Commit 697882bd authored by Christophe Maudoux's avatar Christophe Maudoux

WIP - checkUser plugin skeleton (#1658)

parent ac5007fd
......@@ -28,6 +28,7 @@ sub defaultValues {
'casAccessControlPolicy' => 'none',
'casAuthnLevel' => 1,
'checkTime' => 600,
'checkUser' => 1,
'checkXSS' => 1,
'confirmFormMethod' => 'post',
'cookieName' => 'lemonldap',
......
......@@ -767,6 +767,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
'default' => 600,
'type' => 'int'
},
'checkUser' => {
'default' => 1,
'type' => 'bool'
},
'checkXSS' => {
'default' => 1,
'type' => 'bool'
......
......@@ -578,6 +578,12 @@ sub attributes {
documentation => 'Enable Cross Domain Authentication',
flags => 'hp',
},
checkUser => {
default => 1,
type => 'bool',
documentation => 'Enable Check user',
flags => 'p',
},
checkXSS => {
default => 1,
type => 'bool',
......
......@@ -25,6 +25,7 @@ our @pList = (
autoSigninRules => '::Plugins::AutoSignin',
checkState => '::Plugins::CheckState',
portalForceAuthn => '::Plugins::ForceAuthn',
checkUser => '::Plugins::CheckUser',
);
##@method list enabledPlugins
......
package Lemonldap::NG::Portal::Plugins::CheckUser;
use Data::Dumper;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_CONFIRM
PE_OK
PE_TOKENEXPIRED
PE_USERNOTFOUND
);
our $VERSION = '2.0.3';
extends 'Lemonldap::NG::Portal::Main::Plugin';
# INITIALIZATION
has ott => (
is => 'rw',
lazy => 1,
default => sub {
my $ott = $_[0]->{p}
->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->{conf}->{formTimeout} );
return $ott;
}
);
sub init {
my ($self) = @_;
$self->addAuthRoute( checkuser => 'check', [ 'GET', 'POST' ] );
return 1;
}
# RUNNING METHOD
sub check {
my ( $self, $req ) = @_;
my $hdrs = my $attrs = {};
my $auth = 0;
my $msg = 'checkUser';
## Check user attributes
# Use submitted attribute if exists
$req->{user} = $req->param('user') if ( $req->param('user') );
$attrs = $self->_attributes($req);
if ( $req->error ) {
$msg = 'PE' . $req->{error};
$attrs = {};
}
# Check if user is allowed to access submitted URL and compute headers
if ( $req->param('url') ) {
# Return VirtualHost headers
$hdrs = $self->_headers($req);
# User is allowed ?
$auth = $self->_authorized($req);
}
# Display form
return $self->p->sendHtml(
$req,
'checkuser',
params => {
MAIN_LOGO => $self->conf->{portalMainLogo},
LANGS => $self->conf->{showLanguages},
MSG => $msg,
HEADERS => %$hdrs,
ATTRIBUTES => %$attrs,
ALLOWED => $auth,
PORTAL => $self->conf->{portal},
}
);
}
sub _attributes {
my ( $self, $req ) = @_;
# Search user in database
$req->steps(
[ 'getUser', 'setSessionInfo',
'setMacros', 'setGroups',
'setPersistentSessionInfo', 'setLocalGroups'
]
);
if ( my $error = $self->p->process($req) ) {
if ( $error == PE_USERNOTFOUND ) {
$self->userLogger->warn( "Check asked for an unvalid user ("
. $req->param('user')
. ")" );
}
return $req->error($error);
}
return $req->{sessionInfo};
}
sub _headers {
my ( $self, $req ) = @_;
return {};
}
sub _authorized {
my ( $self, $req ) = @_;
return 1;
}
1;
<TMPL_INCLUDE NAME="header.tpl">
<div id="errorcontent" class="container">
<div class="message message-positive alert"><span trspan="<TMPL_VAR NAME="MSG">"></span></div>
<form id="checkuser" action="/checkuser" method="post" class="password" role="form">
<!--
<input type="hidden" name="confirm" value="<TMPL_VAR NAME="CONFIRMKEY">">
<input type="hidden" name="url" value="<TMPL_VAR NAME="URL">">
-->
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-user"></i> </span>
</div>
<input name="user" type="text" class="form-control" value="<TMPL_VAR NAME="LOGIN">" trplaceholder="user" aria-required="true"/>
</div>
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-link"></i> </span>
</div>
<input name="url" type="text" class="form-control" trplaceholder="URL" aria-required="true"/>
</div>
<div class="buttons">
<button type="submit" class="btn btn-success">
<span class="fa fa-sign-in"></span>
<span trspan="checkUser">Check user</span>
</button>
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
<span class="fa fa-home"></span>
<span trspan="goToPortal">Go to portal</span>
</a>
</div>
</form>
</div>
<TMPL_INCLUDE NAME="footer.tpl">
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment