#595 in progress

13051ce0 · Yadd · d3d64106 · 13051ce0 · 13051ce0 · 13051ce0
Commit 13051ce0 authored Apr 03, 2016 by Yadd
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm
 ##@class Lemonldap::NG::Portal::Main::Init
 # Initialization part of Lemonldap::NG portal
 #
-# 2 methods:
+# 2 public methods:
 #  - init():       launch at startup. Load 'portal' section of lemonldap-ng.ini,
 #                  initialize default route and launch reloadConf()
 #  - reloadConf(): (re)load configuration using localConf (ie 'portal' section
@@ -137,17 +137,48 @@ sub reloadConf {
    $self->_authentication->authnLevel(
        $self->conf->{ $self->conf->authentication . "AuthnLevel" } );

-    # Initialize trusted domain list
-    $self->conf->{trustedDomains} ||= "";
-    $self->conf->{trustedDomains} = "*"
-      if ( $self->conf->{trustedDomains} =~ /(^|\s)\*(\s|$)/ );
-    if (    $self->conf->{trustedDomains}
-        and $self->conf->{trustedDomains} ne "*" )
-    {
-        $self->conf->{trustedDomains} =~ s#(^|\s+)\.#${1}[^/]+.#g;
-        $self->conf->{trustedDomains} = '('
-          . join( '|', split( /\s+/, $self->conf->{trustedDomains} ) ) . ')';
-        $self->conf->{trustedDomains} =~ s/\./\\./g;
+    # Initialize trusted domain regexp
+    if ( $self->conf->{trustedDomains} =~ /^\s*\*\s*$/ ) {
+        $self->trustedDomains(qr#^https?://#);
+    }
+    else {
+        my $re = Regexp::Assemble->new();
+        if ( my $td = $self->conf->{trustedDomains} ) {
+            $td =~ s/^\s*(.*?)\s*/$1/;
+            $self->lmLog( "Domain $_ added in trusted domains", 'debug' );
+            foreach ( split( /\s+/, $td ) ) {
+                s#^\.#([^/]+\.)?#;
+                s/\./\\./;
+                $re->add($_);
+            }
+        }
+        foreach my $vhost ( keys %{ $self->conf->{locationRules} } ) {
+            $self->lmLog( "Vhost $vhost added in trusted domains", 'debug' );
+            $re->add( quotemeta($vhost) );
+            if ( my $tmp =
+                $self->conf->{vhostOptions}->{$vhost}->{vhostAliases} )
+            {
+                foreach my $alias ( split /\s+/, $tmp ) {
+                    $self->lmLog( "Alias $alias added in trusted domains",
+                        'debug' );
+                    $re->add( quotemeta($alias) );
+                }
+            }
+        }
+        my $tmp = 'https?://' . $re->as_string . '(?:/|$)';
+        $self->trustedDomains(qr/$tmp/);
+    }
+    if ( my $td = $self->conf->{trustedDomains} ) {
+        $td =~ s/^\s*(.*?)\s*/$1/;
+        if ( $td eq '*' ) {
+            $self->trustedDomains(qr#^https?://#);
+        }
+        else {
+            my $tmp =
+              join( '|', map { s#^\.#([^/]+\.)?# } split( /\s+/, $td ) );
+            $tmp =~ s/\./\\./g;
+            $self->trustedDomains(qr#^https?://$tmp(?:\d+)?(?:/|$)#);
+        }
    }

    # TODO: compile macros in _macros, groups in _groups

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
@@ -49,7 +49,9 @@ sub enabledPlugins {
        }
    }

+    # Simple plugins
    push @res, '::Plugins::GrantSession' if ( $self->conf->{grantSessionRule} );
+    push @res, '::Plugins::CDA'          if ( $self->conf->{cda} );

    # TODO: Password


--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -62,7 +62,6 @@ sub pleaseAuth {
    return $self->sendJSONresponse( $req, { status => 0 } );
 }

-
 sub login {
    my ( $self, $req ) = @_;
    return $req->do(
@@ -156,4 +155,26 @@ sub getModule {
    }
 }

+sub autoRedirect {
+    my ( $self, $req ) = @_;
+
+    # Set redirection URL if needed
+    $req->datas->{urldc} ||= $self->conf->{portal} if ( $req->mustRedirect );
+
+    # Redirection should be made if urldc defined
+    if ( $req->datas->{urldc} ) {
+        return [ 302, [ Location => $req->datas->{urldc} ], [] ];
+    }
+    else {
+        return $self->sendHtml( $req->template || 'menu' );
+    }
+}
+
+# Check if an URL's domain name is declared in LL::NG config or is declared as
+# trusted domain
+sub isTrustedUrl {
+    my ( $self, $url ) = @_;
+    return $url =~ $self->trustedDomains ? 1 : 0;
+}
+
 1;
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CDA.pm
+package Lemonldap::NG::Portal::Plugins::CDA;
+
+use strict;
+use Mouse;
+
+extends 'Lemonldap::NG::Portal::Main::Module';
+
+sub afterDatas {
+    return 'changeUrldc';
+}
+
+sub changeUrldc {
+    my ( $self, $req ) = @_;
+    my $urldc = $req->datas->{urldc};
+    if (    $req->id
+        and $urldc !~ m#^https?://[^/]*$self->{conf}->{domain}(:\d+)?/#oi
+        and $self->isTrustedUrl($urldc) )
+    {
+        my $ssl = $urldc =~ /^https/;
+        $self->lmLog( 'CDA request', 'debug' );
+        $req->datas->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
+          . (
+            ( $self->conf->{securedCookie} < 2 or $ssl )
+            ? $self->conf->{cookieName} . "=" . $req->id
+            : $self->conf->{cookieName} . "http="
+              . $req->{sessionInfo}->{_httpSession}
+          );
+    }
+    PE_OK;
+}
+
+1;