Commit 3e2322fe authored by Yadd's avatar Yadd
Browse files
parent ab0b6e71
......@@ -11,10 +11,11 @@ use strict;
use AutoLoader 'AUTOLOAD';
use Apache::Session;
use base qw(Apache::Session);
use Lemonldap::NG::Common::Apache::Session::Serialize::JSON;
use Lemonldap::NG::Common::Apache::Session::Store;
use Lemonldap::NG::Common::Apache::Session::Lock;
our $VERSION = '1.4.4';
our $VERSION = '1.5.99';
sub _load {
my $backend = shift;
......@@ -34,7 +35,6 @@ sub populate {
$self = $self->$backend(@_);
}
if ( $self->{args}->{jsonSerialize} ) {
require Lemonldap::NG::Common::Apache::Session::Serialize::JSON;
$self->{serialize} =
\&Lemonldap::NG::Common::Apache::Session::Serialize::JSON::serialize;
$self->{unserialize} =
......
#######################################################
#
# Lemonldap::NG::Common::Apache::Session::Serialize::JSON
# Serializes session objects using JSON
# Copyright(c) 2015 Xavier Guimard (x.guimard@free.fr)
# Distribute under the GPL2 License
#
#######################################################
package Lemonldap::NG::Common::Apache::Session::Serialize::JSON;
use strict;
......@@ -35,6 +26,8 @@ sub unserialize {
=head1 NAME
=encoding utf8
Lemonldap::NG::Common::Apache::Session::Serialize::JSON - Use JSON to zip up data
=head1 SYNOPSIS
......@@ -50,11 +43,54 @@ This module fulfills the serialization interface of Apache::Session.
It serializes the data in the session object by use of JSON C<encode_json>
and C<decode_json>. The serialized data is UTF-8 text.
=head1 AUTHOR
This module was written by Xavier Guimard <x.guimard@free.fr> using other
Apache::Session serializer written by Jeffrey William Baker <jwbaker@acm.org>.
=head1 SEE ALSO
L<JSON>, L<Apache::Session>
=head1 AUTHORS
=over
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
=item François-Xavier Deltombe, E<lt>fxdeltombe@gmail.com.E<gt>
=item Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=item Thomas Chemineau, E<lt>thomas.chemineau@gmail.comE<gt>
=back
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://jira.ow2.org>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
=over
=item Copyright (C) 2015 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=back
This library is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see L<http://www.gnu.org/licenses/>.
=cut
......@@ -10,7 +10,9 @@ package Lemonldap::NG::Common::Conf;
use strict;
no strict 'refs';
use Lemonldap::NG::Common::Conf::Constants; #inherits
use Lemonldap::NG::Common::Conf::Attributes; #inherits
# TODO: don't import this big file, use a proxy
use Lemonldap::NG::Common::Conf::DefaultValues; #inherits
use Lemonldap::NG::Common::Crypto
; #link protected cipher Object "cypher" in configuration hash
use Config::IniFiles;
......@@ -20,7 +22,7 @@ use Config::IniFiles;
#inherits Lemonldap::NG::Common::Conf::SOAP
#inherits Lemonldap::NG::Common::Conf::LDAP
our $VERSION = '1.4.4';
our $VERSION = '1.5.99';
our $msg = '';
our $iniObj;
......@@ -108,12 +110,12 @@ sub new {
# @param $conf Lemonldap::NG configuration hashRef
# @return Number of the saved configuration, 0 if case of error.
sub saveConf {
my ( $self, $conf ) = @_;
my ( $self, $conf, %args ) = @_;
my $last = $self->lastCfg;
# If configuration was modified, return an error
if ( not $self->{force} ) {
if ( not $args{force} ) {
return CONFIG_WAS_CHANGED if ( $conf->{cfgNum} != $last );
return DATABASE_LOCKED if ( $self->isLocked() or not $self->lock() );
}
......@@ -169,24 +171,31 @@ sub getConf {
else {
eval { $r = $self->{refLocalStorage}->get('conf') } if ($>);
$msg = "Warn: $@" if ($@);
if ( ref($r) and $r->{cfgNum} == $args->{cfgNum} ) {
if ( ref($r)
and $r->{cfgNum}
and $args->{cfgNum}
and $r->{cfgNum} == $args->{cfgNum} )
{
$msg .=
"Configuration unchanged, get configuration from cache.\n";
$args->{noCache} = 1;
}
else {
$r = $self->getDBConf($args);
return undef unless ( ref($r) );
return undef unless ( $r->{cfgNum} );
# Adapt some values before storing in local cache
# Get default values
my $confAttributes =
Lemonldap::NG::Common::Conf::Attributes->new();
# TODO: default values may not be set here
unless ( $args->{raw} ) {
my @attributes = $confAttributes->meta()->get_attribute_list();
# Adapt some values before storing in local cache
# Get default values
my $defaultValues =
Lemonldap::NG::Common::Conf::DefaultValues
->defaultValues();
foreach my $name (@attributes) {
$r->{$name} //= $confAttributes->$name;
foreach my $k ( keys %$defaultValues ) {
$r->{$k} //= $defaultValues->{$k};
}
}
# Convert old option useXForwardedForIP into trustedProxies
......@@ -211,15 +220,20 @@ sub getConf {
# Store modified configuration in cache
$self->setLocalConf($r)
if ( $self->{refLocalStorage} and not( $args->{noCache} ) );
if ( $self->{refLocalStorage}
and not( $args->{noCache} or $args->{raw} ) );
}
}
# Create cipher object
eval { $r->{cipher} = Lemonldap::NG::Common::Crypto->new( $r->{key} ); };
if ($@) {
$msg .= "Bad key: $@. \n";
unless ( $args->{raw} ) {
eval {
$r->{cipher} = Lemonldap::NG::Common::Crypto->new( $r->{key} );
};
if ($@) {
$msg .= "Bad key: $@. \n";
}
}
# Return configuration hash
......@@ -345,7 +359,8 @@ sub getDBConf {
: $a[0];
}
my $conf = $self->load( $args->{cfgNum} );
$msg .= "Get configuration $conf->{cfgNum}.\n";
$msg .= "Get configuration $conf->{cfgNum}.\n"
if ( defined $conf->{cfgNum} );
$self->setLocalConf($conf)
if ( ref($conf)
and $self->{refLocalStorage}
......@@ -418,7 +433,7 @@ sub load {
sub delete {
my ( $self, $c ) = @_;
my @a = $self->available();
return 0 unless ( grep {$_ eq $c} @a );
return 0 unless ( grep { $_ eq $c } @a );
return &{ $self->{type} . '::delete' }( $self, $c );
}
......
##@file
# All configuration attributes
##@class
# All configuration attributes
package Lemonldap::NG::Common::Conf::Attributes;
use Mouse;
our $VERSION = '2.0.0';
## A
has 'activeTimer' => (
is => 'rw',
isa => 'Bool',
default => '1',
documentation => 'Enable timers on portal pages',
);
has 'apacheAuthnLevel' => (
is => 'rw',
isa => 'Int',
default => '4',
documentation => 'Apache authentication level',
);
has 'applicationList' => (
is => 'rw',
isa => 'HashRef',
default => sub {
return {
'default' => { catname => 'Default category', type => "category" },
};
},
documentation => 'Applications list',
);
has 'authChoiceParam' => (
is => 'rw',
isa => 'Str',
default => 'lmAuth',
documentation => 'HTTP parameter to store choosen authentication method',
);
has 'authentication' => (
is => 'rw',
isa => 'Str',
default => 'Demo',
documentation => 'Authentication module',
);
## B
has 'browserIdAuthnLevel' => (
is => 'rw',
isa => 'Int',
default => '1',
documentation => 'Browser ID authentication level',
);
## C
has 'captcha_login_enabled' => (
is => 'rw',
isa => 'Bool',
default => '0',
documentation => 'Captcha on login page',
);
has 'captcha_mail_enabled' => (
is => 'rw',
isa => 'Bool',
default => '0',
documentation => 'Captcha on password reset page',
);
has 'captcha_register_enabled' => (
is => 'rw',
isa => 'Bool',
default => '1',
documentation => 'Captcha on account creation page',
);
has 'captcha_size' => (
is => 'rw',
isa => 'Int',
default => '6',
documentation => 'Captcha size',
);
has 'captchaStorage' => (
is => 'rw',
isa => 'Str',
default => 'Apache::Session::File',
documentation => 'Captcha backend module',
);
has 'captchaStorageOptions' => (
is => 'rw',
isa => 'HashRef',
default => sub {
return { 'Directory' => '/var/lib/lemonldap-ng/captcha/', };
},
documentation => 'Captcha backend module options',
);
has 'casAccessControlPolicy' => (
is => 'rw',
isa => 'Str',
default => 'none',
documentation => 'CAS access control policy',
);
has 'casAttributes' => (
is => 'rw',
isa => 'HashRef',
default => sub { return {}; },
documentation => 'CAS Issuer exported attributes',
);
has 'CAS_authnLevel' => (
is => 'rw',
isa => 'Int',
default => '1',
documentation => 'CAS authentication level',
);
has 'CAS_pgtFile' => (
is => 'rw',
isa => 'Str',
default => '/tmp/pgt.txt',
documentation => 'CAS PGT file',
);
has 'cda' => (
is => 'rw',
isa => 'Bool',
default => '0',
documentation => 'Enable Cross Domain Authentication',
);
has 'cfgNum' => (
is => 'rw',
isa => 'Int',
default => '0',
documentation => 'Configuration number',
);
has 'checkXSS' => (
is => 'rw',
isa => 'Bool',
default => '1',
documentation => 'Check XSS',
);
has 'confirmFormMethod' => (
is => 'rw',
isa => 'Str',
default => 'post',
documentation => 'HTTP method for confirm page form',
);
has 'cookieName' => (
is => 'rw',
isa => 'Str',
default => 'lemonldap',
documentation => 'Name of the cookie',
);
## D
has 'dbiAuthnLevel' => (
is => 'rw',
isa => 'Int',
default => '2',
documentation => 'DBI authentication level',
);
has 'dbiExportedVars' => (
is => 'rw',
isa => 'HashRef',
default => sub { return {}; },
documentation => 'DBI exported variables',
);
has 'demoExportedVars' => (
is => 'rw',
isa => 'HashRef',
default => sub { return { cn => 'cn', mail => 'mail', uid => 'uid', }; },
documentation => 'Demo exported variables',
);
has 'domain' => (
is => 'rw',
isa => 'Str',
default => 'example.com',
documentation => 'DNS domain',
);
## E
has 'exportedVars' => (
is => 'rw',
isa => 'HashRef',
default => sub { return { 'UA' => 'HTTP_USER_AGENT' }; },
documentation => 'Main exported variables',
);
## F
has 'facebookAuthnLevel' => (
is => 'rw',
isa => 'Int',
default => '1',
documentation => 'Facebook authentication level',
);
has 'facebookExportedVars' => (
is => 'rw',
isa => 'HashRef',
default => sub { return {}; },
documentation => 'Facebook exported variables',
);
has 'failedLoginNumber' => (
is => 'rw',
isa => 'Int',
default => '5',
documentation => 'Number of failures stored in login history',
);
## G
has 'globalStorage' => (
is => 'rw',
isa => 'Str',
default => 'Apache::Session::File',
documentation => 'Session backend module',
);
has 'globalStorageOptions' => (
is => 'rw',
isa => 'HashRef',
default => sub {
return {
'Directory' => '/var/lib/lemonldap-ng/sessions/',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/',
'generateModule' =>
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
};
},
documentation => 'Session backend module options',
);
has 'googleAuthnLevel' => (
is => 'rw',
isa => 'Int',
default => '1',
documentation => 'Google authentication level',
);
has 'googleExportedVars' => (
is => 'rw',
isa => 'HashRef',
default => sub { return {}; },
documentation => 'Google exported variables',
);
has 'groups' => (
is => 'rw',
isa => 'HashRef',
default => sub { return {}; },
documentation => 'Groups',
);
## H
has 'hiddenAttributes' => (
is => 'rw',
isa => 'Str',
default => '_password',
documentation => 'Name of attributes to hide in logs',
);
has 'hideOldPassword' => (
is => 'rw',
isa => 'Bool',
default => '0',
documentation => 'Hide old password in portal',
);
has 'httpOnly' => (
is => 'rw',
isa => 'Bool',
default => '1',
documentation => 'Enable httpOnly flag in cookie',
);
has 'https' => (
is => 'rw',
isa => 'Bool',
default => '0',
documentation => 'Use HTTPS for redirection from portal',
);
## I
has 'infoFormMethod' => (
is => 'rw',
isa => 'Str',
default => 'get',
documentation => 'HTTP method for info page form',
);
has 'issuerDBCASActivation' => (
is => 'rw',
isa => 'Bool',
default => '0',
documentation => 'CAS server activation',
);
has 'issuerDBCASPath' => (
is => 'rw',
isa => 'Str',
default => '^/cas/',
documentation => 'CAS server request path',
);
has 'issuerDBCASRule' => (
is => 'rw',
isa => 'Str',
default => '1',
documentation => 'CAS server rule',
);
has 'issuerDBOpenIDActivation' => (
is => 'rw',
isa => 'Bool',
default => '0',
documentation => 'OpenID server activation',
);
has 'issuerDBOpenIDConnectActivation' => (