Commit 31cfbf81 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

Apply CDA change to trunk (#173)

parent 46e7e360
......@@ -79,15 +79,24 @@ sub run {
my $uri = $class->unparsed_uri;
my $cn = $class->tsv->{cookieName};
if ( $class->tsv->{cda}
and $uri =~ s/[\?&;]($cn(http)?=\w+)$//oi )
and $uri =~ s/[\?&;]${cn}cda=(\w+)$//oi )
{
my $str = $1;
$class->lmLog( 'CDA request', 'debug' );
my $cdaid = $1;
$class->lmLog( "CDA request with id $cdaid", 'debug' );
my $cdaInfos = $class->getCDAInfos($cdaid);
unless ( $cdaInfos->{cookie_value} and $cdaInfos->{cookie_name} ) {
$class->lmLog( "CDA request for id $cdaid is not valid", 'error' );
return $class->FORBIDDEN;
}
my $redirectUrl = $class->_buildUrl($uri);
my $redirectHttps = ( $redirectUrl =~ m/^https/ );
$class->set_header_out(
'Location' => $redirectUrl,
'Set-Cookie' => "$str; path=/"
'Set-Cookie' => $cdaInfos->{cookie_name} . "="
. $cdaInfos->{cookie_value}
. "; path=/"
. ( $redirectHttps ? "; secure" : "" )
. ( $class->tsv->{httpOnly} ? "; HttpOnly" : "" )
. (
......@@ -452,6 +461,41 @@ sub retrieveSession {
}
}
## @rmethod protected hash getCDAInfos(id)
# Tries to retrieve the CDA session, get infos and delete session
# @return CDA session infos
sub getCDAInfos {
my ( $class, $id ) = @_;
my $infos = {};
# Get the session
my $cdaSession = Lemonldap::NG::Common::Session->new(
{
storageModule => $class->tsv->{sessionStorageModule},
storageModuleOptions => $class->tsv->{sessionStorageOptions},
cacheModule => $class->tsv->{sessionCacheModule},
cacheModuleOptions => $class->tsv->{sessionCacheOptions},
id => $id,
kind => "CDA",
}
);
unless ( $cdaSession->error ) {
$class->lmLog( "Get CDA session $id", 'debug' );
$infos->{cookie_value} = $cdaSession->data->{cookie_value};
$infos->{cookie_name} = $cdaSession->data->{cookie_name};
$cdaSession->remove;
}
else {
$class->lmLog( "CDA Session $id can't be retrieved", 'info' );
$class->lmLog( $cdaSession->error, 'info' );
}
return $infos;
}
## @cmethod private string _buildUrl(string s)
# Transform /<s> into http(s?)://<host>:<port>/s
# @param $s path
......
......@@ -220,15 +220,17 @@ sub autoRedirect {
# @param id session reference
# @param noInfo do not set Apache REMOTE_USER
# @param force Force session creation if it does not exist
# @param kind Session kind
# return Lemonldap::NG::Common::Session object
sub getApacheSession {
my ( $self, $id, $noInfo, $force ) = @_;
my ( $self, $id, $noInfo, $force, $kind ) = @_;
$kind ||= "SSO";
if ($id) {
$self->lmLog( "Try to get session $id", 'debug' );
$self->lmLog( "Try to get $kind session $id", 'debug' );
}
else {
$self->lmLog( "Try to get a new session", 'debug' );
$self->lmLog( "Try to get a new $kind session", 'debug' );
}
my $as = Lemonldap::NG::Common::Session->new(
......@@ -239,7 +241,7 @@ sub getApacheSession {
cacheModuleOptions => $self->conf->{localSessionStorageOptions},
id => $id,
force => $force,
kind => "SSO",
kind => $kind,
}
);
......@@ -249,7 +251,7 @@ sub getApacheSession {
}
if ( $id and !$force and !$as->data ) {
$self->lmLog( "Session $id not found", 'debug' );
$self->lmLog( "Session $kind $id not found", 'debug' );
return;
}
......@@ -266,7 +268,7 @@ sub getApacheSession {
)
)
{
$self->lmLog( "Session $id expired", 'debug' );
$self->lmLog( "Session $kind $id expired", 'debug' );
return;
}
......@@ -274,7 +276,7 @@ sub getApacheSession {
$self->{id} = $as->id;
}
$self->lmLog( "Return session " . $as->id, 'debug' );
$self->lmLog( "Return $kind session " . $as->id, 'debug' );
return $as;
}
......
......@@ -24,13 +24,35 @@ sub changeUrldc {
{
my $ssl = $urldc =~ /^https/;
$self->lmLog( 'CDA request', 'debug' );
$req->{urldc} .= ( $urldc =~ /\?/ ? '&' : '?' )
. (
( $self->conf->{securedCookie} < 2 or $ssl )
? $self->conf->{cookieName} . "=" . $req->id
: $self->conf->{cookieName} . "http="
. $req->{sessionInfo}->{_httpSession}
);
# Create CDA session
if ( my $cdaSession =
$self->getApacheSession( undef, 1, undef, "CDA" ) )
{
my $cdaInfos = { '_utime' => time };
if ( $self->{conf}->{securedCookie} < 2 or $ssl ) {
$cdaInfos->{cookie_value} = $req->id;
$cdaInfos->{cookie_name} = $self->{conf}->{cookieName};
}
else {
$cdaInfos->{cookie_value} =
$req->{sessionInfo}->{_httpSession};
$cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";
}
$self->updateSession( $cdaInfos, $cdaSession->id );
$req->{urldc} .=
( $urldc =~ /\?/ ? '&' : '?' )
. $self->{conf}->{cookieName} . "cda="
. $cdaSession->id;
$self->lmLog( "CDA redirection to " . $req->{urldc}, 'debug' );
}
else {
$self->lmLog( "Unable to create CDA session", 'error' );
return PE_APACHESESSIONERROR;
}
}
PE_OK;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment