Commit d097b4ec authored by Yadd's avatar Yadd
Browse files

Enable setAuthSessionInfo (#595)

parent 0b104108
......@@ -89,7 +89,9 @@ sub searchOn {
sub {
my $entry = shift;
my $id = shift;
return undef unless ( $entry->{$selectField} eq $value );
return undef
unless ( $entry->{$selectField}
and $entry->{$selectField} eq $value );
if (@fields) {
$res{$id}->{$_} = $entry->{$_} foreach (@fields);
}
......
......@@ -28,7 +28,9 @@ sub update {
#TODO: remove cache on all LL::NG instances if updateCache == 1
unless ( $session->{args}->{updateCache} == -1 ) {
unless ( defined( $session->{args}->{updateCache} )
and $session->{args}->{updateCache} == -1 )
{
# Update session in cache
my $id = $session->{data}->{_session_id};
......@@ -36,7 +38,9 @@ sub update {
$self->cache->set( $id, $session->{serialized} );
}
unless ( $session->{args}->{updateCache} == 2 ) {
unless ( defined( $session->{args}->{updateCache} )
and $session->{args}->{updateCache} == 2 )
{
# Update session in backend
return $self->module->update($session);
......
......@@ -33,6 +33,12 @@ sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{apacheAuthnLevel};
PE_OK;
}
sub authLogout {
PE_OK;
}
......
......@@ -133,6 +133,14 @@ sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{browserIdAuthnLevel};
$req->{sessionInfo}->{_browserIdAnswer} = $self->conf->{browserIdAnswer};
$req->{sessionInfo}->{_browserIdAnswerRaw} = $self->conf->{browserIdAnswerRaw};
PE_OK;
}
sub authLogout {
$_[1]->{customParameters}->{browserIdLoadLoginScript} = 1;
PE_OK;
......
......@@ -20,6 +20,10 @@ sub authenticate {
return $_[1]->datas->{enabledMods0}->[0]->authenticate( $_[1] );
}
sub setAuthSessionInfo {
return $_[1]->datas->{enabledMods0}->[0]->setAuthSessionInfo( $_[1] );
}
sub authLogout {
$_[0]->checkChoice( $_[1] ) or return PE_OK;
return $_[1]->datas->{enabledMods0}->[0]->authLogout( $_[1] );
......
......@@ -119,6 +119,12 @@ sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{facebookAuthnLevel};
PE_OK;
}
sub authFinish {
PE_OK;
}
......
......@@ -26,6 +26,13 @@ sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{'_user'} = 'anonymous';
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{nullAuthnLevel};
PE_OK;
}
sub authLogout {
PE_OK;
}
......
......@@ -25,6 +25,15 @@ sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
# Store password (deleted in checkRemoteId() if local policy does not accept
# stored passwords)
$req->{sessionInfo}->{'_password'} = $req->datas->{'password'};
PE_OK;
}
sub authLogout {
PE_OK;
}
......
......@@ -965,12 +965,12 @@ sub extractFormInfo {
# Set signature
my $signSSOMessage =
$self->conf->{samlIDPMetaDataOptions}->{$idpConfKey}
->{samlIDPMetaDataOptionsSignSSOMessage};
->{samlIDPMetaDataOptionsSignSSOMessage} // -1;
# Authentication Context
my $requestedAuthnContext =
$self->conf->{samlIDPMetaDataOptions}->{$idpConfKey}
->{samlIDPMetaDataOptionsRequestedAuthnContext};
->{samlIDPMetaDataOptionsRequestedAuthnContext} // '';
$requestedAuthnContext = $self->getAuthnContext($requestedAuthnContext)
if $requestedAuthnContext;
......@@ -1068,6 +1068,10 @@ sub extractFormInfo {
}
sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
my $login = $req->datas->{_lassoLogin};
my $idp = $req->datas->{_idp};
......
......@@ -41,6 +41,12 @@ sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{SSLAuthnLevel};
PE_OK;
}
sub getDisplayType {
return "logo";
}
......
......@@ -40,6 +40,12 @@ sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{slaveAuthnLevel};
PE_OK;
}
sub authLogout {
my ( $self, $req ) = @_;
PE_OK;
......
......@@ -14,6 +14,14 @@ our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Auth::Base';
has authnLevel => (
is => 'rw',
builder => sub {
my $conf = $_[0]->{conf};
return ( $conf->{portal} =~ /^https/ ? 2 : 1 );
},
);
# INITIALIZATION
sub init {
......@@ -113,15 +121,7 @@ sub setAuthSessionInfo {
my ( $self, $req ) = @_;
# authenticationLevel
# +1 for user/password with HTTPS
$self->{_authnLevel} //= 1;
$self->{_authnLevel} += 1 if $self->https();
#TODO: check where _authnLevel is defined
$self->{sessionInfo}->{authenticationLevel} = $self->{_authnLevel};
# Store user submitted login for basic rules
$self->{sessionInfo}->{'_user'} = $self->{'user'};
$self->{sessionInfo}->{authenticationLevel} = $self->authnLevel;
# Store submitted password if set in configuration
# WARNING: it can be a security hole
......
......@@ -56,7 +56,7 @@ sub _redirect {
$req->{urldc} =
$self->conf->{portal}
. $req->path
. ( $req->query ? '?' . $req->query : () );
. ( $req->query ? '?' . $req->query : '' );
# TODO: launch normal process with 'run' at the end
return $self->p->do(
......
......@@ -220,7 +220,7 @@ sub checkXSSAttack {
sub extractFormInfo {
my ( $self, $req ) = @_;
my $ret = $self->_authentication->extractFormInfo($req);
if ( $ret == PE_OK and not ($req->user or $req->continue) ) {
if ( $ret == PE_OK and not( $req->user or $req->continue ) ) {
$self->lmLog(
'Authentication module succeed but has not set $req->user',
'error' );
......@@ -242,11 +242,21 @@ sub authenticate {
# Third block: Session data providing
# -----------------------------------
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
my $ret = $self->_authentication->setAuthSessionInfo($req);
if ( $ret == PE_OK and not( $req->sessionInfo->{authenticationLevel} ) ) {
$self->lmLog( 'Authentication level is not set by auth module',
'error' );
}
return $ret;
}
sub setSessionInfo {
my ( $self, $req ) = @_;
# Set _user
$req->{sessionInfo}->{_user} = $req->{user};
$req->{sessionInfo}->{_user} //= $req->{user};
# Get the current user module
$req->{sessionInfo}->{_auth} = $self->getModule( $req, "auth" );
......
......@@ -19,7 +19,7 @@ use strict;
sub authProcess { qw(extractFormInfo getUser authenticate) }
sub sessionDatas {
qw(setSessionInfo setMacros setGroups setPersistentSessionInfo
qw(setAuthSessionInfo setSessionInfo setMacros setGroups setPersistentSessionInfo
setLocalGroups store buildCookie);
}
......
......@@ -7,7 +7,7 @@ BEGIN {
}
my $maintests = 25;
my $debug = 'debug';
my $debug = 'error';
my $res;
my %handlerOR = ( issuer => [], sp => [] );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment