WIP - Decrease authLevel skeleton (#1784)

6 years ago · be26e3cb9a
parent bf8022b8db
commit be26e3cb9a
4 changed files with 72 additions and 12 deletions
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
@ -193,12 +193,13 @@ sub defaultValuesInit {
    my ( $class, $conf ) = @_;
    $class->tsv->{$_} = $conf->{$_} foreach ( qw(
-        cookieExpiration        cookieName         customFunctions
+        cookieExpiration        cookieName         customFunctions 
        cookieExpiration        cookieName         customFunctions
        securedCookie           timeout            timeoutActivity
        timeoutActivityInterval useRedirectOnError useRedirectOnForbidden
        useSafeJail             whatToTrace        handlerInternalCache
        handlerServiceTokenTTL  decreaseAuthLevelInterval httpOnly
        decreaseCounter
        )
    );
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
@ -11,6 +11,7 @@ use strict;
 use MIME::Base64;
 use URI::Escape;
 use Lemonldap::NG::Common::Session;
 use Data::Dumper;
 # Methods that must be overloaded
@ -148,8 +149,9 @@ sub run {
        # ACCOUNTING (1. Inform web server)
        $class->set_user( $req, $session->{ $class->tsv->{whatToTrace} } );
-        # Decrease authentication level if required
+        # # Decrease authentication level if required
-        $class->decreaseAuthLevel( $req, $session );
+        # $class->decreaseAuthLevel( $req, $session, $id )
        #   if ( $class->tsv->{decreaseAuthLevelInterval} );
        # AUTHORIZATION
        return ( $class->forbidden( $req, $session ), $session )
@ -437,7 +439,7 @@ sub retrieveSession {
    # 1. Search if the user was the same as previous (very efficient in
    # persistent connection).
    # NB: timout is here the same value as current HTTP/1.1 Keep-Alive timeout
-    #     (15 seconds)
+    #     (15 seconds by default)
    if (    defined $class->data->{_session_id}
        and $id eq $class->data->{_session_id}
        and
@ -524,6 +526,33 @@ sub retrieveSession {
            }
        }
        if (   $class->tsv->{decreaseAuthLevelInterval}
            && ($session->data->{authenticationLevel} > 1) )
        {
            $class->logger->debug(" -> Check if AuthLevel must be decreased");
            # Update the session to notify activity, if necessary
            if ( $now > ( $class->tsv->{_lastAuthnUTime} +
                $class->tsv->{decreaseAuthLevelInterval} * ($class->tsv->{_decreaseCounter} + 1)) )
            {
                my $authLevel = $session->{data}->{authenticationLevel};
                my $counter   = $session->{data}->{_decreaseCounter} || 0;
                $class->logger->debug(
                    "****************** req :" . Data::Dumper::Dumper($req) );
                $class->data( $session->data );
                $class->logger->debug(
                    "Decrease $session->{data}->{uid} authenticationLevel from $authLevel to " . --$authLevel );
                $req->data->{session}->update( { 'authenticationLevel' => 5,'_decreaseCounter' => ++$counter } );
                if ( $session->error ) {
                    $class->logger->error("Cannot update session $id");
                    $class->logger->error( $req->data->{session}->error );
                }
                else {
                    $class->logger->debug("Update authenticationLevel with $authLevel");
                }
            }
        }
        $class->dataUpdate($now);
        return $session->data;
    }
@ -834,13 +863,33 @@ sub postJavascript {
      . "</script>\n";
 }
-sub decreaseAuthLevel {
+# sub decreaseAuthLevel {
-    my ( $class, $req, $session ) = @_;
+#     my ( $class, $req, $session, $id ) = @_;
-
+
-    if ( $class->tsv->{decreaseAuthLevelInterval} ) {
+#     return if ( $session->{authenticationLevel} == 1 );
-        $session->{authenticationLevel} = 1;
+# $class->logger->debug("************ -> Call decreaseAuthLevel");
-        #$session->update( { authenticationLevel => 1 } );
+#     my $now = time();
-    }
+
-}
+#     # Update the session to notify activity, if necessary
 #     if ( $now > $class->tsv->{_lastAuthnUTime} +
 #         $class->tsv->{decreaseAuthLevelInterval} )
 #     {
 #         $class->logger->debug("Decrease authnLevel". Data::Dumper::Dumper($session));
 #         $class->logger->debug("****************** req :" . Data::Dumper::Dumper($req));
 #         $req->data->{session}->update(
 #             { 'authenticationLevel' => 5 } ,{ updateCache => 2 } );
 #         $class->data( $session->data );
 #         if ( $session->error ) {
 #             $class->logger->error("Cannot update session $id");
 #             $class->logger->error( $req->data->{session}->error );
 #         }
 #         else {
 #             $class->logger->debug("Update _lastSeen with $now");
 #         }
 #         $class->dataUpdate($now);
 #     }
 # }
 1;
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -1087,6 +1087,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'default' => 0,
            'type'    => 'int'
        },
        'decreaseCounter' => {
            'default' => 0,
            'type'    => 'int'
        },
        'demoExportedVars' => {
            'default' => {
                'cn'   => 'cn',
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -531,6 +531,12 @@ sub attributes {
            documentation => 'Decrease authentication level interval',
            flags         => 'hp',
        },
        decreaseCounter => {
            type          => 'int',
            default       => 0,
            documentation => 'Decrease counter',
            flags         => 'h',
        },
        # Loggers (ini only)
        logLevel => {