worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

GitHub authentication module (#2154)

Browse Source
Moo
Clément OUDOT 5 years ago
parent 6623b90199
commit fb29673fdf
4 changed files with 250 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      COPYING
  2. 6
      lemonldap-ng-portal/MANIFEST
  3. 238
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/GitHub.pm
  4. BIN
      lemonldap-ng-portal/site/htdocs/static/common/modules/GitHub.png

6
COPYING
Unescape View File

@ -96,6 +96,12 @@ Comment: downloaded from
.
Author is unknown and license may be W3C or public-domain
Files: lemonldap-ng-portal/site/htdocs/static/common/modules/GitHub.png
Copyright: GitHub
License: MIT
Comment: downloaded from
https://commons.wikimedia.org/wiki/File:Octicons-mark-github.svg
Files: lemonldap-ng-portal/site/htdocs/static/bootstrap/u2f.png
Copyright: Bautsch <https://commons.wikimedia.org/wiki/User:Bautsch>
License: CC0-1.0

6
lemonldap-ng-portal/MANIFEST
Unescape View File

@ -29,6 +29,7 @@ lib/Lemonldap/NG/Portal/Auth/Custom.pm
lib/Lemonldap/NG/Portal/Auth/DBI.pm
lib/Lemonldap/NG/Portal/Auth/Demo.pm
lib/Lemonldap/NG/Portal/Auth/Facebook.pm
lib/Lemonldap/NG/Portal/Auth/GitHub.pm
lib/Lemonldap/NG/Portal/Auth/GPG.pm
lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
lib/Lemonldap/NG/Portal/Auth/LDAP.pm
@ -348,6 +349,7 @@ site/htdocs/static/common/modules/Apache.png
site/htdocs/static/common/modules/CAS.png
site/htdocs/static/common/modules/CustomAuth.png
site/htdocs/static/common/modules/Facebook.png
site/htdocs/static/common/modules/GitHub.png
site/htdocs/static/common/modules/Google.png
site/htdocs/static/common/modules/Kerberos.png
site/htdocs/static/common/modules/LinkedIn.png
@ -358,6 +360,7 @@ site/htdocs/static/common/modules/SSL.png
site/htdocs/static/common/modules/Twitter.png
site/htdocs/static/common/modules/WebID.png
site/htdocs/static/common/nl.png
site/htdocs/static/common/pl.png
site/htdocs/static/common/pt.png
site/htdocs/static/common/ro.png
site/htdocs/static/common/tr.png
@ -371,6 +374,7 @@ site/htdocs/static/languages/fi.json
site/htdocs/static/languages/fr.json
site/htdocs/static/languages/it.json
site/htdocs/static/languages/nl.json
site/htdocs/static/languages/pl.json
site/htdocs/static/languages/pt.json
site/htdocs/static/languages/ro.json
site/htdocs/static/languages/tr.json
@ -604,6 +608,7 @@ t/44-CertificateResetByMail-LDAP.t
t/50-IssuerGet.t
t/57-GlobalLogout-without-Timer.t
t/57-GlobalLogout.t
t/57-LogoutForward.t
t/58-DecryptValue-with-custom-function.t
t/58-DecryptValue-with-internal-function.t
t/59-Double-cookies-for-a-Single-session.t
@ -668,6 +673,7 @@ t/76-2F-Ext-with-History.t
t/77-2F-Extra.t
t/77-2F-Mail-with-global-storage.t
t/77-2F-Mail.t
t/78-2F-Upgrade-Many.t
t/78-2F-Upgrade.t
t/90-Translations.t
t/99-Dont-load-Dumper.t

238
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/GitHub.pm
Unescape View File

@ -0,0 +1,238 @@
package Lemonldap::NG::Portal::Auth::GitHub;
use strict;
use JSON;
use Mouse;
use MIME::Base64 qw/encode_base64 decode_base64/;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Common::UserAgent;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_REDIRECT);
our $VERSION = '2.0.6';
extends 'Lemonldap::NG::Portal::Main::Auth';
# INITIALIZATION
# return LWP::UserAgent object
has ua => (
is => 'rw',
lazy => 1,
builder => sub {
# TODO : LWP options to use a proxy for example
my $ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->{conf} );
$ua->env_proxy();
return $ua;
}
);
has githubAuthorizationEndpoint => (
is => 'ro',
lazy => 1,
default => sub {
$_[0]->conf->{githubAuthorizationEndpoint}
|| 'https://github.com/login/oauth/authorize';
}
);
has githubTokenEndpoint => (
is => 'ro',
lazy => 1,
default => sub {
$_[0]->conf->{githubTokenEndpoint}
|| 'https://github.com/login/oauth/access_token';
}
);
has githubUserEndpoint => (
is => 'ro',
lazy => 1,
default => sub {
$_[0]->conf->{githubUserEndpoint}
|| 'https://api.github.com/user';
}
);
sub init {
my ($self) = @_;
my $ret = 1;
foreach my $arg (qw(githubClientID githubClientSecret)) {
unless ( $self->conf->{$arg} ) {
$ret = 0;
$self->error("Parameter $arg is required");
}
}
return $ret;
}
# RUNNING METHODS
sub extractFormInfo {
my ( $self, $req ) = @_;
my $nonce = time;
# Build redirect_uri
my $callback_url = $self->conf->{portal};
# Check return values
my $code = $req->param("code");
my $state = $req->param("state");
# Code
if ($code) {
my %form;
$form{"code"} = $code;
$form{"state"} = $state if $state;
$form{"client_id"} = $self->conf->{githubClientID};
$form{"client_secret"} = $self->conf->{githubClientSecret};
$form{"redirect_uri"} = $callback_url;
my $response = $self->ua->post(
$self->githubTokenEndpoint,
\%form,
"Content-Type" => 'application/x-www-form-urlencoded',
'Accept' => 'application/json'
);
if ( $response->is_error ) {
$self->logger->error(
"Bad authorization response: " . $response->message );
$self->logger->debug( $response->content );
return PE_ERROR;
}
my $content = $response->decoded_content;
my $json_hash;
eval { $json_hash = from_json( $content, { allow_nonref => 1 } ); };
if ($@) {
$self->logger->error("Unable to decode JSON $content");
return PE_ERROR;
}
my $access_token = $json_hash->{access_token};
$self->logger->debug("Get access token $access_token from GitHub");
# Call People EndPoint URI
$self->logger->debug(
"Call GitHub People Endpoint " . $self->githubUserEndpoint );
my $people_response = $self->ua->get( $self->githubUserEndpoint,
"Authorization" => "token $access_token" );
if ( $people_response->is_error ) {
$self->logger->error(
"Bad authorization response: " . $people_response->message );
$self->logger->debug( $people_response->content );
return PE_ERROR;
}
my $user_content = $people_response->decoded_content;
$self->logger->debug("Response from GitHub People API: $user_content");
eval {
$json_hash = from_json( $user_content, { allow_nonref => 1 } ); };
if ($@) {
$self->logger->error("Unable to decode JSON $user_content");
return PE_ERROR;
}
foreach ( keys %$json_hash ) {
$req->data->{githubData}->{$_} = $json_hash->{$_};
}
$req->user(
$req->data->{githubData}->{ $self->conf->{githubUserField} } );
$self->logger->debug( "Good GitHub authentication for " . $req->user );
# Extract state
if ($state) {
my $stateSession = $self->p->getApacheSession( $state, 1 );
$req->urldc( $stateSession->data->{urldc} );
$req->{checkLogins} = $stateSession->data->{checkLogins};
$stateSession->remove;
}
return PE_OK;
}
# No code, redirect to GitHub
else {
$self->logger->debug('Redirection to GitHub');
# Store state
my $stateSession =
$self->p->getApacheSession( undef, 1, 0, 'GitHubState' );
my $stateInfos = {};
$stateInfos->{_utime} = time() + $self->conf->{timeout};
$stateInfos->{urldc} = $req->urldc;
$stateInfos->{checkLogins} = $req->{checkLogins};
$stateSession->update($stateInfos);
my $authn_uri = $self->githubAuthorizationEndpoint;
my $client_id = $self->conf->{githubClientID};
my $scope = $self->conf->{githubScope};
$authn_uri .= '?'
. build_urlencoded(
response_type => 'code',
client_id => $client_id,
redirect_uri => $callback_url,
scope => $scope,
state => $stateSession->id,
);
$req->urldc($authn_uri);
$self->logger->debug( "Redirect user to " . $req->urldc );
return PE_REDIRECT;
}
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} =
$self->conf->{githubAuthnLevel};
foreach ( keys %{ $req->data->{githubData} } ) {
$req->{sessionInfo}->{ 'github_' . $_ } =
$req->data->{githubData}->{$_};
}
PE_OK;
}
sub authenticate {
PE_OK;
}
sub authFinish {
PE_OK;
}
sub authLogout {
PE_OK;
}
sub authForce {
return 0;
}
sub getDisplayType {
return "logo";
}
1;

BIN
lemonldap-ng-portal/site/htdocs/static/common/modules/GitHub.png vendored
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

Write Preview
Loading…
Cancel
Save