150 lines
4.0 KiB
Perl
150 lines
4.0 KiB
Perl
package Lemonldap::NG::Portal::Plugins::CheckUser;
|
|
|
|
use Data::Dumper;
|
|
use strict;
|
|
use Mouse;
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
|
PE_CONFIRM
|
|
PE_OK
|
|
PE_TOKENEXPIRED
|
|
PE_USERNOTFOUND
|
|
);
|
|
|
|
our $VERSION = '2.0.3';
|
|
|
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|
|
|
# INITIALIZATION
|
|
|
|
has ott => (
|
|
is => 'rw',
|
|
lazy => 1,
|
|
default => sub {
|
|
my $ott = $_[0]->{p}
|
|
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
|
|
$ott->timeout( $_[0]->{conf}->{formTimeout} );
|
|
return $ott;
|
|
}
|
|
);
|
|
|
|
sub hAttr {
|
|
$_[0]->{conf}->{checkUserHiddenAttributes} . ' ' . $_[0]->{conf}->{hiddenAttributes} ;
|
|
}
|
|
|
|
sub init {
|
|
my ($self) = @_;
|
|
$self->addAuthRoute( checkuser => 'check', [ 'GET', 'POST' ] );
|
|
return 1;
|
|
}
|
|
|
|
# RUNNING METHOD
|
|
|
|
sub check {
|
|
my ( $self, $req ) = @_;
|
|
my ( $hdrs, $attrs, $array_attrs, $array_hdrs ) = ( {}, {}, [], [] );
|
|
my $msg = 'checkUser';
|
|
my $result = '';
|
|
my $auth = 0;
|
|
|
|
## Check user attributes
|
|
# Use submitted attribute if exists
|
|
my $url = $req->param('url') || '';
|
|
$req->{user} = $req->param('user') if ( $req->param('user') );
|
|
$self->logger->debug("Check requested for $req->{user}");
|
|
$attrs = $self->_attributes($req);
|
|
if ( $req->error ) {
|
|
$msg = 'PE' . $req->{error};
|
|
$attrs = {};
|
|
}
|
|
|
|
$self->logger->debug( "######## " . Dumper($attrs) );
|
|
|
|
# Create an array of hashes for template loop
|
|
while ( my ( $k, $v ) = each %$attrs ) {
|
|
|
|
# Ignore hidden attributes
|
|
push @$array_attrs, { key => $k, value => $v } unless ( $self->hAttr =~ /\b$k\b/ or !$v );
|
|
}
|
|
@$array_attrs = sort { $a->{key} cmp $b->{key} } @$array_attrs;
|
|
|
|
# Check if user is allowed to access submitted URL and compute headers
|
|
if ( $url and %$attrs ) {
|
|
|
|
# User is allowed ?
|
|
$auth = $self->_authorized( $req, $url );
|
|
$self->logger->debug(
|
|
"checkUser requested for user: $req->{user} and URL: $url");
|
|
$result = $auth ? "ALLOWED" : "FORBIDDEN";
|
|
$self->userLogger->notice(
|
|
"checkUser -> $req->{user} is $result to access: $url");
|
|
|
|
# Return VirtualHost headers
|
|
$hdrs = $self->_headers( $req, $url );
|
|
while ( my ( $k, $v ) = each %$hdrs ) {
|
|
push @$array_hdrs, { key => $k, value => $v };
|
|
}
|
|
@$array_hdrs = sort { $a->{key} cmp $b->{key} } @$array_hdrs;
|
|
|
|
$self->logger->debug( "+++++++++++++ " . Dumper($array_hdrs) );
|
|
}
|
|
|
|
# Display form
|
|
return $self->p->sendHtml(
|
|
$req,
|
|
'checkuser',
|
|
params => {
|
|
PORTAL => $self->conf->{portal},
|
|
MAIN_LOGO => $self->conf->{portalMainLogo},
|
|
LANGS => $self->conf->{showLanguages},
|
|
MSG => $msg,
|
|
LOGIN => $req->{user},
|
|
URL => $url,
|
|
ALLOWED => $result,
|
|
HEADERS => $array_hdrs,
|
|
ATTRIBUTES => $array_attrs,
|
|
}
|
|
);
|
|
}
|
|
|
|
sub _attributes {
|
|
my ( $self, $req ) = @_;
|
|
|
|
# Search user in database
|
|
$req->steps(
|
|
[ 'getUser', 'setSessionInfo',
|
|
'setMacros', 'setGroups',
|
|
#'setPersistentSessionInfo', 'setLocalGroups'
|
|
'setLocalGroups'
|
|
]
|
|
);
|
|
if ( my $error = $self->p->process($req) ) {
|
|
if ( $error == PE_USERNOTFOUND ) {
|
|
$self->userLogger->warn( "Check requested for an unvalid user ("
|
|
. $req->{user}
|
|
. ")" );
|
|
}
|
|
$self->logger->debug("Process returned error: $error");
|
|
return $req->error($error);
|
|
}
|
|
return $req->{sessionInfo};
|
|
}
|
|
|
|
sub _authorized {
|
|
my ( $self, $req, $uri ) = @_;
|
|
|
|
# Check rights
|
|
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
|
|
$vhost =~ s/:\d+$//;
|
|
$vhost = $self->p->HANDLER->resolveAlias($vhost);
|
|
$appuri ||= '/';
|
|
return $self->p->HANDLER->grant( $req, $req->{sessionInfo}, $appuri,
|
|
undef, $vhost );
|
|
}
|
|
|
|
sub _headers {
|
|
my ( $self, $req ) = @_;
|
|
return { 'HEADER1' => 'TEST' };
|
|
}
|
|
|
|
1;
|