Commit 439dc6dc authored by Yadd's avatar Yadd

SOAP SLO response OK for Auth/SAML (#595)

parent f1ef6e89
...@@ -5,7 +5,7 @@ use Mouse; ...@@ -5,7 +5,7 @@ use Mouse;
our $VERSION = '2.0.0'; our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Common::Module'; extends 'Lemonldap::NG::Portal::Main::Plugin';
# PROPERTIES # PROPERTIES
......
...@@ -18,6 +18,7 @@ use Lemonldap::NG::Portal::Main::Constants qw( ...@@ -18,6 +18,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
PE_SAML_SLO_ERROR PE_SAML_SLO_ERROR
PE_SAML_SSO_ERROR PE_SAML_SSO_ERROR
PE_SAML_UNKNOWN_ENTITY PE_SAML_UNKNOWN_ENTITY
PE_SENDRESPONSE
); );
use Lemonldap::NG::Common::Conf::SAML::Metadata; use Lemonldap::NG::Common::Conf::SAML::Metadata;
...@@ -599,7 +600,7 @@ sub extractFormInfo { ...@@ -599,7 +600,7 @@ sub extractFormInfo {
my $real_session = $sessionInfo->data->{_saml_id}; my $real_session = $sessionInfo->data->{_saml_id};
my $ssoSession = my $ssoSession =
$self->getApacheSession( $real_session, 1 ); $self->p->getApacheSession( $real_session, 1 );
# Get Lasso::Session dump # Get Lasso::Session dump
# This value is erased if a next session match the SLO request # This value is erased if a next session match the SLO request
...@@ -616,7 +617,7 @@ sub extractFormInfo { ...@@ -616,7 +617,7 @@ sub extractFormInfo {
# Delete real session # Delete real session
my $del_real_result = my $del_real_result =
$self->_deleteSession($ssoSession); $self->p->_deleteSession( $req, $ssoSession );
$self->lmLog( $self->lmLog(
"Delete real session $real_session result: $del_real_result", "Delete real session $real_session result: $del_real_result",
...@@ -738,16 +739,18 @@ sub extractFormInfo { ...@@ -738,16 +739,18 @@ sub extractFormInfo {
$self->lmLog( "SOAP response $slo_body", 'debug' ); $self->lmLog( "SOAP response $slo_body", 'debug' );
$req->datas->{SOAPMessage} = $slo_body; $req->response(
[
# TODO: check this 200,
$req->steps( ['returnSOAPMessage'] ); [
return PE_OK; 'Content-Type' => 'application/xml',
'Content-Length' => length($slo_body)
],
[$slo_body]
]
);
# If we are here, there was a problem with SOAP response return PE_SENDRESPONSE;
$self->lmLog( "Logout response was not sent trough SOAP",
'error' );
return PE_SAML_SLO_ERROR;
} }
} }
......
...@@ -1460,6 +1460,41 @@ sub getMetaDataURL { ...@@ -1460,6 +1460,41 @@ sub getMetaDataURL {
return $uri->path(); return $uri->path();
} }
sub getRouteFromMetaDataURL {
my ( $self, $key, $index, $sub ) = @_;
my $uri = $self->getMetaDataURL( $key, $index, 0 );
unless ( $uri =~ m#^/\w# ) {
$self->lmLog( "$key has no index $index", 'debug' );
return undef;
}
my @t = grep /\w/, split( /\//, $uri );
my $h = { pop(@t) => $sub };
while ( my $s = pop @t ) {
$h = { $s => $h };
}
return %$h;
}
sub addRouteFormMetaDataURL {
my ( $self, @args ) = @_;
$self->addAuthRouteFormMetaDataURL(@args);
$self->addUnauthRouteFormMetaDataURL(@args);
}
sub addAuthRouteFormMetaDataURL {
my ( $self, $key, $index, $sub, $methods ) = @_;
my %route = $self->getRouteFromMetaDataURL( $key, $index, $sub );
return unless (%route);
$self->addAuthRoute( %route, $methods );
}
sub addUnauthRouteFormMetaDataURL {
my ( $self, $key, $index, $sub, $methods ) = @_;
my %route = $self->getRouteFromMetaDataURL( $key, $index, $sub );
return unless (%route);
$self->addUnauthRoute( %route, $methods );
}
## @method boolean processLogoutResponseMsg(Lasso::Logout logout, string response) ## @method boolean processLogoutResponseMsg(Lasso::Logout logout, string response)
# Process logout response message # Process logout response message
# @param logout Lasso::Logout object # @param logout Lasso::Logout object
......
...@@ -9,8 +9,7 @@ use constant { ...@@ -9,8 +9,7 @@ use constant {
# Portal errors # Portal errors
# Developers warning, do not use PE_INFO, it's reserved to autoRedirect. # Developers warning, do not use PE_INFO, it's reserved to autoRedirect.
# If you want to send an information, use $self->info('text'). # If you want to send an information, use $self->info('text').
PE_IMG_NOK => -5, PE_SENDRESPONSE => -4,
PE_IMG_OK => -4,
PE_INFO => -3, PE_INFO => -3,
PE_REDIRECT => -2, PE_REDIRECT => -2,
PE_DONE => -1, PE_DONE => -1,
...@@ -122,7 +121,7 @@ use constant { ...@@ -122,7 +121,7 @@ use constant {
}; };
# EXPORTER PARAMETERS # EXPORTER PARAMETERS
our @EXPORT_OK = qw( PE_IMG_NOK PE_IMG_OK PE_INFO PE_REDIRECT PE_DONE PE_OK our @EXPORT_OK = qw( PE_SENDRESPONSE PE_INFO PE_REDIRECT PE_DONE PE_OK
PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND
PE_BADCREDENTIALS PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_BADCREDENTIALS PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR
PE_FIRSTACCESS PE_BADCERTIFICATE PE_PP_ACCOUNT_LOCKED PE_PP_PASSWORD_EXPIRED PE_FIRSTACCESS PE_BADCERTIFICATE PE_PP_ACCOUNT_LOCKED PE_PP_PASSWORD_EXPIRED
......
...@@ -41,7 +41,7 @@ sub restoreArgs { ...@@ -41,7 +41,7 @@ sub restoreArgs {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
$req->parseBody; $req->parseBody;
$req->mustRedirect(1); $req->mustRedirect(1);
return ( %{ $req->params } ? PE_OK : PE_FORMEMPTY ); return PE_OK;
} }
sub importHandlerDatas { sub importHandlerDatas {
......
...@@ -41,6 +41,9 @@ has user => ( is => 'rw' ); ...@@ -41,6 +41,9 @@ has user => ( is => 'rw' );
# Response cookies (list of strings built by cookie()) # Response cookies (list of strings built by cookie())
has respCookies => ( is => 'rw' ); has respCookies => ( is => 'rw' );
# Embedded response
has response => ( is => 'rw' );
# Template to display (if not defined, login or menu) # Template to display (if not defined, login or menu)
has template => ( is => 'rw' ); has template => ( is => 'rw' );
......
...@@ -124,6 +124,9 @@ sub do { ...@@ -124,6 +124,9 @@ sub do {
my $err = $req->error( $self->process($req) ); my $err = $req->error( $self->process($req) );
# TODO: updateStatus # TODO: updateStatus
if ( $err == PE_SENDRESPONSE ) {
return $req->response;
}
if ( !$self->conf->{noAjaxHook} and $req->wantJSON ) { if ( !$self->conf->{noAjaxHook} and $req->wantJSON ) {
if ( $err > 0 and !%{ $req->sessionInfo } ) { if ( $err > 0 and !%{ $req->sessionInfo } ) {
return [ return [
......
...@@ -148,18 +148,18 @@ sub LWP::UserAgent::request { ...@@ -148,18 +148,18 @@ sub LWP::UserAgent::request {
), ),
'Execute request' 'Execute request'
); );
#ok( ( $res->[0] == 200 or $res->[0] == 400 ), 'Response is 200 or 400' ) ok( ( $res->[0] == 200 or $res->[0] == 400 ), 'Response is 200 or 400' )
# or explain( $res->[0], "200 or 400" ); or explain( $res->[0], "200 or 400" );
#ok( $issuer->getHeader( $res, 'Content-Type' ) =~ m#^application/xml#, ok( $issuer->getHeader( $res, 'Content-Type' ) =~ m#^application/xml#,
# 'Content is XML' ) 'Content is XML' )
# or explain( $res->[1], 'Content-Type => application/xml' ); or explain( $res->[1], 'Content-Type => application/xml' );
my $httpResp = HTTP::Response->new( $res->[0], 'OK' ); my $httpResp = HTTP::Response->new( $res->[0], 'OK' );
while ( my $name = shift @{ $res->[1] } ) { while ( my $name = shift @{ $res->[1] } ) {
$httpResp->header( $name, shift( @{ $res->[1] } ) ); $httpResp->header( $name, shift( @{ $res->[1] } ) );
} }
$httpResp->content( join( '', @{ $res->[2] } ) ); $httpResp->content( join( '', @{ $res->[2] } ) );
count(2); count(4);
return $httpResp; return $httpResp;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment