worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Show error from Common::Session module in logs (#741)

Browse Source
environments/ppa-mbqj77/deployments/1
Clément Oudot 11 years ago
parent 273f4f824b
commit e011600113
7 changed files with 143 additions and 76 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 24
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm
  2. 110
      lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main.pm
  3. 31
      lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
  4. 32
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
  5. 10
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm
  6. 5
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Remote.pm
  7. 7
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm

24
lemonldap-ng-common/lib/Lemonldap/NG/Common/Session.pm
Unescape View File

@ -58,6 +58,11 @@ has 'cacheModuleOptions' => (
isa => 'HashRef|Undef',
);
has 'error' => (
is => 'rw',
isa => 'Str|Undef',
);
sub BUILD {
my $self = shift;
@ -130,7 +135,12 @@ sub _tie_session {
}
};
return undef if ( $@ or not tied(%h) );
if ( $@ or not tied(%h) ) {
my $msg = "Session cannot be tied";
$msg .= ": $@" if $@;
$self->error($msg);
return undef;
}
return \%h;
}
@ -147,7 +157,10 @@ sub update {
my $infos = shift;
my $tieOptions = shift;
return 0 unless ( ref $infos eq "HASH" );
unless ( ref $infos eq "HASH" ) {
$self->error("You need to provide a HASHREF");
return 0;
}
my $data = $self->_tie_session($tieOptions);
@ -167,6 +180,7 @@ sub update {
return 1;
}
$self->error("No data found in session");
return 0;
}
@ -178,7 +192,11 @@ sub remove {
eval { tied(%$data)->delete(); };
return 0 if $@;
if ($@) {
$self->error("Unable to delete session: $@");
return 0;
}
return 1;
}

110
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main.pm
Unescape View File

@ -7,22 +7,22 @@ use Exporter 'import';
use Lemonldap::NG::Common::Session;
use CGI::Util 'expires';
use URI::Escape;
use constant UNPROTECT => 1;
use constant SKIP => 2;
use constant UNPROTECT => 1;
use constant SKIP => 2;
#inherits Cache::Cache
#inherits Apache::Session
#link Lemonldap::NG::Common::Apache::Session::SOAP protected globalStorage
our $VERSION = '1.4.0';
our $VERSION = '1.4.1';
our ( %EXPORT_TAGS, @EXPORT_OK, @EXPORT );
our $tsv = {}; # Hash ref containing thread-shared values, filled
# at config reload - see Reload.pm comments to know
# what it contains
our $session; # Object for current user session
our $datas; # Hash ref containing current user session datas
our $datasUpdate; # Last time the current user session was read
our $tsv = {}; # Hash ref containing thread-shared values, filled
# at config reload - see Reload.pm comments to know
# what it contains
our $session; # Object for current user session
our $datas; # Hash ref containing current user session datas
our $datasUpdate; # Last time the current user session was read
BEGIN {
@ -46,7 +46,6 @@ BEGIN {
use Lemonldap::NG::Handler::Main::Jail;
use Lemonldap::NG::Handler::Main::Logger;
## @rmethod protected void updateStatus(string user,string url,string action)
# Inform the status process of the result of the request if it is available
# @param request Apache2::RequestRec current request
@ -62,7 +61,7 @@ sub updateStatus {
print $statusPipe "$user => "
. Lemonldap::NG::Handler::API->hostname
. "$url $action\n"
if ( $statusPipe );
if ($statusPipe);
};
}
@ -73,7 +72,7 @@ sub updateStatus {
# @return Apache2::Const::REDIRECT or Apache2::Const::FORBIDDEN
sub forbidden {
my $class = shift;
my $uri = Lemonldap::NG::Handler::API->unparsed_uri;
my $uri = Lemonldap::NG::Handler::API->unparsed_uri;
if ( $datas->{_logout} ) {
$class->updateStatus( 'LOGOUT', $datas->{ $tsv->{whatToTrace} } );
@ -94,8 +93,7 @@ sub forbidden {
# Redirect or Forbidden?
if ( $tsv->{useRedirectOnForbidden} ) {
Lemonldap::NG::Handler::Main::Logger->lmLog(
"Use redirect for forbidden access",
'debug' );
"Use redirect for forbidden access", 'debug' );
return $class->goToPortal( $uri, 'lmError=403' );
}
else {
@ -109,8 +107,7 @@ sub forbidden {
# Hide Lemonldap::NG cookie to the protected application.
sub hideCookie {
my $class = shift;
Lemonldap::NG::Handler::Main::Logger->lmLog( "removing cookie",
'debug' );
Lemonldap::NG::Handler::Main::Logger->lmLog( "removing cookie", 'debug' );
my $cookie = Lemonldap::NG::Handler::API->header_in('Cookie');
$cookie =~ s/$tsv->{cookieName}(http)?=[^,;]*[,;\s]*//og;
if ($cookie) {
@ -126,7 +123,7 @@ sub hideCookie {
# @return Base64 encoded string
sub encodeUrl {
my ( $class, $url ) = splice @_;
$url = $class->_buildUrl( $url ) if ( $url !~ m#^https?://# );
$url = $class->_buildUrl($url) if ( $url !~ m#^https?://# );
return encode_base64( $url, '' );
}
@ -155,9 +152,9 @@ sub goToPortal {
# Get user cookies and search for Lemonldap::NG cookie.
# @return Value of the cookie if found, 0 else
sub fetchId {
my $class = shift;
my $t = Lemonldap::NG::Handler::API->header_in('Cookie');
my $vhost = $class->resolveAlias;
my $class = shift;
my $t = Lemonldap::NG::Handler::API->header_in('Cookie');
my $vhost = $class->resolveAlias;
my $lookForHttpCookie = $tsv->{securedCookie} =~ /^(2|3)$/
&& !(
defined( $tsv->{https}->{$vhost} )
@ -199,11 +196,21 @@ sub retrieveSession {
}
);
if ( $datas = $session->data ) {
unless ( $session->error ) {
$datas = $session->data;
# Update the session to notify activity, if necessary
$session->update( { '_lastSeen' => time } )
if ( $tsv->{timeoutActivity} );
if ( $tsv->{timeoutActivity} ) {
$session->update( { '_lastSeen' => time } );
if ( $session->error ) {
Lemonldap::NG::Handler::Main::Logger->lmLog(
"Cannot update session $id", 'error' );
Lemonldap::NG::Handler::Main::Logger->lmLog( $session->error,
'error' );
}
}
$datasUpdate = time();
return 1;
@ -211,6 +218,8 @@ sub retrieveSession {
else {
Lemonldap::NG::Handler::Main::Logger->lmLog(
"Session $id can't be retrieved", 'info' );
Lemonldap::NG::Handler::Main::Logger->lmLog( $session->error, 'info' );
return 0;
}
}
@ -274,9 +283,9 @@ sub run {
return REDIRECT;
}
$uri = Lemonldap::NG::Handler::API->uri_with_args;
$uri = Lemonldap::NG::Handler::API->uri_with_args;
$protection = $class->isUnprotected($uri)
unless ( defined $protection );
unless ( defined $protection );
if ( $protection == SKIP ) {
Lemonldap::NG::Handler::Main::Logger->lmLog( "Access control skipped",
@ -300,11 +309,12 @@ sub run {
my $kc = keys %$datas; # in order to detect new local macro
# ACCOUNTING (1. Inform Apache)
Lemonldap::NG::Handler::API->set_user( $datas->{ $tsv->{whatToTrace} } );
Lemonldap::NG::Handler::API->set_user(
$datas->{ $tsv->{whatToTrace} } );
# AUTHORIZATION
return $class->forbidden unless ( $class->grant( $uri, $cond ) );
$class->updateStatus('OK', $datas->{ $tsv->{whatToTrace} } );
$class->updateStatus( 'OK', $datas->{ $tsv->{whatToTrace} } );
# ACCOUNTING (2. Inform remote application)
$class->sendHeaders;
@ -411,7 +421,7 @@ sub abort {
# @return True if the user is granted to access to the current URL
sub grant {
my ( $class, $uri, $cond ) = @_;
return &{ $cond }() if ($cond);
return &{$cond}() if ($cond);
my $vhost = $class->resolveAlias;
for ( my $i = 0 ; $i < $tsv->{locationCount}->{$vhost} ; $i++ ) {
@ -495,11 +505,12 @@ sub unlog ($$) {
# display it.
# @return Apache2::Const::OK
sub status($$) {
my $class = shift;
my $class = shift;
my $statusPipe = $tsv->{statusPipe};
my $statusOut = $tsv->{statusOut};
Lemonldap::NG::Handler::Main::Logger->lmLog( "Request for status", 'debug' );
return $class->abort( "$class: status page can not be displayed" )
my $statusOut = $tsv->{statusOut};
Lemonldap::NG::Handler::Main::Logger->lmLog( "Request for status",
'debug' );
return $class->abort("$class: status page can not be displayed")
unless ( $statusPipe and $statusOut );
print $statusPipe "STATUS"
. (
@ -514,7 +525,7 @@ sub status($$) {
}
Lemonldap::NG::Handler::API->set_header_out(
( "Content-Type" => "text/html; charset=UTF-8" ) );
Lemonldap::NG::Handler::API->print( $buf );
Lemonldap::NG::Handler::API->print($buf);
return OK;
}
@ -600,12 +611,12 @@ sub postOutputFilter {
if ( defined( $tsv->{outputPostData}->{$vhost}->{$uri} ) ) {
Lemonldap::NG::Handler::Main::Logger->lmLog(
"Filling a html form with fake data" , "debug" );
"Filling a html form with fake data", "debug" );
Lemonldap::NG::Handler::API->unset_header_in("Accept-Encoding");
my %postdata = &{ $tsv->{outputPostData}->{$vhost}->{$uri} };
my %postdata = &{ $tsv->{outputPostData}->{$vhost}->{$uri} };
my $formParams = $tsv->{postFormParams}->{$vhost}->{$uri};
my $js = $class->postJavascript(\%postdata, $formParams);
my $js = $class->postJavascript( \%postdata, $formParams );
Lemonldap::NG::Handler::API->addToHtmlHead($js);
}
}
@ -618,14 +629,14 @@ sub postInputFilter {
my $vhost = $class->resolveAlias;
if ( defined( $tsv->{inputPostData}->{$vhost}->{$uri} ) ) {
Lemonldap::NG::Handler::Main::Logger->lmLog(
"Replacing fake data with real form data" , "debug" );
Lemonldap::NG::Handler::Main::Logger->lmLog(
"Replacing fake data with real form data", "debug" );
my %data = &{ $tsv->{inputPostData}->{$vhost}->{$uri} };
foreach (keys %data) {
$data{$_} = uri_escape($data{$_});
foreach ( keys %data ) {
$data{$_} = uri_escape( $data{$_} );
}
Lemonldap::NG::Handler::API->setPostParams(\%data);
Lemonldap::NG::Handler::API->setPostParams( \%data );
}
}
@ -638,23 +649,25 @@ sub postJavascript {
my $form = $formParams->{formSelector} || "form";
my $filler;
while ( my ($name, $value) = each ( %$data ) ) {
while ( my ( $name, $value ) = each(%$data) ) {
$value = "x" x length($value);
$filler .= "form.find('input[name=$name], select[name=$name], textarea[name=$name]').val('$value')\n";
$filler .=
"form.find('input[name=$name], select[name=$name], textarea[name=$name]').val('$value')\n";
}
my $submitter =
$formParams->{buttonSelector} eq "none" ? ""
: $formParams->{buttonSelector} ? "form.find('$formParams->{buttonSelector}').click()\n"
: $formParams->{buttonSelector}
? "form.find('$formParams->{buttonSelector}').click()\n"
: "form.submit()\n";
my $jqueryUrl = $formParams->{jqueryUrl} || "";
$jqueryUrl = &{ $tsv->{portal} } . "skins/common/js/jquery-1.10.2.js"
if ( $jqueryUrl eq "default" );
if ( $jqueryUrl eq "default" );
$jqueryUrl = "<script type='text/javascript' src='$jqueryUrl'></script>\n"
if ($jqueryUrl);
if ($jqueryUrl);
return
return
$jqueryUrl
. "<script type='text/javascript'>\n"
. "/* script added by Lemonldap::NG */\n"
@ -662,8 +675,7 @@ sub postJavascript {
. "var form = jQuery('$form')\n"
. "form.attr('autocomplete', 'off')\n"
. $filler
. $submitter
. "})\n"
. $submitter . "})\n"
. "</script>\n";
}

