worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove some old files (#595)

Browse Source
environments/ppa-mbqj77/deployments/1
Xavier Guimard 8 years ago
parent da0a26a73f
commit 26e9e12394
5 changed files with 1 additions and 1019 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      lemonldap-ng-portal/MANIFEST
  2. 44
      lemonldap-ng-portal/example/metadata.pl
  3. 727
      lemonldap-ng-portal/example/oauth2.pl
  4. 89
      lemonldap-ng-portal/example/openid-configuration.pl
  5. 154
      lemonldap-ng-portal/example/register.pl

6
lemonldap-ng-portal/MANIFEST
Unescape View File

@ -8,12 +8,7 @@ example/index.pl
example/index_simple.pl
example/index_skin.pl
example/mail.pl
example/metadata.pl
example/oauth2.pl
example/openid-configuration.pl
example/PortalStatus.pl
example/register.pl
example/scripts/buildPortalWSDL
example/soapconfigtest.pl
example/soaperrortest.pl
example/soaptest.pl
@ -115,6 +110,7 @@ MANIFEST This list of files
META.yml
README
REST-API.md
scripts/buildPortalWSDL
site/coffee/portal.coffee
site/cron/purgeCentralCache
site/cron/purgeCentralCache.cron.d

44
lemonldap-ng-portal/example/metadata.pl
Unescape View File

@ -1,44 +0,0 @@
#!/usr/bin/perl
use Lemonldap::NG::Portal::SharedConf;
use Lemonldap::NG::Common::Conf::SAML::Metadata;
use strict;
my $portal = Lemonldap::NG::Portal::SharedConf->new(
{
# ACCESS TO CONFIGURATION
# By default, Lemonldap::NG uses the default lemonldap-ng.ini file to
# know where to find its configuration
# (generaly /etc/lemonldap-ng/lemonldap-ng.ini)
# You can specify by yourself this file :
#configStorage => { confFile => '/path/to/my/file' },
# or set explicitely parameters :
#configStorage => {
# type => 'File',
# dirName => '/usr/local/lemonldap-ng/data//conf'
#},
# Note that YOU HAVE TO SET configStorage here if you've declared this
# portal as SOAP configuration server in the manager
# OTHERS
# You can also overload any parameter issued from manager
# configuration. Example:
#globalStorage => 'Apache::Session::File',
#globalStorageOptions => {
# 'Directory' => '/var/lib/lemonldap-ng/sessions/',
# 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/',
#},
# Note that YOU HAVE TO SET globalStorage here if you've declared this
# portal as SOAP session server in the manager
}
);
my $skin = 'common';
my $skin_dir = $portal->getApacheHtdocsPath() . '/skins';
my $skin_file = 'saml2-metadata.tpl';
my $metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
print $portal->header('text/xml; charset=utf-8');
print $metadata->serviceToXML( $skin_dir . '/' . $skin . '/' . $skin_file,
$portal );

727
lemonldap-ng-portal/example/oauth2.pl
Unescape View File

@ -1,727 +0,0 @@
#!/usr/bin/perl -w
# Simple OpenID Connect client
use strict;
use JSON;
use LWP::UserAgent;
use MIME::Base64
qw/encode_base64url encode_base64 decode_base64url decode_base64/;
use URI::Escape;
use CGI;
use Data::Dumper;
use utf8;
use Digest::SHA
qw/hmac_sha256_base64 hmac_sha384_base64 hmac_sha512_base64 sha256 sha256_base64 sha384_base64 sha512_base64/;
#==============================================================================
# Configuration
#==============================================================================
my $client_id = "lemonldap";
my $client_secret = "secret";
my $portal_url = "http://auth.example.com";
my $authorization_uri = "$portal_url/oauth2/authorize";
my $token_uri = "$portal_url/oauth2/token";
my $userinfo_uri = "$portal_url/oauth2/userinfo";
my $registration_uri = "$portal_url/oauth2/register";
my $endsession_uri = "$portal_url/oauth2/logout";
my $checksession_uri = "$portal_url/oauth2/checksession";
#==============================================================================
# CSS
#==============================================================================
my $css = <<EOT;
html,body{
height:100%;
background:#ddd;
}
#content{
padding:20px;
}
EOT
#==============================================================================
# Main
#==============================================================================
my $ua = new LWP::UserAgent;
my $cgi = new CGI;
my $redirect_uri = $cgi->url . "?openidconnectcallback=1";
my $local_configuration_uri = $cgi->url . "?test=configuration";
my $local_registration_uri = $cgi->url . "?test=registration";
my $local_request_uri = $cgi->url . "?test=request";
my $local_checksession_uri = $cgi->url . "?test=checksession";
$Data::Dumper::Terse = 1;
$Data::Dumper::Sortkeys = 1;
# Request URI
if ( $cgi->param("test") eq "request" ) {
my $request_paylod_hash = {
response_type => "code",
scope => "openid profile",
client_id => $client_id,
redirect_uri => $redirect_uri,
display => "page",
iss => $client_id,
aud => [$portal_url]
};
my $request_payload = encode_base64( to_json($request_paylod_hash), "" );
my $request_header_hash = { typ => "JWT", alg => "HS256" };
my $request_header = encode_base64( to_json($request_header_hash), "" );
my $request_digest =
hmac_sha256_base64( $request_header . "." . $request_payload,
$client_secret );
$request_digest =~ s/\+/-/g;
$request_digest =~ s/\//_/g;
my $request =
$request_header . "." . $request_payload . "." . $request_digest;
print $cgi->header( -type => 'application/jwt;charset=utf-8' );
print $request;
exit;
}
# Check Session
if ( $cgi->param("test") eq "checksession" ) {
my $session_state = $cgi->param("session_state");
my $js;
$js .= 'var stat = "unchanged";' . "\n";
$js .=
'var mes = "'
. uri_escape($client_id)
. '" + " " + "'
. uri_escape($session_state) . '";' . "\n";
$js .= 'function check_session()' . "\n";
$js .= '{' . "\n";
$js .= 'var targetOrigin = "http://auth.example.com";' . "\n";
$js .=
'var win = window.parent.document.getElementById("opchecksession").contentWindow;'
. "\n";
$js .= 'win.postMessage( mes, targetOrigin);' . "\n";
$js .= '}' . "\n";
$js .= 'function setTimer()' . "\n";
$js .= '{' . "\n";
$js .= 'check_session();' . "\n";
$js .= 'timerID = setInterval("check_session()",3*1000);' . "\n";
$js .= '}' . "\n";
$js .= 'window.addEventListener("message", receiveMessage, false);' . "\n";
$js .= 'function receiveMessage(e)' . "\n";
$js .= '{' . "\n";
$js .= 'var targetOrigin = "http://auth.example.com";' . "\n";
$js .= 'if (e.origin !== targetOrigin ) {return;}' . "\n";
$js .= 'stat = e.data;' . "\n";
$js .= 'document.getElementById("sessionstatus").textContent=stat;' . "\n";
$js .= '}' . "\n";
$js .= 'setTimer();' . "\n";
print $cgi->header( -type => 'text/html' );
print $cgi->start_html( -title => 'Check Session', -script => $js );
print "<p>Session status: <span id=\"sessionstatus\"></span></p>\n";
print $cgi->end_html();
exit;
}
# Start HTTP response
print $cgi->header( -type => 'text/html;charset=utf-8' );
print "<!DOCTYPE html>\n";
print
"<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n";
print "<head>\n";
print "<title>OpenID Connect sample client</title>\n";
print
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
print
"<meta http-equiv=\"Content-Script-Type\" content=\"text/javascript\" />\n";
print "<meta http-equiv=\"cache-control\" content=\"no-cache\" />\n";
print
"<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n";
print
"<link href=\"$portal_url/skins/bootstrap/css/bootstrap.css\" rel=\"stylesheet\">\n";
print
"<link href=\"$portal_url/skins/bootstrap/css/bootstrap-theme.css\" rel=\"stylesheet\">\n";
print "<style>\n";
print "$css\n";
print "</style>\n";
print
"<script type=\"text/javascript\" src=\"/skins/common/js/jquery-1.10.2.js\"></script>\n";
print
"<script type=\"text/javascript\" src=\"/skins/common/js/jquery-ui-1.10.3.custom.js\"></script>\n";
print "<script src=\"$portal_url/skins/bootstrap/js/bootstrap.js\"></script>\n";
print "</head>\n";
print "<body>\n";
print "<div id=\"content\" class=\"container\">\n";
print "<div class=\"panel panel-info panel-body\">\n";
print "<div class=\"page-header\">\n";
print "<h1 class=\"text-center\">OpenID Connect sample client</h1>\n";
print "</div>\n";
# OIDC Callback
my $callback = $cgi->param("openidconnectcallback");
if ($callback) {
print "<h2 class=\"text-center\">Callback received</h2>";
print "<div class=\"panel panel-info\">\n";
print "<div class=\"panel-heading\">\n";
print
"<h2 class=\"panel-title text-center\">OpenID Connect callback received</h2>\n";
print "</div>\n";
print "<div class=\"panel-body\">\n";
print "<pre><code>"
. $cgi->url( -path_info => 1, -query => 1 )
. "</code></pre>\n";
print "</div>\n";
print "</div>\n";
# Check Flow
my $code = $cgi->param("code");
my $implicitcallback = $cgi->param("implicitcallback");
my $error = $cgi->param("error");
my $error_description = $cgi->param("error_description");
if ($error) {
print "<div class=\"alert alert-danger\">";
print "<p>Error: $error</p>";
print "<p>Description: $error_description</p>" if $error_description;
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
unless ( $code or $implicitcallback ) {
print '
<script type="text/javascript">
// First, parse the query string
var params = {}, postBody = location.hash.substring(1),
regex = /([^&=]+)=([^&]*)/g, m;
var redirect_location = "http://" + window.location.host + "/oauth2.pl?openidconnectcallback=1&implicitcallback=1";
while (m = regex.exec(postBody)) {
params[decodeURIComponent(m[1])] = decodeURIComponent(m[2]);
redirect_location = redirect_location + "&" + decodeURIComponent(m[1]) +"="+ decodeURIComponent(m[2]);
}
window.location = redirect_location;
</script>
';
}
# AuthN Response
my $state = $cgi->param("state");
# Check state
unless ( $state eq "ABCDEFGHIJKLMNOPQRSTUVWXXZ" ) {
print "<div class=\"alert alert-danger\">";
print "<p>OpenIDConnect callback state $state is invalid</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
my $access_token;
my $id_token;
if ($code) {
my $grant_type = "authorization_code";
my %form;
$form{"code"} = $code;
$form{"redirect_uri"} = $redirect_uri;
$form{"grant_type"} = $grant_type;
# Method client_secret_post
#$form{"client_id"} = $client_id;
#$form{"client_secret"} = $client_secret;
#my $response = $ua->post( $token_uri, \%form,
# "Content-Type" => 'application/x-www-form-urlencoded' );
# Method client_secret_basic
my $response = $ua->post(
$token_uri, \%form,
"Authorization" => "Basic "
. encode_base64("$client_id:$client_secret"),
"Content-Type" => 'application/x-www-form-urlencoded',
);
if ( $response->is_error ) {
print "<div class=\"alert alert-danger\">";
print "<p>Bad authorization response: "
. $response->message . "</p>";
print "<p>$response->content</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
# Get access_token and id_token
my $content = $response->decoded_content;
my $json;
eval { $json = from_json $content; };
if ($@) {
print "<div class=\"alert alert-danger\">";
print "<p>Wrong JSON content</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
if ( $json->{error} ) {
print "<div class=\"alert alert-danger\">";
print "<p>Error in token response:" . $json->{error} . "</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
$access_token = $json->{access_token};
$id_token = $json->{id_token};
}
else {
$access_token = $cgi->param("access_token");
$id_token = $cgi->param("id_token");
}
print "<div class=\"panel panel-info\">\n";
print "<div class=\"panel-heading\">\n";
print "<h2 class=\"panel-title text-center\">Tokens</h2>\n";
print "</div>\n";
print "<div class=\"panel-body\">\n";
print "<pre>Access token: <code>$access_token</code></pre>";
print "<pre>ID token: <code>$id_token</code></pre>";
print "</div>\n";
print "</div>\n";
# Get ID token content
my ( $id_token_header, $id_token_payload, $id_token_signature ) =
split( /\./, $id_token );
# TODO check signature
my $id_token_payload_hash = from_json( decode_base64($id_token_payload) );
print "<div class=\"panel panel-info\">\n";
print "<div class=\"panel-heading\">\n";
print "<h2 class=\"panel-title text-center\">ID Token content</h2>\n";
print "</div>\n";
print "<div class=\"panel-body\">\n";
print "<pre>" . Dumper($id_token_payload_hash) . "</pre>";
print "</div>\n";
print "</div>\n";
# Request UserInfo
my $ui_response =
$ua->get( $userinfo_uri, "Authorization" => "Bearer $access_token" );
my $ui_content = $ui_response->decoded_content;
my $ui_json;
my $content_type = $ui_response->header('Content-Type');
if ( $content_type =~ /json/ ) {
eval { $ui_json = from_json($ui_content); };
}
elsif ( $content_type =~ /jwt/ ) {
my ( $ui_header, $ui_payload, $ui_signature ) =
split( /\./, $ui_content );
eval { $ui_json = from_json( decode_base64($ui_payload) ); };
}
print "<div class=\"panel panel-info\">\n";
print "<div class=\"panel-heading\">\n";
print "<h2 class=\"panel-title text-center\">User Info</h2>\n";
print "</div>\n";
print "<div class=\"panel-body\">\n";
print "<pre>" . Dumper($ui_json) . "</pre>";
print "</div>\n";
print "</div>\n";
# Session Management RP iFrame
print "<iframe src=\""
. $local_checksession_uri
. "&session_state="
. $cgi->param('session_state')
. "\" id=\"rpchecksession\" width=\"100%\"></iframe>\n";
print
"<iframe src=\"$checksession_uri\" id=\"opchecksession\" width=\"0\" height=\"0\"></iframe>\n";
my $logout_redirect_uri =
$endsession_uri
. "?post_logout_redirect_uri="
. $cgi->url
. "&state="
. $state;
print "<div class=\"text-center\">\n";
print
"<a class=\"btn btn-danger\" role=\"button\" href=\"$endsession_uri\">Logout</a>\n";
print
"<a class=\"btn btn-danger\" role=\"button\" href=\"$logout_redirect_uri\">Logout with redirect</a>\n";
print "</div>\n";
print "<hr />\n";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
}
# Configuration read
elsif ( $cgi->param("test") eq "configuration" ) {
my $openid_configuration_url =
$portal_url . "/.well-known/openid-configuration";
print
"<h3 class=\"text-center\">Get configuration from <a href=\"$openid_configuration_url\">$openid_configuration_url</a></h3>\n";
my $config_response = $ua->get($openid_configuration_url);
if ( $config_response->is_error ) {
print "<div class=\"alert alert-danger\">";
print "<p>Bad configuration response: "
. $config_response->message . "</p>";
print "<p>$config_response->content</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
my $content = $config_response->decoded_content;
my $json;
eval { $json = from_json $content; };
if ($@) {
print "<div class=\"alert alert-danger\">";
print "<p>Wrong JSON content</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
if ( $json->{error} ) {
print "<div class=\"alert alert-danger\">";
print "<p>Error in configuration response:" . $json->{error} . "</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
print "<div class=\"panel panel-info\">\n";
print "<div class=\"panel-heading\">\n";
print "<h2 class=\"panel-title text-center\">Configuration content</h2>\n";
print "</div>\n";
print "<div class=\"panel-body\">\n";
print "<pre>" . Dumper($json) . "</pre>";
print "</div>\n";
print "</div>\n";
if ( $json->{jwks_uri} ) {
my $jwks_response = $ua->get( $json->{jwks_uri} );
if ( $jwks_response->is_error ) {
print "<div class=\"alert alert-danger\">";
print "<p>Bad JWKS response: " . $jwks_response->message . "</p>";
print "<p>$jwks_response->content</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
my $jwks_content = $jwks_response->decoded_content;
my $jwks_json;
eval { $jwks_json = from_json $jwks_content; };
if ($@) {
print "<div class=\"alert alert-danger\">";
print "<p>Wrong JSON content</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
if ( $json->{error} ) {
print "<div class=\"alert alert-danger\">";
print "<p>Error in jwks response:" . $json->{error} . "</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
print "<div class=\"panel panel-info\">\n";
print "<div class=\"panel-heading\">\n";
print "<h2 class=\"panel-title text-center\">JWKS content</h2>\n";
print "</div>\n";
print "<div class=\"panel-body\">\n";
print "<pre>" . Dumper($jwks_json) . "</pre>";
print "</div>\n";
print "</div>\n";
}
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
}
# Registration
elsif ( $cgi->param("test") eq "registration" ) {
print
"<h3 class=\"text-center\">Register fake client on <a href=\"$registration_uri\">$registration_uri</a></h3>\n";
my $fake_metadata = {
"application_type" => "web",
"redirect_uris" => [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name" => "My Example",
"client_name#ja-Jpan-JP" => "クライアント名",
"logo_uri" => "https://client.example.org/logo.png",
"subject_type" => "pairwise",
"sector_identifier_uri" =>
"https://other.example.net/file_of_redirect_uris.json",
"token_endpoint_auth_method" => "client_secret_basic",
"jwks_uri" => "https://client.example.org/my_public_keys.jwks",
"userinfo_encrypted_response_alg" => "RSA1_5",
"userinfo_encrypted_response_enc" => "A128CBC-HS256",
"contacts" => [ 've7jtb@example.org', 'mary@example.org' ],
"request_uris" => [
'https://client.example.org/rf.txt#qpXaRLh_n93TTR9F252ValdatUQvQiJi5BDub2BeznA'
],
};
print "<div class=\"panel panel-info\">\n";
print "<div class=\"panel-heading\">\n";
print "<h2 class=\"panel-title text-center\">Client metadata sent</h2>\n";
print "</div>\n";
print "<div class=\"panel-body\">\n";
print "<pre>" . Dumper($fake_metadata) . "</pre>";
print "</div>\n";
print "</div>\n";
# POST client metadata
my $fake_metadata_json = to_json($fake_metadata);
my $register_response = $ua->post(
$registration_uri,
"Content-Type" => 'application/json',
"Content" => $fake_metadata_json
);
my $register_content = $register_response->decoded_content;
my $register_json;
eval { $register_json = from_json $register_content; };
if ($@) {
print "<div class=\"alert alert-danger\">";
print "<p>Wrong JSON content</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
if ( $register_json->{error} ) {
print "<div class=\"alert alert-danger\">";
print "<p>Error in register response:"
. $register_json->{error} . "</p>";
print "</div>";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
print "</div>";
print "</div>";
print $cgi->end_html();
exit 0;
}
print "<div class=\"panel panel-info\">\n";
print "<div class=\"panel-heading\">\n";
print "<h2 class=\"panel-title text-center\">Register content</h2>\n";
print "</div>\n";
print "<div class=\"panel-body\">\n";
print "<pre>" . Dumper($register_json) . "</pre>";
print "</div>\n";
print "</div>\n";
print
"<div class=\"text-center\"><a class=\"btn btn-info\" role=\"button\" href=\""
. $cgi->url
. "\">Home</a></div>\n";
}
# First access
else {
# AuthN Request
my $response_type = uri_escape("code");
my $scope = uri_escape("openid profile address email phone");
my $state = uri_escape("ABCDEFGHIJKLMNOPQRSTUVWXXZ");
my $nonce = uri_escape("1234567890");
my $display = uri_escape("popup");
my $prompt = uri_escape("consent");
my $ui_locales = uri_escape("fr-CA en-GB en fr-FR fr");
my $login_hint = uri_escape("coudot");
my $max_age = 3600;
my $id_token_hint =
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhenAiOiJsZW1vbmxkYXAiLCJzdWIiOiJjb3Vkb3RAbGluYWdvcmEuY29tIiwiaWF0IjoxNDI3Mjk5MjMyLCJhdXRoX3RpbWUiOjE0MjcyOTYwNTQsImV4cCI6IjM2MDAiLCJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOlsibGVtb25sZGFwIl0sImF0X2hhc2giOiJwZEdBcG9lVE8tNTM0el9XQ2wxcUtRIiwiYWNyIjoibG9hLTIiLCJpc3MiOiJodHRwOi8vYXV0aC5leGFtcGxlLmNvbS8ifQ==.R7nddv9bom+J2hyrTe/7a4mRupJAoDioBYaop+Q94Fg";
my $request_paylod_hash = {
response_type => "code",
scope => "openid profile",
client_id => $client_id,
redirect_uri => $redirect_uri,
display => "page",
iss => $client_id,
aud => [$portal_url]
};
my $request_payload = encode_base64( to_json($request_paylod_hash), "" );
my $request_header_hash = { typ => "JWT", alg => "HS256" };
my $request_header = encode_base64( to_json($request_header_hash), "" );
my $request_digest =
hmac_sha256_base64( $request_header . "." . $request_payload,
$client_secret );
$request_digest =~ s/\+/-/g;
$request_digest =~ s/\//_/g;
my $request = uri_escape(
$request_header . "." . $request_payload . "." . $request_digest );
my $request_uri = uri_escape($local_request_uri);
$client_id = uri_escape($client_id);
$redirect_uri = uri_escape($redirect_uri);
my $redirect_url = $authorization_uri
. "?response_type=$response_type&client_id=$client_id&scope=$scope&redirect_uri=$redirect_uri&state=$state&nonce=$nonce&display=$display&prompt=$prompt&ui_locales=$ui_locales&login_hint=$login_hint&max_age=$max_age&id_token_hint=$id_token_hint";
my $implicit_response_type = uri_escape("id_token token");
my $implicit_redirect_url = $authorization_uri
. "?response_type=$implicit_response_type&client_id=$client_id&scope=$scope&redirect_uri=$redirect_uri&state=$state&nonce=$nonce&display=$display&prompt=$prompt&ui_locales=$ui_locales&login_hint=$login_hint&max_age=$max_age&id_token_hint=$id_token_hint";
my $hybrid_response_type = uri_escape("code id_token token");
my $hybrid_redirect_url = $authorization_uri
. "?response_type=$hybrid_response_type&client_id=$client_id&scope=$scope&redirect_uri=$redirect_uri&state=$state&nonce=$nonce&display=$display&prompt=$prompt&ui_locales=$ui_locales&login_hint=$login_hint&max_age=$max_age&id_token_hint=$id_token_hint";
my $request_redirect_url = $authorization_uri
. "?response_type=code&client_id=$client_id&request=$request&state=$state&scope=openid";
my $request_uri_redirect_url = $authorization_uri
. "?response_type=code&client_id=$client_id&request_uri=$request_uri&state=$state&scope=openid";
print "<h2 class=\"text-center\">Authentication</h2>\n";
print "<div class=\"text-center\">\n";
print
"<a href=\"$redirect_url\" class=\"btn btn-info\" role=\"button\">Authorization Code Flow</a>\n";
print
"<a href=\"$implicit_redirect_url\" class=\"btn btn-info\" role=\"button\">Implicit Flow</a>\n";
print
"<a href=\"$hybrid_redirect_url\" class=\"btn btn-info\" role=\"button\">Hybrid Flow</a>\n";
print
"<a href=\"$request_redirect_url\" class=\"btn btn-info\" role=\"button\">Authorization Code Flow with request</a>\n";
print
"<a href=\"$request_uri_redirect_url\" class=\"btn btn-info\" role=\"button\">Authorization Code Flow with request_uri</a>\n";
print "</div>\n";
print "<h2 class=\"text-center\">Configuration</h2>\n";
print "<div class=\"text-center\">\n";
print
"<a href=\"$local_configuration_uri\" class=\"btn btn-success\" role=\"button\">Configuration discovery</a>\n";
print "</div>\n";
print "<h2 class=\"text-center\">Registration</h2>\n";
print "<div class=\"text-center\">\n";
print
"<a href=\"$local_registration_uri\" class=\"btn btn-success\" role=\"button\">Register a fake client</a>\n";
print "</div>\n";
}
print "</div>\n";
print "</div>\n";
print $cgi->end_html();
exit 0;

89
lemonldap-ng-portal/example/openid-configuration.pl
Unescape View File

@ -1,89 +0,0 @@
#!/usr/bin/perl
use Lemonldap::NG::Portal::SharedConf;
use JSON;
use strict;
my $portal = Lemonldap::NG::Portal::SharedConf->new();
my $issuerDBOpenIDConnectPath = $portal->{issuerDBOpenIDConnectPath};
my $authorize_uri = $portal->{oidcServiceMetaDataAuthorizeURI};
my $token_uri = $portal->{oidcServiceMetaDataTokenURI};
my $userinfo_uri = $portal->{oidcServiceMetaDataUserInfoURI};
my $jwks_uri = $portal->{oidcServiceMetaDataJWKSURI};
my $registration_uri = $portal->{oidcServiceMetaDataRegistrationURI};
my $endsession_uri = $portal->{oidcServiceMetaDataEndSessionURI};
my $checksession_uri = $portal->{oidcServiceMetaDataCheckSessionURI};
my ($path) = ( $issuerDBOpenIDConnectPath =~ /(\w+)/ );
my $issuer = $portal->{oidcServiceMetaDataIssuer};
my @acr = keys $portal->{oidcServiceMetaDataAuthnContext};
# Add a slash to path value if issuer has no trailing slash
$path = "/" . $path unless ( $issuer =~ /\/$/ );
# Create OpenID configuration hash;
my $configuration = {};
$configuration->{issuer} = $issuer;
$configuration->{authorization_endpoint} =
$issuer . $path . "/" . $authorize_uri;
$configuration->{token_endpoint} = $issuer . $path . "/" . $token_uri;
$configuration->{userinfo_endpoint} = $issuer . $path . "/" . $userinfo_uri;
$configuration->{jwks_uri} = $issuer . $path . "/" . $jwks_uri;
$configuration->{registration_endpoint} =
$issuer . $path . "/" . $registration_uri
if ( $portal->{oidcServiceAllowDynamicRegistration} );
$configuration->{end_session_endpoint} =
$issuer . $path . "/" . $endsession_uri;
$configuration->{check_session_iframe} =
$issuer . $path . "/" . $checksession_uri;
$configuration->{scopes_supported} = [qw/openid profile email address phone/];
$configuration->{response_types_supported} = [
"code",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
];
# $configuration->{response_modes_supported}
$configuration->{grant_types_supported} =
[qw/authorization_code implicit hybrid/];
$configuration->{acr_values_supported} = \@acr;
$configuration->{subject_types_supported} = ["public"];
$configuration->{id_token_signing_alg_values_supported} =
[qw/none HS256 HS384 HS512 RS256 RS384 RS512/];
# $configuration->{id_token_encryption_alg_values_supported}
# $configuration->{id_token_encryption_enc_values_supported}
$configuration->{userinfo_signing_alg_values_supported} =
[qw/none HS256 HS384 HS512 RS256 RS384 RS512/];
# $configuration->{userinfo_encryption_alg_values_supported}
# $configuration->{userinfo_encryption_enc_values_supported}
# $configuration->{request_object_signing_alg_values_supported}
# $configuration->{request_object_encryption_alg_values_supported}
# $configuration->{request_object_encryption_enc_values_supported}
$configuration->{token_endpoint_auth_methods_supported} =
[qw/client_secret_post client_secret_basic/];
# $configuration->{token_endpoint_auth_signing_alg_values_supported}
# $configuration->{display_values_supported}
# $configuration->{claim_types_supported}
# RECOMMENDED # $configuration->{claims_supported}
# $configuration->{service_documentation}
# $configuration->{claims_locales_supported}
# $configuration->{ui_locales_supported}
# $configuration->{claims_parameter_supported}
$configuration->{request_parameter_supported} = JSON::true;
$configuration->{request_uri_parameter_supported} = JSON::true;
$configuration->{require_request_uri_registration} = JSON::false;
# $configuration->{op_policy_uri}
# $configuration->{op_tos_uri}
my $json = to_json( $configuration, { pretty => 1 } );
print $portal->header('application/json; charset=utf-8');
print $json;

154
lemonldap-ng-portal/example/register.pl
Unescape View File

@ -1,154 +0,0 @@
#!/usr/bin/perl
use Lemonldap::NG::Portal::Register;
use HTML::Template;
use strict;
use utf8;
# Load portal module
my $portal = Lemonldap::NG::Portal::Register->new();
my $skin_dir = $portal->getApacheHtdocsPath() . "/skins";
my $portal_url = $portal->{portal};
my $portalPath = $portal->{portal};
$portalPath =~ s#^https?://[^/]+/?#/#;
$portalPath =~ s#[^/]+\.pl$##;
# Process
$portal->process();
my $skin = $portal->getSkin();
# Template creation
my $template = HTML::Template->new(
filename => "$skin_dir/$skin/register.tpl",
die_on_bad_params => 0,
cache => 0,
filter => [
sub { $portal->translate_template(@_) },
sub { $portal->session_template(@_) }
],
);
utf8::decode( $portal->{registerInfo}->{mail} );
utf8::decode( $portal->{registerInfo}->{firstname} );
utf8::decode( $portal->{registerInfo}->{lastname} );
$template->param(
PORTAL_URL => $portal_url,
SKIN_PATH => $portalPath . "skins",
SKIN => $skin,
SKIN_BG => $portal->{portalSkinBackground},
AUTH_ERROR => $portal->error,
AUTH_ERROR_TYPE => $portal->error_type,
CHOICE_PARAM => $portal->{authChoiceParam},
CHOICE_VALUE => $portal->{_authChoice},
EXPMAILDATE => $portal->{expMailDate},
EXPMAILTIME => $portal->{expMailTime},
STARTMAILDATE => $portal->{startMailDate},
STARTMAILTIME => $portal->{startMailTime},
MAILALREADYSENT => $portal->{mail_already_sent},
MAIL => $portal->checkXSSAttack( 'mail', $portal->{registerInfo}->{mail} )
? ""
: $portal->{registerInfo}->{mail},
FIRSTNAME => $portal->checkXSSAttack( 'firstname',
$portal->{registerInfo}->{firstname} ) ? ""
: $portal->{registerInfo}->{firstname},
LASTNAME => $portal->checkXSSAttack(
'lastname', $portal->{registerInfo}->{lastname}
) ? ""
: $portal->{registerInfo}->{lastname},
REGISTER_TOKEN =>
$portal->checkXSSAttack( 'register_token', $portal->{register_token} )
? ""
: $portal->{register_token},
);
# Display form the first time
if (
(
$portal->{error} == PE_REGISTERFORMEMPTY
or $portal->{error} == PE_REGISTERFIRSTACCESS
or $portal->{error} == PE_REGISTERALREADYEXISTS
or $portal->{error} == PE_CAPTCHAERROR
or $portal->{error} == PE_CAPTCHAEMPTY
)
and !$portal->{mail_token}
)
{
$template->param(
DISPLAY_FORM => 1,
DISPLAY_RESEND_FORM => 0,
DISPLAY_CONFIRMMAILSENT => 0,
DISPLAY_MAILSENT => 0,
DISPLAY_PASSWORD_FORM => 0,
);
}
# Display captcha if it's enabled
if ( $portal->{captcha_register_enabled} ) {
$template->param(
CAPTCHA_IMG => $portal->{captcha_img},
CAPTCHA_CODE => $portal->{captcha_code},
CAPTCHA_SIZE => $portal->{captcha_size}
);
}
# Display mail confirmation resent form
if ( $portal->{error} == PE_MAILCONFIRMATION_ALREADY_SENT ) {
$template->param(
DISPLAY_FORM => 0,
DISPLAY_RESEND_FORM => 1,
DISPLAY_CONFIRMMAILSENT => 0,
DISPLAY_MAILSENT => 0,
DISPLAY_PASSWORD_FORM => 0,
);
}
# Display confirmation mail sent
if ( $portal->{error} == PE_MAILCONFIRMOK ) {
$template->param(
DISPLAY_FORM => 0,
DISPLAY_RESEND_FORM => 0,
DISPLAY_CONFIRMMAILSENT => 1,
DISPLAY_MAILSENT => 0,
DISPLAY_PASSWORD_FORM => 0,
);
}
# Display mail sent
if ( $portal->{error} == PE_MAILOK ) {
$template->param(
DISPLAY_FORM => 0,
DISPLAY_RESEND_FORM => 0,
DISPLAY_CONFIRMMAILSENT => 0,
DISPLAY_MAILSENT => 1,
DISPLAY_PASSWORD_FORM => 0,
);
}
# Display password change form
if ( $portal->{mail_token}
and $portal->{error} != PE_MAILERROR
and $portal->{error} != PE_BADMAILTOKEN
and $portal->{error} != PE_MAILOK )
{
$template->param(
DISPLAY_FORM => 0,
DISPLAY_RESEND_FORM => 0,
DISPLAY_CONFIRMMAILSENT => 0,
DISPLAY_MAILSENT => 0,
DISPLAY_PASSWORD_FORM => 1,
);
}
# Custom template parameters
if ( my $customParams = $portal->getCustomTemplateParameters() ) {
foreach ( keys %$customParams ) {
$template->param( $_, $customParams->{$_} );
}
}
print $portal->header('text/html; charset=utf-8');
print $template->output;
Write Preview
Loading…
Cancel
Save