Apply CDA change to trunk (#173)

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm

@@ -79,15 +79,24 @@ sub run {
     my $uri = $class->unparsed_uri;
     my $cn  = $class->tsv->{cookieName};
     if (    $class->tsv->{cda}
-        and $uri =~ s/[\?&;]($cn(http)?=\w+)$//oi )
+        and $uri =~ s/[\?&;]${cn}cda=(\w+)$//oi )
     {
-        my $str = $1;
-        $class->lmLog( 'CDA request', 'debug' );
+        my $cdaid = $1;
+        $class->lmLog( "CDA request with id $cdaid", 'debug' );
+
+        my $cdaInfos = $class->getCDAInfos($cdaid);
+        unless ( $cdaInfos->{cookie_value} and $cdaInfos->{cookie_name} ) {
+            $class->lmLog( "CDA request for id $cdaid is not valid", 'error' );
+            return $class->FORBIDDEN;
+        }
+
         my $redirectUrl   = $class->_buildUrl($uri);
         my $redirectHttps = ( $redirectUrl =~ m/^https/ );
         $class->set_header_out(
             'Location'   => $redirectUrl,
-            'Set-Cookie' => "$str; path=/"
+            'Set-Cookie' => $cdaInfos->{cookie_name} . "="
+              . $cdaInfos->{cookie_value}
+              . "; path=/"
               . ( $redirectHttps          ? "; secure"   : "" )
               . ( $class->tsv->{httpOnly} ? "; HttpOnly" : "" )
               . (
@@ -452,6 +461,41 @@ sub retrieveSession {
     }
 }
 
+## @rmethod protected hash getCDAInfos(id)
+# Tries to retrieve the CDA session, get infos and delete session
+# @return CDA session infos
+sub getCDAInfos {
+    my ( $class, $id ) = @_;
+    my $infos = {};
+
+    # Get the session
+    my $cdaSession = Lemonldap::NG::Common::Session->new(
+        {
+            storageModule        => $class->tsv->{sessionStorageModule},
+            storageModuleOptions => $class->tsv->{sessionStorageOptions},
+            cacheModule          => $class->tsv->{sessionCacheModule},
+            cacheModuleOptions   => $class->tsv->{sessionCacheOptions},
+            id                   => $id,
+            kind                 => "CDA",
+        }
+    );
+
+    unless ( $cdaSession->error ) {
+        $class->lmLog( "Get CDA session $id", 'debug' );
+
+        $infos->{cookie_value} = $cdaSession->data->{cookie_value};
+        $infos->{cookie_name}  = $cdaSession->data->{cookie_name};
+
+        $cdaSession->remove;
+    }
+    else {
+        $class->lmLog( "CDA Session $id can't be retrieved", 'info' );
+        $class->lmLog( $cdaSession->error,                   'info' );
+    }
+
+    return $infos;
+}
+
 ## @cmethod private string _buildUrl(string s)
 # Transform /<s> into http(s?)://<host>:<port>/s
 # @param $s path

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm

@@ -220,15 +220,17 @@ sub autoRedirect {
 # @param id session reference
 # @param noInfo do not set Apache REMOTE_USER
 # @param force Force session creation if it does not exist
+# @param kind Session kind
 # return Lemonldap::NG::Common::Session object
 sub getApacheSession {
-    my ( $self, $id, $noInfo, $force ) = @_;
+    my ( $self, $id, $noInfo, $force, $kind ) = @_;
+    $kind ||= "SSO";
 
     if ($id) {
-        $self->lmLog( "Try to get session $id", 'debug' );
+        $self->lmLog( "Try to get $kind session $id", 'debug' );
     }
     else {
-        $self->lmLog( "Try to get a new session", 'debug' );
+        $self->lmLog( "Try to get a new $kind session", 'debug' );
     }
 
     my $as = Lemonldap::NG::Common::Session->new(
@@ -239,7 +241,7 @@ sub getApacheSession {
             cacheModuleOptions   => $self->conf->{localSessionStorageOptions},
             id                   => $id,
             force                => $force,
-            kind                 => "SSO",
+            kind                 => $kind,
         }
     );
 
@@ -249,7 +251,7 @@ sub getApacheSession {
     }
 
     if ( $id and !$force and !$as->data ) {
-        $self->lmLog( "Session $id not found", 'debug' );
+        $self->lmLog( "Session $kind $id not found", 'debug' );
         return;
     }
 
@@ -266,7 +268,7 @@ sub getApacheSession {
         )
       )
     {
-        $self->lmLog( "Session $id expired", 'debug' );
+        $self->lmLog( "Session $kind $id expired", 'debug' );
         return;
     }
 
@@ -274,7 +276,7 @@ sub getApacheSession {
         $self->{id} = $as->id;
     }
 
-    $self->lmLog( "Return session " . $as->id, 'debug' );
+    $self->lmLog( "Return $kind session " . $as->id, 'debug' );
 
     return $as;
 }

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm

@@ -24,13 +24,35 @@ sub changeUrldc {
     {
         my $ssl = $urldc =~ /^https/;
         $self->lmLog( 'CDA request', 'debug' );
-        $req->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
-          . (
-            ( $self->conf->{securedCookie} < 2 or $ssl )
-            ? $self->conf->{cookieName} . "=" . $req->id
-            : $self->conf->{cookieName} . "http="
-              . $req->{sessionInfo}->{_httpSession}
-          );
+
+        # Create CDA session
+        if ( my $cdaSession =
+            $self->getApacheSession( undef, 1, undef, "CDA" ) )
+        {
+            my $cdaInfos = { '_utime' => time };
+            if ( $self->{conf}->{securedCookie} < 2 or $ssl ) {
+                $cdaInfos->{cookie_value} = $req->id;
+                $cdaInfos->{cookie_name}  = $self->{conf}->{cookieName};
+            }
+            else {
+                $cdaInfos->{cookie_value} =
+                  $req->{sessionInfo}->{_httpSession};
+                $cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";
+            }
+
+            $self->updateSession( $cdaInfos, $cdaSession->id );
+
+            $req->{urldc} .=
+                ( $urldc =~ /\?/ ? '&' : '?' )
+              . $self->{conf}->{cookieName} . "cda="
+              . $cdaSession->id;
+
+            $self->lmLog( "CDA redirection to " . $req->{urldc}, 'debug' );
+        }
+        else {
+            $self->lmLog( "Unable to create CDA session", 'error' );
+            return PE_APACHESESSIONERROR;
+        }
     }
     PE_OK;
 }