Split soap/rest server in config/sessions (#970)

d1646392 · Yadd · 2250202f · d1646392 · d1646392 · d1646392
Commit d1646392 authored Jan 08, 2017 by Yadd
16 changed files
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
@@ -25,6 +25,7 @@ use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
 use constant APPLYSECTION            => "apply";
 our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wpSslOpt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost))$/;
+our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession', 'persistent', 'saml', 'oidc' );
 sub NO {qr/^(?:off|no|0)?$/i}
@@ -47,6 +48,7 @@ our %EXPORT_TAGS = (
          APPLYSECTION
          NO
          $hashParameters
+          @sessionTypes 
          )
    ]
 );

--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@@ -201,7 +201,8 @@ sub defaultValues {
              'http://auth.example.com/Lemonldap/NG/Common/CGI/SOAPService',
            'proxy' => 'http://auth.example.com/index.pl/sessions'
        },
-        'rest' => 0,
+        'restConfigServer'  => 0,
+        'restSessionServer' => 0,
        'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
          'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
        'samlAuthnContextMapKerberos'                   => 4,
@@ -267,7 +268,8 @@ sub defaultValues {
        'slaveAuthnLevel'                         => 2,
        'slaveExportedVars'                       => {},
        'SMTPServer'                              => '',
-        'Soap'                                    => 0,
+        'soapConfigServer'                        => 0,
+        'soapSessionServer'                       => 0,
        'SSLAuthnLevel'                           => 5,
        'storePassword'                           => 0,
        'successLoginNumber'                      => 5,

--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
@@ -30,6 +30,7 @@ sub delSession {
 sub session {
    my ( $self, $req, $id, $skey ) = @_;
    my ( %h, $res );
+    return $self->sendError( $req, 'Bad request', 400 ) unless($id);
    my $mod = $self->getMod($req)
      or return $self->sendError( $req, undef, 400 );

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@@ -2024,7 +2024,11 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
        'remotePortal' => {
            'type' => 'text'
        },
-        'rest' => {
+        'restConfigServer' => {
+            'default' => 0,
+            'type'    => 'bool'
+        },
+        'restSessionServer' => {
            'default' => 0,
            'type'    => 'bool'
        },
@@ -2690,12 +2694,16 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
 qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$/,
            'type' => 'text'
        },
-        'Soap' => {
+        'soapAuthService' => {
+            'type' => 'text'
+        },
+        'soapConfigServer' => {
            'default' => 0,
            'type'    => 'bool'
        },
-        'soapAuthService' => {
+        'soapSessionServer' => {
-            'type' => 'text'
+            'default' => 0,
+            'type'    => 'bool'
        },
        'soapSessionService' => {
            'type' => 'text'

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build.pm
@@ -153,13 +153,12 @@ sub run {
    $tmp = undef;
    printf STDERR $format, $self->managerConstantsFile;
-    my $sessionTypes = join( "', '", @sessionTypes );
    open F, ">", $self->managerConstantsFile or die($!);
    my $exportedVars = '$'
      . join( 'Keys $',
        'simpleHash', 'doubleHash', 'specialNode', sort keys %cnodesRe )
-      . 'Keys $specialNodeHash @sessionTypes $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters';
+      . 'Keys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters';
    print F <<EOF;
 # This file is generated by $module. Don't modify it by hand
 package Lemonldap::NG::Manager::Constants;
@@ -182,8 +181,6 @@ our \$specialNodeHash = {
    oidcRPMetaDataNodes  => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)],
 };
-our \@sessionTypes = ( '$sessionTypes' );
 EOF
    # Reinitialize $attributes
@@ -271,6 +268,7 @@ $defaultAttr}
        $ra->add($_);
    }
+    my $sessionTypes = join( "', '", @sessionTypes );
    my $confConstants =
      "our \$hashParameters = qr/^" . $ra->as_string . "\$/;\n";
    open( F, ">", $self->confConstantsFile ) or die($!);
@@ -301,6 +299,7 @@ use constant MANAGERSECTION  => "manager";
 use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
 use constant APPLYSECTION            => "apply";
 $confConstants
+our \@sessionTypes = ( '$sessionTypes' );
 sub NO {qr/^(?:off|no|0)?\$/i}
@@ -323,6 +322,7 @@ our %EXPORT_TAGS = (
          APPLYSECTION
          NO
          \$hashParameters
+          \@sessionTypes 
          )
    ]
 );

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -944,17 +944,27 @@ sub attributes {
        },
        # REST server
-        rest => {
+        restSessionServer => {
            default       => 0,
            type          => 'bool',
-            documentation => 'Enable REST services',
+            documentation => 'Enable REST session server',
+        },
+        restConfigServer => {
+            default       => 0,
+            type          => 'bool',
+            documentation => 'Enable REST config server',
        },
        # SOAP server
-        Soap => {
+        soapSessionServer => {
            default       => 0,
            type          => 'bool',
-            documentation => 'Enable SOAP services',
+            documentation => 'Enable SOAP session server',
+        },
+        soapConfigServer => {
+            default      => 0,
+            type         => 'bool',
+            documentation => 'Enable SOAP config server',
        },
        exportedAttr => {
            type => 'text',

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@@ -510,11 +510,14 @@ sub tree {
                    help  => 'start.html#advanced_features',
                    nodes => [
                        'customFunctions',
-                        'rest',
                        {
-                            title => 'soap',
+                            title => 'portalServers',
                            form  => 'simpleInputContainer',
-                            nodes => [ 'Soap', 'exportedAttr' ]
+                            nodes => [
+                                'restSessionServer', 'restConfigServer',
+                                'soapSessionServer', 'soapConfigServer',
+                                'exportedAttr'
+                            ]
                        },
                        {
                            title => 'loginHistory',

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Constants.pm
@@ -7,7 +7,7 @@ use base qw(Exporter);
 our $VERSION = '2.0.0';
-our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash @sessionTypes $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters)] );
+our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters)] );
 our @EXPORT_OK   = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT      = ( @{ $EXPORT_TAGS{'all'} } );
@@ -19,8 +19,6 @@ our $specialNodeHash = {
    oidcRPMetaDataNodes  => [qw(oidcRPMetaDataOptions oidcRPMetaDataExportedVars oidcRPMetaDataOptionsExtraClaims)],
 };
-our @sessionTypes = ( 'captcha', 'remoteGlobal', 'cas', 'global', 'localSession', 'persistent', 'saml', 'oidc' );
 our $doubleHashKeys = 'issuerDBGetParameters';
 our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wpSslOpt)|ca(?:s(?:StorageOption|Attribute)|ptchaStorageOption)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))';
 our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';

--- a/lemonldap-ng-manager/site/static/languages/en.json
+++ b/lemonldap-ng-manager/site/static/languages/en.json
@@ -181,7 +181,7 @@
 "enabled": "Enabled",
 "enterPassword": "Enter password (optional)",
 "error": "Error",
-"exportedAttr": "SOAP exported attributes",
+"exportedAttr": "SOAP/REST exported attributes",
 "exportedHeaders": "Exported headers",
 "exportedVars": "Exported Variables",
 "facebookAppId": "Facebook application ID",
@@ -508,6 +508,7 @@
 "portalPingInterval": "Ping Interval",
 "portalRedirection": "Portal redirections",
 "portalRequireOldPassword": "Require old password",
+"portalServers": "Portal servers",
 "portalSkin": "Default Skin",
 "portalSkinBackground": "Skin background",
 "portalSkinRules": "Skin display rules",
@@ -544,7 +545,8 @@
 "remoteParams": "Remote parameters",
 "remotePortal": "Portal URL",
 "replaceByFile": "Replace by file",
-"rest": "Portal REST server",
+"restConfigServer": "REST configuration server",
+"restSessionServer": "REST session server",
 "restore": "Restore",
 "restoreConf": "Restore configuration",
 "returnUrl": "Return URL",
@@ -589,8 +591,8 @@
 "SMTPAuthPass": "SMTP password",
 "SMTPAuthUser": "SMTP user",
 "SMTPServer": "SMTP server",
-"soap": "Portal SOAP server",
+"soapConfigServer": "SOAP configuration server",
-"Soap": "Activation",
+"soapSessionServer": "SOAP session server",
 "soapAuthService": "Portal URL",
 "soapSessionService": "SOAP sessions end point",
 "specialHandlers": "Special Handlers",

--- a/lemonldap-ng-manager/site/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/static/languages/fr.json
@@ -181,7 +181,7 @@
 "enabled": "Activé",
 "enterPassword": "Entrer le mot de passe (optionnel)",
 "error": "Erreur",
-"exportedAttr": "Attributs exportés par le portail (SOAP)",
+"exportedAttr": "Attributs exportés par le portail (SOAP/REST)",
 "exportedHeaders": "En-têtes exportés",
 "exportedVars": "Attributs à exporter",
 "facebookAppId": "ID de l'application Facebook",
@@ -508,6 +508,7 @@
 "portalPingInterval": "Interval du ping",
 "portalRedirection": "Redirections du portail",
 "portalRequireOldPassword": "Ancien mot de passe requis",
+"portalServers": "Serveurs du portail",
 "portalSkin": "Thème visuel par défaut",
 "portalSkinBackground": "Image de fond",
 "portalSkinRules": "Règles d'affichage du thème visuel",
@@ -544,7 +545,8 @@
 "remoteParams": "Paramètres Remote",
 "remotePortal": "URL du portail",
 "replaceByFile": "Remplacer par le fichier",
-"rest": "Serveur REST du portail",
+"restConfigServer": "Serveur de configurations REST",
+"restSessionServer": "Serveur de sessions REST",
 "restore": "Restaurer",
 "restoreConf": "Restaurer la configuration",
 "returnUrl": "URL de retour",
@@ -589,8 +591,8 @@
 "SMTPAuthPass": "Mot de passe SMTP",
 "SMTPAuthUser": "Utilisateur SMTP",
 "SMTPServer": "Serveur SMTP",
-"soap": "Serveur SOAP du portail",
+"soapConfigServer": "Serveur de configurations SOAP",
-"Soap": "Activation",
+"soapSessionServer": "Serveur de sessions SOAP",
 "soapAuthService": "URL du portail",
 "soapSessionService": "Point d'accès SOAP des sessions",
 "specialHandlers": "Handlers spéciaux",

--- a/lemonldap-ng-manager/site/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/static/reverseTree.json
--- a/lemonldap-ng-manager/site/static/struct.json
+++ b/lemonldap-ng-manager/site/static/struct.json
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
@@ -36,10 +36,14 @@ sub enabledPlugins {
   #}
    # Check if SOAP is enabled
-    push @res, '::Plugins::SOAPServer' if ( $self->conf->{Soap} );
+    push @res, '::Plugins::SOAPServer'
+      if ( $self->conf->{soapSessionServer}
+        or $self->conf->{soapConfigServer} );
    # Check if REST is enabled
-    push @res, '::Plugins::RESTServer' if ( $self->conf->{rest} );
+    push @res, '::Plugins::RESTServer'
+      if ( $self->conf->{restSessionServer}
+        or $self->conf->{soapSessionServer} );
    # Check if notification is enabled
    push @res, '::Plugins::Notifications' if ( $self->conf->{notifications} );

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm
@@ -30,11 +30,72 @@ use Mouse;
 our $VERSION = '2.0.0';
+extends 'Lemonldap::NG::Portal::Main::Plugin';
 # INITIALIZATION
 sub init {
    my ($self) = @_;
-    1;
+    my @parents = ('Lemonldap::NG::Portal::Main::Plugin');
+    if ( $self->conf->{restConfigServer} ) {
+        push @parents, 'Lemonldap::NG::Common::Conf::RESTServer';
+        # Methods inherited from Lemonldap::NG::Common::Conf::RESTServer
+        $self->addUnauthRoute(
+            confs => {
+                ':cfgNum' => [
+                    qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes
+                      applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes
+                      authChoiceModules grantSessionRules)
+                ]
+            },
+            ['GET'],
+        );
+        $self->addUnauthRoute(
+            confs => { ':cfgNum' => { '*' => 'getKey' } },
+            ['GET']
+        );
+    }
+    if ( $self->conf->{restSessionServer} ) {
+        push @parents, 'Lemonldap::NG::Common::Session::REST';
+        # Methods inherited from Lemonldap::NG::Common::Session::REST
+        $self->addUnauthRoute(
+            sessions => { ':sessionType' => 'session' },
+            ['GET']
+        );
+        $self->addUnauthRoute(
+            sessions => { ':sessionType' => 'newSession' },
+            ['POST']
+        );
+        $self->addUnauthRoute(
+            sessions =>
+              { ':sessionType' => { ':sessionId' => 'updateSession' } },
+            ['PUT']
+        );
+        $self->addUnauthRoute(
+            sessions => { ':sessionType' => { ':sessionId' => 'delSession' } },
+            ['DELETE']
+        );
+    }
+    $self->addAuthRoute(
+        authorization => 'isUrlAuthorized',
+        [ 'GET', 'POST' ]
+    );
+    extends @parents;
+    return 1;
+}
+sub updateSession {
+    my ( $self, $req ) = @_;
+}
+sub delSession {
+    my ( $self, $req ) = @_;
+}
+sub isUrlAuthorized {
+    my ( $self, $req ) = @_;
 }
 1;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/SOAPServer.pm
@@ -65,12 +65,19 @@ sub init {
        return 0;
    }
    $self->server( Lemonldap::NG::Common::PSGI::SOAPServer->new );
-    $self->addUnauthRoute( sessions      => 'unauthSessions',      ['POST'] );
+    if ( $self->conf->{soapSessionServer} ) {
-    $self->addUnauthRoute( adminSessions => 'unauthAdminSessions', ['POST'] );
+        $self->addUnauthRoute( sessions => 'unauthSessions', ['POST'] );
-    $self->addUnauthRoute( config        => 'config',              ['POST'] );
+        $self->addUnauthRoute(
-    $self->addAuthRoute( sessions      => 'badSoapRequest', ['POST'] );
+            adminSessions => 'unauthAdminSessions',
-    $self->addAuthRoute( adminSessions => 'badSoapRequest', ['POST'] );
+            ['POST']
-    $self->addAuthRoute( config        => 'badSoapRequest', ['POST'] );
+        );
+        $self->addAuthRoute( sessions      => 'badSoapRequest', ['POST'] );
+        $self->addAuthRoute( adminSessions => 'badSoapRequest', ['POST'] );
+    }
+    if ( $self->conf->{soapConfigServer} ) {
+        $self->addUnauthRoute( config => 'config', ['POST'] );
+        $self->addAuthRoute( config => 'badSoapRequest', ['POST'] );
+    }
    1;
 }
@@ -211,8 +218,7 @@ sub getAttributes {
        push @tmp, SOAP::Data->name( error => 0 )->type('int');
        push @tmp,
          SOAP::Data->name( attributes =>
-              _buildSoapHash( $session->data, @{ $self->exportedAttr } )
+              _buildSoapHash( $session->data, @{ $self->exportedAttr } ) );
-          );
    }
    my $res = SOAP::Data->name( session => \SOAP::Data->value(@tmp) );
    return $res;

--- a/lemonldap-ng-portal/t/34-Auth-Proxy-and-SOAP-Server.t
+++ b/lemonldap-ng-portal/t/34-Auth-Proxy-and-SOAP-Server.t
@@ -99,13 +99,13 @@ sub issuer {
    return LLNG::Manager::Test->new(
        {
            ini => {
-                logLevel       => $debug,
+                logLevel          => $debug,
-                templatesDir   => 'site/htdocs/static',
+                templatesDir      => 'site/htdocs/static',
-                domain         => 'idp.com',
+                domain            => 'idp.com',
-                portal         => 'http://auth.idp.com',
+                portal            => 'http://auth.idp.com',
-                authentication => 'Demo',
+                authentication    => 'Demo',
-                userDB         => 'Demo',
+                userDB            => 'Demo',
-                Soap           => 1,
+                soapSessionServer => 1,
            }
        }
    );