Display.pm 21.6 KB
Newer Older
Yadd's avatar
Yadd committed
1
2
3
4
## @file
# Display functions for LemonLDAP::NG Portal
package Lemonldap::NG::Portal::Main::Display;

Yadd's avatar
Yadd committed
5
our $VERSION = '2.0.2';
Yadd's avatar
Yadd committed
6
7
8

package Lemonldap::NG::Portal::Main;
use strict;
Yadd's avatar
Yadd committed
9
use Mouse;
10
use JSON;
11
use Data::Dumper;
Yadd's avatar
Yadd committed
12

Yadd's avatar
Yadd committed
13
14
15
16
17
18
has skinRules => ( is => 'rw' );

sub displayInit {
    my ($self) = @_;
    $self->skinRules( [] );
    if ( $self->conf->{portalSkinRules} ) {
Clément OUDOT's avatar
Clément OUDOT committed
19
        foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) {
Yadd's avatar
Yadd committed
20
21
22
            my $sub = HANDLER->buildSub( HANDLER->substitute($skinRule) );
            if ($sub) {
                push @{ $self->skinRules },
Clément OUDOT's avatar
Clément OUDOT committed
23
                  [ $self->conf->{portalSkinRules}->{$skinRule}, $sub ];
Yadd's avatar
Yadd committed
24
25
            }
            else {
Yadd's avatar
Yadd committed
26
                $self->logger->error(
Yadd's avatar
Yadd committed
27
                    qq(Skin rule "$skinRule" returns an error: )
Clément OUDOT's avatar
Clément OUDOT committed
28
                      . HANDLER->tsv->{jail}->error );
Yadd's avatar
Yadd committed
29
30
31
32
33
            }
        }
    }
}

Yadd's avatar
Yadd committed
34
35
36
37
38
39
# Call portal process and set template parameters
# @return template name and template parameters
sub display {
    my ( $self, $req ) = @_;

    my $skin_dir = $self->conf->{templatesDir};
Yadd's avatar
Yadd committed
40
    my ( $skinfile, %templateParams );
Yadd's avatar
Yadd committed
41

Yadd's avatar
Yadd committed
42
    # 1. Authentication not complete
Yadd's avatar
Yadd committed
43

Yadd's avatar
Yadd committed
44
    # 1.1 A notification has to be done (session is created but hidden and
Yadd's avatar
Yadd committed
45
    #     unusable until the user has accept the message)
Yadd's avatar
Yadd committed
46
    if ( my $notif = $req->data->{notification} ) {
Yadd's avatar
Yadd committed
47
        $self->logger->debug('Display: notification detected');
Yadd's avatar
Yadd committed
48
49
        $skinfile       = 'notification';
        %templateParams = (
50
            MAIN_LOGO       => $self->conf->{portalMainLogo},
51
            LANGS           => $self->conf->{showLanguages},
Yadd's avatar
Yadd committed
52
53
            AUTH_ERROR_TYPE => $req->error_type,
            NOTIFICATION    => $notif,
Yadd's avatar
Yadd committed
54
            HIDDEN_INPUTS   => $self->buildHiddenForm($req),
Yadd's avatar
Yadd committed
55
            AUTH_URL        => $req->{data}->{_url},
Yadd's avatar
Yadd committed
56
            CHOICE_PARAM    => $self->conf->{authChoiceParam},
Yadd's avatar
Yadd committed
57
            CHOICE_VALUE    => $req->data->{_authChoice},
Clément OUDOT's avatar
Clément OUDOT committed
58
59
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
60
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Yadd's avatar
Yadd committed
61
62
                : ()
            ),
Yadd's avatar
Yadd committed
63
64
65
        );
    }

Clément OUDOT's avatar
Clément OUDOT committed
66
    # 1.2a An authentication (or userDB) module needs to ask a question
Yadd's avatar
Yadd committed
67
68
    #     before processing to the request
    elsif ( $req->{error} == PE_CONFIRM ) {
Yadd's avatar
Yadd committed
69
        $self->logger->debug('Display: confirm detected');
Yadd's avatar
Yadd committed
70
71
        $skinfile       = 'confirm';
        %templateParams = (
72
            MAIN_LOGO       => $self->conf->{portalMainLogo},
73
            LANGS           => $self->conf->{showLanguages},
Yadd's avatar
Yadd committed
74
75
            AUTH_ERROR      => $req->error,
            AUTH_ERROR_TYPE => $req->error_type,
Yadd's avatar
Yadd committed
76
            AUTH_URL        => $req->{data}->{_url},
Yadd's avatar
Yadd committed
77
            MSG             => $req->info,
Yadd's avatar
Yadd committed
78
            HIDDEN_INPUTS   => $self->buildHiddenForm($req),
Yadd's avatar
Yadd committed
79
            ACTIVE_TIMER    => $req->data->{activeTimer},
Yadd's avatar
Yadd committed
80
81
            FORM_METHOD     => $self->conf->{confirmFormMethod},
            CHOICE_PARAM    => $self->conf->{authChoiceParam},
Yadd's avatar
Yadd committed
82
            CHOICE_VALUE    => $req->data->{_authChoice},
Yadd's avatar
Yadd committed
83
            CHECK_LOGINS    => $self->conf->{portalCheckLogins}
Clément OUDOT's avatar
Clément OUDOT committed
84
              && $req->data->{login},
Yadd's avatar
Yadd committed
85
            ASK_LOGINS => $req->param('checkLogins') || 0,
Yadd's avatar
Yadd committed
86
            CONFIRMKEY => $self->stamp(),
Yadd's avatar
Yadd committed
87
            REMEMBER   => $req->data->{confirmRemember},
Clément OUDOT's avatar
Clément OUDOT committed
88
89
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
90
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Clément OUDOT's avatar
Clément OUDOT committed
91
92
93
94
95
96
97
98
99
100
101
                : ()
            ),
        );
    }

