Manager.pm 8.59 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
# Manager main component
#
# This package contains these parts:
#  - Properties and private methods
#  - Initialization method (launched by Lemonldap::NG::Common::PSGI)
#    that declares routes
#  - Upload methods (launched by Lemonldap::NG::Common::PSGI::Router)
#
# It inherits from Conf.pm to responds to display methods and from
# Sessions.pm to manage sessions
11
12
package Lemonldap::NG::Manager;

13
use 5.10.0;
Yadd's avatar
Yadd committed
14
use utf8;
15
use Mouse;
16
use JSON;
17
18
19
use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Common::PSGI::Constants;

Clément OUDOT's avatar
Clément OUDOT committed
20
our $VERSION = '2.0.0';
21

Yadd's avatar
Yadd committed
22
23
extends 'Lemonldap::NG::Common::Conf::AccessLib',
  'Lemonldap::NG::Handler::PSGI::Router';
24

Yadd's avatar
Yadd committed
25
26
has csp => ( is => 'rw' );

27
28
29
30
31
32
## @method boolean init($args)
# Launch initialization method
#
# @param $args hashref to merge with object
# @return 0 in case of error, 1 else
sub init {
Yadd's avatar
Yadd committed
33
    my ( $self, $args ) = @_;
34
35
    $args ||= {};

36
    if ( my $localconf = $self->confAcc->getLocalConf(MANAGERSECTION) ) {
Yadd's avatar
Yadd committed
37
38
        foreach ( keys %$localconf ) {
            $args->{$_} //= $localconf->{$_};
Yadd's avatar
Yadd committed
39
            $self->{$_} = $args->{$_} unless (/^(?:l|userL)ogger$/);
Yadd's avatar
Yadd committed
40
        }
41
42
    }

43
44
45
    # Manager needs to keep new Ajax behaviour
    $args->{noAjaxHook} = 0;

Yadd's avatar
Yadd committed
46
47
    return 0
      unless ( $self->Lemonldap::NG::Handler::PSGI::Router::init($args) );
48

49
50
    # TODO: manage errors
    unless ( -r $self->{templateDir} ) {
Yadd's avatar
Yadd committed
51
        $self->error("Unable to read $self->{templateDir}");
52
        return 0;
Yadd's avatar
Yadd committed
53
    }
54

55
56
57
58
59
    $self->{enabledModules} ||= "conf, sessions, notifications";
    my @links;
    my @enabledModules =
      map { push @links, $_; "Lemonldap::NG::Manager::" . ucfirst($_) }
      split( /[,\s]+/, $self->{enabledModules} );
60
    extends 'Lemonldap::NG::Handler::PSGI::Router', @enabledModules;
Yadd's avatar
Yadd committed
61
    my @working;
62
    my $conf = $self->confAcc->getConf;
Yadd's avatar
Yadd committed
63
64
65
66
    unless ($conf) {
        require Lemonldap::NG::Manager::Conf::Zero;
        $conf = Lemonldap::NG::Manager::Conf::Zero::zeroConf();
    }
Yadd's avatar
Yadd committed
67
    for ( my $i = 0 ; $i < @enabledModules ; $i++ ) {
Yadd's avatar
Yadd committed
68
        my $mod = $enabledModules[$i];
69
        no strict 'refs';
Yadd's avatar
Yadd committed
70
71
        if ( &{"${mod}::addRoutes"}( $self, $conf ) ) {
            $self->logger->debug("Module $mod enabled");
Yadd's avatar
Yadd committed
72
73
74
            push @working, $mod;
        }
        else {
Yadd's avatar
Yadd committed
75
            $links[$i] = undef;
Yadd's avatar
Yadd committed
76
77
            $self->logger->error(
                "Module $mod can not be enabled: " . $self->error );
Yadd's avatar
Yadd committed
78
        }
Yadd's avatar
Yadd committed
79
    }
Yadd's avatar
Yadd committed
80
    return 0 unless (@working);
Yadd's avatar
Yadd committed
81
82
    $self->addRoute( links     => 'links',  ['GET'] );
    $self->addRoute( 'psgi.js' => 'sendJs', ['GET'] );
83

Yadd's avatar
Yadd committed
84
    my $portal = $conf->{portal};
Yadd's avatar
Yadd committed
85
    $portal =~ s#https?://([^/]*).*#$1#;
Yadd's avatar
Yadd committed
86
    $self->csp(
87
"default-src 'self' $portal;frame-ancestors 'none';form-action 'self';"
Yadd's avatar
Yadd committed
88
89
    );

