Fix AuthSSL with Choice (#1636)

832d7d87 · Christophe Maudoux · f33697de · 832d7d87 · 832d7d87 · 832d7d87
Commit 832d7d87 authored Feb 01, 2019 by Christophe Maudoux
11 changed files
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Choice.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Choice.pm
@@ -25,6 +25,22 @@ sub _authCancel {
 sub extractFormInfo {
    my ( $self, $req ) = @_;
    unless ( $self->checkChoice($req) ) {
+        foreach my $mod ( values %{ $self->modules } ) {
+            $self->logger->debug("Auth module -> $mod");
+            if (    $mod =~ /::Auth::SSL/
+                and $self->conf->{sslByAjax}
+                and not $req->param('nossl') )
+            {
+                $self->logger->debug('Send SSL javascript');
+                $req->data->{customScript}
+                    .= '<script type="application/init">{"sslHost":"'
+                    . $self->conf->{sslHost}
+                    . '"}</script>';
+                $self->logger->debug(
+                    "Send JS -> " . $req->data->{customScript} );
+
+            }
+        }
        foreach my $mod ( values %{ $self->modules } ) {
            if ( $mod->can('setSecurity') ) {
                $mod->setSecurity($req);

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SSL.pm
@@ -44,6 +44,7 @@ sub extractFormInfo {
            '<script type="application/init">{"sslHost":"'
          . $self->conf->{sslHost}
          . '"}</script>';
+        $self->logger->debug("Send JS -> " . $req->data->{customScript});
        return PE_FIRSTACCESS;
    }
    else {

--- a/lemonldap-ng-portal/site/coffee/ssl.coffee
+++ b/lemonldap-ng-portal/site/coffee/ssl.coffee
 # Launch SSL request

 tryssl = () ->
+	console.log 'Call URL -> ', window.datas.sslHost
 	$.ajax window.datas.sslHost,
 		dataType: 'json'
-		# Called if browser can't find Kerberos ticket will display
 		# PE_BADCREDENTIALS
 		statusCode:
 			401: () ->
 				$('#lform').submit()
+				console.log 'Error code 401'
 		# If request succeed, cookie is set, posting form to get redirection
 		# or menu
 		success: (data) ->
 			$('#lform').submit()
+			console.log 'Success -> ', data
 		# Case else, will display PE_BADCREDENTIALS or fallback to next auth
 		# backend
 		error: () ->
 			$('#lform').submit()
-
+			console.log 'Error'
 $(document).ready ->
 	$('.sslclick').on 'click', tryssl
--- a/lemonldap-ng-portal/site/coffee/sslChoice.coffee
+++ b/lemonldap-ng-portal/site/coffee/sslChoice.coffee
+# Launch SSL request
+
+tryssl = () ->
+	console.log 'Call URL -> ', window.datas.sslHost
+	$.ajax window.datas.sslHost,
+		dataType: 'json'
+		# PE_BADCREDENTIALS
+		statusCode:
+			401: () ->
+				$('#lformSSL').submit()
+				console.log 'Error code 401'
+		# If request succeed, cookie is set, posting form to get redirection
+		# or menu
+		success: (data) ->
+			$('#lformSSL').submit()
+			console.log 'Success -> ', data
+		# Case else, will display PE_BADCREDENTIALS or fallback to next auth
+		# backend
+		error: () ->
+			$('#lformSSL').submit()
+			console.log 'Error'
+$(document).ready ->
+	$('.sslclick').on 'click', tryssl
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.js
-// Generated by CoffeeScript 1.10.0
+// Generated by CoffeeScript 1.12.7
 (function() {
  var tryssl;

  tryssl = function() {
+    console.log('Call URL -> ', window.datas.sslHost);
    return $.ajax(window.datas.sslHost, {
      dataType: 'json',
      statusCode: {
        401: function() {
-          return $('#lform').submit();
+          $('#lform').submit();
+          return console.log('Error code 401');
        }
      },
      success: function(data) {
-        return $('#lform').submit();
+        $('#lform').submit();
+        return console.log('Success -> ', data);
      },
      error: function() {
-        return $('#lform').submit();
+        $('#lform').submit();
+        return console.log('Error');
      }
    });
  };

--- a/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/ssl.min.js
-(function(){var a;a=function(){return $.ajax(window.datas.sslHost,{dataType:"json",statusCode:{401:function(){return $("#lform").submit()}},success:function(b){return $("#lform").submit()},error:function(){return $("#lform").submit()}})};$(document).ready(function(){return $(".sslclick").on("click",a)})}).call(this);
\ No newline at end of file
+(function(){var tryssl;tryssl=function(){console.log("Call URL -> ",window.datas.sslHost);return $.ajax(window.datas.sslHost,{dataType:"json",statusCode:{401:function(){$("#lform").submit();return console.log("Error code 401")}},success:function(data){$("#lform").submit();return console.log("Success -> ",data)},error:function(){$("#lform").submit();return console.log("Error")}})};$(document).ready(function(){return $(".sslclick").on("click",tryssl)})}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.js
+// Generated by CoffeeScript 1.12.7
+(function() {
+  var tryssl;
+
+  tryssl = function() {
+    console.log('Call URL -> ', window.datas.sslHost);
+    return $.ajax(window.datas.sslHost, {
+      dataType: 'json',
+      statusCode: {
+        401: function() {
+          $('#lformSSL').submit();
+          return console.log('Error code 401');
+        }
+      },
+      success: function(data) {
+        $('#lformSSL').submit();
+        return console.log('Success -> ', data);
+      },
+      error: function() {
+        $('#lformSSL').submit();
+        return console.log('Error');
+      }
+    });
+  };
+
+  $(document).ready(function() {
+    return $('.sslclick').on('click', tryssl);
+  });
+
+}).call(this);
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/sslChoice.min.js
+(function(){var tryssl;tryssl=function(){console.log("Call URL -> ",window.datas.sslHost);return $.ajax(window.datas.sslHost,{dataType:"json",statusCode:{401:function(){$("#lformSSL").submit();return console.log("Error code 401")}},success:function(data){$("#lformSSL").submit();return console.log("Success -> ",data)},error:function(){$("#lformSSL").submit();return console.log("Error")}})};$(document).ready(function(){return $(".sslclick").on("click",tryssl)})}).call(this);
--- a/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/login.tpl
@@ -37,7 +37,7 @@

        <div id="<TMPL_VAR NAME="key">">

-          <form action="<TMPL_VAR NAME="url">" method="post" class="login <TMPL_VAR NAME="module">">
+          <form id="lform<TMPL_VAR NAME="module">" action="<TMPL_VAR NAME="url">" method="post" class="login <TMPL_VAR NAME="module">">

            <!-- Hidden fields -->
            <TMPL_VAR NAME="HIDDEN_INPUTS">
@@ -59,7 +59,7 @@
            </TMPL_IF>

            <TMPL_IF NAME="sslform">
-              <TMPL_INCLUDE NAME="sslform.tpl">
+              <TMPL_INCLUDE NAME="sslformChoice.tpl">
            </TMPL_IF>

            <TMPL_IF NAME="logo">

--- a/lemonldap-ng-portal/site/templates/bootstrap/sslformChoice.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/sslformChoice.tpl
+<!-- //if:jsminified
+<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/ssl.min.js"></script>
+//else -->
+<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/sslChoice.js"></script>
+<!-- //endif -->
+
+<div class="form">
+  <input type="hidden" name="nossl" value="1" />
+  <div class="sslclick">
+    <img src="<TMPL_VAR NAME="STATIC_PREFIX">common/modules/SSL.png" alt="<TMPL_VAR NAME="module">" class="img-thumbnail mb-3" />
+  </div>
+
+  <TMPL_INCLUDE NAME="checklogins.tpl">
+
+  <button type="submit" class="btn btn-success sslclick" >
+    <span class="fa fa-sign-in"></span>
+    <span trspan="connect">Connect</span>
+  </button>
+</div>
--- a/lemonldap-ng-portal/t/28-AuthChoice-with-rules.t
+++ b/lemonldap-ng-portal/t/28-AuthChoice-with-rules.t
@@ -5,7 +5,7 @@ use IO::String;
 require 't/test-lib.pm';

 my $res;
-my $maintests = 12;
+my $maintests = 13;

 eval { unlink 't/userdb.db' };

@@ -48,6 +48,8 @@ SKIP: {
                dbiAuthPasswordHash => '',
                customAuth          => '::Auth::Apache',
                customAddParams     => {},
+                sslByAjax           => 1,
+                sslHost             => 'https://authssl.example.com:19876'
            }
        }
    );
@@ -63,9 +65,12 @@ SKIP: {
    ok( $res->[2]->[0] =~ qr%<img src="/static/common/modules/SSL.png"%,
        'Found 5_ssl Logo' )
      or print STDERR Dumper( $res->[2]->[0] );
-    ok( $res->[2]->[0] =~ m%<form action="https://test.example.com"%,
+    ok( $res->[2]->[0] =~ m%<form id="lformDemo" action="https://test.example.com"%,
        ' Redirect URL found' )
      or print STDERR Dumper( $res->[2]->[0] );
+    ok( $res->[2]->[0] =~ m%<script type="application/init">\{"sslHost":"https://authssl.example.com:19876"\}</script>%,
+        ' SSL AJAX URL found' )
+      or print STDERR Dumper( $res->[2]->[0] );
    my $header = getHeader( $res, 'Content-Security-Policy' );
    ok( $header =~ m%;form-action \'self\'  https://test.example.com;%,
        ' CSP URL found' )