31
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
Unescape View File

@ -72,14 +72,6 @@ sub new {
# Load default skin if no other specified
$self->{managerSkin} ||= 'default';
# Now try to load Apache::Session module
#unless ( $tsv->{globalStorage}->can('populate') ) {
# eval "require $tsv->{globalStorage}";
# $class->abort( "Unable to load $tsv->{globalStorage}", $@ ) if ($@);
#}
#%{ $self->{globalStorageOptions} } = %{$tsv->{globalStorageOptions}};
#$self->{globalStorageOptions}->{backend} = $tsv->{globalStorage};
# IP field
$self->{ipField} = "ipAddr";
@ -376,8 +368,9 @@ sub delete {
}
);
unless ( $apacheSession->data ) {
$self->lmLog( "Apache::Session error", 'error' );
if ( $apacheSession->error ) {
$self->lmLog( "Unable to open session $id", 'error' );
$self->lmLog( $apacheSession->error, 'error' );
$res .= '<h1 class="ui-widget-header ui-corner-all">'
. $self->translate('error') . '</h1>';
$res .= '<div class="ui-corner-all ui-widget-content">';
@ -400,8 +393,15 @@ sub delete {
}
);
if ( &apacheSession2->data ) {
$apacheSession2->remove;
if ( $apacheSession2->data ) {
unless ( $apacheSession2->remove ) {
$self->lmLog( "Unable to remove session $id2", 'error' );
$self->lmLog( $apacheSession2->error, 'error' );
}
}
else {
$self->lmLog( "Unable to open session $id2", 'error' );
$self->lmLog( $apacheSession2->error, 'error' );
}
}
@ -412,6 +412,7 @@ sub delete {
}
else {
$self->lmLog( "Unable to remove session $id", 'error' );
$self->lmLog( $apacheSession->error, 'error' );
$res .= '<h1 class="ui-widget-header ui-corner-all">'
. $self->translate('error') . '</h1>';
$res .= '<div class="ui-corner-all ui-widget-content">';
@ -441,9 +442,9 @@ sub session {
}
);
unless ( $apacheSession->data ) {
$self->lmLog( "Apache::Session error", 'error' );
if ( $apacheSession->error ) {
$self->lmLog( "Unable to open session $id", 'error' );
$self->lmLog( $apacheSession->error, 'error' );
$res .= '<h1 class="ui-widget-header ui-corner-all">'
. $self->translate('error') . '</h1>';
$res .= '<div class="ui-corner-all ui-widget-content">';

32
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
Unescape View File

@ -71,7 +71,7 @@ use Digest::MD5;
#inherits Apache::Session
#link Lemonldap::NG::Common::Apache::Session::SOAP protected globalStorage
our $VERSION = '1.4.0';
our $VERSION = '1.4.1';
use base qw(Lemonldap::NG::Common::CGI Exporter);
our @ISA;
@ -852,7 +852,10 @@ sub getApacheSession {
}
);
return unless $apacheSession->data;
if ( $apacheSession->error ) {
$self->lmLog( $apacheSession->error, 'debug' );
return;
}
unless ($noInfo) {
$self->setApacheUser( $apacheSession->data->{ $self->{whatToTrace} } )
@ -882,6 +885,10 @@ sub getPersistentSession {
}
);
if ( $persistentSession->error ) {
$self->lmLog( $persistentSession->error, 'debug' );
}
return $persistentSession;
}
@ -918,6 +925,14 @@ sub updatePersistentSession {
$self->getPersistentSession( $self->_md5hash($uid) );
$persistentSession->update($infos);
if ( $persistentSession->error ) {
$self->lmLog(
"Cannot update persistent session " . $self->_md5hash($uid),
'error' );
$self->lmLog( $persistentSession->error, 'error' );
}
}
## @method void updateSession(hashRef infos, string id)
@ -962,6 +977,11 @@ sub updateSession {
# Store/update session values
$apacheSession->update($infos);
if ( $apacheSession->error ) {
$self->lmLog( "Cannot update session $id", 'error' );
$self->lmLog( $apacheSession->error, 'error' );
}
}
}
}
@ -1199,6 +1219,11 @@ sub _deleteSession {
if ( my $id2 = $session->data->{_httpSession} ) {
if ( my $session2 = $self->getApacheSession( $id2, 1 ) ) {
$session2->remove;
if ( $session2->error ) {
$self->lmLog( "Unable to remove linked session $id2",
'debug' );
$self->lmLog( $session2->error, 'debug' );
}
}
}
@ -1234,7 +1259,7 @@ sub _deleteSession {
$self->_sub( 'userNotice', "User $user has been disconnected" )
if $user;
return 1;
return $session->error ? 0 : 1;
}
##@method private void _dump(void* variable)
@ -1573,6 +1598,7 @@ sub controlExistingSession {
# Delete session
unless ( $self->_deleteSession($apacheSession) ) {
$self->lmLog( "Unable to delete session $id", 'error' );
$self->lmLog( $apacheSession->error, 'error' );
return PE_ERROR;
}
else {

10
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_CAS.pm
Unescape View File

@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::_Browser;
use Lemonldap::NG::Common::Session;
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
our $VERSION = '1.4.0';
our $VERSION = '1.4.1';
## @method hashref getCasSession(string id)
# Try to recover the CAS session corresponding to id and return session datas
@ -31,12 +31,13 @@ sub getCasSession {
}
);
unless ( $casSession->data ) {
if ( $casSession->error ) {
if ($id) {
$self->_sub( 'userInfo', "CAS session $id isn't yet available" );
}
else {
$self->lmLog( "Unable to create new CAS session", 'error' );
$self->lmLog( $casSession->error, 'error' );
}
return undef;
}
@ -228,7 +229,10 @@ sub deleteCasSession {
my $session_id = $session->id;
# Delete session
$session->remove;
unless ( $session->remove ) {
$self->lmLog( $session->error, 'error' );
return 0;
}
$self->lmLog( "CAS session $session_id deleted", 'debug' );

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_Remote.pm
Unescape View File

@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Common::Session;
use MIME::Base64;
our $VERSION = '1.4.0';
our $VERSION = '1.4.1';
our $initDone;
BEGIN {
@ -68,8 +68,9 @@ sub checkRemoteId {
}
);
unless ( $remoteSession->data ) {
if ( $remoteSession->error ) {
$self->lmLog( "Remote session error", 'error' );
$self->lmLog( $remoteSession->error, 'error' );
return PE_ERROR;
}

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
Unescape View File

@ -1238,6 +1238,7 @@ sub extractRelayState {
}
else {
$self->lmLog( "Unable to delete relaystate $relaystate", 'error' );
$self->lmLog( $samlSessionInfo->error, 'error' );
}
return 1;
@ -1666,6 +1667,7 @@ sub replayProtection {
"Unable to delete assertion session $session (Message ID $samlID)",
'error'
);
$self->lmLog( $samlSessionInfo->error, 'error' );
return 0;
}
}
@ -1800,6 +1802,7 @@ sub loadArtifact {
else {
$self->lmLog( "Unable to delete artifact session $session (ID $id)",
'error' );
$self->lmLog( $samlSessionInfo->error, 'error' );
return;
}
}
@ -2831,12 +2834,13 @@ sub getSamlSession {
}
);
unless ( $samlSession->data ) {
if ( $samlSession->error ) {
if ($id) {
$self->_sub( 'userInfo', "SAML session $id isn't yet available" );
}
else {
$self->lmLog( "Unable to create new SAML session", 'error' );
$self->lmLog( $samlSession->error, 'error' );
}
return undef;
}
@ -2976,6 +2980,7 @@ sub deleteSAMLSecondarySessions {
else {
$self->lmLog( "Unable to delete SAML session $saml_session",
'error' );
$self->lmLog( $samlSessionInfo->error, "error" );
$result = 0;
}
}

Write Preview
Loading…
Cancel
Save