From dda83a3e670136c9b194016dc17f65ee2bb794ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Mon, 13 Sep 2010 15:14:19 +0000 Subject: [PATCH] Store authChoice in session, and load it for existing sessions --- .../lib/Lemonldap/NG/Manager/Sessions.pm | 6 ++++-- .../lib/Lemonldap/NG/Manager/_i18n.pm | 8 +++++++- .../lib/Lemonldap/NG/Portal/AuthChoice.pm | 8 ++++++-- .../lib/Lemonldap/NG/Portal/Simple.pm | 14 ++------------ .../lib/Lemonldap/NG/Portal/_Choice.pm | 16 ++++++++-------- 5 files changed, 27 insertions(+), 25 deletions(-) diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm index ec0e837a9..ba25ebf1e 100644 --- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm +++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm @@ -484,8 +484,10 @@ sub session { 'connectionTitle' => [qw(ipAddr xForwardedForAddr _timezone)], 'authenticationTitle' => [qw(_session_id _user _password authenticationLevel)], - 'modulesTitle' => [qw(_auth _userDB _passwordDB _issuerDB)], - 'saml' => [qw(_samlToken _lassoSessionDump _lassoIdentityDump)], + 'modulesTitle' => [qw(_auth _userDB _passwordDB _issuerDB _authChoice)], + 'saml' => [ + qw(_idp _idpConfKey _samlToken _lassoSessionDump _lassoIdentityDump) + ], 'groups' => [qw(groups)], 'ldap' => [qw(dn)], }; diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm index f15cc6202..f532c6e0a 100644 --- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm +++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm @@ -48,6 +48,7 @@ __END__ sub en { return { _auth => 'Authentication', + _authChoice => 'Authentication choice', _userDB => 'User', _passwordDB => 'Password', _issuerDB => 'Issuer', @@ -56,7 +57,9 @@ sub en { _user => 'Login', _password => 'Password', _utime => 'Session timestamp', - _lastAuthnUTime => 'Authentication timesamp', + _lastAuthnUTime => 'Authentication timestamp', + _idp => 'IDP EntityID', + _idpConfKey => 'IDP configuration key', _samlToken => 'SAML token', _lassoSessionDump => 'Lasso session dump', _lassoIdentityDump => 'Lasso identity dump', @@ -394,6 +397,7 @@ sub fr { use utf8; return { _auth => 'Authentification', + _authChoice => 'Choix d\'authentification', _userDB => 'Utilisateur', _passwordDB => 'Mot de passe', _issuerDB => 'Fournisseur', @@ -403,6 +407,8 @@ sub fr { _password => 'Mot de passe', _utime => 'Tampon de la session', _lastAuthnUTime => 'Tampon d\'authentification ', + _idp => 'Identifiant d\'entité de l\'IDP', + _idpConfKey => 'Clé de configuration de l\'IDP', _samlToken => ' Jeton SAML ', _lassoSessionDump => ' Dump session Lasso ', _lassoIdentityDump => 'Dump identité Lasso', diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthChoice.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthChoice.pm index 784f01341..40ccc70ee 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthChoice.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthChoice.pm @@ -31,7 +31,7 @@ sub authInit { $self->checkXSSAttack( $self->{authChoiceParam}, $self->{_authChoice} ) ); - $self->lmLog( "Authentication choice found in URL: " . $self->{_authChoice}, + $self->lmLog( "Authentication choice found: " . $self->{_authChoice}, 'debug' ) if $self->{_authChoice}; @@ -39,10 +39,13 @@ sub authInit { } ## @apmethod int setAuthSessionInfo() -# Does nothing +# Remember authChoice in session # @return Lemonldap::NG::Portal constant sub setAuthSessionInfo { my $self = shift; + + $self->{sessionInfo}->{_authChoice} = $self->{_authChoice}; + return $self->_choice->try( 'setAuthSessionInfo', 0 ); } @@ -87,6 +90,7 @@ sub authForce { } 1; + __END__ =head1 NAME diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm index 9cb92408e..4c7c98db8 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm @@ -1295,18 +1295,8 @@ sub controlExistingSession { next; } - # Load authentication module - my $authModule = 'Lemonldap::NG::Portal::Auth' - . $self->{sessionInfo}->{_auth}; - unless ( $self->loadModule($authModule) ) { - $self->lmLog( "Unable to load $module_name", - 'error' ); - next; - } - $self->{error} = $self->_subProcess( $module_name . "::issuerDBInit", - $authModule . "::authInit", $module_name . '::issuerLogout' ); @@ -1393,7 +1383,7 @@ sub controlExistingSession { untie %$h; $self->{id} = $id; - # A session has been find => calling &existingSession + # A session has been found => call existingSession my $r = $self->_sub( 'existingSession', $id, $self->{sessionInfo} ); if ( $r == PE_DONE ) { $self->{error} = $self->_subProcess( @@ -1428,7 +1418,7 @@ sub existingSession { # Check portalForceAuthn parameter # and authForce method - eval { $forceAuthn = $self->authForce(); }; + eval { $forceAuthn = $self->_sub('authForce'); }; if ($@) { $self->lmLog( "Error when calling authForce: $@", 'debug' ); } diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Choice.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Choice.pm index e619edc17..89a11f71e 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Choice.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Choice.pm @@ -20,6 +20,9 @@ sub new { # Create object with portal parameter my $self = bless { p => $portal }, $class; + # Recover authChoice from session + $portal->{_authChoice} ||= $portal->{sessionInfo}->{_authChoice}; + # Test authChoice unless ( $portal->{_authChoice} and exists $portal->{authChoiceModules}->{ $portal->{_authChoice} } ) @@ -44,7 +47,7 @@ sub new { }; if ($@) { - $portal->lmLog("SAML choice force no tested: $@", 'debug'); + $portal->lmLog( "SAML choice force not tested: $@", 'debug' ); } # Force SAML choice if needed @@ -69,18 +72,15 @@ sub new { my $userDBModule = $modulePrefix . 'UserDB' . $userDB; my $passwordDBModule = $modulePrefix . 'PasswordDB' . $passwordDB; - foreach ( $authModule, $userDBModule, $passwordDBModule ) { - $portal->abort( 'Bad configuration', "Unable to load $_" ) - unless $portal->loadModule($_); + foreach my $module ( $authModule, $userDBModule, $passwordDBModule ) { + $portal->abort( 'Bad configuration', "Unable to load $module" ) + unless $portal->loadModule($module); } $self->{modules} = [ { m => $authModule, n => $auth }, { m => $userDBModule, n => $userDB }, - { - m => $passwordDBModule, - n => $passwordDB - }, + { m => $passwordDBModule, n => $passwordDB } ]; $portal->lmLog( "Authentication module $auth selected", 'debug' );