Commit 00214387 authored by Yadd's avatar Yadd

LDAP in progress (#595)

parent c8c1eb81
...@@ -128,6 +128,10 @@ has error => ( is => 'rw', isa => 'Str', default => '' ); ...@@ -128,6 +128,10 @@ has error => ( is => 'rw', isa => 'Str', default => '' );
has respHeaders => ( is => 'rw', isa => 'ArrayRef', default => sub { [] } ); has respHeaders => ( is => 'rw', isa => 'ArrayRef', default => sub { [] } );
sub wantJSON {
return $_[0]->accept =~ m#(?:application|text)/json# ? 1 : 0;
}
# JSON parser # JSON parser
sub jsonBodyToObj { sub jsonBodyToObj {
my $self = shift; my $self = shift;
......
...@@ -35,18 +35,11 @@ sub init { ...@@ -35,18 +35,11 @@ sub init {
sub authenticate { sub authenticate {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
return PE_BADCREDENTIALS unless ( $req->{user} eq $req->{password} ); return PE_BADCREDENTIALS unless ( $req->{user} eq $req->datas->{password} );
PE_OK; PE_OK;
} }
## @apmethod int authFinish()
# Does nothing.
# @return Lemonldap::NG::Portal constant
sub authFinish {
PE_OK;
}
## @apmethod int authLogout() ## @apmethod int authLogout()
# Does nothing # Does nothing
# @return Lemonldap::NG::Portal constant # @return Lemonldap::NG::Portal constant
...@@ -58,13 +51,7 @@ sub authLogout { ...@@ -58,13 +51,7 @@ sub authLogout {
# Does nothing # Does nothing
# @return result # @return result
sub authForce { sub authForce {
return 0; PE_OK;
}
## @method string getDisplayType
# @return display type
sub getDisplayType {
return "standardform";
} }
1; 1;
......
...@@ -5,7 +5,7 @@ use Mouse; ...@@ -5,7 +5,7 @@ use Mouse;
our $VERSION = '2.0.0'; our $VERSION = '2.0.0';
# Inheritance: UserDB::LDAP provides all needed ldap function # Inheritance: UserDB::LDAP provides all needed ldap functions
extends extends
qw(Lemonldap::NG::Portal::Auth::_WebForm Lemonldap::NG::Portal::UserDB::LDAP); qw(Lemonldap::NG::Portal::Auth::_WebForm Lemonldap::NG::Portal::UserDB::LDAP);
...@@ -22,7 +22,7 @@ sub authenticate { ...@@ -22,7 +22,7 @@ sub authenticate {
} }
my $res = my $res =
$self->ldap->userBind( $req->datas->{dn}, password => $req->{password} ); $self->ldap->userBind( $req->datas->{dn}, password => $req->datas->{password} );
# Remember password if password reset needed # Remember password if password reset needed
$req->datas->{oldpassword} = $self->{password} $req->datas->{oldpassword} = $self->{password}
...@@ -37,4 +37,8 @@ sub authLogout { ...@@ -37,4 +37,8 @@ sub authLogout {
PE_OK; PE_OK;
} }
sub authForce {
PE_OK;
}
1; 1;
...@@ -43,7 +43,7 @@ sub extractFormInfo { ...@@ -43,7 +43,7 @@ sub extractFormInfo {
if ( $defUser && $defPassword ) { if ( $defUser && $defPassword ) {
return PE_FORMEMPTY return PE_FORMEMPTY
unless ( ( $req->{user} = $req->param('user') ) unless ( ( $req->{user} = $req->param('user') )
&& ( $req->{password} = $req->param('password') ) ); && ( $req->datas->{password} = $req->param('password') ) );
} }
# 3. If user and oldpassword defined -> password form # 3. If user and oldpassword defined -> password form
...@@ -110,9 +110,10 @@ sub setAuthSessionInfo { ...@@ -110,9 +110,10 @@ sub setAuthSessionInfo {
# authenticationLevel # authenticationLevel
# +1 for user/password with HTTPS # +1 for user/password with HTTPS
$self->{_authnLevel} ||= 0; $self->{_authnLevel} //= 0;
$self->{_authnLevel} += 1 if $self->https(); $self->{_authnLevel} += 1 if $self->https();
#TODO: check where _authnLevel is defined
$self->{sessionInfo}->{authenticationLevel} = $self->{_authnLevel}; $self->{sessionInfo}->{authenticationLevel} = $self->{_authnLevel};
# Store user submitted login for basic rules # Store user submitted login for basic rules
...@@ -121,8 +122,8 @@ sub setAuthSessionInfo { ...@@ -121,8 +122,8 @@ sub setAuthSessionInfo {
# Store submitted password if set in configuration # Store submitted password if set in configuration
# WARNING: it can be a security hole # WARNING: it can be a security hole
if ( $self->conf->{storePassword} ) { if ( $self->conf->{storePassword} ) {
$self->{sessionInfo}->{'_password'} = $self->{'newpassword'} $self->{sessionInfo}->{'_password'} = $req->datas->{'newpassword'}
|| $self->{'password'}; || $req->datas->{'password'};
} }
# Store user timezone # Store user timezone
...@@ -131,4 +132,9 @@ sub setAuthSessionInfo { ...@@ -131,4 +132,9 @@ sub setAuthSessionInfo {
PE_OK; PE_OK;
} }
# @return display type
sub getDisplayType {
return "standardform";
}
1; 1;
...@@ -222,9 +222,9 @@ sub display { ...@@ -222,9 +222,9 @@ sub display {
CHOICE_PARAM => $self->conf->{authChoiceParam}, CHOICE_PARAM => $self->conf->{authChoiceParam},
CHOICE_VALUE => $req->{_authChoice}, CHOICE_VALUE => $req->{_authChoice},
OLDPASSWORD => OLDPASSWORD =>
$self->checkXSSAttack( 'oldpassword', $req->{oldpassword} ) $self->checkXSSAttack( 'oldpassword', $req->datas->{oldpassword} )
? "" ? ""
: $self->{oldpassword}, : $req->datas->{oldpassword},
HIDE_OLDPASSWORD => $self->conf->{hideOldPassword}, HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
); );
} }
......
# Lemonldap::NG::Portal::Main::Request extends Lemonldap::NG::Common::PSGI::Request
# to add all parameters needed to manage authentication:
#
# - steps: list of methods to call
# - datas: free hash ref where plugins can store their datas
# - user infos:
# * id: Apache::Session id
# * sessionInfo: hash ref that will be stored in session DB
# * user: username given by authentication module, used by userDB module
# - query elements:
# * mustRedirect: boolean to indicate that response must be a redirection
# * urlNotBase64: boolean to indicate that url isn't Base64 encoded
# - menu elements:
# * info: info to display at login
# * menuError
# * notification: see notification plugin
# * errorType: returns positive/warning/negative depending on error (stored
# in error property)
package Lemonldap::NG::Portal::Main::Request; package Lemonldap::NG::Portal::Main::Request;
# Developpers, be careful: new() is never called so default values will not be # Developpers, be careful: new() is never called so default values will not be
...@@ -44,10 +62,6 @@ has notification => ( is => 'rw' ); ...@@ -44,10 +62,6 @@ has notification => ( is => 'rw' );
has _authChoice => ( is => 'rw' ); has _authChoice => ( is => 'rw' );
has _openidPortal => ( is => 'rw' ); has _openidPortal => ( is => 'rw' );
sub wantJSON {
return $_[0]->accept =~ m#(?:application|text)/json# ? 1 : 0;
}
# Error type # Error type
sub error_type { sub error_type {
my $req = shift; my $req = shift;
......
...@@ -82,7 +82,8 @@ has filter => ( ...@@ -82,7 +82,8 @@ has filter => (
|| $conf->{LDAPFilter} || $conf->{LDAPFilter}
|| '(&(uid=$user)(objectClass=inetOrgPerson))'; || '(&(uid=$user)(objectClass=inetOrgPerson))';
$filter =~ s/"/\\"/g; $filter =~ s/"/\\"/g;
$filter =~ s/\$(user|_?password|mail)/".\$req->{$1}."/g; $filter =~ s/\$(user)/".\$req->{$1}."/g;
$filter =~ s/\$(user|_?password|mail)/".\$req->{datas}->{$1}."/g;
$filter =~ s/\$(\w+)/".\$req->{sessionInfo}->{$1}."/g; $filter =~ s/\$(\w+)/".\$req->{sessionInfo}->{$1}."/g;
$_[0]->{p}->lmLog( "LDAP transformed filter: $filter", 'debug' ); $_[0]->{p}->lmLog( "LDAP transformed filter: $filter", 'debug' );
$filter = $filter =
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment