Commit 081699b2 authored by Xavier Guimard's avatar Xavier Guimard

AutoSignin works now (#1318)

TODO: doc
parent f567d169
......@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "llng-fastcgi-server 1"
.TH llng-fastcgi-server 1 "2017-10-20" "perl v5.26.0" "User Contributed Perl Documentation"
.TH llng-fastcgi-server 1 "2017-10-26" "perl v5.26.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
......@@ -23,7 +23,7 @@ use constant HANDLERSECTION => "handler";
use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|c(?:as(?:S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions)|A(?:ppMetaData(?:(?:ExportedVar|Option)s|Node)|ttributes))|(?:ustomAddParam|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
......
......@@ -22,7 +22,7 @@ our $specialNodeHash = {
};
our $doubleHashKeys = 'issuerDBGetParameters';
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|c(?:as(?:StorageOption|Attribute)|ustomAddParam|ombModule)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|S(?:MTPTLSOpts|SLVarIf))';
our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaDataNode|virtualHost)s';
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:Servic|Rul)e|ExportedVars)';
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|Gateway|Renew|Icon|Url)|ExportedVars)';
......
......@@ -604,6 +604,9 @@ sub attributes {
'AuthLDAPFilter' => {
'type' => 'text'
},
'autoSigninRules' => {
'type' => 'keyTextContainer'
},
'captcha_login_enabled' => {
'default' => 0,
'type' => 'bool'
......
......@@ -1108,6 +1108,12 @@ sub attributes {
'List of attributes to export by SOAP or REST servers',
},
# AutoSignin
autoSigninRules => {
type => 'keyTextContainer',
documentation => 'List of auto signin rules',
},
## Virtualhosts
# Fake attribute: used by manager REST API to agglomerate all other
......@@ -1145,7 +1151,7 @@ sub attributes {
},
msgFail => '__badExpression__',
},
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
keyMsgFail => '__badHostname__',
default => {
default => 'deny',
......@@ -1153,9 +1159,9 @@ sub attributes {
documentation => 'Virtualhost rules',
},
exportedHeaders => {
type => 'keyTextContainer',
help => 'writingrulesand_headers.html#headers',
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
type => 'keyTextContainer',
help => 'writingrulesand_headers.html#headers',
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
keyMsgFail => '__badHostname__',
test => {
keyTest => qr/^(?=[^\-])[\w\-]+(?<=[^-])$/,
......@@ -1174,10 +1180,10 @@ sub attributes {
documentation => 'Virtualhost headers',
},
post => {
type => 'postContainer',
help => 'formreplay.html',
test => sub { 1 },
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
type => 'postContainer',
help => 'formreplay.html',
test => sub { 1 },
keyTest => qr/^(?:\*\.)?$Regexp::Common::URI::RFC2396::hostname$/,
keyMsgFail => '__badHostname__',
documentation => 'Virtualhost urls/Datas to post',
},
......
......@@ -631,6 +631,11 @@ sub tree {
]
},
'upgradeSession',
{
title => 'autoSignin',
help => 'autoSignin.html',
nodes => ['autoSigninRules'],
},
{
title => 'u2f',
help => 'u2f.html',
......
......@@ -63,6 +63,8 @@
"authorizedValues": "القيم المعتمدة",
"authParams": "معايير إثبات الهوية",
"auto": "تلقائي",
"autoSignin": "Auto Signin",
"autoSigninRules": "Rules",
"backtoportal": "العودة إلى البوابة",
"badCasProxyId": "معرف خدمة بروكسي كاس غير صالح",
"badChoiceKey": "اسم مفتاح سيئ في قائمة الاختيارات",
......
......@@ -63,6 +63,8 @@
"authorizedValues": "Authorized values",
"authParams": "Authentication parameters",
"auto": "Automatic",
"autoSignin": "Auto Signin",
"autoSigninRules": "Rules",
"backtoportal": "Back to portal",
"badCasProxyId": "Bad CAS proxied service identifier",
"badChoiceKey": "Bad key name in Choice menu",
......
......@@ -63,6 +63,8 @@
"authorizedValues": "Valeurs autorisées",
"authParams": "Paramètres d'authentification",
"auto": "Automatique",
"autoSignin": "Connexion automatique",
"autoSigninRules": "Règles",
"backtoportal": "Retour au portail",
"badCasProxyId": "Mauvais identifiant de service proxy CAS",
"badChoiceKey": "Mauvais nom de clef dans le menu Choice",
......
......@@ -63,6 +63,8 @@
"authorizedValues": "Valori autorizzati",
"authParams": "Parametri di autenticazione",
"auto": "Automatico",
"autoSignin": "Auto Signin",
"autoSigninRules": "Rules",
"backtoportal": "Torna al portale",
"badCasProxyId": "Identificatore di servizio difettoso CAS proxy",
"badChoiceKey": "Nome chiave errato nel menu Scelta",
......
......@@ -63,6 +63,8 @@
"authorizedValues": "Các giá trị được ủy quyền",
"authParams": "Thông số xác thực",
"auto": "Tự động",
"autoSignin": "Auto Signin",
"autoSigninRules": "Rules",
"backtoportal": "Quay lại cổng thông tin",
"badCasProxyId": "Dịch vụ định danh đệm bởi CAS không hợp lệ",
"badChoiceKey": "Tên khoá không hợp lệ trong trình đơn Chọn",
......
......@@ -332,6 +332,7 @@ t/23-Auth-and-password-REST.t
t/24-AuthApache.t
t/24-AuthKerberos.t
t/25-AuthSlave.t
t/25-AutoSignin.t
t/26-AuthRemote.t
t/27-AuthProxy.t
t/28-AuthChoice.t
......
......@@ -24,6 +24,7 @@ our @pList = (
stayConnected => '::Plugins::StayConnected',
grantSessionRule => '::Plugins::GrantSession',
upgradeSession => '::Plugins::Upgrade',
autoSigninRules => '::Plugins::AutoSignin',
);
##@method list enabledPlugins
......
......@@ -21,17 +21,16 @@ has rules => ( is => 'rw', default => sub { [] } );
sub init {
my ($self) = @_;
if ( my $rules = $self->conf->{autoLoginRules} ) {
if ( my $rules = $self->conf->{autoSigninRules} ) {
my $safe = Safe->new;
foreach my $r ( sort keys %$rules ) {
my $sub = $safe->reval("sub{my(\$env)=\@_;return ($r)}");
foreach my $id ( sort keys %$rules ) {
my $sub = $safe->reval('sub{my($env)=@_;return ('.$rules->{$id}.')}');
if ($@) {
$self->error(qq'Bad Autologin rule "$r": $@');
$self->error('Bad Autologin rule "'.$rules->{$id}.': $@');
return 0;
}
my $name = $rules->{$r};
$name =~ s/^\s*([\w\-\@]+)\s*/$1/;
push @{ $self->rules }, [ $sub, $name ];
$id =~ s/^\s*([\w\-\@]+)\s*/$1/;
push @{ $self->rules }, [ $sub, $id ];
}
}
return 1;
......@@ -44,12 +43,14 @@ sub check {
foreach ( @{ $self->rules } ) {
my ( $test, $name ) = @$_;
$self->logger->debug("Autosignin: testing user $name");
if ( $test->( $req->env ) ) {
$req->user($name);
my @steps =
grep { !ref $_ and $_ !~ /^(?:extractFormInfo|authenticate)$/ }
@{ $req->steps };
$req->steps( \@steps );
$self->userLogger->notice("Autosignin for $name");
return PE_OK;
}
}
......
use Test::More;
use strict;
require 't/test-lib.pm';
my $res;
my $client = LLNG::Manager::Test->new(
{
ini => {
logLevel => 'error',
authentication => 'Demo',
userDB => 'Same',
autoSigninRules => {
dwho => '$env->{REMOTE_ADDR} =~ /^127/',
},
}
}
);
ok( $res = $client->_get( '/', ), 'Auth query' );
count(1);
expectOK($res);
my $id = expectCookie($res);
ok( $res = $client->_get( '/', ip => '192.168.1.1' ), 'Bad query' );
count(1);
expectReject($res);
clean_sessions();
done_testing( count() );
......@@ -334,10 +334,12 @@ sub _get {
'Mozilla/5.0 (VAX-4000; rv:36.0) Gecko/20350101 Firefox',
'PATH_INFO' => $path,
( $args{referer} ? ( REFERER => $args{referer} ) : () ),
'REMOTE_ADDR' => '127.0.0.1',
(
$args{remote_user}
? ( 'REMOTE_USER' => $args{remote_user} )
$args{ip} ? ( 'REMOTE_ADDR' => $args{ip} )
: ( 'REMOTE_ADDR' => '127.0.0.1' )
),
(
$args{remote_user} ? ( 'REMOTE_USER' => $args{remote_user} )
: ()
),
'REQUEST_METHOD' => $args{method} || 'GET',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment