Commit e17333aa authored by Xavier Guimard's avatar Xavier Guimard

REST in progress (#970)

parent 10509e2a
......@@ -8,10 +8,10 @@
# * PUT /sessions/<type>/<session-id> : update some keys
# * DELETE /adminSessions/<type>/<session-id> : delete a session
#
# - Session keys for connected users:
# * GET /mysession/?authorizationfor=<base64-encoded-url>: ask if url is authorizated
# * GET /mysession/<type>/key
# * DELETE /mysession to logout
# - Sessions for connected users (if restSessionServer is on):
# * GET /mysession/<type> : get session datas
# * GET /mysession/<type>/key : get session key
# * DELETE /mysession : ask for logout
#
# - Configuration (if restConfigServer is on)
# * GET /confs/latest : get the last config metadata
......@@ -19,7 +19,11 @@
# n° <cfgNum>
# * GET /confs/<latest|cfgNum>/<key> : get conf key value
# * GET /confs/<latest|cfgNum>?full : get the full configuration
# where <type> is the session type ("global" for SSO session)
# where <type> is the session type ("global" for SSO session)
#
# - Authorizations for connected users (always):
# * GET /mysession/?authorizationfor=<base64-encoded-url>: ask if url is
# authorizated
#
# Note that the "getCookie" method (authentification via SOAP) exists for REST
# requests directly by using '/' path : the portal recognize REST calls and
......@@ -40,10 +44,12 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
sub init {
my ($self) = @_;
my ($self) = @_;
my @parents = ('Lemonldap::NG::Portal::Main::Plugin');
my $add = 0;
if ( $self->conf->{restConfigServer} ) {
push @parents, 'Lemonldap::NG::Common::Conf::RESTServer';
$add++;
# Methods inherited from Lemonldap::NG::Common::Conf::RESTServer
$self->addUnauthRoute(
......@@ -63,6 +69,7 @@ sub init {
}
if ( $self->conf->{restSessionServer} ) {
push @parents, 'Lemonldap::NG::Common::Session::REST';
$add++;
# Methods inherited from Lemonldap::NG::Common::Session::REST
$self->addUnauthRoute(
......@@ -83,6 +90,11 @@ sub init {
sessions => { ':sessionType' => 'delSession' },
['DELETE']
);
$self->addAuthRoute(
mysession => { ':sessionType' => 'getMyKey' },
[ 'GET', 'POST' ]
);
$self->addAuthRoute( mysession => 'delMySession', ['DELETE'] );
}
# Methods always available
......@@ -90,11 +102,7 @@ sub init {
mysession => { '*' => 'mysession' },
[ 'GET', 'POST' ]
);
$self->addAuthRoute(
mysession => { ':sessionType' => 'getMyKey' },
[ 'GET', 'POST' ]
);
extends @parents;
extends @parents if ($add);
return 1;
}
......@@ -157,40 +165,51 @@ sub delSession {
return $self->p->sendJSONresponse( $req, { result => $res } );
}
sub delMySession {
my ( $self, $req, $id ) = @_;
return $self->delSession( $req, $req->id );
}
sub mysession {
my ( $self, $req ) = @_;
# 1. whoami
if ( defined $req->param('whoami') ) {
return $self->p->sendJSONresponse( $res,
{ result => $req->sessionInfo->{ $self->conf->{whatToTrace} } } );
}
# Verify authorizationfor arg
my $url = $req->param('authorizationfor')
or
return $self->p->sendError( $req, 'authorizationfor is required', 400 );
elsif ( my $url = $req->param('authorizationfor') ) {
# Verify that value is base64 encoded
return $self->p->sendError( $req, "Value must be in BASE64", 400 )
if ( $url =~ m#[^A-Za-z0-9\+/=]# );
$req->urldc( decode_base64($url) );
# Verify that value is base64 encoded
return $self->p->sendError( $req, "Value must be in BASE64", 400 )
if ( $url =~ m#[^A-Za-z0-9\+/=]# );
$req->urldc( decode_base64($url) );
# Check for XSS problems
return $self->p->sendError( $req, 'XSS attack detected', 400 )
if ( $self->p->checkXSSAttack( 'authorizationfor', $req->urldc ) );
# Check for XSS problems
return $self->p->sendError( $req, 'XSS attack detected', 400 )
if ( $self->p->checkXSSAttack( 'authorizationfor', $req->urldc ) );
# Split URL
my ( $host, $uri ) = ( $url =~ m#^https?://([^/]+)(/.*)?$# );
return $self->p->sendError( $req, 'Bad URL', 400 ) unless ($host);
# Split URL
my ( $host, $uri ) = ( $url =~ m#^https?://([^/]+)(/.*)?$# );
return $self->p->sendError( $req, 'Bad URL', 400 ) unless ($host);
$self->lmLog( "Looking for authorization for $url", 'debug' );
$self->lmLog( "Looking for authorization for $url", 'debug' );
# Now check for authorization
my $res = $self->p->HANDLER->grant( $req->userDatas, $uri, undef, $host );
$self->lmLog( " Result is $res", 'debug' );
return $self->p->sendJSONresponse( $req, { result => $res } );
# Now check for authorization
my $res =
$self->p->HANDLER->grant( $req->userDatas, $uri, undef, $host );
$self->lmLog( " Result is $res", 'debug' );
return $self->p->sendJSONresponse( $req, { result => $res } );
}
return $self->p->sendError( $req,
'whoami or authorizationfor is required', 400 );
}
sub getMyKey {
my ( $self, $req, $key ) = @_;
return $self->p->sendError( $req, 'A key is required', 400 )
unless ($key);
return $self->session( $req, $req->id, $key );
}
1
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment