First implementation of BrowserID authentication module (#584)
Clément Oudot
12 years ago
parent
53e8d74758
commit
d3c53c2235
|
After Width: | Height: | Size: 1.9 KiB |
@ -0,0 +1,19 @@ |
||||
/* Watch login and logout events */ |
||||
|
||||
navigator.id.watch({ |
||||
loggedInUser: null, |
||||
onlogin: function(assertion) { |
||||
// Return on page with BrowserID assertion
|
||||
var portalUrl = window.location.href; |
||||
var portalSearch = window.location.search; |
||||
if ( portalSearch ) { |
||||
portalUrl += '&browserIdAssertion='+assertion |
||||
} else { |
||||
portalUrl += '?browserIdAssertion='+assertion |
||||
} |
||||
window.location.assign(portalUrl); |
||||
}, |
||||
onlogout: function() { |
||||
// Do nothing
|
||||
} |
||||
}); |
||||
@ -0,0 +1,3 @@ |
||||
$(document).ready(function(){ |
||||
navigator.id.request(); |
||||
}); |
||||
@ -0,0 +1,3 @@ |
||||
$(document).ready(function(){ |
||||
navigator.id.logout(); |
||||
}); |
||||
@ -0,0 +1,255 @@ |
||||
##@file |
||||
# BrowserID authentication backend file |
||||
|
||||
##@class |
||||
# BrowserID authentication backend class |
||||
package Lemonldap::NG::Portal::AuthBrowserID; |
||||
|
||||
use strict; |
||||
use Lemonldap::NG::Portal::Simple; |
||||
use LWP::UserAgent; |
||||
use HTTP::Request; |
||||
use JSON; |
||||
|
||||
our $VERSION = '1.3.0'; |
||||
|
||||
## @apmethod int authInit() |
||||
# Enables Browser ID (required for templates) |
||||
# @return Lemonldap::NG::Portal constant |
||||
sub authInit { |
||||
my $self = shift; |
||||
|
||||
$self->{browserIdVerificationURL} ||= |
||||
"https://verifier.login.persona.org/verify"; |
||||
$self->{browserIdAuthnLevel} = "2" |
||||
unless defined $self->{browserIdAuthnLevel}; |
||||
|
||||
# Enable BrowserID in template |
||||
$self->{tpl_browserIdEnabled} = 1; |
||||
|
||||
PE_OK; |
||||
} |
||||
|
||||
## @apmethod int setAuthSessionInfo() |
||||
# @return Lemonldap::NG::Portal constant |
||||
sub setAuthSessionInfo { |
||||
my $self = shift; |
||||
|
||||
$self->{sessionInfo}->{authenticationLevel} = $self->{browserIdAuthnLevel}; |
||||
|
||||
PE_OK; |
||||
} |
||||
|
||||
## @apmethod int extractFormInfo() |
||||
# Get BrowserID assertion |
||||
# @return Lemonldap::NG::Portal constant |
||||
sub extractFormInfo { |
||||
my $self = shift; |
||||
|
||||
# Assertion should be in POST browserIdAssertion parameter (ajax call) |
||||
if ( $self->{browserIdAssertion} = $self->param('browserIdAssertion') ) { |
||||
$self->lmLog( |
||||
"BrowserID Assertion found: " . $self->{browserIdAssertion}, |
||||
'debug' ); |
||||
return PE_OK; |
||||
} |
||||
|
||||
# No assertion, return to login page with BrowserID login script |
||||
$self->{tpl_browserIdLoadLoginScript} = 1; |
||||
return PE_FIRSTACCESS; |
||||
} |
||||
|
||||
## @apmethod int authenticate() |
||||
# Verify assertion and audience |
||||
# @return Lemonldap::NG::Portal constant |
||||
sub authenticate { |
||||
my $self = shift; |
||||
|
||||
# Return unless BrowserID assertion |
||||
return PE_FIRSTACCESS unless ( $self->{browserIdAssertion} ); |
||||
|
||||
my $ua = new LWP::UserAgent; |
||||
push @{ $ua->requests_redirectable }, 'POST'; |
||||
|
||||
my $postdata = |
||||
"assertion=" |
||||
. $self->{browserIdAssertion} |
||||
. "&audience=" |
||||
. $self->{portal}; |
||||
|
||||
$self->lmLog( "Send $postdata to " . $self->{browserIdVerificationURL}, |
||||
'debug' ); |
||||
|
||||
my $request = |
||||
HTTP::Request->new( 'POST' => $self->{browserIdVerificationURL} ); |
||||
$request->content_type('application/x-www-form-urlencoded'); |
||||
$request->content($postdata); |
||||
|
||||
my $answer = $ua->request($request); |
||||
|
||||
$self->lmLog( "Verification response: " . $answer->as_string, 'debug' ); |
||||
|
||||
if ( $answer->code() == "200" ) { |
||||
|
||||
# Get JSON answser |
||||
my $browserIdVerificationAnswer = $answer->content; |
||||
$self->lmLog( "Received BrowserID answer: $browserIdVerificationAnswer", |
||||
'debug' ); |
||||
|
||||
my $json = new JSON(); |
||||
$self->{browserIdAnswer} = $json->decode($browserIdVerificationAnswer); |
||||
|
||||
if ( $self->{browserIdAnswer}->{status} eq "okay" ) { |
||||
$self->{_user} = $self->{browserIdAnswer}->{email}; |
||||
$self->{sessionInfo}->{user} = $self->{_user}; |
||||
|
||||
$self->lmLog( |
||||
"Found user " |
||||
. $self->{_user} |
||||
. " in BrowserID verification answer", |
||||
'debug' |
||||
); |
||||
|
||||
# TODO - check audience |
||||
# TODO - adjust session duration with BrowserID expires field |
||||
# TODO - check SSL certificate |
||||
|
||||
return PE_OK; |
||||
} |
||||
else { |
||||
$self->lmLog( |
||||
"Assertion " |
||||
. $self->{browserIdAssertion} |
||||
. " not verified by BrowserID provider", |
||||
'error' |
||||
); |
||||
return PE_ERROR; |
||||
} |
||||
} |
||||
else { |
||||
$self->lmLog( |
||||
"Fail to validate BrowserId assertion " |
||||
. $self->{browserIdAssertion}, |
||||
'error' |
||||
); |
||||
return PE_ERROR; |
||||
} |
||||
|
||||
} |
||||
|
||||
## @apmethod int authFinish() |
||||
# Does nothing. |
||||
# @return Lemonldap::NG::Portal constant |
||||
sub authFinish { |
||||
PE_OK; |
||||
} |
||||
|
||||
## @apmethod int authLogout() |
||||
# Call BrowserID logout method |
||||
# @return Lemonldap::NG::Portal constant |
||||
sub authLogout { |
||||
my $self = shift; |
||||
$self->{tpl_browserIdLoadLogoutScript} = 1; |
||||
PE_OK; |
||||
} |
||||
|
||||
## @apmethod boolean authForce() |
||||
# Does nothing |
||||
# @return result |
||||
sub authForce { |
||||
return 0; |
||||
} |
||||
|
||||
## @method string getDisplayType |
||||
# @return display type |
||||
sub getDisplayType { |
||||
return "logo"; |
||||
} |
||||
|
||||
1; |
||||
__END__ |
||||
|
||||
=head1 NAME |
||||
|
||||
=encoding utf8 |
||||
|
||||
Lemonldap::NG::Portal::AuthBrowserID - Perl extension for building Lemonldap::NG |
||||
compatible portals with Mozilla BrowserID protocol |
||||
|
||||
=head1 SYNOPSIS |
||||
|
||||
use Lemonldap::NG::Portal::SharedConf; |
||||
my $portal = new Lemonldap::NG::Portal::Simple( |
||||
configStorage => {...}, # See Lemonldap::NG::Portal |
||||
authentication => 'BrowserID', |
||||
); |
||||
|
||||
if($portal->process()) { |
||||
# Write here the menu with CGI methods. This page is displayed ONLY IF |
||||
# the user was not redirected here. |
||||
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3)) |
||||
print "..."; |
||||
|
||||
# or redirect the user to the menu |
||||
print $portal->redirect( -uri => 'https://portal/menu'); |
||||
} |
||||
else { |
||||
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3)) |
||||
print "<html><body><h1>Unable to work</h1>"; |
||||
print "This server isn't well configured. Contact your administrator."; |
||||
print "</body></html>"; |
||||
} |
||||
|
||||
=head1 DESCRIPTION |
||||
|
||||
This library just overload few methods of Lemonldap::NG::Portal::Simple to |
||||
create sessions for anonymous users. |
||||
|
||||
See L<Lemonldap::NG::Portal::Simple> for usage and other methods. |
||||
|
||||
=head1 SEE ALSO |
||||
|
||||
L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Portal::Simple>, |
||||
L<http://lemonldap-ng.org/> |
||||
|
||||
=head1 AUTHOR |
||||
|
||||
=over |
||||
|
||||
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt> |
||||
|
||||
=back |
||||
|
||||
=head1 BUG REPORT |
||||
|
||||
Use OW2 system to report bug or ask for features: |
||||
L<http://jira.ow2.org> |
||||
|
||||
=head1 DOWNLOAD |
||||
|
||||
Lemonldap::NG is available at |
||||
L<http://forge.objectweb.org/project/showfiles.php?group_id=274> |
||||
|
||||
=head1 COPYRIGHT AND LICENSE |
||||
|
||||
=over |
||||
|
||||
=item Copyright (C) 2013 by Clement Oudot, E<lt>clem.oudot@gmail.comE<gt> |
||||
|
||||
=back |
||||
|
||||
This library is free software; you can redistribute it and/or modify |
||||
it under the terms of the GNU General Public License as published by |
||||
the Free Software Foundation; either version 2, or (at your option) |
||||
any later version. |
||||
|
||||
This program is distributed in the hope that it will be useful, |
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
GNU General Public License for more details. |
||||
|
||||
You should have received a copy of the GNU General Public License |
||||
along with this program. If not, see L<http://www.gnu.org/licenses/>. |
||||
|
||||
=cut |
||||
|
||||
@ -0,0 +1,27 @@ |
||||
# Before `make install' is performed this script should be runnable with |
||||
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Portal-AuthSsl.t' |
||||
|
||||
######################### |
||||
|
||||
# change 'tests => 1' to 'tests => last_test_to_print'; |
||||
|
||||
use Test::More tests => 2; |
||||
BEGIN { use_ok('Lemonldap::NG::Portal::Simple') } |
||||
|
||||
######################### |
||||
|
||||
# Insert your test code below, the Test::More module is use()ed here so read |
||||
# its man page ( perldoc Test::More ) for help writing this test script. |
||||
|
||||
$ENV{"REQUEST_METHOD"} = 'GET'; |
||||
my $p; |
||||
ok( |
||||
$p = Lemonldap::NG::Portal::Simple->new( |
||||
{ |
||||
globalStorage => 'Apache::Session::File', |
||||
domain => 'example.com', |
||||
authentication => 'BrowserID', |
||||
} |
||||
) |
||||
); |
||||
|
||||
Loading…
Reference in new issue