Commit d1646392 authored by Xavier Guimard's avatar Xavier Guimard

Split soap/rest server in config/sessions (#970)

parent 2250202f
......@@ -25,6 +25,7 @@ use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wpSslOpt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost))$/;
our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession', 'persistent', 'saml', 'oidc' );
sub NO {qr/^(?:off|no|0)?$/i}
......@@ -47,6 +48,7 @@ our %EXPORT_TAGS = (
APPLYSECTION
NO
$hashParameters
@sessionTypes
)
]
);
......
......@@ -201,7 +201,8 @@ sub defaultValues {
'http://auth.example.com/Lemonldap/NG/Common/CGI/SOAPService',
'proxy' => 'http://auth.example.com/index.pl/sessions'
},
'rest' => 0,
'restConfigServer' => 0,
'restSessionServer' => 0,
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
'samlAuthnContextMapKerberos' => 4,
......@@ -267,7 +268,8 @@ sub defaultValues {
'slaveAuthnLevel' => 2,
'slaveExportedVars' => {},
'SMTPServer' => '',
'Soap' => 0,
'soapConfigServer' => 0,
'soapSessionServer' => 0,
'SSLAuthnLevel' => 5,
'storePassword' => 0,
'successLoginNumber' => 5,
......
......@@ -30,6 +30,7 @@ sub delSession {
sub session {
my ( $self, $req, $id, $skey ) = @_;
my ( %h, $res );
return $self->sendError( $req, 'Bad request', 400 ) unless($id);
my $mod = $self->getMod($req)
or return $self->sendError( $req, undef, 400 );
......
......@@ -2024,7 +2024,11 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'remotePortal' => {
'type' => 'text'
},
'rest' => {
'restConfigServer' => {
'default' => 0,
'type' => 'bool'
},
'restSessionServer' => {
'default' => 0,
'type' => 'bool'
},
......@@ -2690,12 +2694,16 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/,
'type' => 'text'
},
'Soap' => {
'soapAuthService' => {
'type' => 'text'
},
'soapConfigServer' => {
'default' => 0,
'type' => 'bool'
},
'soapAuthService' => {
'type' => 'text'
'soapSessionServer' => {
'default' => 0,
'type' => 'bool'
},
'soapSessionService' => {
'type' => 'text'
......
......@@ -153,13 +153,12 @@ sub run {
$tmp = undef;
printf STDERR $format, $self->managerConstantsFile;
my $sessionTypes = join( "', '", @sessionTypes );
open F, ">", $self->managerConstantsFile or die($!);
my $exportedVars = '$'
. join( 'Keys $',
'simpleHash', 'doubleHash', 'specialNode', sort keys %cnodesRe )
. 'Keys $specialNodeHash @sessionTypes $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters';
. 'Keys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters';
print F <<EOF;
# This file is generated by $module. Don't modify it by hand
package Lemonldap::NG::Manager::Constants;
......@@ -182,8 +181,6 @@ our \$specialNodeHash = {
oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)],
};
our \@sessionTypes = ( '$sessionTypes' );
EOF
# Reinitialize $attributes
......@@ -271,6 +268,7 @@ $defaultAttr}
$ra->add($_);
}
my $sessionTypes = join( "', '", @sessionTypes );
my $confConstants =
"our \$hashParameters = qr/^" . $ra->as_string . "\$/;\n";
open( F, ">", $self->confConstantsFile ) or die($!);
......@@ -301,6 +299,7 @@ use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
$confConstants
our \@sessionTypes = ( '$sessionTypes' );
sub NO {qr/^(?:off|no|0)?\$/i}
......@@ -323,6 +322,7 @@ our %EXPORT_TAGS = (
APPLYSECTION
NO
\$hashParameters
\@sessionTypes
)
]
);
......
......@@ -944,17 +944,27 @@ sub attributes {
},
# REST server
rest => {
restSessionServer => {
default => 0,
type => 'bool',
documentation => 'Enable REST services',
documentation => 'Enable REST session server',
},
restConfigServer => {
default => 0,
type => 'bool',
documentation => 'Enable REST config server',
},
# SOAP server
Soap => {
soapSessionServer => {
default => 0,
type => 'bool',
documentation => 'Enable SOAP services',
documentation => 'Enable SOAP session server',
},
soapConfigServer => {
default => 0,
type => 'bool',
documentation => 'Enable SOAP config server',
},
exportedAttr => {
type => 'text',
......
......@@ -510,11 +510,14 @@ sub tree {
help => 'start.html#advanced_features',
nodes => [
'customFunctions',
'rest',
{
title => 'soap',
title => 'portalServers',
form => 'simpleInputContainer',
nodes => [ 'Soap', 'exportedAttr' ]
nodes => [
'restSessionServer', 'restConfigServer',
'soapSessionServer', 'soapConfigServer',
'exportedAttr'
]
},
{
title => 'loginHistory',
......
......@@ -7,7 +7,7 @@ use base qw(Exporter);
our $VERSION = '2.0.0';
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash @sessionTypes $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters)] );
our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters)] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = ( @{ $EXPORT_TAGS{'all'} } );
......@@ -19,8 +19,6 @@ our $specialNodeHash = {
oidcRPMetaDataNodes => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)],
};
our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession', 'persistent', 'saml', 'oidc' );
our $doubleHashKeys = 'issuerDBGetParameters';
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wpSslOpt)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))';
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
......
......@@ -181,7 +181,7 @@
"enabled": "Enabled",
"enterPassword": "Enter password (optional)",
"error": "Error",
"exportedAttr": "SOAP exported attributes",
"exportedAttr": "SOAP/REST exported attributes",
"exportedHeaders": "Exported headers",
"exportedVars": "Exported Variables",
"facebookAppId": "Facebook application ID",
......@@ -508,6 +508,7 @@
"portalPingInterval": "Ping Interval",
"portalRedirection": "Portal redirections",
"portalRequireOldPassword": "Require old password",
"portalServers": "Portal servers",
"portalSkin": "Default Skin",
"portalSkinBackground": "Skin background",
"portalSkinRules": "Skin display rules",
......@@ -544,7 +545,8 @@
"remoteParams": "Remote parameters",
"remotePortal": "Portal URL",
"replaceByFile": "Replace by file",
"rest": "Portal REST server",
"restConfigServer": "REST configuration server",
"restSessionServer": "REST session server",
"restore": "Restore",
"restoreConf": "Restore configuration",
"returnUrl": "Return URL",
......@@ -589,8 +591,8 @@
"SMTPAuthPass": "SMTP password",
"SMTPAuthUser": "SMTP user",
"SMTPServer": "SMTP server",
"soap": "Portal SOAP server",
"Soap": "Activation",
"soapConfigServer": "SOAP configuration server",
"soapSessionServer": "SOAP session server",
"soapAuthService": "Portal URL",
"soapSessionService": "SOAP sessions end point",
"specialHandlers": "Special Handlers",
......
......@@ -181,7 +181,7 @@
"enabled": "Activé",
"enterPassword": "Entrer le mot de passe (optionnel)",
"error": "Erreur",
"exportedAttr": "Attributs exportés par le portail (SOAP)",
"exportedAttr": "Attributs exportés par le portail (SOAP/REST)",
"exportedHeaders": "En-têtes exportés",
"exportedVars": "Attributs à exporter",
"facebookAppId": "ID de l'application Facebook",
......@@ -508,6 +508,7 @@
"portalPingInterval": "Interval du ping",
"portalRedirection": "Redirections du portail",
"portalRequireOldPassword": "Ancien mot de passe requis",
"portalServers": "Serveurs du portail",
"portalSkin": "Thème visuel par défaut",
"portalSkinBackground": "Image de fond",
"portalSkinRules": "Règles d'affichage du thème visuel",
......@@ -544,7 +545,8 @@
"remoteParams": "Paramètres Remote",
"remotePortal": "URL du portail",
"replaceByFile": "Remplacer par le fichier",
"rest": "Serveur REST du portail",
"restConfigServer": "Serveur de configurations REST",
"restSessionServer": "Serveur de sessions REST",
"restore": "Restaurer",
"restoreConf": "Restaurer la configuration",
"returnUrl": "URL de retour",
......@@ -589,8 +591,8 @@
"SMTPAuthPass": "Mot de passe SMTP",
"SMTPAuthUser": "Utilisateur SMTP",
"SMTPServer": "Serveur SMTP",
"soap": "Serveur SOAP du portail",
"Soap": "Activation",
"soapConfigServer": "Serveur de configurations SOAP",
"soapSessionServer": "Serveur de sessions SOAP",
"soapAuthService": "URL du portail",
"soapSessionService": "Point d'accès SOAP des sessions",
"specialHandlers": "Handlers spéciaux",
......
......@@ -36,10 +36,14 @@ sub enabledPlugins {
#}
# Check if SOAP is enabled
push @res, '::Plugins::SOAPServer' if ( $self->conf->{Soap} );
push @res, '::Plugins::SOAPServer'
if ( $self->conf->{soapSessionServer}
or $self->conf->{soapConfigServer} );
# Check if REST is enabled
push @res, '::Plugins::RESTServer' if ( $self->conf->{rest} );
push @res, '::Plugins::RESTServer'
if ( $self->conf->{restSessionServer}
or $self->conf->{soapSessionServer} );
# Check if notification is enabled
push @res, '::Plugins::Notifications' if ( $self->conf->{notifications} );
......
......@@ -30,11 +30,72 @@ use Mouse;
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
sub init {
my ($self) = @_;
1;
my @parents = ('Lemonldap::NG::Portal::Main::Plugin');
if ( $self->conf->{restConfigServer} ) {
push @parents, 'Lemonldap::NG::Common::Conf::RESTServer';
# Methods inherited from Lemonldap::NG::Common::Conf::RESTServer
$self->addUnauthRoute(
confs => {
':cfgNum' => [
qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes
applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes
authChoiceModules grantSessionRules)
]
},
['GET'],
);
$self->addUnauthRoute(
confs => { ':cfgNum' => { '*' => 'getKey' } },
['GET']
);
}
if ( $self->conf->{restSessionServer} ) {
push @parents, 'Lemonldap::NG::Common::Session::REST';
# Methods inherited from Lemonldap::NG::Common::Session::REST
$self->addUnauthRoute(
sessions => { ':sessionType' => 'session' },
['GET']
);
$self->addUnauthRoute(
sessions => { ':sessionType' => 'newSession' },
['POST']
);
$self->addUnauthRoute(
sessions =>
{ ':sessionType' => { ':sessionId' => 'updateSession' } },
['PUT']
);
$self->addUnauthRoute(
sessions => { ':sessionType' => { ':sessionId' => 'delSession' } },
['DELETE']
);
}
$self->addAuthRoute(
authorization => 'isUrlAuthorized',
[ 'GET', 'POST' ]
);
extends @parents;
return 1;
}
sub updateSession {
my ( $self, $req ) = @_;
}
sub delSession {
my ( $self, $req ) = @_;
}
sub isUrlAuthorized {
my ( $self, $req ) = @_;
}
1;
......@@ -65,12 +65,19 @@ sub init {
return 0;
}
$self->server( Lemonldap::NG::Common::PSGI::SOAPServer->new );
$self->addUnauthRoute( sessions => 'unauthSessions', ['POST'] );
$self->addUnauthRoute( adminSessions => 'unauthAdminSessions', ['POST'] );
$self->addUnauthRoute( config => 'config', ['POST'] );
$self->addAuthRoute( sessions => 'badSoapRequest', ['POST'] );
$self->addAuthRoute( adminSessions => 'badSoapRequest', ['POST'] );
$self->addAuthRoute( config => 'badSoapRequest', ['POST'] );
if ( $self->conf->{soapSessionServer} ) {
$self->addUnauthRoute( sessions => 'unauthSessions', ['POST'] );
$self->addUnauthRoute(
adminSessions => 'unauthAdminSessions',
['POST']
);
$self->addAuthRoute( sessions => 'badSoapRequest', ['POST'] );
$self->addAuthRoute( adminSessions => 'badSoapRequest', ['POST'] );
}
if ( $self->conf->{soapConfigServer} ) {
$self->addUnauthRoute( config => 'config', ['POST'] );
$self->addAuthRoute( config => 'badSoapRequest', ['POST'] );
}
1;
}
......@@ -211,8 +218,7 @@ sub getAttributes {
push @tmp, SOAP::Data->name( error => 0 )->type('int');
push @tmp,
SOAP::Data->name( attributes =>
_buildSoapHash( $session->data, @{ $self->exportedAttr } )
);
_buildSoapHash( $session->data, @{ $self->exportedAttr } ) );
}
my $res = SOAP::Data->name( session => \SOAP::Data->value(@tmp) );
return $res;
......
......@@ -99,13 +99,13 @@ sub issuer {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
templatesDir => 'site/htdocs/static',
domain => 'idp.com',
portal => 'http://auth.idp.com',
authentication => 'Demo',
userDB => 'Demo',
Soap => 1,
logLevel => $debug,
templatesDir => 'site/htdocs/static',
domain => 'idp.com',
portal => 'http://auth.idp.com',
authentication => 'Demo',
userDB => 'Demo',
soapSessionServer => 1,
}
}
);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment