Service token in progress (#971)

8 years ago · 8c4367fd3f
parent 0b25e306d6
commit 8c4367fd3f
8 changed files with 74 additions and 6 deletions
--- a/lemonldap-ng-handler/MANIFEST
+++ b/lemonldap-ng-handler/MANIFEST
@ -11,12 +11,14 @@ lib/Lemonldap/NG/Handler/ApacheMP2/DevOps.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/Menu.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/SecureToken.pm
+lib/Lemonldap/NG/Handler/ApacheMP2/ServiceToken.pm
 lib/Lemonldap/NG/Handler/ApacheMP2/ZimbraPreAuth.pm
 lib/Lemonldap/NG/Handler/Lib/AuthBasic.pm
 lib/Lemonldap/NG/Handler/Lib/CDA.pm
 lib/Lemonldap/NG/Handler/Lib/DevOps.pm
 lib/Lemonldap/NG/Handler/Lib/PSGI.pm
 lib/Lemonldap/NG/Handler/Lib/SecureToken.pm
+lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm
 lib/Lemonldap/NG/Handler/Lib/Status.pm
 lib/Lemonldap/NG/Handler/Lib/ZimbraPreAuth.pm
 lib/Lemonldap/NG/Handler/Main.pm
@ -30,6 +32,7 @@ lib/Lemonldap/NG/Handler/PSGI/AuthBasic.pm
 lib/Lemonldap/NG/Handler/PSGI/CDA.pm
 lib/Lemonldap/NG/Handler/PSGI/Main.pm
 lib/Lemonldap/NG/Handler/PSGI/Router.pm
+lib/Lemonldap/NG/Handler/PSGI/ServiceToken.pm
 lib/Lemonldap/NG/Handler/PSGI/Try.pm
 lib/Lemonldap/NG/Handler/Server.pm
 lib/Lemonldap/NG/Handler/Server/AuthBasic.pm
@ -38,6 +41,7 @@ lib/Lemonldap/NG/Handler/Server/DevOps.pm
 lib/Lemonldap/NG/Handler/Server/Main.pm
 lib/Lemonldap/NG/Handler/Server/Nginx.pm
 lib/Lemonldap/NG/Handler/Server/SecureToken.pm
+lib/Lemonldap/NG/Handler/Server/ServiceToken.pm
 lib/Lemonldap/NG/Handler/Server/ZimbraPreAuth.pm
 Makefile.PL
 MANIFEST			This list of files
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/ServiceToken.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/ServiceToken.pm
@ -0,0 +1,13 @@
+# LLNG wrapper class to enable ServiceToken handler with Apache-2/ModPerl-2
+#
+# See http://lemonldap-ng.org/documentation/latest/handlerarch
+package Lemonldap::NG::Handler::ApacheMP2::ServiceToken;
+
+use strict;
+
+use base 'Lemonldap::NG::Handler::Lib::ServiceToken',
+  'Lemonldap::NG::Handler::ApacheMP2::Main';
+
+our $VERSION = '2.0.0';
+
+1;
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm
@ -0,0 +1,25 @@
+package Lemonldap::NG::Handler::Lib::ServiceToken;
+
+use strict;
+
+our $VERSION = '2.0.0';
+
+sub fetchId {
+    my($class) = @_;
+    my $token = $class->header_in('X-Llng-Token');
+    return $class->Lemonldap::NG::Handler::Main::fetchId() unless($token);
+    $class->logger->debug('Found token header');
+    my $s $class->tsv->{cipher}->decrypt($s);
+    my($t,$_session_id,@vhosts) = split /:/, $s;
+    unless(@vhosts) {
+        $class->userLogger->error('Bad token');
+        return 0;
+    }
+    unless($t <= time and $t > time -15) {
+        $class->userLogger->warn('Expired token');
+        return 0;
+    }
+    return $_session_id;
+}
+
+1;
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
@ -117,8 +117,7 @@ sub run {
    }

    # Try to recover cookie and user session
-    if (   !$id
-        and $id      = $class->fetchId
+    if (    $id = $class->fetchId
        and $session = $class->retrieveSession($id) )
    {

--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/ServiceToken.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/ServiceToken.pm
@ -0,0 +1,13 @@
+# LLNG wrapper class to enable ServiceToken handler with FastCGI handler
+#
+# See http://lemonldap-ng.org/documentation/latest/handlerarch
+package Lemonldap::NG::Handler::PSGI::ServiceToken;
+
+use strict;
+
+use base 'Lemonldap::NG::Handler::Lib::ServiceToken',
+  'Lemonldap::NG::Handler::PSGI::Main';
+
+our $VERSION = '2.0.0';
+
+1;
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/ServiceToken.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/ServiceToken.pm
@ -0,0 +1,13 @@
+# LLNG wrapper class to enable ServiceToken handler with FastCGI handler
+#
+# See http://lemonldap-ng.org/documentation/latest/handlerarch
+package Lemonldap::NG::Handler::Server::ServiceToken;
+
+use strict;
+
+use base 'Lemonldap::NG::Handler::Lib::ServiceToken',
+  'Lemonldap::NG::Handler::Server::Main';
+
+our $VERSION = '2.0.0';
+
+1;
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@ -368,6 +368,7 @@ t/19-Auth-Null.t
 t/20-Auth-and-password-DBI.t
 t/20-Auth-DBI-utf8.t
 t/21-Auth-and-password-LDAP.t
+t/21-Auth-LDAP-utf8.t
 t/22-Auth-and-password-AD.t
 t/23-Auth-and-password-REST.t
 t/24-AuthApache.t
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ServiceTokenServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/ServiceTokenServer.pm
@ -12,8 +12,8 @@
 #    Token header are also added for App-1 (application that wants to query
 #    others on behalf of the connected user)
 # 1) App 1 received a token in headers (header is generated using
-#    "token($uid,'ref')" where ref is a key of "sTokenScopes" configuration
-#    parameter).
+#    "token($_session_id,'ref')" where ref is a key of "sTokenScopes"
+#    configuration parameter).
 # 2) It send it to this plugin (request to /tokenfor)
 # 3) run() method verify that token is available and return a service token that
 #    can be used to request a fixed list of servers. This list is the value of
@ -77,7 +77,7 @@ sub run {
      or return $self->p->sendError( $req, 'Bad token', 403 );

    # 3. Verify time
-    my ( $t, $uid, $ref ) = split /:/, $s;
+    my ( $t, $_session_id, $ref ) = split /:/, $s;
    unless ( $t <= time and $t > time - 15 ) {
        return $self->p->sendError( $req, 'Token expired', 403 );
    }
@ -85,7 +85,7 @@ sub run {
        return $self->p->sendError( $req, 'Bad reference', 403 );
    }
    my $respToken = $self->conf->{cipher}
-      ->encrypt( join ':', time, $uid, $self->tokenScopes->{$ref} );
+      ->encrypt( join ':', time, $_session_id, $self->tokenScopes->{$ref} );
    return $self->p->sendJSONresponse( $req, { sToken => $respToken } );
 }