Yadd's avatar
Yadd committed
90
    $self->defaultRoute( $working[0]->defaultRoute );
91

92
# Find out more glyphicones at https://www.w3schools.com/icons/bootstrap_icons_glyphicons.asp
93
    my $linksIcons =
94
      { 'conf' => 'cog', 'sessions' => 'duplicate', 'notifications' => 'bell', 'U2F' => 'wrench' };
95

96
97
    $self->links( [] );
    for ( my $i = 0 ; $i < @links ; $i++ ) {
Yadd's avatar
Yadd committed
98
        next unless ( defined $links[$i] );
99
        push @{ $self->links },
100
101
102
103
104
          {
            target => $enabledModules[$i]->defaultRoute,
            title  => $links[$i],
            icon   => $linksIcons->{ $links[$i] }
          };
Yadd's avatar
Yadd committed
105
    }
106

107
    $self->menuLinks( [] );
dcoutadeur dcoutadeur's avatar
dcoutadeur dcoutadeur committed
108
109
    if (
        my $portal =
Yadd's avatar
Yadd committed
110
111
        $conf->{cfgNum}
        ? Lemonldap::NG::Handler::PSGI::Main->tsv->{portal}->()
dcoutadeur dcoutadeur's avatar
dcoutadeur dcoutadeur committed
112
113
        : $conf->{portal}
      )
Yadd's avatar
Yadd committed
114
    {
Yadd's avatar
Yadd committed
115
116
117
118
119
120
121
122
123
124
125
126
        push @{ $self->menuLinks },
          {
            target => $portal,
            title  => 'backtoportal',
            icon   => 'home'
          },
          {
            target => "$portal?logout=1",
            title  => 'logout',
            icon   => 'log-out'
          };
    }
127
    1;
Yadd's avatar
Yadd committed
128
129
}

130
sub tplParams {
Yadd's avatar
Yadd committed
131
132
133
134
135
136
137
138
    return ( VERSION => $VERSION, );
}

sub javascript {
    my ($self) = @_;
    return
      'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";'
      . ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' )
Yadd's avatar
Yadd committed
139
140
      . (
        $self->menuLinks
Yadd's avatar
Yadd committed
141
        ? 'var menulinks=' . to_json( $self->menuLinks ) . ';'
Yadd's avatar
Yadd committed
142
143
        : ''
      );
144
145
}

Yadd's avatar
Yadd committed
146
147
148
149
150
151
152
153
154
155
156
sub sendHtml {
    my ( $self, $req, $template, %args ) = @_;
    my $res = $self->SUPER::sendHtml( $req, $template, %args );
    push @{ $res->[1] },
      'Content-Security-Policy' => $self->csp,
      'X-Content-Type-Options'  => 'nosniff',
      'X-Frame-Options'         => 'DENY',
      'X-XSS-Protection'        => '1; mode=block';
    return $res;
}

Yadd's avatar
Yadd committed
157
1;
158
159
160
161
__END__

=head1 NAME

Yadd's avatar
Yadd committed
162
163
=encoding utf8

164
165
166
167
168
Lemonldap::NG::Manager - Perl extension for managing Lemonldap::NG Web-SSO
system.

=head1 SYNOPSIS

Yadd's avatar
Yadd committed
169
170
171
Use any of Plack launcher. Example:

  #!/usr/bin/env plackup
172
173
174
175
176
  
  use Lemonldap::NG::Manager;
  
  # This must be the last instruction ! See PSGI for more
  Lemonldap::NG::Manager->run($opts);
177
178
179
180
181
182

=head1 DESCRIPTION

Lemonldap::NG::Manager provides a web interface to manage Lemonldap::NG Web-SSO
system.

Yadd's avatar
Yadd committed
183
184
185
186
187
The Perl part of Lemonldap::NG::Manager is the REST server. Web interface is
written in Javascript, using AngularJS framework and can be found in `site`
directory. The REST API is described in REST-API.md file given in source tree.

Lemonldap::NG Manager uses L<Plack> to be compatible with CGI, FastCGI,... It
188
inherits of L<Lemonldap::NG::Handler::PSGI::Router>
Yadd's avatar
Yadd committed
189
190
191

=head1 ORGANIZATION

Yadd's avatar
Yadd committed
192
Lemonldap::NG Manager contains 5 parts:
Yadd's avatar
Yadd committed
193
194
195

=over

Yadd's avatar
Yadd committed
196
=item Configuration management
Yadd's avatar
Yadd committed
197

Yadd's avatar
Yadd committed
198
=item Session explorer
Yadd's avatar
Yadd committed
199

Yadd's avatar
Yadd committed
200
=item Notification explorer
Yadd's avatar
Yadd committed
201

Yadd's avatar
Yadd committed
202
=item Configuration builder (see L<Lemonldap::NG::Manager::Build>
Yadd's avatar
Yadd committed
203

Yadd's avatar
Yadd committed
204
=item Command line (see L<Lemonldap::NG::Manager::Cli>
Yadd's avatar
Yadd committed
205
206
207
208
209

=back

=head2 Generation of static files

210
211
The `scripts/jsongenerator.pl` file uses Lemonldap::NG::Manager::Build::Attributes,
Lemonldap::NG::Manager::Build::Tree and Lemonldap::NG::Manager::Build::CTrees to generate
Yadd's avatar
Yadd committed
212
213
214

=over

Yadd's avatar
Yadd committed
215
=item `site/htdocs/static/struct.json`:
Yadd's avatar
Yadd committed
216
217
218

the main file that contains the tree view;

Yadd's avatar
Yadd committed
219
=item `site/htdocs/static/js/conftree.js`:
Yadd's avatar
Yadd committed
220
221
222

generates sub tree for virtualhosts and SAML and OpenID-Connect partners;

223
=item `Lemonldap::NG::Common::Conf::ReConstants`:
Yadd's avatar
Yadd committed
224

Yadd's avatar
Yadd committed
225
constants used by all Perl manager components;
Yadd's avatar
Yadd committed
226

Yadd's avatar
Yadd committed
227
=item `Lemonldap::NG::Common::Conf::DefaultValues`:
Yadd's avatar
Yadd committed
228

Yadd's avatar
Yadd committed
229
constants used to read configuration.
Yadd's avatar
Yadd committed
230
231

=back
232
233
234
235
236
237
238
239

=head1 PARAMETERS

You can use a hash ref to override any LemonLDAP::NG parameter. Currently, you
can specify where your lemonldap-ng.ini file is:

  Lemonldap::NG::Manager->run( { confFile => '/path/to/lemonldap-ng.ini' } );

Yadd's avatar
Yadd committed
240
241
242
243
244
245
246
247
=head2 lemonldap-ng.ini parameters

You can override any configuration parameter in lemonldap-ng.ini, but some are
required and can't be set to global configuration (as any Lemonldap::NG module,
you can also fix them in $opts hash ref passed as argument to run() or new()).

  [manager]
  ;protection:     choose one of none, authenticate, manager as explain in
248
  ;                Lemonldap::NG::Handler::PSGI::Router doc.
Yadd's avatar
Yadd committed
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
  protection     = manager
  
  ;enabledModules: Modules to display. Default to `conf, sessions, notifications`
  enabledModules = conf, sessions, notifications
  
  ;logLevel:       choose one of error, warn, notice, info, debug
  ;                See Lemonldap::NG::Common::PSGI doc for more
  logLevel       = notice
  
  ;staticPrefix:   set here the URI path to static content
  ;                See Lemonldap::NG::Common::PSGI doc for more
  staticPrefix   = static/
  
  ;languages:      Available interface languages
  languages      = en, fr
  
  ;templateDir:    the path to the directory containing HTML templates
  ;                See Lemonldap::NG::Common::PSGI doc for more
  templateDir    = /usr/share/lemonldap-ng/manager/

269
270
=head1 SEE ALSO

Yadd's avatar
Yadd committed
271
L<http://lemonldap-ng.org/>
272

273
=head1 AUTHORS
274

275
276
=over

Yadd's avatar
Yadd committed
277
=item LemonLDAP::NG team L<http://lemonldap-ng.org/team>
278
279

=back
280
281
282
283

=head1 BUG REPORT

Use OW2 system to report bug or ask for features:
Yadd's avatar
Yadd committed
284
L<https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
285

Yadd's avatar
Yadd committed
286
287
288
Note that if you want to post a ticket for a conf upload problem, please
see L<Lemonldap::NG::Manager::Conf::Parser> before.

289
290
291
292
293
294
295
=head1 DOWNLOAD

Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>

=head1 COPYRIGHT AND LICENSE

Yadd's avatar
Yadd committed
296
See COPYING file for details.
297
298

This library is free software; you can redistribute it and/or modify
299
300
301
302
303
304
305
306
307
308
309
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see L<http://www.gnu.org/licenses/>.
310
311

=cut