Commit be26e3cb authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

WIP - Decrease authLevel skeleton (#1784)

parent bf8022b8
Pipeline #5791 failed with stage
in 10 minutes and 17 seconds
......@@ -193,12 +193,13 @@ sub defaultValuesInit {
my ( $class, $conf ) = @_;
$class->tsv->{$_} = $conf->{$_} foreach ( qw(
cookieExpiration cookieName customFunctions
cookieExpiration cookieName customFunctions
cookieExpiration cookieName customFunctions
securedCookie timeout timeoutActivity
timeoutActivityInterval useRedirectOnError useRedirectOnForbidden
useSafeJail whatToTrace handlerInternalCache
handlerServiceTokenTTL decreaseAuthLevelInterval httpOnly
decreaseCounter
)
);
......
......@@ -11,6 +11,7 @@ use strict;
use MIME::Base64;
use URI::Escape;
use Lemonldap::NG::Common::Session;
use Data::Dumper;
# Methods that must be overloaded
......@@ -148,8 +149,9 @@ sub run {
# ACCOUNTING (1. Inform web server)
$class->set_user( $req, $session->{ $class->tsv->{whatToTrace} } );
# Decrease authentication level if required
$class->decreaseAuthLevel( $req, $session );
# # Decrease authentication level if required
# $class->decreaseAuthLevel( $req, $session, $id )
# if ( $class->tsv->{decreaseAuthLevelInterval} );
# AUTHORIZATION
return ( $class->forbidden( $req, $session ), $session )
......@@ -437,7 +439,7 @@ sub retrieveSession {
# 1. Search if the user was the same as previous (very efficient in
# persistent connection).
# NB: timout is here the same value as current HTTP/1.1 Keep-Alive timeout
# (15 seconds)
# (15 seconds by default)
if ( defined $class->data->{_session_id}
and $id eq $class->data->{_session_id}
and
......@@ -524,6 +526,33 @@ sub retrieveSession {
}
}
if ( $class->tsv->{decreaseAuthLevelInterval}
&& ($session->data->{authenticationLevel} > 1) )
{
$class->logger->debug(" -> Check if AuthLevel must be decreased");
# Update the session to notify activity, if necessary
if ( $now > ( $class->tsv->{_lastAuthnUTime} +
$class->tsv->{decreaseAuthLevelInterval} * ($class->tsv->{_decreaseCounter} + 1)) )
{
my $authLevel = $session->{data}->{authenticationLevel};
my $counter = $session->{data}->{_decreaseCounter} || 0;
$class->logger->debug(
"****************** req :" . Data::Dumper::Dumper($req) );
$class->data( $session->data );
$class->logger->debug(
"Decrease $session->{data}->{uid} authenticationLevel from $authLevel to " . --$authLevel );
$req->data->{session}->update( { 'authenticationLevel' => 5,'_decreaseCounter' => ++$counter } );
if ( $session->error ) {
$class->logger->error("Cannot update session $id");
$class->logger->error( $req->data->{session}->error );
}
else {
$class->logger->debug("Update authenticationLevel with $authLevel");
}
}
}
$class->dataUpdate($now);
return $session->data;
}
......@@ -834,13 +863,33 @@ sub postJavascript {
. "</script>\n";
}
sub decreaseAuthLevel {
my ( $class, $req, $session ) = @_;
if ( $class->tsv->{decreaseAuthLevelInterval} ) {
$session->{authenticationLevel} = 1;
#$session->update( { authenticationLevel => 1 } );
}
}
# sub decreaseAuthLevel {
# my ( $class, $req, $session, $id ) = @_;
# return if ( $session->{authenticationLevel} == 1 );
# $class->logger->debug("************ -> Call decreaseAuthLevel");
# my $now = time();
# # Update the session to notify activity, if necessary
# if ( $now > $class->tsv->{_lastAuthnUTime} +
# $class->tsv->{decreaseAuthLevelInterval} )
# {
# $class->logger->debug("Decrease authnLevel". Data::Dumper::Dumper($session));
# $class->logger->debug("****************** req :" . Data::Dumper::Dumper($req));
# $req->data->{session}->update(
# { 'authenticationLevel' => 5 } ,{ updateCache => 2 } );
# $class->data( $session->data );
# if ( $session->error ) {
# $class->logger->error("Cannot update session $id");
# $class->logger->error( $req->data->{session}->error );
# }
# else {
# $class->logger->debug("Update _lastSeen with $now");
# }
# $class->dataUpdate($now);
# }
# }
1;
......@@ -1087,6 +1087,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 0,
'type' => 'int'
},
'decreaseCounter' => {
'default' => 0,
'type' => 'int'
},
'demoExportedVars' => {
'default' => {
'cn' => 'cn',
......
......@@ -531,6 +531,12 @@ sub attributes {
documentation => 'Decrease authentication level interval',
flags => 'hp',
},
decreaseCounter => {
type => 'int',
default => 0,
documentation => 'Decrease counter',
flags => 'h',
},
# Loggers (ini only)
logLevel => {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment