worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Partial revert - Modify Portal side is more consistent (#1653)

Browse Source
environments/ppa-mbqj77/deployments/710^2
Christophe Maudoux 6 years ago
parent 8ccb4571d3
commit 063c0f0d1b
2 changed files with 100 additions and 107 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm
  2. 201
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm

6
lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm
Unescape View File

@ -241,13 +241,7 @@ sub sendHtml {
$args{code} ||= 200;
$args{headers} ||= $req->respHeaders || [];
my $htpl;
my $tmpl = $template;
$template = ( $args{templateDir} // $self->templateDir ) . "/$template.tpl";
unless (-f $template){
$self->logger->debug("$template NOT found!!!");
$template = $self->conf->{templateDir} . '/bootstrap/' . "$tmpl.tpl";
$self->logger->debug("-> Try to load $template");
}
return $self->sendError( $req, "Unable to read $template", 500 )
unless ( -r $template and -f $template );
eval {

201
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
Unescape View File

@ -17,11 +17,11 @@ use strict;
use URI::Escape;
# List constants
sub authProcess { qw(extractFormInfo getUser authenticate) }
sub authProcess {qw(extractFormInfo getUser authenticate)}
sub sessionData {
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
setLocalGroups store secondFactor);
setLocalGroups store secondFactor);
}
sub validSession {
@ -56,11 +56,9 @@ sub handler {
if ( $sp or %{ $req->pdata } ) {
my %v = (
name => $self->conf->{cookieName} . 'pdata',
(
%{ $req->pdata }
( %{ $req->pdata }
? ( value => uri_escape( JSON::to_json( $req->pdata ) ) )
: (
value => '',
: ( value => '',
expires => 'Wed, 21 Oct 2015 00:00:00 GMT'
)
)
@ -94,8 +92,7 @@ sub login {
my ( $self, $req ) = @_;
return $self->do(
$req,
[
'controlUrl', @{ $self->beforeAuth },
[ 'controlUrl', @{ $self->beforeAuth },
$self->authProcess, @{ $self->betweenAuthAndData },
$self->sessionData, @{ $self->afterData },
$self->validSession, @{ $self->endAuth },
@ -107,8 +104,7 @@ sub postLogin {
my ( $self, $req ) = @_;
return $self->do(
$req,
[
'restoreArgs', 'controlUrl',
[ 'restoreArgs', 'controlUrl',
@{ $self->beforeAuth }, $self->authProcess,
@{ $self->betweenAuthAndData }, $self->sessionData,
@{ $self->afterData }, $self->validSession,
@ -121,8 +117,7 @@ sub authenticatedRequest {
my ( $self, $req ) = @_;
return $self->do(
$req,
[
'importHandlerData', 'controlUrl',
[ 'importHandlerData', 'controlUrl',
'checkLogout', @{ $self->forAuthUser }
]
);
@ -132,8 +127,7 @@ sub postAuthenticatedRequest {
my ( $self, $req ) = @_;
return $self->do(
$req,
[
'importHandlerData', 'restoreArgs',
[ 'importHandlerData', 'restoreArgs',
'controlUrl', 'checkLogout',
@{ $self->forAuthUser }
]
@ -150,8 +144,8 @@ sub refresh {
foreach ( keys %data ) {
delete $data{$_} unless ( /^_/ or /^(?:startTime)$/ );
}
$req->steps( [
'getUser',
$req->steps(
[ 'getUser',
@{ $self->betweenAuthAndData },
'setAuthSessionInfo',
'setSessionInfo',
@ -169,21 +163,21 @@ sub refresh {
if ($res) {
$req->info(
$self->loadTemplate(
'simpleInfo', params => { trspan => 'rightsReloadNeedsLogout' }
'simpleInfo',
params => { trspan => 'rightsReloadNeedsLogout' }
)
);
$req->urldc( $self->conf->{portal} );
return $self->do( $req, [ sub { PE_INFO } ] );
return $self->do( $req, [ sub {PE_INFO} ] );
}
return $self->do( $req, [ sub { PE_OK } ] );
return $self->do( $req, [ sub {PE_OK} ] );
}
sub logout {
my ( $self, $req ) = @_;
return $self->do(
$req,
[
'controlUrl', @{ $self->beforeLogout },
[ 'controlUrl', @{ $self->beforeLogout },
'authLogout', 'deleteSession'
]
);
@ -200,9 +194,9 @@ sub do {
# Update status
if ( my $p = $self->HANDLER->tsv->{statusPipe} ) {
$p->print( ( $req->user ? $req->user : $req->address ) . ' => '
. $req->uri
. " $err\n" );
$p->print(( $req->user ? $req->user : $req->address ) . ' => '
. $req->uri
. " $err\n" );
}
# Update history
@ -228,16 +222,14 @@ sub do {
else {
return $self->sendJSONresponse(
$req,
{
result => 1,
{ result => 1,
code => $err
}
);
}
}
else {
if (
$err
if ( $err
and $err != PE_LOGOUT_OK
and (
$err != PE_REDIRECT
@ -246,7 +238,7 @@ sub do {
and $req->data->{redirectFormMethod} eq 'post' )
or $req->info
)
)
)
{
my ( $tpl, $prms ) = $self->display($req);
$self->logger->debug("Calling sendHtml with template $tpl");
@ -264,21 +256,20 @@ sub do {
sub getModule {
my ( $self, $req, $type ) = @_;
if (
my $mod = {
if (my $mod = {
auth => '_authentication',
user => '_userDB',
password => '_passwordDB'
}->{$type}
)
)
{
if ( my $sub = $self->$mod->can('name') ) {
return $sub->( $self->$mod, $req, $type );
}
else {
my $s = ref( $self->$mod );
$s =~
s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//;
$s
=~ s/^Lemonldap::NG::Portal::(?:(?:Issuer|UserDB|Auth|Password)::)?//;
return $s;
}
}
@ -295,7 +286,7 @@ sub autoRedirect {
# Set redirection URL if needed
$req->{urldc} ||= $self->conf->{portal}
if ( $req->mustRedirect and not( $req->info ) );
if ( $req->mustRedirect and not( $req->info ) );
# Redirection should be made if urldc defined
if ( $req->{urldc} ) {
@ -305,8 +296,9 @@ sub autoRedirect {
$req->data->{redirectFormMethod} = "get";
}
else {
return [ 302,
[ Location => $req->{urldc}, @{ $req->respHeaders } ], [] ];
return [
302, [ Location => $req->{urldc}, @{ $req->respHeaders } ], []
];
}
}
my ( $tpl, $prms ) = $self->display($req);
@ -326,8 +318,8 @@ sub getApacheSession {
$self->logger->debug("Try to get a new $args{kind} session");
}
my $as = Lemonldap::NG::Common::Session->new( {
storageModule => $self->conf->{globalStorage},
my $as = Lemonldap::NG::Common::Session->new(
{ storageModule => $self->conf->{globalStorage},
storageModuleOptions => $self->conf->{globalStorageOptions},
cacheModule => $self->conf->{localSessionStorage},
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
@ -341,8 +333,7 @@ sub getApacheSession {
if ( my $err = $as->error ) {
$self->lmLog(
$err,
(
$err =~ /(?:Object does not exist|Invalid session ID)/
( $err =~ /(?:Object does not exist|Invalid session ID)/
? 'notice'
: 'error'
)
@ -357,21 +348,19 @@ sub getApacheSession {
$self->logger->debug("Get session $id from Portal::Main::Run") if ($id);
$self->logger->debug(
"Check session validity -> " . $self->conf->{timeoutActivity} . "s" )
if ( $self->conf->{timeoutActivity} );
if ( $self->conf->{timeoutActivity} );
my $now = time;
if (
$id
if ( $id
and defined $as->data->{_utime}
and (
( ( $now - $as->data->{_utime} ) > $self->conf->{timeout} )
or (
$self->conf->{timeoutActivity}
or ( $self->conf->{timeoutActivity}
and $as->data->{_lastSeen}
and ( ( $now - $as->data->{_lastSeen} ) >
$self->conf->{timeoutActivity} )
and ( ( $now - $as->data->{_lastSeen} )
> $self->conf->{timeoutActivity} )
)
)
)
)
{
$self->logger->debug("Session $args{kind} $id expired");
return;
@ -393,8 +382,8 @@ sub getPersistentSession {
$info->{_session_uid} = $uid;
my $ps = Lemonldap::NG::Common::Session->new( {
storageModule => $self->conf->{persistentStorage},
my $ps = Lemonldap::NG::Common::Session->new(
{ storageModule => $self->conf->{persistentStorage},
storageModuleOptions => $self->conf->{persistentStorageOptions},
id => $pid,
force => 1,
@ -435,10 +424,11 @@ sub updatePersistentSession {
# Return if no infos to update
return () unless ( ref $infos eq 'HASH' and %$infos );
$uid ||= $req->{sessionInfo}->{ $self->conf->{whatToTrace} }
|| $req->userData->{ $self->conf->{whatToTrace} };
|| $req->userData->{ $self->conf->{whatToTrace} };
$self->logger->debug("Found 'whatToTrace' -> $uid");
unless ($uid) {
$self->logger->debug('No uid found, skipping updatePersistentSession');
$self->logger->debug(
'No uid found, skipping updatePersistentSession');
return ();
}
$self->logger->debug("Update $uid persistent session");
@ -480,14 +470,14 @@ sub updateSession {
foreach ( keys %$infos ) {
$self->logger->debug(
"Update sessionInfo $_ with " . $infos->{$_} );
$req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_} =
$infos->{$_};
$req->{sessionInfo}->{$_} = $self->HANDLER->data->{$_}
= $infos->{$_};
}
# Update session in global storage with _updateTime
$infos->{_updateTime} = strftime( "%Y%m%d%H%M%S", localtime() );
if ( my $apacheSession =
$self->getApacheSession( $id, info => $infos ) )
if ( my $apacheSession
= $self->getApacheSession( $id, info => $infos ) )
{
if ( $apacheSession->error ) {
$self->logger->error("Cannot update session $id");
@ -570,10 +560,10 @@ sub isTrustedUrl {
sub stamp {
my $self = shift;
my $res =
$self->conf->{cipher}
? $self->conf->{cipher}->encrypt( time() )
: 1;
my $res
= $self->conf->{cipher}
? $self->conf->{cipher}->encrypt( time() )
: 1;
$res =~ s/\+/%2B/g;
return $res;
}
@ -705,7 +695,7 @@ sub cookie {
$h{path} ||= '/';
$h{HttpOnly} //= $self->conf->{httpOnly};
$h{max_age} //= $self->conf->{cookieExpiration}
if ( $self->conf->{cookieExpiration} );
if ( $self->conf->{cookieExpiration} );
foreach (qw(domain path expires max_age HttpOnly)) {
my $f = $_;
$f =~ s/_/-/g;
@ -726,16 +716,24 @@ sub _dump {
sub sendHtml {
my ( $self, $req, $template, %args ) = @_;
$args{params}->{TROVER} = $self->trOver;
$args{templateDir} =
$self->conf->{templateDir} . '/' . $self->getSkin($req);
$args{templateDir}
= $self->conf->{templateDir} . '/' . $self->getSkin($req);
my $tmpl = $args{templateDir} . "/$template.tpl";
unless ( -f $tmpl ) {
$self->logger->debug("Template : $tmpl NOT found!!!");
$args{templateDir} = $self->conf->{templateDir} . '/bootstrap';
$tmpl = $args{templateDir} . "/$template.tpl";
$self->logger->debug("-> Trying to load $tmpl");
}
my $res = $self->SUPER::sendHtml( $req, $template, %args );
push @{ $res->[1] },
'X-XSS-Protection' => '1; mode=block',
'X-Content-Type-Options' => 'nosniff',
'Cache-Control' => 'no-cache, no-store, must-revalidate',# HTTP 1.1
'Pragma' => 'no-cache', # HTTP 1.0
'Expires' => '0'; # Proxies
'X-XSS-Protection' => '1; mode=block',
'X-Content-Type-Options' => 'nosniff',
'Cache-Control' => 'no-cache, no-store, must-revalidate', # HTTP 1.1
'Pragma' => 'no-cache', # HTTP 1.0
'Expires' => '0'; # Proxies
# Set authorized URL for POST
my $csp = $self->csp . "form-action " . $self->conf->{cspFormAction};
@ -749,13 +747,14 @@ sub sendHtml {
if ( defined $url ) {
$self->logger->debug("Required Params URL : $url");
if ( $url =~ s#(https?://[^/]+).*#$1# ) {
$self->logger->debug("Set CSP form-action with Params URL : $url");
$self->logger->debug(
"Set CSP form-action with Params URL : $url");
$csp .= " $url";
}
}
if ( defined $req->{cspFormAction} ) {
$self->logger->debug(
"Set CSP form-action with request URL: " . $req->{cspFormAction} );
$self->logger->debug( "Set CSP form-action with request URL: "
. $req->{cspFormAction} );
$csp .= " " . $req->{cspFormAction};
}
@ -781,7 +780,7 @@ sub sendHtml {
my @url;
if ( $req->info ) {
@url = map { s#https?://([^/]+).*#$1#; $_ }
( $req->info =~ /<iframe.*?src="(.*?)"/sg );
( $req->info =~ /<iframe.*?src="(.*?)"/sg );
}
if (@url) {
$csp .= join( ' ', 'child-src', @url ) . ';';
@ -797,18 +796,17 @@ sub sendCss {
my ( $self, $req ) = @_;
my $s = '/* LL::NG Portal CSS */';
if ( $self->conf->{portalSkinBackground} ) {
$s .=
'html,body{background:url("'
. $self->staticPrefix
. '/common/backgrounds/'
. $self->conf->{portalSkinBackground}
. '") no-repeat center fixed;'
. 'background-size:cover;}';
$s
.= 'html,body{background:url("'
. $self->staticPrefix
. '/common/backgrounds/'
. $self->conf->{portalSkinBackground}
. '") no-repeat center fixed;'
. 'background-size:cover;}';
}
return [
200,
[
'Content-Type' => 'text/css',
[ 'Content-Type' => 'text/css',
'Content-Length' => length($s),
'Cache-Control' => 'public,max-age=3600',
],
@ -832,16 +830,16 @@ sub lmError {
# Error code
$templateParams{"ERROR$_"} = ( $httpError == $_ ? 1 : 0 )
foreach ( 403, 404, 500, 502, 503 );
foreach ( 403, 404, 500, 502, 503 );
return $self->sendHtml( $req, 'error', params => \%templateParams );
}
sub rebuildCookies {
my ( $self, $req ) = @_;
my @tmp;
for ( my $i = 0 ; $i < @{ $req->{respHeaders} } ; $i += 2 ) {
for ( my $i = 0; $i < @{ $req->{respHeaders} }; $i += 2 ) {
push @tmp, $req->respHeaders->[0], $req->respHeaders->[1]
unless ( $req->respHeaders->[0] eq 'Set-Cookie' );
unless ( $req->respHeaders->[0] eq 'Set-Cookie' );
}
$req->{respHeaders} = \@tmp;
$self->buildCookie($req);
@ -856,8 +854,8 @@ sub tplParams {
$portalPath =~ s#[^/]+\.fcgi$##;
for my $session_key ( keys %{ $req->{sessionInfo} } ) {
$templateParams{ "session_" . $session_key } =
$req->{sessionInfo}->{$session_key};
$templateParams{ "session_" . $session_key }
= $req->{sessionInfo}->{$session_key};
}
for my $env_key ( keys %{ $req->env } ) {
@ -878,7 +876,7 @@ sub tplParams {
sub registerLogin {
my ( $self, $req ) = @_;
return
unless ( $self->conf->{loginHistoryEnabled}
unless ( $self->conf->{loginHistoryEnabled}
and defined $req->authResult );
my $history = $req->sessionInfo->{_loginHistory} ||= {};
my $type = ( $req->authResult > 0 ? 'failed' : 'success' ) . 'Login';
@ -888,17 +886,18 @@ sub registerLogin {
# Gather current login's parameters
my $login = $self->_sumUpSession( $req->{sessionInfo}, 1 );
$login->{error} = $self->error( $req->authResult )
if ( $req->authResult );
if ( $req->authResult );
$self->logger->debug( " Current login -> " . $login->{error} )
if ( $login->{error} );
if ( $login->{error} );
# Add current login into history
unshift @{ $history->{$type} }, $login;
# Forget oldest logins
splice @{ $history->{$type} }, $self->conf->{ $type . "Number" }
if ( scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
if (
scalar @{ $history->{$type} } > $self->conf->{ $type . "Number" } );
# Save into persistent session
$self->updatePersistentSession( $req, { _loginHistory => $history, } );
@ -911,12 +910,12 @@ sub registerLogin {
# @return hashref
sub _sumUpSession {
my ( $self, $session, $withoutUser ) = @_;
my $res =
$withoutUser
? {}
: { user => $session->{ $self->conf->{whatToTrace} } };
my $res
= $withoutUser
? {}
: { user => $session->{ $self->conf->{whatToTrace} } };
$res->{$_} = $session->{$_}
foreach ( "_utime", "ipAddr",
foreach ( "_utime", "ipAddr",
keys %{ $self->conf->{sessionDataToRemember} } );
return $res;
}
@ -925,12 +924,12 @@ sub _sumUpSession {
sub loadTemplate {
my ( $self, $name, %prm ) = @_;
$name .= '.tpl';
my $file =
$self->conf->{templateDir} . '/'
. $self->conf->{portalSkin} . '/'
. $name;
my $file
= $self->conf->{templateDir} . '/'
. $self->conf->{portalSkin} . '/'
. $name;
$file = $self->conf->{templateDir} . '/common/' . $name
unless ( -e $file );
unless ( -e $file );
unless ( -e $file ) {
die "Unable to find $name in $self->conf->{templateDir}";
}

Write Preview
Loading…
Cancel
Save