Commit 13051ce0 authored by Yadd's avatar Yadd
Browse files

#595 in progress

parent d3d64106
##@class Lemonldap::NG::Portal::Main::Init
# Initialization part of Lemonldap::NG portal
#
# 2 methods:
# 2 public methods:
# - init(): launch at startup. Load 'portal' section of lemonldap-ng.ini,
# initialize default route and launch reloadConf()
# - reloadConf(): (re)load configuration using localConf (ie 'portal' section
......@@ -137,17 +137,48 @@ sub reloadConf {
$self->_authentication->authnLevel(
$self->conf->{ $self->conf->authentication . "AuthnLevel" } );
# Initialize trusted domain list
$self->conf->{trustedDomains} ||= "";
$self->conf->{trustedDomains} = "*"
if ( $self->conf->{trustedDomains} =~ /(^|\s)\*(\s|$)/ );
if ( $self->conf->{trustedDomains}
and $self->conf->{trustedDomains} ne "*" )
{
$self->conf->{trustedDomains} =~ s#(^|\s+)\.#${1}[^/]+.#g;
$self->conf->{trustedDomains} = '('
. join( '|', split( /\s+/, $self->conf->{trustedDomains} ) ) . ')';
$self->conf->{trustedDomains} =~ s/\./\\./g;
# Initialize trusted domain regexp
if ( $self->conf->{trustedDomains} =~ /^\s*\*\s*$/ ) {
$self->trustedDomains(qr#^https?://#);
}
else {
my $re = Regexp::Assemble->new();
if ( my $td = $self->conf->{trustedDomains} ) {
$td =~ s/^\s*(.*?)\s*/$1/;
$self->lmLog( "Domain $_ added in trusted domains", 'debug' );
foreach ( split( /\s+/, $td ) ) {
s#^\.#([^/]+\.)?#;
s/\./\\./;
$re->add($_);
}
}
foreach my $vhost ( keys %{ $self->conf->{locationRules} } ) {
$self->lmLog( "Vhost $vhost added in trusted domains", 'debug' );
$re->add( quotemeta($vhost) );
if ( my $tmp =
$self->conf->{vhostOptions}->{$vhost}->{vhostAliases} )
{
foreach my $alias ( split /\s+/, $tmp ) {
$self->lmLog( "Alias $alias added in trusted domains",
'debug' );
$re->add( quotemeta($alias) );
}
}
}
my $tmp = 'https?://' . $re->as_string . '(?:/|$)';
$self->trustedDomains(qr/$tmp/);
}
if ( my $td = $self->conf->{trustedDomains} ) {
$td =~ s/^\s*(.*?)\s*/$1/;
if ( $td eq '*' ) {
$self->trustedDomains(qr#^https?://#);
}
else {
my $tmp =
join( '|', map { s#^\.#([^/]+\.)?# } split( /\s+/, $td ) );
$tmp =~ s/\./\\./g;
$self->trustedDomains(qr#^https?://$tmp(?:\d+)?(?:/|$)#);
}
}
# TODO: compile macros in _macros, groups in _groups
......
......@@ -49,7 +49,9 @@ sub enabledPlugins {
}
}
# Simple plugins
push @res, '::Plugins::GrantSession' if ( $self->conf->{grantSessionRule} );
push @res, '::Plugins::CDA' if ( $self->conf->{cda} );
# TODO: Password
......
......@@ -62,7 +62,6 @@ sub pleaseAuth {
return $self->sendJSONresponse( $req, { status => 0 } );
}
sub login {
my ( $self, $req ) = @_;
return $req->do(
......@@ -156,4 +155,26 @@ sub getModule {
}
}
sub autoRedirect {
my ( $self, $req ) = @_;
# Set redirection URL if needed
$req->datas->{urldc} ||= $self->conf->{portal} if ( $req->mustRedirect );
# Redirection should be made if urldc defined
if ( $req->datas->{urldc} ) {
return [ 302, [ Location => $req->datas->{urldc} ], [] ];
}
else {
return $self->sendHtml( $req->template || 'menu' );
}
}
# Check if an URL's domain name is declared in LL::NG config or is declared as
# trusted domain
sub isTrustedUrl {
my ( $self, $url ) = @_;
return $url =~ $self->trustedDomains ? 1 : 0;
}
1;
package Lemonldap::NG::Portal::Plugins::CDA;
use strict;
use Mouse;
extends 'Lemonldap::NG::Portal::Main::Module';
sub afterDatas {
return 'changeUrldc';
}
sub changeUrldc {
my ( $self, $req ) = @_;
my $urldc = $req->datas->{urldc};
if ( $req->id
and $urldc !~ m#^https?://[^/]*$self->{conf}->{domain}(:\d+)?/#oi
and $self->isTrustedUrl($urldc) )
{
my $ssl = $urldc =~ /^https/;
$self->lmLog( 'CDA request', 'debug' );
$req->datas->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
. (
( $self->conf->{securedCookie} < 2 or $ssl )
? $self->conf->{cookieName} . "=" . $req->id
: $self->conf->{cookieName} . "http="
. $req->{sessionInfo}->{_httpSession}
);
}
PE_OK;
}
1;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment