $link = $self->{portal} . "?removeOther=1"; - - return - "

" - . $self->msg(PM_REMOVE_OTHER_SESSIONS) - . "

"; -} - -##@apmethod int grantSession() -# Check grantSessionRule to allow session creation. -#@return Lemonldap::NG::Portal constant -sub grantSession { - my ($self) = @_; - - if ( defined $self->{grantSessionRule} ) { - - # Eval grantSessionRule - # Kept for backward compatibility with LL::NG 1.1.2 and previous - my $grantSessionRule = $self->{grantSessionRule}; - - unless ( $self->safe->reval($grantSessionRule) ) { - $self->lmLog( - "User " . $self->{user} . " was not granted to open session", - 'error' ); - $self->registerLogin(PE_SESSIONNOTGRANTED); - return PE_SESSIONNOTGRANTED; - } - } - - # Eval grantSessionRules sorted by comments - sub sortByComment { - my $A = ( $a =~ /^.*?##(.*)$/ )[0]; - my $B = ( $b =~ /^.*?##(.*)$/ )[0]; - return !$A ? 1 : !$B ? -1 : $A cmp $B; - } - foreach ( sort sortByComment keys %{ $self->{grantSessionRules} } ) { - $self->lmLog( "Grant session condition \"$_\" checked", "debug" ); - unless ( $self->safe->reval($_) ) { - $self->lmLog( - "User " . $self->{user} . " was not granted to open session", - 'error' ); - my $msg = $self->safe->reval( $self->{grantSessionRules}->{$_} ); - $msg = $self->{grantSessionRules}->{$_} if ($@); - $self->{ "error_" . PE_SESSIONNOTGRANTED } = $msg if ($msg); - $self->registerLogin(PE_SESSIONNOTGRANTED); - return PE_SESSIONNOTGRANTED; - } - } - - my $user = $self->{sessionInfo}->{ $self->{whatToTrace} }; - $self->_sub( 'userNotice', "Session granted for $user" ) if ($user); - $self->registerLogin(PE_OK); - return PE_OK; -} - -##@apmethod int store() -# Store user's datas in sessions database. -# Now, the user is known, authenticated and session variable are evaluated. -# It's time to store his parameters with Apache::Session::* module -#@return Lemonldap::NG::Portal constant -sub store { - my ($self) = @_; - - # Now, user is authenticated => inform Apache - $self->setApacheUser( $self->{sessionInfo}->{ $self->{whatToTrace} } ); - - # Create second session for unsecure cookie - if ( $self->{securedCookie} == 2 ) { - my $session2 = $self->getApacheSession( undef, 1 ); - - my %infos = %{ $self->{sessionInfo} }; - $infos{_httpSessionType} = 1; - - $session2->update( \%infos ); - - $self->{sessionInfo}->{_httpSession} = $session2->id; - } - - # Main session - my $session = $self->getApacheSession( $self->{id}, 0, $self->{force} ); - return PE_APACHESESSIONERROR unless ($session); - - # Compute unsecure cookie value if needed - if ( $self->{securedCookie} == 3 ) { - $self->{sessionInfo}->{_httpSession} = - $self->{cipher}->encryptHex( $self->{id}, "http" ); - } - - # Fill session - my $infos = {}; - foreach my $k ( keys %{ $self->{sessionInfo} } ) { - next unless defined $self->{sessionInfo}->{$k}; - my $displayValue = $self->{sessionInfo}->{$k}; - if ( $self->{hiddenAttributes} =~ /\b$k\b/ ) { - $displayValue = '****'; - } - $self->lmLog( "Store $displayValue in session key $k", 'debug' ); - $self->_dump($displayValue) if ref($displayValue); - $infos->{$k} = $self->{sessionInfo}->{$k}; - } - $session->update($infos); - - PE_OK; -} - -## @apmethod int authFinish -# Call authFinish method from authentication module -# @return Lemonldap::NG::Portal constant -sub authFinish { - my $self = shift; - - # Remove captcha session - if ( $self->{captcha_check_code} ) { - $self->removeCaptcha( $self->{captcha_check_code} ); - } - - eval { $self->{error} = $self->SUPER::authFinish; }; - if ($@) { - $self->lmLog( -"Optional authFinish method not defined in current authentication module: $@", - 'debug' - ); - return PE_OK; - } - - return $self->{error}; -} - -## @apmethod int authPostStore -# Call authPostStore method from authentication module -# @return Lemonldap::NG::Portal constant -sub authPostStore { - my $self = shift; - - eval { $self->{error} = $self->SUPER::authPostStore; }; - if ($@) { - $self->lmLog( -"Optional authPostStore method not defined in current authentication module: $@", - 'debug' - ); - return PE_OK; - } - - return $self->{error}; -} - -## @apmethod int userDBFinish -# Call userDBFinish method from userDB module -# @return Lemonldap::NG::Portal constant -sub userDBFinish { - my $self = shift; - - eval { $self->{error} = $self->SUPER::userDBFinish; }; - if ($@) { - $self->lmLog( -"Optional userDBFinish method not defined in current userDB module: $@", - 'debug' - ); - return PE_OK; - } - - return $self->{error}; -} - -## @apmethod int passwordDBFinish -# Call passwordDBFinish method from passwordDB module -# @return Lemonldap::NG::Portal constant -sub passwordDBFinish { - my $self = shift; - - eval { $self->{error} = $self->SUPER::passwordDBFinish; }; - if ($@) { - $self->lmLog( -"Optional passwordDBFinish method not defined in current passwordDB module: $@", - 'debug' - ); - return PE_OK; - } - - return $self->{error}; -} - -##@apmethod int buildCookie() -# Build the Lemonldap::NG cookie. -#@return Lemonldap::NG::Portal constant -sub buildCookie { - my $self = shift; - push @{ $self->{cookie} }, - $self->cookie( - -name => $self->{cookieName}, - -value => $self->{id}, - -domain => $self->{domain}, - -path => "/", - -secure => $self->{securedCookie}, - -httponly => $self->{httpOnly}, - -expires => $self->{cookieExpiration}, - @_, - ); - if ( $self->{securedCookie} >= 2 ) { - push @{ $self->{cookie} }, - $self->cookie( - -name => $self->{cookieName} . "http", - -value => $self->{sessionInfo}->{_httpSession}, - -domain => $self->{domain}, - -path => "/", - -secure => 0, - -httponly => $self->{httpOnly}, - -expires => $self->{cookieExpiration}, - @_, - ); - } - PE_OK; -} - -##@apmethod int checkNotification() -# Check if messages has to be notified. -# Call Lemonldap::NG::Common::Notification::getNotification(). -#@return Lemonldap::NG::Portal constant -sub checkNotification { - my $self = shift; - if ( $self->{notification} - and $self->{_notification} ||= - $self->{notifObject}->getNotification($self) ) - { - return PE_NOTIFICATION; - } - return PE_OK; -} - -## @apmethod int issuerForAuthUser() -# Check IssuerDB activation rule -# Register used module in user session -# @return Lemonldap::NG::Portal constant -sub issuerForAuthUser { - my $self = shift; - - # User information - my $user = $self->{sessionInfo}->{ $self->{whatToTrace} } || 'unknown'; - - # Get active module - my $issuerDBtype = $self->get_module('issuer'); - - # Eval activation rule - my $rule = $self->{ 'issuerDB' . $issuerDBtype . 'Rule' }; - - if ( defined $rule ) { - - $self->lmLog( "Applying rule: $rule", 'debug' ); - - unless ( $self->safe->reval($rule) ) { - $self->lmLog( - "User $user was not allowed to use IssuerDB $issuerDBtype", - 'warn' ); - - return PE_OK; - } - - } - else { - $self->lmLog( "No rule found for IssuerDB $issuerDBtype", 'debug' ); - } - - $self->lmLog( "User $user allowed to use IssuerDB $issuerDBtype", 'debug' ); - - # Register IssuerDB module in session - $self->addSessionValue( '_issuerDB', $issuerDBtype, $self->{id} ); - - # Update session activity unless for Null IssuerDB - $self->updateSession( { '_lastSeen' => time() } ) - if ( $self->{timeoutActivity} && $issuerDBtype ne 'Null' ); - - # Call IssuerDB module method - return $self->SUPER::issuerForAuthUser(); -} - -##@apmethod int autoRedirect() -# If the user was redirected to the portal, we will now redirect him -# to the requested URL. -#@return Lemonldap::NG::Portal constant -sub autoRedirect { - my $self = shift; - $self->clearHiddenFormValue(); - - # Default redirection URL - $self->{urldc} ||= $self->{portal} - if ( $self->{mustRedirect} or $self->info() ); - - # Display info before redirecting - if ( $self->info() ) { - $self->{infoFormMethod} = $self->param('method') || "get"; - $self->clearHiddenFormValue(); - my ($query_string) = ( $self->{urldc} =~ /.+?\?(.+)/ ); - if ($query_string) { - $self->lmLog( - "Transform query string $query_string into hidden form values", - 'debug' - ); - my $query = CGI->new($query_string); - my $formFields = $query->Vars; - foreach ( keys %$formFields ) { - $self->setHiddenFormValue( $_, $formFields->{$_}, "", 0 ); - } - } - return PE_INFO; - } - - # Redirection should be made if - # - urldc defined - # - lmError parameter is not defined - if ( $self->{urldc} and !$self->param("lmError") ) { - - # Cross-domain mechanism - if ( $self->{cda} - and $self->{id} - and $self->{urldc} !~ m#^https?://[^/]*$self->{domain}(:\d+)?/#oi - and $self->isTrustedUrl( $self->{urldc} ) ) - { - my $ssl = $self->{urldc} =~ /^https/; - $self->lmLog( 'CDA request', 'debug' ); - - # Create CDA session - if ( my $cdaSession = - $self->getApacheSession( undef, 1, undef, "CDA" ) ) - { - my $cdaInfos = { '_utime' => time }; - if ( $self->{securedCookie} < 2 or $ssl ) { - $cdaInfos->{cookie_value} = $self->{id}; - $cdaInfos->{cookie_name} = $self->{cookieName}; - } - else { - $cdaInfos->{cookie_value} = - $self->{sessionInfo}->{_httpSession}; - $cdaInfos->{cookie_name} = $self->{cookieName} . "http"; - } - - $self->updateSession( $cdaInfos, $cdaSession->id ); - - $self->{urldc} .= - ( $self->{urldc} =~ /\?/ ? '&' : '?' ) - . $self->{cookieName} . "cda=" - . $cdaSession->id; - - $self->lmLog( "CDA redirection to " . $self->{urldc}, 'debug' ); - - } - else { - $self->lmLog( "Unable to create CDA session", 'error' ); - return PE_APACHESESSIONERROR; - } - } - - $self->updateStatus; - - if ( $self->safe->reval( $self->{jsRedirect} ) ) { - $self->{redirectFormMethod} = "get"; - return PE_REDIRECT; - } - else { - print $self->redirect( - -status => '303 See Other', - -location => $self->{urldc}, - ); - $self->quit(); - } - } - PE_OK; -} - -## @method void returnSOAPMessage() -# Print SOAP message -# @return void -sub returnSOAPMessage { - my $self = shift; - - # Quit if no SOAP message - $self->quit() unless $self->{SOAPMessage}; - - # Print HTTP header and SOAP message - binmode( STDOUT, ":bytes" ); - print $self->header( -type => 'application/xml' ); - print $self->{SOAPMessage}; - - # Exit - $self->quit(); -} - -## @method void autoPost() -# Transfer POST data with auto submit -# @return void -sub autoPost { - my $self = shift; - - # Get URL and Form fields - $self->{urldc} = $self->{postUrl}; - my $formFields = $self->{postFields}; - - $self->clearHiddenFormValue(); - foreach ( keys %$formFields ) { - $self->setHiddenFormValue( $_, $formFields->{$_}, "", 0 ); - } - - # Display info before redirecting - if ( $self->info() ) { - $self->{infoFormMethod} = $self->param('method') || "post"; - return PE_INFO; - } - - $self->{redirectFormMethod} = "post"; - return PE_REDIRECT; -} - -## @method HASHREF getCustomTemplateParameters() -# Find custom templates parameters -# @return Custom parameters -sub getCustomTemplateParameters { - - my $self = shift; - my $customTplParams = {}; - - foreach ( keys %$self ) { - next unless ( $_ =~ /^tpl_(.+)$/ ); - my $tplParam = $1; - my $tplValue = $self->{ "tpl_" . $tplParam }; - $self->lmLog( "Set custom template parameter $tplParam with $tplValue", - 'debug' ); - - $customTplParams->{$tplParam} = $tplValue; - } - - return $customTplParams; -} - -1; - -__END__ - -=head1 NAME - -=encoding utf8 - -Lemonldap::NG::Portal::Simple - Base module for building Lemonldap::NG compatible portals - -=head1 SYNOPSIS - - use Lemonldap::NG::Portal::Simple; - my $portal = new Lemonldap::NG::Portal::Simple( - domain => 'example.com', - globalStorage => 'Apache::Session::MySQL', - globalStorageOptions => { - DataSource => 'dbi:mysql:database=dbname;host=127.0.0.1', - UserName => 'db_user', - Password => 'db_password', - TableName => 'sessions', - LockDataSource => 'dbi:mysql:database=dbname;host=127.0.0.1', - LockUserName => 'db_user', - LockPassword => 'db_password', - }, - ldapServer => 'ldap.domaine.com,ldap-backup.domaine.com', - securedCookie => 1, - exportedVars => { - uid => 'uid', - cn => 'cn', - mail => 'mail', - appli => 'appli', - }, - # Activate SOAP service - Soap => 1 - ); - - if($portal->process()) { - # Write here the menu with CGI methods. This page is displayed ONLY IF - # the user was not redirected here. - print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see L) - print "..."; - - # or redirect the user to the menu - print $portal->redirect( -uri => 'https://portal/menu'); - } - else { - # Write here the html form used to authenticate with CGI methods. - # $portal->error returns the error message if athentification failed - # Warning: by defaut, input names are "user" and "password" - print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see L) - print "..."; - print '
'; - # In your form, the following value is required for redirection - print ''; - # Next, login and password - print 'Login :
'; - print 'Password : '; - print ''; - print '
'; - } - -SOAP mode authentication (client) : - - #!/usr/bin/perl -l - - use SOAP::Lite; - use Data::Dumper; - - my $soap = - SOAP::Lite->proxy('http://auth.example.com/') - ->uri('urn:/Lemonldap::NG::Common::CGI::SOAPService'); - my $r = $soap->getCookies( 'user', 'password' ); - - # Catch SOAP errors - if ( $r->fault ) { - print STDERR "SOAP Error: " . $r->fault->{faultstring}; - } - else { - my $res = $r->result(); - - # If authentication failed, display error - if ( $res->{error} ) { - print STDERR "Error: " . $soap->error( $res->{error} )->result(); - } - - # print session-ID - else { - print "Cookie: lemonldap=" . $res->{cookies}->{lemonldap}; - } - } - -=head1 DESCRIPTION - -Lemonldap::NG::Portal::Simple is the base module for building Lemonldap::NG -compatible portals. You can use it either by inheritance or by writing -anonymous methods like in the example above. - -See L for a complete example of use of -Lemonldap::Portal::* libraries. - -=head1 METHODS - -=head2 Constructor (new) - -=head3 Args - -=over - -=item * ldapServer: server(s) used to retrieve session information and to valid -credentials (localhost by default). More than one server can be set here -separated by commas. The servers will be tested in the specifies order. -To use TLS, set "ldap+tls://server" and to use LDAPS, set "ldaps://server" -instead of server name. If you use TLS, you can set any of the -Net::LDAP->start_tls() sub like this: - "ldap/tls://server/verify=none&capath=/etc/ssl" -You can also use caFile and caPath parameters. - -=item * ldapPort: tcp port used by ldap server. - -=item * ldapBase: base of the ldap directory. - -=item * managerDn: dn to used to connect to ldap server. By default, anonymous -bind is used. - -=item * managerPassword: password to used to connect to ldap server. By -default, anonymous bind is used. - -=item * securedCookie: set it to 1 if you want to protect user cookies. - -=item * cookieName: name of the cookie used by Lemonldap::NG (lemon by default). - -=item * domain: cookie domain. You may have to give it else the SSO will work -only on your server. - -=item * globalStorage: required: L library to used to store -session information. - -=item * globalStorageOptions: parameters to bind to L module - -=item * authentication: sheme to authenticate users (default: "ldap"). It can -be set to: - -=over - -=item * B: See L. - -=back - -=item * caPath, caFile: if you use ldap+tls you can overwrite cafile or capath -options with those parameters. This is useful if you use a shared -configuration. - -=item * ldapPpolicyControl: set it to 1 if you want to use LDAP Password Policy - -=item * grantSessionRule: rule applied to grant session opening for a user. Can -use all exported attributes, macros, groups and custom functions. - -=back - -=head2 Methods that can be overloaded - -All the functions above can be overloaded to adapt Lemonldap::NG to your -environment. They MUST return one of the exported constants (see above) -and are called in this order by process(). - -=head3 controlUrlOrigin - -If the user was redirected by a Lemonldap::NG handler, stores the url that will be -used to redirect the user after authentication. - -=head3 controlExistingSession - -Controls if a previous session is always available. If true, it call the sub -C with two parameters: id and a scalar tied on Apache::Session -module choosed to store sessions. See below - -=head3 existingSession - -This sub is called only if a previous session exists and is available. By -defaults, it returns PE_OK so user is re-authenticated. You can overload it: -for example if existingSession just returns PE_DONE: authenticated users are -not re-authenticated and C<>process> returns true. - -=head3 extractFormInfo - -Method implemented into Lemonldap::NG::Portal::Auth* modules. By default -(ldap bind), converts form input into object variables ($self->{user} and -$self->{password}). - -=head3 formateParams - -Does nothing. To be overloaded if needed. - -=head3 formateFilter - -Creates the ldap filter using $self->{user}. By default : - - $self->{filter} = "(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))"; - -If $self->{AuthLDAPFilter} is set, it is used instead of this. This is used by -Lemonldap::NG::Portal::Auth* modules to overload filter. - -=head3 connectLDAP - -Connects to LDAP server. - -=head3 bind - -Binds to the LDAP server using $self->{managerDn} and $self->{managerPassword} -if exist. Anonymous bind is provided else. - -=head3 search - -Retrieves the LDAP entry corresponding to the user using $self->{filter}. - -=head3 setAuthSessionInfo - -Same as setSessionInfo but implemented in Lemonldap::NG::Portal::Auth* modules. - -=head3 setSessionInfo - -Prepares variables to store in central cache (stored temporarily in -C<$self->{sessionInfo}>). It use C entry (passed to the new sub) -if defined to know what to store else it stores uid, cn and mail attributes. - -=head3 getSessionInfo - -Pick up an information stored in session. - -=head3 setGroups - -Does nothing by default. - -=head3 authenticate - -Method implemented in Lemonldap::NG::Portal::Auth* modules. By default (ldap), -authenticates the user by rebinding to the LDAP server using the dn retrieved -with search() and the password. - -=head3 grantSession - -Use grantSessionRule parameter to allow session opening. - -=head3 store - -Stores information collected by setSessionInfo into the central cache. -The portal connects the cache using the L module passed by -the globalStorage parameters (see constructor). - -=head3 unbind - -Disconnects from the LDAP server. - -=head3 buildCookie - -Creates the Lemonldap::NG cookie. - -=head3 log - -Does nothing. To be overloaded if wanted. - -=head3 autoRedirect - -Redirects the user to the url stored by controlUrlOrigin(). - -=head2 Other methods - -=head3 process - -Main method. - -=head3 error - -Returns the error message corresponding to the error returned by the methods -described above - -=head3 error_type - -Give the type of the error (positive, warning or positive) - -=head3 _bind( $ldap, $dn, $password ) - -Method used to bind to the ldap server. - -=head3 header - -Overloads the CGI::header method to add Lemonldap::NG cookie. - -=head3 redirect - -Overloads the CGI::redirect method to add Lemonldap::NG cookie. - -=head2 EXPORT - -=head3 Constants - -=over 5 - -=item * B: all is good - -=item * B: the user session has expired - -=item * B: Nothing was entered in the login form - -=item * B: the user was not found in the (ldap) directory - -=item * B: the account used to bind to LDAP server in order to -find the user distinguished name (dn) was refused by the server - -=item * B: bad login or password - -=item * B: abnormal error from ldap - -=item * B: abnormal error from Apache::Session - -=item * B: First access to the portal - -=item * B: Wrong certificate - -=item * PE_PP_ACCOUNT_LOCKED: account locked - -=item * PE_PP_PASSWORD_EXPIRED: password axpired - -=item * PE_CERTIFICATEREQUIRED: certificate required - -=item * PE_ERROR: unclassified error - -=back - -=head1 SEE ALSO - -L, L, L, -L - -=head1 AUTHOR - -=over - -=item Clement Oudot, Eclem.oudot@gmail.comE - -=item François-Xavier Deltombe, Efxdeltombe@gmail.com.E - -=item Xavier Guimard, Ex.guimard@free.frE - -=item Sandro Cazzaniga, Ecazzaniga.sandro@gmail.comE - -=item Thomas Chemineau, Ethomas.chemineau@gmail.comE - -=back - -=head1 BUG REPORT - -Use OW2 system to report bug or ask for features: -L - -=head1 DOWNLOAD - -Lemonldap::NG is available at -L - -=head1 COPYRIGHT AND LICENSE - -=over - -=item Copyright (C) 2005-2016 by Xavier Guimard, Ex.guimard@free.frE - -=item Copyright (C) 2012 by Sandro Cazzaniga, Ecazzaniga.sandro@gmail.comE - -=item Copyright (C) 2012-2013 by François-Xavier Deltombe, Efxdeltombe@gmail.com.E - -=item Copyright (C) 2006-2016 by Clement Oudot, Eclem.oudot@gmail.comE - -=item Copyright (C) 2010-2011 by Thomas Chemineau, Ethomas.chemineau@gmail.comE - -=back - -This library is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see L. - -=cut diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm index 154332967..461bcc633 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/DBI.pm @@ -49,7 +49,7 @@ sub getUser { if ($@) { # If connection isn't available, error is displayed by dbh() - $self->lmLog( "DBI error: $@", 'error' ) if ( $self->_dbh ); + $self->logger->error("DBI error: $@") if ( $self->_dbh ); return PE_ERROR; } unless ( $req->datas->{entry} = $sth->fetchrow_hashref() ) { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Facebook.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Facebook.pm index 72133fbcd..43d8361e9 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Facebook.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/Facebook.pm @@ -41,9 +41,8 @@ sub setSessionInfo { my $required = ( $attr =~ s/^!// ) ? 1 : 0; $req->{sessionInfo}->{$attr} = $req->datas->{_facebookDatas}->{$v}; if ( $required and not( defined $self->{sessionInfo}->{$attr} ) ) { - $self->lmLog( -"Required parameter $v is not provided by Facebook server, aborted", - 'warn' + $self->logger->warn( +"Required parameter $v is not provided by Facebook server, aborted" ); $req->mustRedirect(0); diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm index 48cd594be..544bf04aa 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm @@ -51,12 +51,11 @@ sub getUser { attrs => $self->attrs, ); if ( $mesg->code() != 0 ) { - $self->lmLog( 'LDAP Search error: ' . $mesg->error, 'error' ); + $self->logger->error( 'LDAP Search error: ' . $mesg->error ); return PE_LDAPERROR; } if ( $mesg->count() > 1 ) { - $self->lmLog( 'More than one entry returned by LDAP directory', - 'error' ); + $self->logger->error('More than one entry returned by LDAP directory'); return PE_BADCREDENTIALS; } unless ( $req->datas->{entry} = $mesg->entry(0) ) { @@ -99,12 +98,9 @@ sub setGroups { my $group_value = $self->ldap->getLdapValue( $req->datas->{entry}, $self->conf->{ldapGroupAttributeNameUser} ); - $self->lmLog( - "Searching LDAP groups in " + $self->logger->debug( "Searching LDAP groups in " . $self->{ldapGroupBase} - . " for $group_value", - 'debug' - ); + . " for $group_value" ); # Call searchGroups my $ldapGroups = $self->ldap->searchGroups( diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenID.pm index d016bdbba..cabf31cbf 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenID.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenID.pm @@ -37,18 +37,16 @@ sub setSessionInfo { if ( $v =~ Lemonldap::NG::Common::Regexp::OPENIDSREGATTR() ) { my $p = $req->param("openid.sreg.$v"); if ( $required and not defined $p ) { - $self->lmLog( -"Required parameter $attr is not provided by OpenID server, aborted", - 'warn' + $self->userLogger->warn( +"Required parameter $attr is not provided by OpenID server, aborted" ); return PE_MISSINGREQATTR; } $self->{sessionInfo}->{$attr} = $p; } else { - $self->lmLog( -"Ignoring attribute $v which is not a valid OpenID SREG attribute", - 'warn' + $self->userLogger->warn( +"Ignoring attribute $v which is not a valid OpenID SREG attribute" ); } } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm index b5b24d725..6e46bc0d7 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm @@ -9,7 +9,8 @@ use Lemonldap::NG::Portal::Main::Constants qw( our $VERSION = '2.0.0'; -extends 'Lemonldap::NG::Common::Module', 'Lemonldap::NG::Portal::Lib::OpenIDConnect'; +extends 'Lemonldap::NG::Common::Module', + 'Lemonldap::NG::Portal::Lib::OpenIDConnect'; # INITIALIZATION @@ -22,25 +23,25 @@ sub init { sub getUser { my ( $self, $req ) = @_; - my $op = $req->datas->{_oidcOPCurrent}; + my $op = $req->datas->{_oidcOPCurrent}; my $access_token = $req->datas->{access_token}; my $userinfo_content = $self->getUserInfo( $op, $access_token ); unless ($userinfo_content) { - $self->lmLog( "No User Info content", 'warn' ); + $self->logger->warn("No User Info content"); return PE_OK; } - $self->lmLog( "UserInfo received: $userinfo_content", 'debug' ); + $self->logger->debug("UserInfo received: $userinfo_content"); $req->datas->{OpenIDConnect_user_info} = $self->decodeJSON($userinfo_content); # Check that received sub is the same than current user unless ( $req->datas->{OpenIDConnect_user_info}->{sub} eq $req->{user} ) { - $self->lmLog( "Received sub do not match current user", 'error' ); + $self->logger->error("Received sub do not match current user"); return PE_BADCREDENTIALS; } @@ -50,7 +51,7 @@ sub getUser { # Get all required attributes sub setSessionInfo { my ( $self, $req ) = @_; - my $op = $req->datas->{_oidcOPCurrent}; + my $op = $req->datas->{_oidcOPCurrent}; my %vars = ( %{ $self->conf->{exportedVars} }, @@ -58,8 +59,7 @@ sub setSessionInfo { ); while ( my ( $k, $v ) = each %vars ) { - $req->{sessionInfo}->{$k} = - $req->datas->{OpenIDConnect_user_info}->{$v} + $req->{sessionInfo}->{$k} = $req->datas->{OpenIDConnect_user_info}->{$v} || ""; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/SAML.pm index 381e33394..98bcf8af0 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/SAML.pm @@ -43,8 +43,7 @@ sub setSessionInfo { my $exportedAttr; # Force UTF-8 - my $force_utf8 = - $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} + my $force_utf8 = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey} ->{samlIDPMetaDataOptionsForceUTF8}; # Get all required attributes, not already set @@ -65,16 +64,14 @@ sub setSessionInfo { $exportedAttr->{$_} = $self->conf->{samlIDPMetaDataExportedAttributes}->{$idpConfKey} ->{$_}; - $self->lmLog( "Attribute $_ will be requested to $idpConfKey", - 'debug' ); + $self->logger->debug( + "Attribute $_ will be requested to $idpConfKey"); } } unless ( keys %$exportedAttr ) { - $self->lmLog( - "All mandatory attributes were present in authentication response", - 'debug' - ); + $self->logger->debug( + "All mandatory attributes were present in authentication response"); return PE_OK; } @@ -84,12 +81,11 @@ sub setSessionInfo { my $server = $self->lassoServer; unless ($server) { - $self->lmLog( "Unable to create service for attribute request", - 'error' ); + $self->logger->error('Unable to create service for attribute request'); return PE_SAML_LOAD_SERVICE_ERROR; } - $self->lmLog( "Service for attribute request created", 'debug' ); + $self->logger->debug("Service for attribute request created"); # Add current IDP as Attribute Authority my $idp_metadata = @@ -101,9 +97,8 @@ sub setSessionInfo { # Add this IDP to Lasso::Server as AA unless ( $self->addAA( $server, $idp_metadata ) ) { - $self->lmLog( - "Fail to use IDP $idpConfKey Metadata as Attribute Authority", - 'error' ); + $self->logger->error( + "Fail to use IDP $idpConfKey Metadata as Attribute Authority"); return PE_SAML_LOAD_IDP_ERROR; } @@ -112,8 +107,8 @@ sub setSessionInfo { $self->createAttributeRequest( $server, $idp, $exportedAttr, $nameid ); unless ($query) { - $self->lmLog( "Unable to build attribute request for $idpConfKey", - 'error' ); + $self->logger->error( + "Unable to build attribute request for $idpConfKey"); return PE_SAML_ATTR_ERROR; } @@ -125,7 +120,7 @@ sub setSessionInfo { my $response = $self->sendSOAPMessage( $query_url, $query_body ); unless ($response) { - $self->lmLog( "No attribute response to SOAP request", 'error' ); + $self->logger->error("No attribute response to SOAP request"); return PE_SAML_ATTR_ERROR; } @@ -133,7 +128,7 @@ sub setSessionInfo { my $result = $self->processAttributeResponse( $server, $response ); unless ($result) { - $self->lmLog( "Fail to process attribute response", 'error' ); + $self->logger->error("Fail to process attribute response"); return PE_SAML_ATTR_ERROR; } @@ -144,7 +139,7 @@ sub setSessionInfo { $result->response()->Assertion()->AttributeStatement()->Attribute(); }; if ($@) { - $self->lmLog( "No attributes defined in attribute response", 'error' ); + $self->logger->error("No attributes defined in attribute response"); return PE_SAML_ATTR_ERROR; } @@ -160,14 +155,13 @@ sub setSessionInfo { \@response_attributes, $force_utf8 ); unless ($value) { - $self->lmLog( -"Attribute $_ is mandatory, but was not delivered by $idpConfKey", - 'error' + $self->logger->error( +"Attribute $_ is mandatory, but was not delivered by $idpConfKey" ); return PE_SAML_ATTR_ERROR; } - $self->lmLog( "Get value $value for attribute $_", 'debug' ); + $self->logger->debug("Get value $value for attribute $_"); # Store value in sessionInfo $req->{sessionInfo}->{$_} = $value; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/WebID.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/WebID.pm index 13bca77c5..12085c966 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/WebID.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/WebID.pm @@ -27,7 +27,7 @@ sub getUser { sub setSessionInfo { my ( $self, $req ) = @_; unless ( $req->datas->{_webid} ) { - $self->lmLog( 'No webid object found', 'error' ); + $self->logger->error('No webid object found'); return PE_ERROR; } @@ -40,7 +40,7 @@ sub setSessionInfo { my $req; $attr =~ s/^!// and $req = 1; eval { $req->{sessionInfo}->{$attr} = $req->datas->{_webid}->get($v) }; - $self->lmLog( "Unable to get $v from FOAF document: $@", 'error' ) + $self->logger->error("Unable to get $v from FOAF document: $@") if ($@); if ( $req and not $req->{sessionInfo}->{$attr} ) { $self->p->userNotice( diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Multi.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Multi.pm deleted file mode 100644 index cbd70a877..000000000 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Multi.pm +++ /dev/null @@ -1,190 +0,0 @@ -## @file -# Authentication and UserDB chaining mechanism - -## @class -# Authentication and UserDB chaining mechanism. -# To use it set your authentication module like this : -# authentication => 'Multi CAS;LDAP' -# -# If CAS failed, LDAP will be used. You can also add a condition. Example: -# authentication => 'Multi Remote $ENV{REMOTE_ADDR}=~/^192/;LDAP $ENV{REMOTE_ADDR}!~/^192/' -package Lemonldap::NG::Portal::_Multi; - -use Lemonldap::NG::Portal::Simple; -use Scalar::Util 'weaken'; - -our $VERSION = '2.0.0'; - -## @cmethod Lemonldap::NG::Portal::_Multi new(Lemonldap::NG::Portal::Simple portal) -# Constructor -# @param $portal Lemonldap::NG::Portal::Simple object -# @return new Lemonldap::NG::Portal::_Multi object -sub new { - my ( $class, $portal ) = @_; - my $self = bless { p => $portal, res => PE_NOSCHEME }, $class; - weaken $self->{p}; - - # Browse authentication and userDB configuration - my @stack = ( $portal->{multiAuthStack}, $portal->{multiUserDBStack} ); - for ( my $i = 0 ; $i < 2 ; $i++ ) { - $stack[$i] =~ s/^Multi\s*//; - foreach my $l ( split /;/, $stack[$i] ) { - $l =~ s/^\s+//; # Remove first space - $l =~ /^([\w#]+)(?:\s+(.*))?$/ - or $portal->abort( 'Bad configuration', "Unable to read $l" ); - my ( $mod, $cond ) = ( $1, $2 ); - my $name = $mod; - $mod =~ s/#(.*)$//; - my $shortname = $mod; - $cond = 1 unless ( defined $cond ); - $mod = "Lemonldap::NG::Portal::" . [ 'Auth', 'UserDB' ]->[$i] . $mod - unless ( $mod =~ /::/ ); - - $portal->abort( 'Bad configuration', "Unable to load $mod" ) - unless $self->{p}->loadModule($mod); - push @{ $self->{stack}->[$i] }, - { m => $mod, c => $cond, n => $name, s => $shortname }; - } - - # Override portal settings - %{ $self->{p} } = ( - %{ $self->{p} }, - %{ $self->{p}->{multi}->{ $self->{stack}->[$i]->[0]->{n} } } - ) if ( $self->{p}->{multi}->{ $self->{stack}->[$i]->[0]->{n} } ); - - } - - # Return _Multi object - return $self; -} - -## @method int try(string sub,int type) -# Main method: try to call $sub method in the current authentication or -# userDB module. If it fails, call next() and replay() -# @param sub name of the method to launch -# @param type 0 for authentication, 1 for userDB -# @return Lemonldap::NG::Portal error code returned by method $sub -sub try { - my ( $self, $sub, $type ) = @_; - my $res; - my $s = $self->{stack}->[$type]->[0]->{m} . "::$sub"; - my $old = $self->{stack}->[$type]->[0]->{n}; - my $ci; - - # Store last module used - $self->{last}->[$type] = $self->{stack}->[$type]->[0]->{m}; - - if ( $ci = $self->{p}->safe->reval( $self->{stack}->[$type]->[0]->{c} ) ) { - - # Log used module - $self->{p} - ->lmLog( "Multi (type $type): trying $sub for module $old", 'debug' ); - - # Run subroutine - $res = $self->{p}->$s(); - - return $res if $self->stop( $type, $res ); - } - unless ( $self->next($type) ) { - return ( $ci ? $res : $self->{res} ); - } - $self->{res} = $res if ( defined($res) ); - $self->{p}->lmLog( - [ 'Authentication', 'Retriving user' ]->[$type] - . " with $old failed, trying next", - 'info' - ) if ($ci); - $res = $self->replay( $sub, $type ); - return $res; -} - -## @method protected boolean stop(int type, int res) -# Call specific backend to know if multi process should stop -# @param type 0 for authentication, 1 for userDB -# @param res return code of last executed sub -# return true if process should stop -sub stop { - my ( $self, $type, $res ) = @_; - - # Stop if no error, or if confirmation needed, or if form not filled - return 1 - if ( $res <= 0 - or $res == PE_CONFIRM - or $res == PE_FIRSTACCESS - or $res == PE_FORMEMPTY ); - - # Check specific backend stop method - my $stopSub = $self->{stack}->[$type]->[0]->{m} . "::stop"; - - my $ret = 0; - eval { $ret = $self->{p}->$stopSub($res); }; - if ($@) { - $self->{p}->lmLog( $@, 'debug' ); - return 0; - } - - return $ret; -} - -## @method protected boolean next(int type) -# Set the next authentication or userDB module as current. If both -# authentication and userDB module have the same name, both are changed if -# possible. -# @param type 0 for authentication, 1 for userDB -# return true if an other module is available -sub next { - my ( $self, $type ) = @_; - - if ( $self->{stack}->[$type]->[0]->{n} eq - $self->{stack}->[ 1 - $type ]->[0]->{n} - and $self->{stack}->[ 1 - $type ]->[1] ) - { - shift @{ $self->{stack}->[ 1 - $type ] }; - } - shift @{ $self->{stack}->[$type] }; - - # Manage end of the stack - return 0 unless ( @{ $self->{stack}->[$type] } ); - - %{ $self->{p} } = ( - %{ $self->{p} }, - %{ $self->{p}->{multi}->{ $self->{stack}->[$type]->[0]->{n} } } - ) if ( $self->{p}->{multi}->{ $self->{stack}->[$type]->[0]->{n} } ); - return 1; -} - -## @method protected int replay(string sub) -# replay all methods since authInit() until method $sub with the new module. -# @param $sub name of the method who has failed -# @return Lemonldap::NG::Portal error code -sub replay { - my ( $self, $sub ) = @_; - my @subs = (); - $self->{p}->lmLog( "Replay all methods until sub $sub", 'debug' ); - - foreach ( - qw(authInit extractFormInfo userDBInit getUser setAuthSessionInfo - setSessionInfo setMacros setGroups setPersistentSessionInfo - setLocalGroups authenticate authFinish) - ) - { - push @subs, $_; - last if ( $_ eq $sub ); - } - return $self->{p}->_subProcess(@subs); -} - -package Lemonldap::NG::Portal::Simple; - -## @method private Lemonldap::NG::Portal::_Multi _multi() -# Return Lemonldap::NG::Portal::_Multi object and builds it if it was not build -# before. This method is used if authentication is set to "Multi". -# @return Lemonldap::NG::Portal::_Multi object -sub _multi { - my $self = shift; - return $self->{_multi} if ( $self->{_multi} ); - return $self->{_multi} = Lemonldap::NG::Portal::_Multi->new($self); -} - -1; - diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm deleted file mode 100644 index 16a26b87b..000000000 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm +++ /dev/null @@ -1,963 +0,0 @@ -##@file -# Internationalization for Lemonldap::NG portal - -##@class -# Internationalization for Lemonldap::NG portal -package Lemonldap::NG::Portal::_i18n; - -# Developpers warning : this file must stay UTF-8 encoded - -use AutoLoader qw(AUTOLOAD); -our $VERSION = '2.0.0'; -use utf8; - -## @fn string msg(int msg, array ref lang) -# @param $msg Number of msg to resolve -# @param $lang Array ref for 2-letters languages (e.g. ['es', 'fr']) -# @return Message string in the first matching language -sub msg { - my ( $msg, $lang ) = @_; - foreach ( @{$lang} ) { - if ( __PACKAGE__->can("msg_$_") ) { - return &{"msg_$_"}->[$msg]; - } - } - return &msg_en->[$msg]; -} - -## @fn string error(int error, array ref lang) -# @param $error Number of error to resolve -# @param $lang Array ref for 2-letters languages (e.g. ['es', 'fr']) -# @return Error string in the first matching language -sub error { - my ( $error, $lang ) = @_; - $error = 0 if ( $error < 0 ); - foreach ( @{$lang} ) { - if ( __PACKAGE__->can("error_$_") ) { - my $tmp = &{"error_$_"}->[$error]; - return $tmp; - } - } - return &error_en->[$error]; -} - -1; - -__END__ -# Order of the constants: -# * PE_OK 0 -# * PE_SESSIONEXPIRED 1 -# * PE_FORMEMPTY 2 -# * PE_WRONGMANAGERACCOUNT 3 -# * PE_USERNOTFOUND 4 -# * PE_BADCREDENTIALS 5 -# * PE_LDAPCONNECTFAILED 6 -# * PE_LDAPERROR 7 -# * PE_APACHESESSIONERROR 8 -# * PE_FIRSTACCESS 9 -# * PE_BADCERTIFICATE 10 -# * PE_LA_FAILED 11 -# * PE_LA_ARTFAILED 12 -# * PE_LA_DEFEDFAILED 13 -# * PE_LA_QUERYEMPTY 14 -# * PE_LA_SOAPFAILED 15 -# * PE_LA_SLOFAILED 16 -# * PE_LA_SSOFAILED 17 -# * PE_LA_SSOINITFAILED 18 -# * PE_LA_SESSIONERROR 19 -# * PE_LA_SEPFAILED 20 -# * PE_PP_ACCOUNT_LOCKED 21 -# * PE_PP_PASSWORD_EXPIRED 22 -# * PE_CERTIFICATEREQUIRED 23 -# * PE_ERROR 24 -# * PE_PP_CHANGE_AFTER_RESET 25 -# * PE_PP_PASSWORD_MOD_NOT_ALLOWED 26 -# * PE_PP_MUST_SUPPLY_OLD_PASSWORD 27 -# * PE_PP_INSUFFICIENT_PASSWORD_QUALITY 28 -# * PE_PP_PASSWORD_TOO_SHORT 29 -# * PE_PP_PASSWORD_TOO_YOUNG 30 -# * PE_PP_PASSWORD_IN_HISTORY 31 -# * PE_PP_GRACE 32 -# * PE_PP_EXP_WARNING 33 -# * PE_PASSWORD_MISMATCH 34 -# * PE_PASSWORD_OK 35 -# * PE_NOTIFICATION 36 -# * PE_BADURL 37 -# * PE_NOSCHEME 38 -# * PE_BADOLDPASSWORD 39 -# * PE_MALFORMEDUSER 40 -# * PE_SESSIONNOTGRANTED 41 -# * PE_CONFIRM 42 -# * PE_MAILFORMEMPTY 43 -# * PE_BADMAILTOKEN 44 -# * PE_MAILERROR 45 -# * PE_MAILOK 46 -# * PE_LOGOUT_OK 47 -# * PE_SAML_ERROR 48 -# * PE_SAML_LOAD_SERVICE_ERROR 49 -# * PE_SAML_LOAD_IDP_ERROR 50 -# * PE_SAML_SSO_ERROR 51 -# * PE_SAML_UNKNOWN_ENTITY 52 -# * PE_SAML_DESTINATION_ERROR 53 -# * PE_SAML_CONDITIONS_ERROR 54 -# * PE_SAML_IDPSSOINITIATED_NOTALLOWED 55 -# * PE_SAML_SLO_ERROR 56 -# * PE_SAML_SIGNATURE_ERROR 57 -# * PE_SAML_ART_ERROR 58 -# * PE_SAML_SESSION_ERROR 59 -# * PE_SAML_LOAD_SP_ERROR 60 -# * PE_SAML_ATTR_ERROR 61 -# * PE_OPENID_EMPTY 62 -# * PE_OPENID_BADID 63 -# * PE_MISSINGREQATTR 64 -# * PE_BADPARTNER 65 -# * PE_MAILCONFIRMATION_ALREADY_SENT 66 -# * PE_PASSWORDFORMEMPTY 67 -# * PE_CAS_SERVICE_NOT_ALLOWED 68 -# * PE_MAILFIRSTACCESS 69 -# * PE_MAILNOTFOUND 70 -# * PE_PASSWORDFIRSTACCESS 71 -# * PE_MAILCONFIRMOK 72 -# * PE_RADIUSCONNECTFAILED 73 -# * PE_MUST_SUPPLY_OLD_PASSWORD 74 -# * PE_FORBIDDENIP 75 -# * PE_CAPTCHAERROR 76 -# * PE_CAPTCHAEMPTY 77 -# * PE_REGISTERFIRSTACCESS 78 -# * PE_REGISTERFORMEMPTY 79 -# * PE_REGISTERALREADYEXISTS 80 - -# Not used in errors: -# * PE_DONE -1 -# * PE_REDIRECT -2 - -## @fn private arrayRef error_fr() -# French translation. -# @return Array of error messages -sub error_fr { - use utf8; - [ - 'Utilisateur authentifié', - 'Votre session a expiré, vous devez vous réauthentifier', - 'Identifiant ou mot de passe non renseigné', - 'Compte ou mot de passe LDAP de l\'application incorrect', - 'Utilisateur inexistant', - 'Mot de passe ou identifiant incorrect', - 'Connexion impossible au serveur LDAP', - 'Erreur anormale du serveur LDAP', - 'Erreur du module Apache::Session choisi', - 'Veuillez vous authentifier', - 'Certificat invalide', - 'Échec de l\'initialisation de Lasso:Login ou Lasso:Logout', - 'Échec de la résolution de l\'artefact Liberty Alliance', - 'Échec de la défédération Liberty Alliance', - 'La requête renvoyée par le fournisseur d\'identité Liberty Alliance est vide', - 'Un des appels SOAP Liberty Alliance a échoué', - 'Un des appels de déconnexion Liberty Alliance a échoué', - 'Aucun artefact SAML trouvé, ou échec de l\'auto-acceptation SSO', - 'Initialisation, construction ou requête SSO en échec', - 'Impossible d\'enregistrer l\'identifiant de connexion Liberty Alliance', - 'Un processus terminal Liberty Alliance a échoué', - 'Votre compte est bloqué', - 'Votre mot de passe a expiré', - 'Certificat exigé', - 'Erreur', - 'Le mot de passe a été réinitialisé et doit être changé', - 'Modification du mot de passe non autorisée', - 'Ancien mot de passe à fournir pour le changer', - 'Qualité de mot de passe insuffisante', - 'Mot de passe trop court', - 'Mot de passe trop récent', - 'Mot de passe utilisé trop récemment', - ' authentifications restantes, changez votre mot de passe !', - '%d jours, %d heures, %d minutes et %d secondes avant expiration de votre mot de passe, pensez à le changer !', - 'Les mots de passe ne correspondent pas', - 'Le mot de passe a été changé', - 'Vous avez un nouveau message', - 'Mauvaise URL', - 'Aucun schéma disponible', - 'Ancien mot de passe invalide', - 'Nom d\'utilisateur incorrect', - 'Ouverture de session interdite', - 'Confirmation demandée', - 'L\'adresse mail est obligatoire ', - 'La clé de confirmation est invalide ou trop ancienne', - 'L\'envoi du mail a échoué', - 'Un mail vous a été envoyé', - 'Vous avez été déconnecté', - 'Erreur SAML non définie', - 'Impossible de charger le service SAML', - 'Problème au chargement d\'un fournisseur d\'identité', - 'Une erreur est survenue lors de l\'authentification SAML', - 'Le partenaire SAML n\'est pas reconnu', - 'La destination du message SAML est incorrecte', - 'Les conditions du message SAML ne sont pas respectées', - 'L\'authentification initiée par le fournisseur d\'identité n\'est pas autorisée', - 'Une erreur est survenue lors de la déconnexion SAML', - 'Erreur lors de la gestion de la signature du message SAML', - 'Une erreur est survenue lors de l\'utilisation d\'un artefact SAML', - 'Erreur de communication avec les sessions SAML', - 'Problème au chargement d\'un fournisseur de service', - 'Une erreur est survenue lors de l\'échange d\'attributs SAML', - 'Ceci est une page destinée aux serveurs OpenID', - 'Vous tentez d\'utiliser une identité OpenID qui ne vous appartient pas', - 'Un attribut exigé n\'est pas disponible', - 'Fédération interdite par la politique de sécurité', - 'Le mail de confirmation a déjà été envoyé', - 'Mot de passe non renseigné', - 'Accès non autorisé au service CAS', - 'Merci de saisir votre adresse mail', - 'Pas d\'utilisateur correspondant', - 'Merci de saisir votre nouveau mot de passe', - 'Un mail de confirmation vous a été envoyé', - 'La connexion au serveur Radius a échoué', - "L'ancien mot de passe est obligatoire", - 'Vous venez d\'une adresse IP qui n\'est pas accréditée', - 'Erreur dans la saisie du captcha', - 'Vous devez saisir le captcha', - 'Merci de saisir vos informations', - 'Une information est manquante', - 'Cette adresse est déjà utilisée', - ]; -} - -## @fn private arrayRef error_en() -# English translation. -# @return Array of error messages -sub error_en { - [ - 'User authenticated', - 'Your connection has expired, you must authenticate once again', - 'User and password fields must be filled', - 'Wrong directory manager account or password', - 'User not found in directory', - 'Wrong credentials', - 'Unable to connect to LDAP server', - 'Abnormal error from LDAP server', - 'Apache::Session module failed', - 'Authentication required', - 'Invalid certificate', - 'Initialization of Lasso:Login or Lasso:Logout failed', - 'Liberty-Alliance artefact resolution failed', - 'Liberty-Alliance defederation failed', - 'Liberty-Alliance query returned by IDP in assertion is empty', - 'One of Liberty-Alliance soap calls failed', - 'One of Liberty-Alliance single logout failed', - 'No SAML artefact found, or auto-accepting SSO failed', - 'Initializing, building or requesting SSO failed', - 'Unable to store Liberty-Alliance session id', - 'A Liberty-Alliance Soap End Point process failed', - 'Your account is locked', - 'Your password has expired', - 'Certificate required', - 'Error', - 'Password has been reset and now must be changed', - 'Password may not be modified', - 'Old password must also be supplied when setting a new password', - 'Insufficient password quality', - 'Password too short', - 'Password too young', - 'Password used too recently', - ' authentications remaining, change your password!', - '%d days, %d hours, %d minutes and %d seconds before password expiration, change it!', - 'Passwords mismatch', - 'Password successfully changed', - 'You have a new message', - 'Bad URL', - 'No scheme available', - 'Bad old password', - 'Bad username', - 'Session opening not allowed', - 'Confirmation required', - 'Your mail address is mandatory', - 'Confirmation key is invalid or too old', - 'An error occurs when sending mail', - 'A mail has been sent', - 'You have been disconnected', - 'Undefined SAML error', - 'Unable to load SAML service', - 'Problem when loading an identity provider', - 'An error occured during SAML single sign on', - 'SAML entity is not known', - 'SAML message destination is not correct', - 'SAML message conditions are not respected', - 'Identity provider initiated single sign on is not authorized', - 'An error occured during SAML single logout', - 'Error in SAML message signature management', - 'An error occured during SAML artifact use', - 'Communication error with SAML sessions', - 'Problem when loading a service provider', - 'An error occured during SAML attributes exchange', - 'This is an OpenID endpoint page', - 'You try to use an OpenID identity which is not yours', - 'A required attribute is not available', - 'Federation forbidden by security policy', - 'The confirmation mail was already sent', - 'Password field must be filled', - 'Access non granted on CAS service', - 'Please provide your mail address', - 'No matching user', - 'Please provide your new password', - 'A confirmation mail has been sent', - 'Radius connection has failed', - 'Old password is required', - 'You came from an unaccredited IP address', - 'You failed at typing the captcha', - 'You have to type the captcha', - 'Please enter your information', - 'An information is missing', - 'This address is already used', - ]; -} - -## @fn private arrayRef error_es() -# Spanish translation. -# @return Array of error messages - -sub error_es { - use utf8; - [ - 'Usuario autentificado', - 'Su sesión ha expirado. Vuelva a autenticarse', - 'Introduzca su identificante o contraseña', - 'Cuenta o contraseña LDAP de la aplicación incorrecta', - 'Usuario no reconocido', - 'Contraseña o identificador incorrecto', - 'Conexión fallida al servidor LDAP', - 'Error anómalo del servidor LDAP', - 'Error del módulo Apache::Session seleccionado', - 'Autenticación necesaria', - 'Certificado inválido', - 'Inicialización fallida de Lasso:Login o Lasso:Logout', - 'Resolución fallida del artefacto Liberty Alliance', - 'Desfragmentación fallida de Liberty Alliance', - 'La solicitud enviada por el proveedor de identidad Liberty Alliance está vacía', - 'Una de las llamadas SOAP Liberty Alliance ha fracasado', - 'Una de las llamadas de desconexión Liberty Alliance ha fracasado', - 'No se ha encontrado ningún artefacto SAML, o autoaceptación SSO fallida', - 'Error de inicialización, construcción o solicitud SSO', - 'No se puede registrar el identificador de conexión Liberty Alliance', - 'Un proceso terminal Liberty Alliance ha fracasado', - 'Su cuenta está bloqueada', - 'Su contraseña ha caducado', - 'Certificado requerido', - 'Error', - 'La contraseña se ha reiniciado y se debe cambiar', - 'Modificación de contraseña no autorizada', - 'Para modificarla, introduzca la antigua contraseña', - 'Calidad de contraseña insuficiente', - 'Contraseña demasiado corta', - 'Contraseña demasiado reciente', - 'Contraseña utilizada demasiado recientemente', - ' autenticaciones restantes, cambie de contraseña', - 'cambie su contraseña antes de %d días, %d horas, %d minutos y %d segundos antes de su expiración', - 'Las contraseñas no coinciden', - 'La contraseña se ha modificado', - 'Tiene un nuevo mensaje', - 'URL incorrecta', - 'Ningún esquema disponible', - 'Antigua contraseña inválida', - 'Nombre de usuario incorrecto', - 'Inicio de sesión no autorizada', - 'Confirmación requerida', - 'Dirección e-mail obligatoria', - 'Llave de confirmación inválida o demasiado antigua', - 'El envío de e-mail ha fracasado', - 'Ha recibido un e-mail', - 'La sesión se ha desconectado', - 'Error SAML no definido', - 'No se puede cargar el servicio SAML', - 'Problema al cargar un proveedor de identidad', - 'Error de autenticación SAML', - 'Colaborador SAML no reconocido', - 'Dirección de destino SAML incorrecta', - 'Las condiciones del mensaje SAML no se respetan', - 'La autenticación iniciada por el proveedor de identidad no está autorizada', - 'Error de desconexión SAML', - 'Error de gestión de la firma del mensaje SAML', - 'Error de utilización de un artefacto SAML', - 'Error de comunicación con las sesiones SAML', - 'Problema al cargar un proveedor de servicio', - 'Error de intercambio de atributos SAML', - 'Página destinada a los servidores OpenID', - 'La identidad OpenID que quiere utilizar no le pertenece', - 'Un atributo exigido no está disponible', - 'Agrupación prohibida por la política de seguridad', - 'E-mail de confirmación ya enviado', - 'Contraseña no registrada', - 'Acceso no autorizado al servicio CAS', - 'Introduzca su dirección e-mail', - 'Sin usuario correspondiente', - 'Introduzca su nueva contraseña', - 'Ha recibido un e-mail de confirmación', - 'La conexión al servidor Radius ha fracasado', - 'La antigua contraseña es obligatoria', - 'Dirección IP no acreditada', - 'Error al registrar el captcha', - 'Introduzca el captcha', - 'Introduzca sus datos', - 'Faltan datos', - 'Esta dirección ya está utilizada', - ]; -} - -## @fn private arrayRef error_it() -# Italian translation. -# @return Array of error messages -sub error_it { - use utf8; - [ - 'Utente autenticato', - 'La sessione è scaduta, devi autenticarti di nuovo', - 'ID o password mancante', - 'Account o password LDAP dell\'applicazione errata', - 'Utente inesistente', - 'Password o ID errati', - 'Impossibile connettersi al server LDAP', - 'Errore anomalo del server LDAP', - 'Errore del modulo Apache::Session', - 'Autenticazione necessaria', - 'Certificato non valido', - 'Inizializzazione di Lasso:Login o Lasso:Logout fallita', - 'Risoluzione dell\'artefatto Liberty Alliance fallita', - 'Liberty-Alliance defederation fallita', - 'La richiesta rinviata dal provider d\'identità Liberty Alliance è vuota', - 'Una delle chiamate SOAP Liberty Alliance è fallita', - 'Una delle chiamate di logout Liberty Alliance è fallita', - 'Nessun artefatto SAML trovato, o auto-accettazione SSO fallita', - 'Inizializzazione, costruzione o richiesta SSO fallita', - 'Impossibile registrare l\'ID di connessione Liberty Alliance', - 'Un processo di end point SOAP Liberty Alliance fallito', - 'Account bloccato', - 'Password scaduta', - 'Certificato richiesto', - 'Errore', - 'La password è stata resettata e deve essere modificata', - 'Modifica della password non autorizzata', - 'Per modificarla inserire la vecchia password', - 'Qualità della password insufficiente', - 'Password troppo corta', - 'Password troppo recente', - 'Password utilizzata troppo di recente', - ' autenticazioni restanti, modifica la password!', - '%d giorni, %d ore, %d minuti e %d secondi prima della scadenza della password, ricordati di modificarla!', - 'Le password non corrispondono', - 'La password è stata modificata', - 'Hai un nuovo messaggio', - 'URL errato', - 'Nessuno schema disponibile', - 'Vecchia password errata', - 'Nome utente errato', - 'Apertura di sessione vietata', - 'Conferma richiesta', - 'L\'indirizzo mail è obbligatorio ', - 'Chiave di conferma errata o troppo vecchia', - 'Invio della mail fallito', - 'Ti è stata inviata una mail', - 'Sei stato disconnesso', - 'Errore SAML indefinito', - 'Impossibile caricare il servizio SAML', - 'Problema di caricamento di un provider d\'identità', - 'Si è verificato un errore al momento dell\'autenticazione SAML', - 'Partner SAML non riconosciuto', - 'Destinazione del messaggio SAML errata', - 'Condizioni del messaggio SAML non rispettate', - 'L\'autenticazione avviata dal provider d\'identità non è autorizzata', - 'Si è verificato un errore al momento della disconnessione SAML', - 'Errore durante la gestione della firma del messaggio SAML', - 'Si è verificato un errore durante l\'utilizzo di un artefatto SAML', - 'Errore di comunicazione con le sessioni SAML', - 'Problema di caricamento di un provider di servizio', - 'Si è verificato un errore durante lo scambio di attributi SAML', - 'Pagina destinata al server OpenID', - 'Stai cercando di utilizzare un\'identità OpenID che non ti appartiene', - 'Attributo richiesto non disponibile', - 'Federation forbidden by security policy', - 'La mail di conferma è già stata inviata', - 'Password mancante', - 'Accesso non autorizzato al servizio CAS', - 'Inserisci il tuo indirizzo mail', - 'Nessun utente corrispondente', - 'Inserisci la nuova password', - 'Ti è stata inviata una mail di conferma', - 'Connessione al server Radius fallita', - 'La vecchia password è obbligatoria', - 'Indirizzo IP di provenienza non accreditato', - 'Errore di digitazione del captcha', - 'Devi inserire il captcha', - 'Inserisci le informazioni', - 'Manca un\'informazione', - 'Questo indirizzo è già utilizzato', - ]; -} - -## @fn private arrayRef error_pt() -# Portiguese translation. -# @return Array of error messages -sub error_pt { - use utf8; - [ - 'Utilizador autenticado', - 'A sua sessão expirou, deve se autenticar novamente', - 'Identificante ou senha não informados', - 'Conta ou senha LDAP da aplicação incorreta', - 'Utilizador inexistente', - 'Senha ou identificante incorretos', - 'Conexão ao servidor LDAP impossível', - 'Erro anormal do servidor LDAP', - 'Erro do módulo Apache::Sessão escolhida', - 'Queira autenticar-se', - 'Certificado inválido', - 'Fracasso da inicialização de Lasso:Login ou Lasso:Logout', - 'Fracasso da resolução do artefacto Liberty Alliance', - 'Échec de la défédération Liberty Alliance', - 'O pedido transmitido pelo fornecedor de identidade Liberty Alliance está vazio', - 'Uma das chamadas SOAP Liberty Alliance fracassou', - 'Uma das chamadas de desconexão Liberty Alliance fracassou', - 'Nenhum artefacto SAML encontrado, ou fracasso da auto-aceitação SSO', - 'Fracasso de Inicialização, construção ou pedido SSO', - 'Impossível registar o identificante de conexão Liberty Alliance', - 'Um processo terminal SOAP Liberty Alliance fracassou', - 'A sua conta está bloqueada', - 'A sua senha expirou', - 'Certificado exigido', - 'Erro', - 'A senha foi reinicializada e deve ser mudada', - 'Modificação da senha não autorizada', - 'A senha antiga deve ser fornecida para ser modificada', - 'Qualidade da senha insuficiente', - 'Senha demasiado curta', - 'Senha demasiado recente', - 'Senha utilizada demasiado recentemente', - ' autenticações restantes, modifique a sua senha!', - '%d dias, %d horas, %d minutos e %d segundos antes da expiração da sua senha, pense em substitui-la!', - 'As senhas não correspondem', - 'A senha foi mudada', - 'Recebeu uma nova mensagem', - 'URL incorreta', - 'Nenhum esquema disponível', - 'Antiga senha inválida', - 'Nome de utilizador incorreto', - 'Abertura de sessão proibida', - 'Confirmação pedida', - 'O endereço mail é obrigatório', - 'A chave de confirmação é inválida ou demasiado antiga', - 'O envio do mail fracassou', - 'Um mail foi-lhe enviado', - 'Foi desconectado', - 'Erro SAML não definido', - 'Impossível mudar o serviço SAML', - 'Problema no carregamento de um fornecedor de identidade', - 'Um erro ocorreu aquando da autenticação SAML', - 'O parceiro SAML não é reconhecido', - 'O destino da mensagem SAML está incorreto', - 'As condições da mensagem SAML não são respeitadas', - 'A autenticação iniciada pelo fornecedor de identidade não é autorizada', - 'Um erro ocorreu aquando da desconexão SAML', - 'Erro na gestão da assinatura da mensagem SAML', - 'Um erro ocorreu aquando da utilização de um artefacto SAML', - 'Erro de comunicação com as sessões SAML', - 'Problema no carregamento de um fornecedor de serviço', - 'Um erro ocorreu aquando da mudança de atributos SAML', - 'Esta é uma página destinada aos servidores OpenID', - 'Tenta utilizar uma identidade OpenID que não lhe pertence', - 'Um atributo exigido não está disponível', - 'Federação proibida pela política de segurança', - 'O mail de confirmação já lhe foi enviado', - 'Senha não informada', - 'Acesso não autorizado ao serviço CAS', - 'Queira introduzir o seu endereço mail', - 'Não há utilizador correspondente', - 'Queira introduzir a sua nova senha', - 'Um mail de confirmação foi-lhe enviado', - 'A conexão ao servidor Radius fracassou', - 'A antiga senha é obrigatória', - 'Vem de um endereço IP que não está autorizado', - 'Erro na introdução do captcha', - 'Deve introduzir o captcha', - 'Queira introduzir as suas informações', - 'Falta uma informação', - 'Este endereço já é utilizado', - ]; -} - -## @fn private arrayRef error_de() -# Deutch translation. -# @return Array of error messages -sub error_de { - use utf8; - [ - 'Benutzer authentifiziert', - 'Ihre Sitzung ist abgelaufen, Sie müssen sich neu authentifizieren', - 'Benutzername oder Passwort nicht eingegeben', - 'LDAP-Konto oder Passwort der Anwendung nicht korrekt', - 'Dieser Benutzer existiert nicht', - 'Benutzername oder Passwort nicht korrekt', - 'Verbindung mit dem LDAP-Server nicht möglich', - 'Anormaler Fehler des LDAP-Servers', - 'Fehler des gewählten Apache::Session Moduls', - 'Authentifizieren Sie sich bitte', - 'Zertifikat ungültig', - 'Fehler bei der Initialisierung von Lasso:Login oder Lasso:Logout', - 'Fehler bei der Auflösung des Artefakts Liberty Alliance', - 'Fehler bei der Deföderation von Liberty Alliance', - 'Die vom Identity-Provider Liberty Alliance zurückgesendete Anfrage ist leer', - 'Fehler bei einem der SOAP Liberty Alliance Aufrufe', - 'Fehler bei einem der Liberty Alliance Abmeldeaufrufe', - 'Es wurde kein SAML Artefakt gefunden oder Fehler bei der SSO Autoannahme', - 'Fehler bei der Initialisierung, Erstellung oder Anfrage SSO', - 'Der Liberty Alliance Benutzername kann nicht registriert werden', - 'Fehler bei einem Liberty Alliance Terminal-Prozess', - 'Ihr Konto ist blockiert', - 'Ihr Passwort ist abgelaufen', - 'Zertifikat erforderlich', - 'Fehler', - 'Das Passwort wurde reinitialisiert und muss geändert werden', - 'Änderung des Passworts nicht genehmigt', - 'Das alte Passwort muss eingegeben werden, um es zu ändern', - 'Passwort von unzureichender Qualität', - 'Passwort zu kurz', - 'Passwort zu neu', - 'Passwort wurde vor zu kurzer Zeit verwendet', - ' Verbleibende Authentifizierungen, ändern Sie Ihr Passwort!', - '%d Tage, %d Stunden, %d Minuten und %d Sekunden vor Ablauf Ihres Passworts; denken Sie daran, es zu ändern!', - 'Die Passwörter sind nicht gleich', - 'Das Passwort wurde geändert', - 'Sie haben eine neue Nachricht', - 'Fehlerhafte URL', - 'Kein Schema verfügbar', - 'Altes Passwort ungültig', - 'Benutzername nicht korrekt', - 'Öffnen einer Sitzung verboten', - 'Bestätigung angefordert', - 'Die E-Mail-Adresse ist obligatorisch', - 'Der Bestätigungsschlüssel ist ungültig oder zu alt', - 'Fehler beim Senden der E-Mail', - 'Es wurde eine E-Mail an Sie gesendet', - 'Sie wurden abgemeldet', - 'Nicht definierter SAML-Fehler', - 'Der SAML-Service konnte nicht geladen werden', - 'Problem beim Laden eines Identity Providers', - 'Bei der SAML-Authentifizierung ist ein Fehler eingetreten', - 'Der SAML-Partner wurde nicht erkannt', - 'Die Zieladresse der SAML-Nachricht ist nicht korrekt', - 'Die Bedingungen der SAML-Nachricht sind nicht erfüllt', - 'Die vom Identity Provider initiierte Authentifizierung ist nicht genehmigt', - 'Bei der SAML-Abmeldung ist ein Fehler eingetreten', - 'Fehler bei der Verwaltung der Signatur der SAML-Nachricht', - 'Bei der Verwendung eines SAML-Artefakts ist ein Fehler eingetreten', - 'Kommunikationsfehler mit den SAML-Sitzungen', - 'Problem beim Laden eines Service-Providers', - 'Beim Austausch von SAML-Attributen ist ein Fehler eingetreten', - 'Diese Seite ist für die OpenID-Server bestimmt', - 'Sie versuchen, eine OpenID-Identität, die Ihnen nicht gehört, zu verwenden', - 'Ein gefordertes Attribut ist nicht verfügbar', - 'Föderation durch die Sicherheitspolitik verboten', - 'Die Bestätigungs-E-Mail wurde bereits gesendet', - 'Passwort nicht eingegeben', - 'Zugang zum CAS-Service nicht genehmigt', - 'Geben Sie bitte Ihre E-Mail-Adresse ein', - 'Kein entsprechender Benutzer', - 'Geben Sie bitte Ihr neues Passwort ein', - 'Es wurde eine Bestätigungs-E-Mail an Sie gesendet', - 'Die Verbindung mit dem Radius-Server konnte nicht hergestellt werden', - 'Das alte Passwort ist obligatorisch', - 'Sie kommen von einer IP-Adresse, die nicht akkreditiert ist', - 'Fehler bei der Eingabe des Captchas', - 'Sie müssen das Captcha eingeben', - 'Geben Sie bitte Ihre Informationen ein', - 'Es fehlt eine Information', - 'Diese Adresse wird bereits verwendet', - ]; -} - -## @fn private arrayRef error_nl() -# Dutch translation. -# @return Array of error messages -sub error_nl { - use utf8; - [ - 'Geverifieerde gebruiker', - 'Uw sessie is verlopen, u moet zich opnieuw aanmelden', - 'Onbekende gebruikersnaam of wachtwoord', - 'LDAP-account of wachtwoord van de toepassing is niet correct', - 'Niet bestaande gebruiker', - 'Wachtwoord of identifier is niet correct', - 'Kan geen verbinding maken met LDAP-server', - 'Abnormale fout van de LDAP-server', - 'Fout Apache-module::Gekozen sessie', - 'Identificeer uzelf', - 'Ongeldig certificaat', - 'Initialisatie Lasso mislukt : Login of Lasso: Afmelden', - 'Mislukte resolutie artefact Liberty Alliance', - 'Échec de la défédération Liberty Alliance', - 'Het verzoek verzonden door de identiteitsprovider Liberty Alliance is leeg', - 'Een van de oproepen SOAP Liberty Alliance is mislukt', - 'Een van de oproepen Liberty Alliance voor verbreken verbinding is mislukt', - 'Geen enkel SAML artefact gevonden, of zelfacceptatie SSO mislukt', - 'Initialisatie, opbouw of verzoek SSO mislukt', - 'Kon identifier verbinding Liberty Alliance niet registreren', - 'Een terminalproces Liberty Alliance is mislukt', - 'Uw account is geblokkeerd', - 'Uw wachtwoord is verlopen', - 'Certificaat nodig', - 'Fout', - 'Het wachtwoord is gereset en moet worden gewijzigd', - 'Niet-toegelaten wijziging wachtwoord', - 'Het oude wachtwoord is vereist voor wijziging', - 'Het wachtwoord is niet voldoende veilig', - 'Te kort wachtwoord', - 'Te recent wachtwoord', - 'Wachtwoord te recent gebruikt', - 'Resterende authenticaties, wijzig uw wachtwoord!', - '%d dagen%d uur,%d minuten en %d seconden voor het verstrijken van de geldigheid van uw wachtwoord, vergeet niet om het te wijzigen!', - 'De wachtwoorden komen niet overeen', - 'Het wachtwoord is gewijzigd', - 'U hebt een nieuw bericht ontvangen', - 'Onjuiste URL', - 'Geen enkel schema beschikbaar', - 'Oud ongeldig wachtwoord', - 'Gebruikersnaam onjuist', - 'Inloggen verboden', - 'Bevestiging gevraagd', - 'Het e-mailadres is verplicht', - 'Het bevestigingswachtwoord is ongeldig of te oud', - 'Het verzenden van de e-mail is mislukt', - 'Er is u een e-mail verzonden', - 'Uw verbinding is verbroken', - 'Niet-gedefinieerde SAML-fout', - 'Kan de service SAML niet laden', - 'Probleem laden identiteitsprovider', - 'Er is een fout opgetreden tijdens het inloggen van SAML', - 'De SAML partner is niet herkend', - 'De bestemming van het SAML-bericht is onjuist', - 'De voorwaarden van het SAML-bericht zijn niet voldaan', - 'Het inloggen geïnitieerd door de identiteitsprovider is niet toegestaan', - 'Er is een fout opgetreden tijdens het uitloggen van SAML', - 'Fout tijdens het beheer handtekening SAML bericht', - 'Er is een fout opgetreden tijdens het gebruik van een SAML-artefact', - 'Communicatiefout met sessies SAML', - 'Probleem laden van een identiteitsprovider', - 'Er is een fout opgetreden tijdens het uitwisselen van SAML-atributen', - 'Dit is een pagina bedoeld voor servers OpenID', - 'U probeert gebruik te maken van een OpenID-identiteit die niet de uwe is', - 'Een vereist attribuut is niet beschikbaar', - 'Federatie verboden door veiligheidsbeleid', - 'De e-mail ter bevestiging is verzonden', - 'Onbekend wachtwoord', - 'Onbevoegde toegang tot de CAS-service', - 'Vul uw e-mailadres in', - 'Geen overeenkomstige gebruiker', - 'Voer uw nieuwe wachtwoord in', - 'Er is u een e-mail ter bevestiging verzonden', - 'De verbinding met de server-Radius-is mislukt', - 'Het oude wachtwoord is vereist', - 'U hebt een IP-adres dat niet is erkend', - 'Fout in de captcha-invoer', - 'U moet de captcha invoeren', - 'Geef uw informatie', - 'Er ontbreekt een informatie', - 'Dit adres is al in gebruik', - ]; -} - -## @fn private arrayRef error_ro() -# Romanian translation. -# @return Array of error messages -sub error_ro { - use utf8; - [ - 'Utilizator autentificat', - 'Sesiunea dvs. a expirat, trebuie să vă reautentificaţi', - 'Identificator sau parolă inexistentă', - 'Cont sau parolă LDAP a aplicaţiei incorect', - 'Utilizator inexistent', - 'Parolă sau identificator incorect', - 'Conexiune imposibilă la serverul LDAP', - 'Eroare anormală a serverului LDAP', - 'Eroare a modulului Apache::Session aleasă', - 'Autentificare cerută', - 'Certificat invalid', - 'Eşec al iniţializării Lasso:Login sau Lasso:Logout', - 'Eşec al rezoluţiei artefact-ului Liberty Alliance', - 'Eşec al defederaţiei Liberty Alliance', - 'Cererea retrimisă de către furnizorul de identitate Liberty Alliance este goală', - 'Unul dintre apelurile SOAP Liberty Alliance a eşuat', - 'Unul dintre apelurile de deconectare Liberty Alliance a eşuat', - 'Nici un artefact SAML găsit, sau eşec al auto-acceptării SSO', - 'Iniţiere, construcţie sau cerere SSO în eşec', - 'Imposibil de a înregistra identificatorul de conectare Liberty Alliance', - 'Un proces terminal Liberty Alliance a eşuat', - 'Contul dvs. este blocat', - 'Parola dvs. a expirat', - 'Certificat cerut', - 'Eroare', - 'Parola a fost de resetare şi acum trebuie să fie schimbat', - 'Parola nu poate fi modificat', - 'Vechea parolă trebuie să fi, de asemenea, furnizate atunci când stabilesc o nouă parolă', - 'Calitate parola insuficiente', - 'Parola prea scurt', - 'Prea parolă nouă', - 'Parola folosit prea recent', - ' authentications rămase, schimbaţi-vă parola!', - '%d zile, %d ora, %d minute şi %d secundes înainte de expirarea parola dvs., asiguraţi-vă pentru a schimba!', - 'Parolele nu se potrivesc', - 'Parola a fost schimbată', - 'Ai un mesaj nou', - 'Rea URL', - 'Nici o posibilitate disponibilă', - 'Parola rău vechi', - 'Nume de utilizator gresit', - 'Conectare neautorizată', - 'Confirmare necesare', - 'Vă rugăm să introduceţi adresa dvs. de e-mail', - 'Cheie de confirmare este invalid sau prea veche', - 'Trimiterea mail nu a reuşit', - 'Un e-mail a fost trimis', - 'Aţi fost deconectat', - 'SAML eroare necunoscută', - 'Imposibil de a incarca serviciul SAML', - 'Problem when loading an identity provider', - 'Nu a fost o problemă la încărcarea unui furnizor de identitate', - 'Entitatea SAML este necunoscut', - 'Destinaţie de mesaj SAML nu este corectă', - 'Condiţiile de mesaj SAML nu sunt îndeplinite', - 'Autentificarea iniţiat de furnizor de identitate nu este permisă', - 'A apărut o eroare atunci când debranşaţi SAML', - 'Mesaj de eroare de gestionare a SAML semnatura', - 'A apărut o eroare în timp ce folosiţi un artefact SAML', - 'eroare de comunicare cu sesiuni SAML', - 'Problemă la încărcarea unui furnizor de servicii', - 'A apărut o eroare în timpul schimbului de SAML atribute', - 'Această pagină este proiectat pentru servere OpenID', - 'Când încercaţi să utilizaţi o identitate OpenID care nu vă aparţine', - 'Un atribut solicitate nu sunt disponibile', - 'Federation forbidden by security policy', - 'The confirmation mail was already sent', - 'Password field must be filled', - 'Access non granted on CAS service', - 'Vă rugăm să introduceţi adresa dvs. de e-mail', - 'No matching user', - 'Please provide your new password', - 'Un e-mail a fost trimis', - 'Radius connection has failed', - 'Old password is required', - 'You came from an unaccredited IP address', - 'You failed at typing the captcha', - 'trebuie să introduceţi CAPTCHA', - 'Please enter your information', - 'An information is missing', - 'This address is already used', - ]; -} - -# Order of the constants: -# * PM_USER 0 -# * PM_DATE 1 -# * PM_IP 2 -# * PM_SESSIONS_DELETED 3 -# * PM_OTHER_SESSIONS 4 -# * PM_REMOVE_OTHER_SESSIONS 5 -# * PM_PP_GRACE 6 -# * PM_PP_EXP_WARNING 7 -# * PM_SAML_IDPSELECT 8 -# * PM_SAML_IDPCHOOSEN 9 -# * PM_REMEMBERCHOICE 10 -# * PM_SAML_SPLOGOUT 11 -# * PM_REDIRECTION 12 -# * PM_BACKTOSP 13 -# * PM_BACKTOCASURL 14 -# * PM_LOGOUT 15 -# * PM_OPENID_EXCHANGE 16 -# * PM_CDC_WRITER 17 -# * PM_OPENID_RPNS 18 -# * PM_OPENID_PA 19 -# * PM_OPENID_AP 20 -# * PM_ERROR_MSG 21 -# * PM_LAST_LOGINS 22 -# * PM_LAST_FAILED_LOGINS 23 -# * PM_OIDC_CONSENT 24 -# * PM_OIDC_SCOPE_OPENID 25 -# * PM_OIDC_SCOPE_PROFILE 26 -# * PM_OIDC_SCOPE_EMAIL 27 -# * PM_OIDC_SCOPE_ADDRESS 28 -# * PM_OIDC_SCOPE_PHONE 29 -# * PM_OIDC_SCOPE_OTHER 30 -# * PM_OIDC_CONFIRM_LOGOUT 31 - -sub msg_en { - use utf8; - [ - 'User', - 'Date', - 'IP address', - 'The following sessions have been closed', - 'Other active sessions', - 'Remove other sessions', - 'authentications remaining, change your password!', - '%d days, %d hours, %d minutes and %d seconds before password expiration, change it!', - 'Select your Identity Provider', - 'Redirection to your Identity Provider', - 'Remember my choice', - 'Logout from service providers...', - 'Redirection in progress...', - 'Go back to service provider', - 'The application you just logged out of has provided a link it would like you to follow', - 'Logout from other applications...', - 'Do you want to authenticate yourself on %s ?', - 'Update Common Domain Cookie', - 'Parameter %s requested for federation isn\'t available', - 'Data usage policy is available at', - 'Do you agree to provide the following parameters?', - 'Error Message', - 'Your last logins', - 'Your last failed logins', - 'The application %s would like to know:', - 'Your identity', - 'Your profile', - 'Your email', - 'Your address', - 'Your phone number', - 'Another information:', - 'Do you want to logout?', - ]; -} - -sub msg_fr { - use utf8; - [ - 'Utilisateur', - 'Date', - 'Adresse IP', - 'Les sessions suivantes ont été fermées', - 'Autres sessions ouvertes', - 'Fermer les autres sessions', - 'authentifications restantes, changez votre mot de passe !', - '%d jours, %d heures, %d minutes et %d secondes avant expiration de votre mot de passe, pensez à le changer !', - 'Choisissez votre fournisseur d\'identité', - 'Redirection vers votre fournisseur d\'identité', - 'Se souvenir de mon choix', - 'Déconnexion des services...', - 'Redirection en cours...', - 'Retourner sur le fournisseur de service', - 'Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre', - 'Déconnexion des autres applications...', - 'Souhaitez-vous vous identifier sur le site %s ?', - 'Mise à jour du cookie de domaine commun', - 'Le paramètre %s exigé pour la fédération n\'est pas disponible', - 'La politique d\'utilisation des données est disponible ici', - 'Consentez-vous à communiquer les paramètres suivants ?', - 'Message d\'erreur', - 'Vos dernières connexions', - 'Vos dernières connexions refusées', - 'L\'application %s voudrait connaître :', - 'Votre identité', - 'Vos informations personnelles', - 'Votre adresse électronique', - 'Votre adresse', - 'Votre numéro de téléphone', - 'Une autre information :', - 'Souhaitez-vous vous déconnecter ?', - ]; -} - diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t index 7ef58b7a3..d0a61a5d2 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t @@ -137,11 +137,12 @@ SKIP: { 'Query SP for logout' ); expectOK($res); - #($url,$query)=expectRedirection($res,qr#http://auth.idp.com(/saml/singleLogout)\?(SAMLart=.*)#); + +#($url,$query)=expectRedirection($res,qr#http://auth.idp.com(/saml/singleLogout)\?(SAMLart=.*)#); ## Push logout artifact to IdP - #switch('issuer'); - #ok($res=$issuer->_get($url,query=>$query,accept=>'text/html',cookie=>"lemonldap=$idpId"),'Follow redirection'); +#switch('issuer'); +#ok($res=$issuer->_get($url,query=>$query,accept=>'text/html',cookie=>"lemonldap=$idpId"),'Follow redirection'); # Test if logout is done switch ('issuer'); diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Metadata.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Metadata.t index ac51e56d8..246c60011 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Metadata.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Metadata.t @@ -22,8 +22,8 @@ SKIP: { ok( $issuer = issuer(), 'Issuer portal' ); $handlerOR{issuer} = \@Lemonldap::NG::Handler::Main::_onReload; - ok( $res = $issuer->_get('/saml/metadata'), 'Get metadata'); - ok( $res->[2]->[0] =~ m#^<\?xml version="1.0"\?>#s, 'Metadata is XML'); + ok( $res = $issuer->_get('/saml/metadata'), 'Get metadata' ); + ok( $res->[2]->[0] =~ m#^<\?xml version="1.0"\?>#s, 'Metadata is XML' ); #print STDERR Dumper($res); } diff --git a/lemonldap-ng-portal/t/33-Auth-and-issuer-OpenID2.t b/lemonldap-ng-portal/t/33-Auth-and-issuer-OpenID2.t index 804e6f0ee..ca8f390cf 100644 --- a/lemonldap-ng-portal/t/33-Auth-and-issuer-OpenID2.t +++ b/lemonldap-ng-portal/t/33-Auth-and-issuer-OpenID2.t @@ -88,7 +88,7 @@ SKIP: { ok( $res = $sp->_get( '/', query => $query, accept => 'text/html' ), 'Follow redirection to SP' ); my $spId = expectCookie($res); - expectRedirection($res,qr#^http://auth.sp.com/?$#); + expectRedirection( $res, qr#^http://auth.sp.com/?$# ); #print STDERR Dumper($res); } diff --git a/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t b/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t index ae2ce7617..0e661fe47 100644 --- a/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t +++ b/lemonldap-ng-portal/t/40-Notifications-JSON-DBI.t @@ -65,7 +65,7 @@ q{INSERT INTO notifications VALUES ('dwho','testref','2016-05-30 00:00:00',?,nul ); expectOK($res); my $id = expectCookie($res); - ok($res->[2]->[0] =~ /1x1x1/,' Found ref'); + ok( $res->[2]->[0] =~ /1x1x1/, ' Found ref' ); expectForm( $res, undef, '/notifback', 'reference1x1', 'url' ); # Verify that cookie is ciphered (session unvalid) diff --git a/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t b/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t index 50fcf6051..d4249e699 100644 --- a/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t +++ b/lemonldap-ng-portal/t/40-Notifications-XML-DBI.t @@ -59,7 +59,7 @@ qq{INSERT INTO notifications VALUES ('dwho','testref','2016-05-30 00:00:00','[2]->[0] =~ /1x1x1/,' Found ref'); + ok( $res->[2]->[0] =~ /1x1x1/, ' Found ref' ); expectForm( $res, undef, '/notifback', 'reference1x1', 'url' ); # Verify that cookie is ciphered (session unvalid) diff --git a/lemonldap-ng-portal/t/41-Token.t b/lemonldap-ng-portal/t/41-Token.t index 47e261f53..e55d2fb2f 100644 --- a/lemonldap-ng-portal/t/41-Token.t +++ b/lemonldap-ng-portal/t/41-Token.t @@ -60,8 +60,11 @@ ok( ); expectReject($res); ok( - $res = - $client->_post( '/', IO::String->new($query), length => length($query), accept=>'text/html' ), + $res = $client->_post( + '/', IO::String->new($query), + length => length($query), + accept => 'text/html' + ), 'Verify that there is a new token' ); expectForm( $res, '#', undef, 'token' );