dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check access rules (#1658)

Browse Source
This commit is contained in:
Christophe Maudoux 2019-02-28 21:59:59 +01:00 committed by Xavier Guimard
parent 6740269cce
commit f857f1a8a7
3 changed files with 36 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugin.pm
View File

@ -5,6 +5,7 @@ package Lemonldap::NG::Portal::Main::Plugin;
use strict; use strict;
use Mouse; use Mouse;
use HTML::Template; use HTML::Template;
use Data::Dumper;
our $VERSION = '2.1.0'; our $VERSION = '2.1.0';
@ -38,13 +39,13 @@ sub _addRoute {
return sub { return sub {
shift; shift;
return $sub->( $self, @_ ); return $sub->( $self, @_ );
} }
} }
else { else {
return sub { return sub {
shift; shift;
return $self->$sub(@_); return $self->$sub(@_);
} }
} }
}; };
$self->p->$type( $word, $subName, $methods, $transform ); $self->p->$type( $word, $subName, $methods, $transform );
@ -56,6 +57,21 @@ sub loadTemplate {
return $self->p->loadTemplate(@_); return $self->p->loadTemplate(@_);
} }
sub accessCtrl {
my ( $self, $req, $uri ) = @_;
my $url = $self->conf->{portal} . $uri;
$self->logger->debug("Plugin call setSecurity for URL: $url");
# Check access rule
my ( $vhost, $appuri ) = $url =~ m#^https?://([^/]*)(.*)#;
$vhost =~ s/:\d+$//;
$appuri ||= '/';
$self->logger->debug(
"grant function call with VH: $vhost and URI: $appuri");
return $self->p->HANDLER->grant( $req, $req->{userData}, $appuri,
undef, $vhost );
}
1; 1;
__END__ __END__

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -848,8 +848,8 @@ sub sendCss {
} }
sub lmError { sub lmError {
my ( $self, $req ) = @_; my ( $self, $req, $error ) = @_;
my $httpError = $req->param('code'); my $httpError = $req->param('code') || $error;
# Check URL # Check URL
$self->controlUrl($req); $self->controlUrl($req);

19
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
View File

@ -44,6 +44,14 @@ sub check {
my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] ); my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] );
my $msg = my $auth = ''; my $msg = my $auth = '';
# Check access rule
unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
$self->userLogger->error(
"$req->{user} not allowed to access /checkuser");
return $self->p->lmError( $req, 403 );
}
$self->userLogger->notice("$req->{user} is allowed to access /checkuser");
# Check token # Check token
if ( $self->conf->{requireToken} ) { if ( $self->conf->{requireToken} ) {
my $token = $req->param('token'); my $token = $req->param('token');
@ -148,6 +156,14 @@ sub check {
sub display { sub display {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
# Check access rule
unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
$self->userLogger->error(
"$req->{user} not allowed to access /checkuser");
return $self->p->lmError( $req, 403 );
}
$self->userLogger->notice("$req->{user} is allowed to access /checkuser");
my $token = $self->ott->createToken( $req->sessionInfo ); my $token = $self->ott->createToken( $req->sessionInfo );
# Display form # Display form
@ -193,11 +209,8 @@ sub _userDatas {
sub _authorization { sub _authorization {
my ( $self, $req, $uri ) = @_; my ( $self, $req, $uri ) = @_;
# Check rights
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#; my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
$vhost =~ s/:\d+$//; $vhost =~ s/:\d+$//;
$vhost = $self->p->HANDLER->resolveAlias($vhost);
$appuri ||= '/'; $appuri ||= '/';
return $self->p->HANDLER->grant( $req, $req->{sessionInfo}, $appuri, return $self->p->HANDLER->grant( $req, $req->{sessionInfo}, $appuri,
undef, $vhost ); undef, $vhost );