LDAP in progress (#595)

lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm

@@ -128,6 +128,10 @@ has error => ( is => 'rw', isa => 'Str', default => '' );
 
 has respHeaders => ( is => 'rw', isa => 'ArrayRef', default => sub { [] } );
 
+sub wantJSON {
+    return $_[0]->accept =~ m#(?:application|text)/json# ? 1 : 0;
+}
+
 # JSON parser
 sub jsonBodyToObj {
     my $self = shift;

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Demo.pm

@@ -35,18 +35,11 @@ sub init {
 sub authenticate {
     my ( $self, $req ) = @_;
 
-    return PE_BADCREDENTIALS unless ( $req->{user} eq $req->{password} );
+    return PE_BADCREDENTIALS unless ( $req->{user} eq $req->datas->{password} );
 
     PE_OK;
 }
 
-## @apmethod int authFinish()
-# Does nothing.
-# @return Lemonldap::NG::Portal constant
-sub authFinish {
-    PE_OK;
-}
-
 ## @apmethod int authLogout()
 # Does nothing
 # @return Lemonldap::NG::Portal constant
@@ -58,13 +51,7 @@ sub authLogout {
 # Does nothing
 # @return result
 sub authForce {
-    return 0;
-}
-
-## @method string getDisplayType
-# @return display type
-sub getDisplayType {
-    return "standardform";
+    PE_OK;
 }
 
 1;

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm

@@ -5,7 +5,7 @@ use Mouse;
 
 our $VERSION = '2.0.0';
 
-# Inheritance: UserDB::LDAP provides all needed ldap function
+# Inheritance: UserDB::LDAP provides all needed ldap functions
 extends
   qw(Lemonldap::NG::Portal::Auth::_WebForm Lemonldap::NG::Portal::UserDB::LDAP);
 
@@ -22,7 +22,7 @@ sub authenticate {
     }
 
     my $res =
-      $self->ldap->userBind( $req->datas->{dn}, password => $req->{password} );
+      $self->ldap->userBind( $req->datas->{dn}, password => $req->datas->{password} );
 
     # Remember password if password reset needed
     $req->datas->{oldpassword} = $self->{password}
@@ -37,4 +37,8 @@ sub authLogout {
     PE_OK;
 }
 
+sub authForce {
+    PE_OK;
+}
+
 1;

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm

@@ -43,7 +43,7 @@ sub extractFormInfo {
     if ( $defUser && $defPassword ) {
         return PE_FORMEMPTY
           unless ( ( $req->{user} = $req->param('user') )
-            && ( $req->{password} = $req->param('password') ) );
+            && ( $req->datas->{password} = $req->param('password') ) );
     }
 
     # 3. If user and oldpassword defined -> password form
@@ -110,9 +110,10 @@ sub setAuthSessionInfo {
 
     # authenticationLevel
     # +1 for user/password with HTTPS
-    $self->{_authnLevel} ||= 0;
+    $self->{_authnLevel} //= 0;
     $self->{_authnLevel} += 1 if $self->https();
 
+    #TODO: check where _authnLevel is defined
     $self->{sessionInfo}->{authenticationLevel} = $self->{_authnLevel};
 
     # Store user submitted login for basic rules
@@ -121,8 +122,8 @@ sub setAuthSessionInfo {
     # Store submitted password if set in configuration
     # WARNING: it can be a security hole
     if ( $self->conf->{storePassword} ) {
-        $self->{sessionInfo}->{'_password'} = $self->{'newpassword'}
-          || $self->{'password'};
+        $self->{sessionInfo}->{'_password'} = $req->datas->{'newpassword'}
+          || $req->datas->{'password'};
     }
 
     # Store user timezone
@@ -131,4 +132,9 @@ sub setAuthSessionInfo {
     PE_OK;
 }
 
+# @return display type
+sub getDisplayType {
+    return "standardform";
+}
+
 1;

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm

@@ -222,9 +222,9 @@ sub display {
                 CHOICE_PARAM          => $self->conf->{authChoiceParam},
                 CHOICE_VALUE          => $req->{_authChoice},
                 OLDPASSWORD =>
-                  $self->checkXSSAttack( 'oldpassword', $req->{oldpassword} )
+                  $self->checkXSSAttack( 'oldpassword', $req->datas->{oldpassword} )
                 ? ""
-                : $self->{oldpassword},
+                : $req->datas->{oldpassword},
                 HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
             );
         }

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm

+# Lemonldap::NG::Portal::Main::Request extends Lemonldap::NG::Common::PSGI::Request
+# to add all parameters needed to manage authentication:
+#
+#  - steps: list of methods to call
+#  - datas: free hash ref where plugins can store their datas
+#  - user infos:
+#    * id: Apache::Session id
+#    * sessionInfo: hash ref that will be stored in session DB
+#    * user: username given by authentication module, used by userDB module
+#  - query elements:
+#    * mustRedirect: boolean to indicate that response must be a redirection
+#    * urlNotBase64: boolean to indicate that url isn't Base64 encoded
+#  - menu elements:
+#    * info: info to display at login
+#    * menuError
+#    * notification: see notification plugin
+#    * errorType: returns positive/warning/negative depending on error (stored
+#                 in error property)
 package Lemonldap::NG::Portal::Main::Request;
 
 # Developpers, be careful: new() is never called so default values will not be
@@ -44,10 +62,6 @@ has notification => ( is => 'rw' );
 has _authChoice   => ( is => 'rw' );
 has _openidPortal => ( is => 'rw' );
 
-sub wantJSON {
-    return $_[0]->accept =~ m#(?:application|text)/json# ? 1 : 0;
-}
-
 # Error type
 sub error_type {
     my $req = shift;

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm

@@ -82,7 +82,8 @@ has filter => (
           || $conf->{LDAPFilter}
           || '(&(uid=$user)(objectClass=inetOrgPerson))';
         $filter =~ s/"/\\"/g;
-        $filter =~ s/\$(user|_?password|mail)/".\$req->{$1}."/g;
+        $filter =~ s/\$(user)/".\$req->{$1}."/g;
+        $filter =~ s/\$(user|_?password|mail)/".\$req->{datas}->{$1}."/g;
         $filter =~ s/\$(\w+)/".\$req->{sessionInfo}->{$1}."/g;
         $_[0]->{p}->lmLog( "LDAP transformed filter: $filter", 'debug' );
         $filter =