84 lines
2.6 KiB
Perl
84 lines
2.6 KiB
Perl
package Lemonldap::NG::Portal::Plugins::AdaptativeAuthenticationLevel;
|
|
|
|
use Mouse;
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
|
PE_OK
|
|
);
|
|
|
|
our $VERSION = '2.1.0';
|
|
|
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
|
|
|
use constant afterData => 'adaptAuthenticationLevel';
|
|
|
|
has rules => ( is => 'rw', default => sub { {} } );
|
|
|
|
sub init {
|
|
my ($self) = @_;
|
|
$self->logger->debug('Init AdaptativeAuthenticationLevel plugin');
|
|
|
|
foreach (
|
|
keys %{ $self->conf->{adaptativeAuthenticationLevelRules} // {} } )
|
|
{
|
|
$self->logger->debug("adaptativeAuthenticationLevelRules key -> $_");
|
|
$self->logger->debug( "adaptativeAuthenticationLevelRules value -> "
|
|
. $self->conf->{adaptativeAuthenticationLevelRules}->{$_} );
|
|
|
|
my $rule =
|
|
$self->p->buildRule( $_, 'adaptativeAuthenticationLevelRules' );
|
|
next unless $rule;
|
|
$self->rules->{$_} = $rule;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
sub adaptAuthenticationLevel {
|
|
my ( $self, $req ) = @_;
|
|
|
|
my $userid = $req->sessionInfo->{ $self->conf->{whatToTrace} };
|
|
$self->logger->debug("Check adaptative authentication rules for $userid");
|
|
|
|
my $authenticationLevel = $req->sessionInfo->{authenticationLevel};
|
|
$self->logger->debug(
|
|
"Current authentication level for $userid is $authenticationLevel");
|
|
|
|
my $updatedAuthenticationLevel = $authenticationLevel;
|
|
|
|
foreach ( keys %{ $self->rules } ) {
|
|
my $rule = $_;
|
|
$self->logger->debug(
|
|
"Check adaptativeAuthenticationLevelRules -> $rule");
|
|
if ( $self->rules->{$_}->( $req, $req->sessionInfo ) ) {
|
|
my $levelOperation =
|
|
$self->conf->{adaptativeAuthenticationLevelRules}->{$_};
|
|
$self->logger->debug(
|
|
"User $userid match rule, apply $levelOperation on authentication level"
|
|
);
|
|
|
|
my ( $op, $level ) = ( $levelOperation =~ /([=+-])?(\d+)/ );
|
|
$updatedAuthenticationLevel = $level if ( !$op or $op eq '=' );
|
|
$updatedAuthenticationLevel += $level if ( $op and $op eq '+' );
|
|
$updatedAuthenticationLevel -= $level if ( $op and $op eq '-' );
|
|
$self->logger->debug(
|
|
"Authentication level for $userid is now $updatedAuthenticationLevel"
|
|
);
|
|
}
|
|
}
|
|
|
|
if ( $authenticationLevel ne $updatedAuthenticationLevel ) {
|
|
$self->logger->debug(
|
|
"Authentication level has changed for $userid, update session");
|
|
$self->p->updateSession(
|
|
$req,
|
|
{
|
|
'authenticationLevel' => $updatedAuthenticationLevel
|
|
}
|
|
);
|
|
|
|
}
|
|
|
|
return PE_OK;
|
|
}
|
|
|
|
1;
|