From 00214387c945852ac49c950068bb329ea9fa80e0 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Mon, 2 May 2016 10:30:23 +0000 Subject: [PATCH] LDAP in progress (#595) --- .../lib/Lemonldap/NG/Common/PSGI/Request.pm | 4 ++++ .../lib/Lemonldap/NG/Portal/Auth/Demo.pm | 17 ++------------ .../lib/Lemonldap/NG/Portal/Auth/LDAP.pm | 8 +++++-- .../lib/Lemonldap/NG/Portal/Auth/_WebForm.pm | 14 ++++++++---- .../lib/Lemonldap/NG/Portal/Main/Display.pm | 4 ++-- .../lib/Lemonldap/NG/Portal/Main/Request.pm | 22 +++++++++++++++---- .../lib/Lemonldap/NG/Portal/UserDB/LDAP.pm | 3 ++- 7 files changed, 44 insertions(+), 28 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm index 67b27d7a9..aa9b107f6 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm @@ -128,6 +128,10 @@ has error => ( is => 'rw', isa => 'Str', default => '' ); has respHeaders => ( is => 'rw', isa => 'ArrayRef', default => sub { [] } ); +sub wantJSON { + return $_[0]->accept =~ m#(?:application|text)/json# ? 1 : 0; +} + # JSON parser sub jsonBodyToObj { my $self = shift; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Demo.pm index fcc2560f8..df3156ff2 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Demo.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Demo.pm @@ -35,18 +35,11 @@ sub init { sub authenticate { my ( $self, $req ) = @_; - return PE_BADCREDENTIALS unless ( $req->{user} eq $req->{password} ); + return PE_BADCREDENTIALS unless ( $req->{user} eq $req->datas->{password} ); PE_OK; } -## @apmethod int authFinish() -# Does nothing. -# @return Lemonldap::NG::Portal constant -sub authFinish { - PE_OK; -} - ## @apmethod int authLogout() # Does nothing # @return Lemonldap::NG::Portal constant @@ -58,13 +51,7 @@ sub authLogout { # Does nothing # @return result sub authForce { - return 0; -} - -## @method string getDisplayType -# @return display type -sub getDisplayType { - return "standardform"; + PE_OK; } 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm index 0f63ff6a2..4d9361e13 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm @@ -5,7 +5,7 @@ use Mouse; our $VERSION = '2.0.0'; -# Inheritance: UserDB::LDAP provides all needed ldap function +# Inheritance: UserDB::LDAP provides all needed ldap functions extends qw(Lemonldap::NG::Portal::Auth::_WebForm Lemonldap::NG::Portal::UserDB::LDAP); @@ -22,7 +22,7 @@ sub authenticate { } my $res = - $self->ldap->userBind( $req->datas->{dn}, password => $req->{password} ); + $self->ldap->userBind( $req->datas->{dn}, password => $req->datas->{password} ); # Remember password if password reset needed $req->datas->{oldpassword} = $self->{password} @@ -37,4 +37,8 @@ sub authLogout { PE_OK; } +sub authForce { + PE_OK; +} + 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm index 2cd58481b..ba9de15c2 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm @@ -43,7 +43,7 @@ sub extractFormInfo { if ( $defUser && $defPassword ) { return PE_FORMEMPTY unless ( ( $req->{user} = $req->param('user') ) - && ( $req->{password} = $req->param('password') ) ); + && ( $req->datas->{password} = $req->param('password') ) ); } # 3. If user and oldpassword defined -> password form @@ -110,9 +110,10 @@ sub setAuthSessionInfo { # authenticationLevel # +1 for user/password with HTTPS - $self->{_authnLevel} ||= 0; + $self->{_authnLevel} //= 0; $self->{_authnLevel} += 1 if $self->https(); + #TODO: check where _authnLevel is defined $self->{sessionInfo}->{authenticationLevel} = $self->{_authnLevel}; # Store user submitted login for basic rules @@ -121,8 +122,8 @@ sub setAuthSessionInfo { # Store submitted password if set in configuration # WARNING: it can be a security hole if ( $self->conf->{storePassword} ) { - $self->{sessionInfo}->{'_password'} = $self->{'newpassword'} - || $self->{'password'}; + $self->{sessionInfo}->{'_password'} = $req->datas->{'newpassword'} + || $req->datas->{'password'}; } # Store user timezone @@ -131,4 +132,9 @@ sub setAuthSessionInfo { PE_OK; } +# @return display type +sub getDisplayType { + return "standardform"; +} + 1; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm index a2c354896..c3f492406 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm @@ -222,9 +222,9 @@ sub display { CHOICE_PARAM => $self->conf->{authChoiceParam}, CHOICE_VALUE => $req->{_authChoice}, OLDPASSWORD => - $self->checkXSSAttack( 'oldpassword', $req->{oldpassword} ) + $self->checkXSSAttack( 'oldpassword', $req->datas->{oldpassword} ) ? "" - : $self->{oldpassword}, + : $req->datas->{oldpassword}, HIDE_OLDPASSWORD => $self->conf->{hideOldPassword}, ); } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm index 14b7de859..184495aa6 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm @@ -1,3 +1,21 @@ +# Lemonldap::NG::Portal::Main::Request extends Lemonldap::NG::Common::PSGI::Request +# to add all parameters needed to manage authentication: +# +# - steps: list of methods to call +# - datas: free hash ref where plugins can store their datas +# - user infos: +# * id: Apache::Session id +# * sessionInfo: hash ref that will be stored in session DB +# * user: username given by authentication module, used by userDB module +# - query elements: +# * mustRedirect: boolean to indicate that response must be a redirection +# * urlNotBase64: boolean to indicate that url isn't Base64 encoded +# - menu elements: +# * info: info to display at login +# * menuError +# * notification: see notification plugin +# * errorType: returns positive/warning/negative depending on error (stored +# in error property) package Lemonldap::NG::Portal::Main::Request; # Developpers, be careful: new() is never called so default values will not be @@ -44,10 +62,6 @@ has notification => ( is => 'rw' ); has _authChoice => ( is => 'rw' ); has _openidPortal => ( is => 'rw' ); -sub wantJSON { - return $_[0]->accept =~ m#(?:application|text)/json# ? 1 : 0; -} - # Error type sub error_type { my $req = shift; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm index 609a2f2c4..61b64d9e1 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm @@ -82,7 +82,8 @@ has filter => ( || $conf->{LDAPFilter} || '(&(uid=$user)(objectClass=inetOrgPerson))'; $filter =~ s/"/\\"/g; - $filter =~ s/\$(user|_?password|mail)/".\$req->{$1}."/g; + $filter =~ s/\$(user)/".\$req->{$1}."/g; + $filter =~ s/\$(user|_?password|mail)/".\$req->{datas}->{$1}."/g; $filter =~ s/\$(\w+)/".\$req->{sessionInfo}->{$1}."/g; $_[0]->{p}->lmLog( "LDAP transformed filter: $filter", 'debug' ); $filter = -- GitLab