Use local cache by default for tokens (#1140)

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -2890,6 +2890,10 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
             },
             'type' => 'int'
         },
+        'tokenUseGlobalStorage' => {
+            'default' => 0,
+            'type'    => 'bool'
+        },
         'trustedDomains' => {
             'type' => 'text'
         },

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -430,6 +430,11 @@ sub attributes {
             type          => 'bool',
             documentation => 'Enable token for forms',
         },
+        tokenUseGlobalStorage => {
+            default       => 0,
+            type          => 'bool',
+            documentation => 'Enable global token storage',
+        },
         cda => {
             default       => 0,
             type          => 'bool',

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -638,6 +638,7 @@ sub tree {
                                 },
                                 'requireToken',
                                 'formTimeout',
+                                'tokenUseGlobalStorage',
                             ]
                         },
                         {

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -646,6 +646,7 @@
 "timeout": "Sessions timeout",
 "timeoutActivity": "Sessions activity timeout",
 "timeoutActivityInterval": "Sessions update interval",
+"tokenUseGlobalStorage": "Use global storage",
 "trustedDomains": "Trusted domains",
 "trustedProxies": "Trusted proxies IP",
 "twitterAppName": "Application name",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -646,6 +646,7 @@
 "timeout": "Durée de vie maximale des sessions",
 "timeoutActivity": "Délai d'expiration des sessions",
 "timeoutActivityInterval": "Intervalle de mise à jour des sessions",
+"tokenUseGlobalStorage": "Utiliser le cache global",
 "trustedDomains": "Domaines approuvés",
 "trustedProxies": "IP des proxys de confiance",
 "twitterAppName": "Nom de l'application",

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm

@@ -2,6 +2,7 @@ package Lemonldap::NG::Portal::Lib::OneTimeToken;
 
 use strict;
 use Mouse;
+use JSON qw(from_json to_json);
 
 our $VERSION = '2.0.0';
 
@@ -14,6 +15,30 @@ has timeout => (
     }
 );
 
+has cache => (
+    is      => 'rw',
+    default => sub {
+        my $c = $_[0]->{conf};
+        if ( !$c->{tokenUseGlobalStorage} ) {
+            if ( $c->{localSessionStorage} ) {
+                eval "use $c->{localSessionStorage}";
+                if ($@) {
+                    $_[0]->{p}->logger->error($@);
+                    return undef;
+                }
+                return $c->{localSessionStorage}
+                  ->new( $c->{localSessionStorageOptions} );
+            }
+            else {
+                $_[0]->{p}->logger->error(
+'Local storage not defined, token will be store in global storage'
+                );
+                return undef;
+            }
+        }
+    },
+);
+
 sub createToken {
     my ( $self, $infos ) = @_;
 
@@ -33,10 +58,20 @@ sub createToken {
     # Store type
     $infos->{_type} ||= "token";
 
+    if ( $self->cache ) {
+        my $id = $infos->{_utime} . '_' . int( rand(10000) );
+
+        # Dereference $infos
+        my %h = %$infos;
+        $self->cache->set( $id, to_json( \%h ) );
+        return $id;
+    }
+    else {
+
         # Create a new session
         my $tsession = $self->p->getApacheSession( undef, info => $infos );
-
         return $tsession->id;
+    }
 }
 
 sub getToken {
@@ -46,6 +81,23 @@ sub getToken {
         return undef;
     }
 
+    if ( $self->cache ) {
+        my $data;
+        my @t = split /_/, $id;
+        if ( $t[0] > time ) {
+            $self->logger->notice("Expired token $id");
+            $self->cache->remove($id);
+            return undef;
+        }
+        unless ( $data = $self->cache->get($id) ) {
+            $self->logger->notice("Bad (or expired) token $id");
+            return undef;
+        }
+        $self->cache->remove($id);
+        return from_json($data);
+    }
+    else {
+
         # Get token session
         my $tsession = $self->p->getApacheSession($id);
         unless ($tsession) {
@@ -55,6 +107,7 @@ sub getToken {
         my %h = %{ $tsession->{data} };
         $tsession->remove;
         return \%h;
+    }
 }
 
 sub setToken {

lemonldap-ng-portal/t/41-Captcha.t

@@ -39,8 +39,9 @@ SKIP: {
     # Try to get captcha value
 
     my ( $ts, $captcha );
-    ok( $ts = $client->p->getApacheSession($token), ' Found token session' );
-    ok( $captcha = $ts->data->{captcha}, ' Found captcha value' );
+    ok( $ts = getCache()->get($token), ' Found token session' );
+    $ts = eval { JSON::from_json($ts) };
+    ok( $captcha = $ts->{captcha}, ' Found captcha value' );
 
     # Try to authenticate
     $query .= "&user=dwho&password=dwho&captcha=$captcha";

lemonldap-ng-portal/t/42-Register-Demo-with-captcha.t

@@ -49,8 +49,9 @@ s/^.*token=([^&]+).*$/token=$1&firstname=foo&lastname=bar&mail=foobar%40badwolf.
     # Try to get captcha value
 
     my ( $ts, $captcha );
-    ok( $ts = $client->p->getApacheSession($token), ' Found token session' );
-    ok( $captcha = $ts->data->{captcha}, ' Found captcha value' );
+    ok( $ts = getCache()->get($token), ' Found token session' );
+    $ts = eval { JSON::from_json($ts) };
+    ok( $captcha = $ts->{captcha}, ' Found captcha value' );
 
     $query .= "&captcha=$captcha";
 

lemonldap-ng-portal/t/43-MailReset-with-captcha.t

@@ -51,8 +51,9 @@ SKIP: {
     # Try to get captcha value
 
     my ( $ts, $captcha );
-    ok( $ts = $client->p->getApacheSession($token), ' Found token session' );
-    ok( $captcha = $ts->data->{captcha}, ' Found captcha value' );
+    ok( $ts = getCache()->get($token), ' Found token session' );
+    $ts = eval { JSON::from_json($ts) };
+    ok( $captcha = $ts->{captcha}, ' Found captcha value' );
 
     $query .= "&captcha=$captcha";
 

lemonldap-ng-portal/t/test-lib.pm

@@ -42,6 +42,18 @@ sub clean_sessions {
             }
         }
     }
+    my $cache = getCache();
+    $cache->clear;
+}
+
+sub getCache {
+    return Cache::FileCache->new(
+        {
+            namespace   => 'lemonldap-ng-session',
+            cache_root  => 't/',
+            cache_depth => 0,
+        }
+    );
 }
 
 sub expectRedirection {
@@ -211,8 +223,16 @@ use Mouse;
 extends 'Lemonldap::NG::Common::PSGI::Cli::Lib';
 
 our $defaultIni = {
-    configStorage       => { type => 'File', dirName => 't' },
-    localSessionStorage => '',
+    configStorage => {
+        type    => 'File',
+        dirName => 't',
+    },
+    localSessionStorage        => 'Cache::FileCache',
+    localSessionStorageOptions => {
+        namespace   => 'lemonldap-ng-session',
+        cache_root  => 't/',
+        cache_depth => 0,
+    },
     logLevel      => 'error',
     cookieName    => 'lemonldap',
     domain        => 'example.com',
@@ -273,7 +293,7 @@ sub logout {
         'Logout request'
     );
     main::ok( $res->[0] == 200, ' Response is 200' )
-      or explain( $res->[0], 200 );
+      or main::explain( $res->[0], 200 );
     my $c;
     main::ok(
         ( defined( $c = main::getCookies($res)->{lemonldap} ) and not $c ),