Manager.pm 8.48 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
# Manager main component
#
# This package contains these parts:
#  - Properties and private methods
#  - Initialization method (launched by Lemonldap::NG::Common::PSGI)
#    that declares routes
#  - Upload methods (launched by Lemonldap::NG::Common::PSGI::Router)
#
# It inherits from Conf.pm to responds to display methods and from
# Sessions.pm to manage sessions
11
12
package Lemonldap::NG::Manager;

13
use 5.10.0;
Yadd's avatar
Yadd committed
14
use utf8;
15
use Mouse;
16
use JSON;
17
18
19
use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Common::PSGI::Constants;

20
21
our $VERSION = '2.0.0';

Yadd's avatar
Yadd committed
22
23
extends 'Lemonldap::NG::Common::Conf::AccessLib',
  'Lemonldap::NG::Handler::PSGI::Router';
24

Yadd's avatar
Yadd committed
25
26
has csp => ( is => 'rw' );

27
28
29
30
31
32
## @method boolean init($args)
# Launch initialization method
#
# @param $args hashref to merge with object
# @return 0 in case of error, 1 else
sub init {
Yadd's avatar
Yadd committed
33
    my ( $self, $args ) = @_;
34
35
    $args ||= {};

36
    if ( my $localconf = $self->confAcc->getLocalConf(MANAGERSECTION) ) {
Yadd's avatar
Yadd committed
37
38
        foreach ( keys %$localconf ) {
            $args->{$_} //= $localconf->{$_};
Yadd's avatar
Yadd committed
39
            $self->{$_} = $args->{$_} unless (/^(?:l|userL)ogger$/);
Yadd's avatar
Yadd committed
40
        }
41
42
    }

43
44
45
    # Manager needs to keep new Ajax behaviour
    $args->{noAjaxHook} = 0;

Yadd's avatar
Yadd committed
46
47
    return 0
      unless ( $self->Lemonldap::NG::Handler::PSGI::Router::init($args) );
48

49
50
    # TODO: manage errors
    unless ( -r $self->{templateDir} ) {
Yadd's avatar
Yadd committed
51
        $self->error("Unable to read $self->{templateDir}");
52
        return 0;
Yadd's avatar
Yadd committed
53
    }
54

55
56
57
58
59
    $self->{enabledModules} ||= "conf, sessions, notifications";
    my @links;
    my @enabledModules =
      map { push @links, $_; "Lemonldap::NG::Manager::" . ucfirst($_) }
      split( /[,\s]+/, $self->{enabledModules} );
60
    extends 'Lemonldap::NG::Handler::PSGI::Router', @enabledModules;
Yadd's avatar
Yadd committed
61
    my @working;
62
    my $conf = $self->confAcc->getConf;
Yadd's avatar
Yadd committed
63
64
65
66
    unless ($conf) {
        require Lemonldap::NG::Manager::Conf::Zero;
        $conf = Lemonldap::NG::Manager::Conf::Zero::zeroConf();
    }
Yadd's avatar
Yadd committed
67
    for ( my $i = 0 ; $i < @enabledModules ; $i++ ) {
Yadd's avatar
Yadd committed
68
        my $mod = $enabledModules[$i];
69
        no strict 'refs';
Yadd's avatar
Yadd committed
70
71
        if ( &{"${mod}::addRoutes"}( $self, $conf ) ) {
            $self->logger->debug("Module $mod enabled");
Yadd's avatar
Yadd committed
72
73
74
            push @working, $mod;
        }
        else {
Yadd's avatar
Yadd committed
75
            $links[$i] = undef;
Yadd's avatar
Yadd committed
76
77
            $self->logger->error(
                "Module $mod can not be enabled: " . $self->error );
Yadd's avatar
Yadd committed
78
        }
Yadd's avatar
Yadd committed
79
    }
Yadd's avatar
Yadd committed
80
    return 0 unless (@working);
Yadd's avatar
Yadd committed
81
82
    $self->addRoute( links     => 'links',  ['GET'] );
    $self->addRoute( 'psgi.js' => 'sendJs', ['GET'] );
83

Yadd's avatar
Yadd committed
84
    my $portal = $conf->{portal};
Yadd's avatar
Yadd committed
85
    $portal =~ s#https?://([^/]*).*#$1#;
Yadd's avatar
Yadd committed
86
    $self->csp(
Yadd's avatar
Yadd committed
87
"default-src 'self';frame-ancestors 'none';form-action 'self';img-src 'self' $portal;style-src 'self' $portal;"
Yadd's avatar
Yadd committed
88
89
    );

Yadd's avatar
Yadd committed
90
    $self->defaultRoute( $working[0]->defaultRoute );
91

92
93
94
    my $linksIcons =
      { 'conf' => 'cog', 'sessions' => 'duplicate', 'notifications' => 'bell' };

95
96
    $self->links( [] );
    for ( my $i = 0 ; $i < @links ; $i++ ) {
Yadd's avatar
Yadd committed
97
        next unless ( defined $links[$i] );
98
        push @{ $self->links },
99
100
101
102
103
          {
            target => $enabledModules[$i]->defaultRoute,
            title  => $links[$i],
            icon   => $linksIcons->{ $links[$i] }
          };
Yadd's avatar
Yadd committed
104
    }
105

106
    $self->menuLinks( [] );
dcoutadeur dcoutadeur's avatar
dcoutadeur dcoutadeur committed
107
108
    if (
        my $portal =
Yadd's avatar
Yadd committed
109
110
        $conf->{cfgNum}
        ? Lemonldap::NG::Handler::PSGI::Main->tsv->{portal}->()
dcoutadeur dcoutadeur's avatar
dcoutadeur dcoutadeur committed
111
112
        : $conf->{portal}
      )
Yadd's avatar
Yadd committed
113
    {
Yadd's avatar
Yadd committed
114
115
116
117
118
119
120
121
122
123
124
125
        push @{ $self->menuLinks },
          {
            target => $portal,
            title  => 'backtoportal',
            icon   => 'home'
          },
          {
            target => "$portal?logout=1",
            title  => 'logout',
            icon   => 'log-out'
          };
    }
126
    1;
Yadd's avatar
Yadd committed
127
128
}

129
sub tplParams {
Yadd's avatar
Yadd committed
130
131
132
133
134
135
136
137
    return ( VERSION => $VERSION, );
}

sub javascript {
    my ($self) = @_;
    return
      'var formPrefix=staticPrefix+"forms/";var confPrefix=scriptname+"confs/";'
      . ( $self->links ? 'var links=' . to_json( $self->links ) . ';' : '' )
Yadd's avatar
Yadd committed
138
139
      . (
        $self->menuLinks
Yadd's avatar
Yadd committed
140
        ? 'var menulinks=' . to_json( $self->menuLinks ) . ';'
Yadd's avatar
Yadd committed
141
142
        : ''
      );
143
144
}

Yadd's avatar
Yadd committed
145
146
147
148
149
150
151
152
153
154
155
sub sendHtml {
    my ( $self, $req, $template, %args ) = @_;
    my $res = $self->SUPER::sendHtml( $req, $template, %args );
    push @{ $res->[1] },
      'Content-Security-Policy' => $self->csp,
      'X-Content-Type-Options'  => 'nosniff',
      'X-Frame-Options'         => 'DENY',
      'X-XSS-Protection'        => '1; mode=block';
    return $res;
}

Yadd's avatar
Yadd committed
156
1;
157
158
159
160
__END__

=head1 NAME

Yadd's avatar
Yadd committed
161
162
=encoding utf8

163
164
165
166
167
Lemonldap::NG::Manager - Perl extension for managing Lemonldap::NG Web-SSO
system.

=head1 SYNOPSIS

Yadd's avatar
Yadd committed
168
169
170
Use any of Plack launcher. Example:

  #!/usr/bin/env plackup
171
172
173
174
175
  
  use Lemonldap::NG::Manager;
  
  # This must be the last instruction ! See PSGI for more
  Lemonldap::NG::Manager->run($opts);
176
177
178
179
180
181

=head1 DESCRIPTION

Lemonldap::NG::Manager provides a web interface to manage Lemonldap::NG Web-SSO
system.

Yadd's avatar
Yadd committed
182
183
184
185
186
The Perl part of Lemonldap::NG::Manager is the REST server. Web interface is
written in Javascript, using AngularJS framework and can be found in `site`
directory. The REST API is described in REST-API.md file given in source tree.

Lemonldap::NG Manager uses L<Plack> to be compatible with CGI, FastCGI,... It
187
inherits of L<Lemonldap::NG::Handler::PSGI::Router>
Yadd's avatar
Yadd committed
188
189
190

=head1 ORGANIZATION

Yadd's avatar
Yadd committed
191
Lemonldap::NG Manager contains 5 parts:
Yadd's avatar
Yadd committed
192
193
194

=over

Yadd's avatar
Yadd committed
195
=item Configuration management
Yadd's avatar
Yadd committed
196

Yadd's avatar
Yadd committed
197
=item Session explorer
Yadd's avatar
Yadd committed
198

Yadd's avatar
Yadd committed
199
=item Notification explorer
Yadd's avatar
Yadd committed
200

Yadd's avatar
Yadd committed
201
=item Configuration builder (see L<Lemonldap::NG::Manager::Build>
Yadd's avatar
Yadd committed
202

Yadd's avatar
Yadd committed
203
=item Command line (see L<Lemonldap::NG::Manager::Cli>
Yadd's avatar
Yadd committed
204
205
206
207
208

=back

=head2 Generation of static files

209
210
The `scripts/jsongenerator.pl` file uses Lemonldap::NG::Manager::Build::Attributes,
Lemonldap::NG::Manager::Build::Tree and Lemonldap::NG::Manager::Build::CTrees to generate
Yadd's avatar
Yadd committed
211
212
213

=over

Yadd's avatar
Yadd committed
214
=item `site/htdocs/static/struct.json`:
Yadd's avatar
Yadd committed
215
216
217

the main file that contains the tree view;

Yadd's avatar
Yadd committed
218
=item `site/htdocs/static/js/conftree.js`:
Yadd's avatar
Yadd committed
219
220
221

generates sub tree for virtualhosts and SAML and OpenID-Connect partners;

222
=item `Lemonldap::NG::Common::Conf::ReConstants`:
Yadd's avatar
Yadd committed
223

Yadd's avatar
Yadd committed
224
constants used by all Perl manager components;
Yadd's avatar
Yadd committed
225

Yadd's avatar
Yadd committed
226
=item `Lemonldap::NG::Common::Conf::DefaultValues`:
Yadd's avatar
Yadd committed
227

Yadd's avatar
Yadd committed
228
constants used to read configuration.
Yadd's avatar
Yadd committed
229
230

=back
231
232
233
234
235
236
237
238

=head1 PARAMETERS

You can use a hash ref to override any LemonLDAP::NG parameter. Currently, you
can specify where your lemonldap-ng.ini file is:

  Lemonldap::NG::Manager->run( { confFile => '/path/to/lemonldap-ng.ini' } );

Yadd's avatar
Yadd committed
239
240
241
242
243
244
245
246
=head2 lemonldap-ng.ini parameters

You can override any configuration parameter in lemonldap-ng.ini, but some are
required and can't be set to global configuration (as any Lemonldap::NG module,
you can also fix them in $opts hash ref passed as argument to run() or new()).

  [manager]
  ;protection:     choose one of none, authenticate, manager as explain in
247
  ;                Lemonldap::NG::Handler::PSGI::Router doc.
Yadd's avatar
Yadd committed
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
  protection     = manager
  
  ;enabledModules: Modules to display. Default to `conf, sessions, notifications`
  enabledModules = conf, sessions, notifications
  
  ;logLevel:       choose one of error, warn, notice, info, debug
  ;                See Lemonldap::NG::Common::PSGI doc for more
  logLevel       = notice
  
  ;staticPrefix:   set here the URI path to static content
  ;                See Lemonldap::NG::Common::PSGI doc for more
  staticPrefix   = static/
  
  ;languages:      Available interface languages
  languages      = en, fr
  
  ;templateDir:    the path to the directory containing HTML templates
  ;                See Lemonldap::NG::Common::PSGI doc for more
  templateDir    = /usr/share/lemonldap-ng/manager/

268
269
=head1 SEE ALSO

Yadd's avatar
Yadd committed
270
L<http://lemonldap-ng.org/>
271

272
=head1 AUTHORS
273

274
275
=over

Yadd's avatar
Yadd committed
276
=item LemonLDAP::NG team L<http://lemonldap-ng.org/team>
277
278

=back
279
280
281
282

=head1 BUG REPORT

Use OW2 system to report bug or ask for features:
Yadd's avatar
Yadd committed
283
L<http://jira.ow2.org>
284

Yadd's avatar
Yadd committed
285
286
287
Note that if you want to post a ticket for a conf upload problem, please
see L<Lemonldap::NG::Manager::Conf::Parser> before.

288
289
290
291
292
293
294
=head1 DOWNLOAD

Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>

=head1 COPYRIGHT AND LICENSE

Yadd's avatar
Yadd committed
295
See COPYING file for details.
296
297

This library is free software; you can redistribute it and/or modify
298
299
300
301
302
303
304
305
306
307
308
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see L<http://www.gnu.org/licenses/>.
309
310

=cut