Commit 00214387 authored by Yadd's avatar Yadd

LDAP in progress (#595)

parent c8c1eb81
......@@ -128,6 +128,10 @@ has error => ( is => 'rw', isa => 'Str', default => '' );
has respHeaders => ( is => 'rw', isa => 'ArrayRef', default => sub { [] } );
sub wantJSON {
return $_[0]->accept =~ m#(?:application|text)/json# ? 1 : 0;
}
# JSON parser
sub jsonBodyToObj {
my $self = shift;
......
......@@ -35,18 +35,11 @@ sub init {
sub authenticate {
my ( $self, $req ) = @_;
return PE_BADCREDENTIALS unless ( $req->{user} eq $req->{password} );
return PE_BADCREDENTIALS unless ( $req->{user} eq $req->datas->{password} );
PE_OK;
}
## @apmethod int authFinish()
# Does nothing.
# @return Lemonldap::NG::Portal constant
sub authFinish {
PE_OK;
}
## @apmethod int authLogout()
# Does nothing
# @return Lemonldap::NG::Portal constant
......@@ -58,13 +51,7 @@ sub authLogout {
# Does nothing
# @return result
sub authForce {
return 0;
}
## @method string getDisplayType
# @return display type
sub getDisplayType {
return "standardform";
PE_OK;
}
1;
......
......@@ -5,7 +5,7 @@ use Mouse;
our $VERSION = '2.0.0';
# Inheritance: UserDB::LDAP provides all needed ldap function
# Inheritance: UserDB::LDAP provides all needed ldap functions
extends
qw(Lemonldap::NG::Portal::Auth::_WebForm Lemonldap::NG::Portal::UserDB::LDAP);
......@@ -22,7 +22,7 @@ sub authenticate {
}
my $res =
$self->ldap->userBind( $req->datas->{dn}, password => $req->{password} );
$self->ldap->userBind( $req->datas->{dn}, password => $req->datas->{password} );
# Remember password if password reset needed
$req->datas->{oldpassword} = $self->{password}
......@@ -37,4 +37,8 @@ sub authLogout {
PE_OK;
}
sub authForce {
PE_OK;
}
1;
......@@ -43,7 +43,7 @@ sub extractFormInfo {
if ( $defUser && $defPassword ) {
return PE_FORMEMPTY
unless ( ( $req->{user} = $req->param('user') )
&& ( $req->{password} = $req->param('password') ) );
&& ( $req->datas->{password} = $req->param('password') ) );
}
# 3. If user and oldpassword defined -> password form
......@@ -110,9 +110,10 @@ sub setAuthSessionInfo {
# authenticationLevel
# +1 for user/password with HTTPS
$self->{_authnLevel} ||= 0;
$self->{_authnLevel} //= 0;
$self->{_authnLevel} += 1 if $self->https();
#TODO: check where _authnLevel is defined
$self->{sessionInfo}->{authenticationLevel} = $self->{_authnLevel};
# Store user submitted login for basic rules
......@@ -121,8 +122,8 @@ sub setAuthSessionInfo {
# Store submitted password if set in configuration
# WARNING: it can be a security hole
if ( $self->conf->{storePassword} ) {
$self->{sessionInfo}->{'_password'} = $self->{'newpassword'}
|| $self->{'password'};
$self->{sessionInfo}->{'_password'} = $req->datas->{'newpassword'}
|| $req->datas->{'password'};
}
# Store user timezone
......@@ -131,4 +132,9 @@ sub setAuthSessionInfo {
PE_OK;
}
# @return display type
sub getDisplayType {
return "standardform";
}
1;
......@@ -222,9 +222,9 @@ sub display {
CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->{_authChoice},
OLDPASSWORD =>
$self->checkXSSAttack( 'oldpassword', $req->{oldpassword} )
$self->checkXSSAttack( 'oldpassword', $req->datas->{oldpassword} )
? ""
: $self->{oldpassword},
: $req->datas->{oldpassword},
HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
);
}
......
# Lemonldap::NG::Portal::Main::Request extends Lemonldap::NG::Common::PSGI::Request
# to add all parameters needed to manage authentication:
#
# - steps: list of methods to call
# - datas: free hash ref where plugins can store their datas
# - user infos:
# * id: Apache::Session id
# * sessionInfo: hash ref that will be stored in session DB
# * user: username given by authentication module, used by userDB module
# - query elements:
# * mustRedirect: boolean to indicate that response must be a redirection
# * urlNotBase64: boolean to indicate that url isn't Base64 encoded
# - menu elements:
# * info: info to display at login
# * menuError
# * notification: see notification plugin
# * errorType: returns positive/warning/negative depending on error (stored
# in error property)
package Lemonldap::NG::Portal::Main::Request;
# Developpers, be careful: new() is never called so default values will not be
......@@ -44,10 +62,6 @@ has notification => ( is => 'rw' );
has _authChoice => ( is => 'rw' );
has _openidPortal => ( is => 'rw' );
sub wantJSON {
return $_[0]->accept =~ m#(?:application|text)/json# ? 1 : 0;
}
# Error type
sub error_type {
my $req = shift;
......
......@@ -82,7 +82,8 @@ has filter => (
|| $conf->{LDAPFilter}
|| '(&(uid=$user)(objectClass=inetOrgPerson))';
$filter =~ s/"/\\"/g;
$filter =~ s/\$(user|_?password|mail)/".\$req->{$1}."/g;
$filter =~ s/\$(user)/".\$req->{$1}."/g;
$filter =~ s/\$(user|_?password|mail)/".\$req->{datas}->{$1}."/g;
$filter =~ s/\$(\w+)/".\$req->{sessionInfo}->{$1}."/g;
$_[0]->{p}->lmLog( "LDAP transformed filter: $filter", 'debug' );
$filter =
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment