Commit 832d7d87 authored by Christophe Maudoux's avatar Christophe Maudoux

Fix AuthSSL with Choice (#1636)

parent f33697de
...@@ -25,6 +25,22 @@ sub _authCancel { ...@@ -25,6 +25,22 @@ sub _authCancel {
sub extractFormInfo { sub extractFormInfo {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
unless ( $self->checkChoice($req) ) { unless ( $self->checkChoice($req) ) {
foreach my $mod ( values %{ $self->modules } ) {
$self->logger->debug("Auth module -> $mod");
if ( $mod =~ /::Auth::SSL/
and $self->conf->{sslByAjax}
and not $req->param('nossl') )
{
$self->logger->debug('Send SSL javascript');
$req->data->{customScript}
.= '<script type="application/init">{"sslHost":"'
. $self->conf->{sslHost}
. '"}</script>';
$self->logger->debug(
"Send JS -> " . $req->data->{customScript} );
}
}
foreach my $mod ( values %{ $self->modules } ) { foreach my $mod ( values %{ $self->modules } ) {
if ( $mod->can('setSecurity') ) { if ( $mod->can('setSecurity') ) {
$mod->setSecurity($req); $mod->setSecurity($req);
......
...@@ -44,6 +44,7 @@ sub extractFormInfo { ...@@ -44,6 +44,7 @@ sub extractFormInfo {
'<script type="application/init">{"sslHost":"' '<script type="application/init">{"sslHost":"'
. $self->conf->{sslHost} . $self->conf->{sslHost}
. '"}</script>'; . '"}</script>';
$self->logger->debug("Send JS -> " . $req->data->{customScript});
return PE_FIRSTACCESS; return PE_FIRSTACCESS;
} }
else { else {
......
# Launch SSL request # Launch SSL request
tryssl = () -> tryssl = () ->
console.log 'Call URL -> ', window.datas.sslHost
$.ajax window.datas.sslHost, $.ajax window.datas.sslHost,
dataType: 'json' dataType: 'json'
# Called if browser can't find Kerberos ticket will display
# PE_BADCREDENTIALS # PE_BADCREDENTIALS
statusCode: statusCode:
401: () -> 401: () ->
$('#lform').submit() $('#lform').submit()
console.log 'Error code 401'
# If request succeed, cookie is set, posting form to get redirection # If request succeed, cookie is set, posting form to get redirection
# or menu # or menu
success: (data) -> success: (data) ->
$('#lform').submit() $('#lform').submit()
console.log 'Success -> ', data
# Case else, will display PE_BADCREDENTIALS or fallback to next auth # Case else, will display PE_BADCREDENTIALS or fallback to next auth
# backend # backend
error: () -> error: () ->
$('#lform').submit() $('#lform').submit()
console.log 'Error'
$(document).ready -> $(document).ready ->
$('.sslclick').on 'click', tryssl $('.sslclick').on 'click', tryssl
# Launch SSL request
tryssl = () ->
console.log 'Call URL -> ', window.datas.sslHost
$.ajax window.datas.sslHost,
dataType: 'json'
# PE_BADCREDENTIALS
statusCode:
401: () ->
$('#lformSSL').submit()
console.log 'Error code 401'
# If request succeed, cookie is set, posting form to get redirection
# or menu
success: (data) ->
$('#lformSSL').submit()
console.log 'Success -> ', data
# Case else, will display PE_BADCREDENTIALS or fallback to next auth
# backend
error: () ->
$('#lformSSL').submit()
console.log 'Error'
$(document).ready ->
$('.sslclick').on 'click', tryssl
// Generated by CoffeeScript 1.10.0 // Generated by CoffeeScript 1.12.7
(function() { (function() {
var tryssl; var tryssl;
tryssl = function() { tryssl = function() {
console.log('Call URL -> ', window.datas.sslHost);
return $.ajax(window.datas.sslHost, { return $.ajax(window.datas.sslHost, {
dataType: 'json', dataType: 'json',
statusCode: { statusCode: {
401: function() { 401: function() {
return $('#lform').submit(); $('#lform').submit();
return console.log('Error code 401');
} }
}, },
success: function(data) { success: function(data) {
return $('#lform').submit(); $('#lform').submit();
return console.log('Success -> ', data);
}, },
error: function() { error: function() {
return $('#lform').submit(); $('#lform').submit();
return console.log('Error');
} }
}); });
}; };
......
(function(){var a;a=function(){return $.ajax(window.datas.sslHost,{dataType:"json",statusCode:{401:function(){return $("#lform").submit()}},success:function(b){return $("#lform").submit()},error:function(){return $("#lform").submit()}})};$(document).ready(function(){return $(".sslclick").on("click",a)})}).call(this); (function(){var tryssl;tryssl=function(){console.log("Call URL -> ",window.datas.sslHost);return $.ajax(window.datas.sslHost,{dataType:"json",statusCode:{401:function(){$("#lform").submit();return console.log("Error code 401")}},success:function(data){$("#lform").submit();return console.log("Success -> ",data)},error:function(){$("#lform").submit();return console.log("Error")}})};$(document).ready(function(){return $(".sslclick").on("click",tryssl)})}).call(this);
\ No newline at end of file
// Generated by CoffeeScript 1.12.7
(function() {
var tryssl;
tryssl = function() {
console.log('Call URL -> ', window.datas.sslHost);
return $.ajax(window.datas.sslHost, {
dataType: 'json',
statusCode: {
401: function() {
$('#lformSSL').submit();
return console.log('Error code 401');
}
},
success: function(data) {
$('#lformSSL').submit();
return console.log('Success -> ', data);
},
error: function() {
$('#lformSSL').submit();
return console.log('Error');
}
});
};
$(document).ready(function() {
return $('.sslclick').on('click', tryssl);
});
}).call(this);
(function(){var tryssl;tryssl=function(){console.log("Call URL -> ",window.datas.sslHost);return $.ajax(window.datas.sslHost,{dataType:"json",statusCode:{401:function(){$("#lformSSL").submit();return console.log("Error code 401")}},success:function(data){$("#lformSSL").submit();return console.log("Success -> ",data)},error:function(){$("#lformSSL").submit();return console.log("Error")}})};$(document).ready(function(){return $(".sslclick").on("click",tryssl)})}).call(this);
...@@ -37,7 +37,7 @@ ...@@ -37,7 +37,7 @@
<div id="<TMPL_VAR NAME="key">"> <div id="<TMPL_VAR NAME="key">">
<form action="<TMPL_VAR NAME="url">" method="post" class="login <TMPL_VAR NAME="module">"> <form id="lform<TMPL_VAR NAME="module">" action="<TMPL_VAR NAME="url">" method="post" class="login <TMPL_VAR NAME="module">">
<!-- Hidden fields --> <!-- Hidden fields -->
<TMPL_VAR NAME="HIDDEN_INPUTS"> <TMPL_VAR NAME="HIDDEN_INPUTS">
...@@ -59,7 +59,7 @@ ...@@ -59,7 +59,7 @@
</TMPL_IF> </TMPL_IF>
<TMPL_IF NAME="sslform"> <TMPL_IF NAME="sslform">
<TMPL_INCLUDE NAME="sslform.tpl"> <TMPL_INCLUDE NAME="sslformChoice.tpl">
</TMPL_IF> </TMPL_IF>
<TMPL_IF NAME="logo"> <TMPL_IF NAME="logo">
......
<!-- //if:jsminified
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/ssl.min.js"></script>
//else -->
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/sslChoice.js"></script>
<!-- //endif -->
<div class="form">
<input type="hidden" name="nossl" value="1" />
<div class="sslclick">
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/modules/SSL.png" alt="<TMPL_VAR NAME="module">" class="img-thumbnail mb-3" />
</div>
<TMPL_INCLUDE NAME="checklogins.tpl">
<button type="submit" class="btn btn-success sslclick" >
<span class="fa fa-sign-in"></span>
<span trspan="connect">Connect</span>
</button>
</div>
...@@ -5,7 +5,7 @@ use IO::String; ...@@ -5,7 +5,7 @@ use IO::String;
require 't/test-lib.pm'; require 't/test-lib.pm';
my $res; my $res;
my $maintests = 12; my $maintests = 13;
eval { unlink 't/userdb.db' }; eval { unlink 't/userdb.db' };
...@@ -48,6 +48,8 @@ SKIP: { ...@@ -48,6 +48,8 @@ SKIP: {
dbiAuthPasswordHash => '', dbiAuthPasswordHash => '',
customAuth => '::Auth::Apache', customAuth => '::Auth::Apache',
customAddParams => {}, customAddParams => {},
sslByAjax => 1,
sslHost => 'https://authssl.example.com:19876'
} }
} }
); );
...@@ -63,9 +65,12 @@ SKIP: { ...@@ -63,9 +65,12 @@ SKIP: {
ok( $res->[2]->[0] =~ qr%<img src="/static/common/modules/SSL.png"%, ok( $res->[2]->[0] =~ qr%<img src="/static/common/modules/SSL.png"%,
'Found 5_ssl Logo' ) 'Found 5_ssl Logo' )
or print STDERR Dumper( $res->[2]->[0] ); or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<form action="https://test.example.com"%, ok( $res->[2]->[0] =~ m%<form id="lformDemo" action="https://test.example.com"%,
' Redirect URL found' ) ' Redirect URL found' )
or print STDERR Dumper( $res->[2]->[0] ); or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<script type="application/init">\{"sslHost":"https://authssl.example.com:19876"\}</script>%,
' SSL AJAX URL found' )
or print STDERR Dumper( $res->[2]->[0] );
my $header = getHeader( $res, 'Content-Security-Policy' ); my $header = getHeader( $res, 'Content-Security-Policy' );
ok( $header =~ m%;form-action \'self\' https://test.example.com;%, ok( $header =~ m%;form-action \'self\' https://test.example.com;%,
' CSP URL found' ) ' CSP URL found' )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment