dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3a309684f4
lemonldap-ng/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm
Xavier Guimard 232ab78860 Limit PE_* imports (#595)
2016-05-22 12:22:59 +00:00

147 lines
4.4 KiB
Perl
Raw Blame History

##@file
# Web form authentication backend file
##@class
# Web form authentication backend class
package Lemonldap::NG::Portal::Auth::_WebForm;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants
qw(PE_OK PE_FIRSTACCESS PE_FORMEMPTY PE_PASSWORDFORMEMPTY PE_CAPTCHAEMPTY PE_CAPTCHAERROR);
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Auth::Base';
## @apmethod int authInit()
# Does nothing.
sub init {
1;
}
## @apmethod int extractFormInfo()
# Read username and password from POST datas
# @return Lemonldap::NG::Portal constant
sub extractFormInfo {
my ( $self, $req ) = @_;
# Init captcha
if ( $self->conf->{captcha_login_enabled} ) {
eval { $self->initCaptcha(); };
$self->lmLog( "Can't init captcha: $@", "error" ) if $@;
}
# Detect first access and empty forms
my $defUser = defined $req->param('user');
my $defPassword = defined $req->param('password');
my $defOldPassword = defined $req->param('oldpassword');
# 1. No user defined at all -> first access
return PE_FIRSTACCESS unless $defUser;
# 2. If user and password defined -> login form
if ( $defUser && $defPassword ) {
return PE_FORMEMPTY
unless ( ( $req->{user} = $req->param('user') )
&& ( $req->datas->{password} = $req->param('password') ) );
}
# 3. If user and oldpassword defined -> password form
if ( $defUser && $defOldPassword ) {
return PE_PASSWORDFORMEMPTY
unless ( ( $req->{user} = $req->param('user') )
&& ( $req->datas->{oldpassword} = $req->param('oldpassword') )
&& ( $req->datas->{newpassword} = $req->param('newpassword') )
&& ( $req->datas->{confirmpassword} =
$req->param('confirmpassword') ) );
}
# 4. Captcha for login form
if ( $self->conf->{captcha_login_enabled} && $defUser && $defPassword ) {
$req->datas->{captcha_user_code} = $req->param('captcha_user_code');
$req->datas->{captcha_check_code} = $req->param('captcha_code');
unless ( $req->datas->{captcha_user_code}
&& $req->datas->{captcha_check_code} )
{
$self->lmLog( "Captcha not filled", 'warn' );
return PE_CAPTCHAEMPTY;
}
$self->lmLog(
"Captcha data received: "
. $req->datas->{captcha_user_code} . " and "
. $req->datas->{captcha_check_code},
'debug'
);
# Check captcha
my $captcha_result = $self->checkCaptcha(
$req->datas->{captcha_user_code},
$req->datas->{captcha_check_code}
);
if ( $captcha_result != 1 ) {
if ( $captcha_result == -3
or $captcha_result == -2 )
{
$self->lmLog( "Captcha failed: wrong code", 'warn' );
return PE_CAPTCHAERROR;
}
elsif ( $captcha_result == 0 ) {
$self->lmLog( "Captcha failed: code not checked (file error)",
'warn' );
return PE_CAPTCHAERROR;
}
elsif ( $captcha_result == -1 ) {
$self->lmLog( "Captcha failed: code has expired", 'warn' );
return PE_CAPTCHAERROR;
}
}
$self->lmLog( "Captcha code verified", 'debug' );
}
# Other parameters
$req->datas->{timezone} = $req->param('timezone');
PE_OK;
}
## @apmethod int setAuthSessionInfo()
# Set password in session datas if wanted.
# @return Lemonldap::NG::Portal constant
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
# authenticationLevel
# +1 for user/password with HTTPS
$self->{_authnLevel} //= 0;
$self->{_authnLevel} += 1 if $self->https();
#TODO: check where _authnLevel is defined
$self->{sessionInfo}->{authenticationLevel} = $self->{_authnLevel};
# Store user submitted login for basic rules
$self->{sessionInfo}->{'_user'} = $self->{'user'};
# Store submitted password if set in configuration
# WARNING: it can be a security hole
if ( $self->conf->{storePassword} ) {
$self->{sessionInfo}->{'_password'} = $req->datas->{'newpassword'}
|| $req->datas->{'password'};
}
# Store user timezone
$self->{sessionInfo}->{'_timezone'} = $self->{'timezone'};
PE_OK;
}
# @return display type
sub getDisplayType {
return "standardform";
}
1;
Reference in New Issue View Git Blame Copy Permalink