    # 1.2b An authentication (or userDB) module needs to ask a question
    #     before processing to the request
    elsif ( $req->{error} == PE_IDPCHOICE ) {
        $self->logger->debug('Display: IDP choice detected');
        $skinfile       = 'idpchoice';
        %templateParams = (
102
            MAIN_LOGO       => $self->conf->{portalMainLogo},
103
            LANGS           => $self->conf->{showLanguages},
Clément OUDOT's avatar
Clément OUDOT committed
104
105
            AUTH_ERROR      => $req->error,
            AUTH_ERROR_TYPE => $req->error_type,
Yadd's avatar
Yadd committed
106
            AUTH_URL        => $req->{data}->{_url},
Clément OUDOT's avatar
Clément OUDOT committed
107
            HIDDEN_INPUTS   => $self->buildHiddenForm($req),
Yadd's avatar
Yadd committed
108
            ACTIVE_TIMER    => $req->data->{activeTimer},
Clément OUDOT's avatar
Clément OUDOT committed
109
110
            FORM_METHOD     => $self->conf->{confirmFormMethod},
            CHOICE_PARAM    => $self->conf->{authChoiceParam},
Yadd's avatar
Yadd committed
111
            CHOICE_VALUE    => $req->data->{_authChoice},
Clément OUDOT's avatar
Clément OUDOT committed
112
            CHECK_LOGINS    => $self->conf->{portalCheckLogins}
Clément OUDOT's avatar
Clément OUDOT committed
113
              && $req->data->{login},
Clément OUDOT's avatar
Clément OUDOT committed
114
115
            ASK_LOGINS => $req->param('checkLogins') || 0,
            CONFIRMKEY => $self->stamp(),
Yadd's avatar
Yadd committed
116
            LIST       => $req->data->{list} || [],
Yadd's avatar
Yadd committed
117
            REMEMBER   => $req->data->{confirmRemember},
Clément OUDOT's avatar
Clément OUDOT committed
118
119
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
120
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Yadd's avatar
Yadd committed
121
122
                : ()
            ),
Yadd's avatar
Yadd committed
123
124
125
        );
    }

Yadd's avatar
Yadd committed
126
127
    # 1.3 There is a message to display
    elsif ( my $info = $req->info ) {
Yadd's avatar
Yadd committed
128
        $self->logger->debug('Display: info detected');
129
130
        $self->logger->debug(
            'Hidden values -> ' . Dumper( $req->{portalHiddenFormValues} ) );
Yadd's avatar
Yadd committed
131
132
        $skinfile       = 'info';
        %templateParams = (
133
            MAIN_LOGO       => $self->conf->{portalMainLogo},
134
            LANGS           => $self->conf->{showLanguages},
Yadd's avatar
Yadd committed
135
136
137
138
            AUTH_ERROR      => $self->error,
            AUTH_ERROR_TYPE => $req->error_type,
            MSG             => $info,
            URL             => $req->{urldc},
Yadd's avatar
Yadd committed
139
            HIDDEN_INPUTS   => $self->buildHiddenForm($req),
Yadd's avatar
Yadd committed
140
            ACTIVE_TIMER    => $req->data->{activeTimer},
Yadd's avatar
Yadd committed
141
142
            FORM_METHOD     => $self->conf->{infoFormMethod},
            CHOICE_PARAM    => $self->conf->{authChoiceParam},
Yadd's avatar
Yadd committed
143
            CHOICE_VALUE    => $req->data->{_authChoice},
Clément OUDOT's avatar
Clément OUDOT committed
144
145
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
146
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Yadd's avatar
Yadd committed
147
148
                : ()
            ),
Yadd's avatar
Yadd committed
149
150
151
        );
    }

Yadd's avatar
Yadd committed
152
    # 1.4 OpenID menu page
Yadd's avatar
Yadd committed
153
154
155
156
    elsif ($req->{error} == PE_OPENID_EMPTY
        or $req->{error} == PE_OPENID_BADID )
    {
        $skinfile = 'openid';
Yadd's avatar
Yadd committed
157
158
        my $p = $self->conf->{portal} . $self->conf->{issuerDBOpenIDPath};
        $p =~ s#(?<!:)/?\^?/#/#g;
Yadd's avatar
Yadd committed
159
        my $id = $req->{sessionInfo}
Clément OUDOT's avatar
Clément OUDOT committed
160
          ->{ $self->conf->{openIdAttr} || $self->conf->{whatToTrace} };
Yadd's avatar
Yadd committed
161
        %templateParams = (
162
            MAIN_LOGO       => $self->conf->{portalMainLogo},
163
            LANGS           => $self->conf->{showLanguages},
Yadd's avatar
Yadd committed
164
165
166
            AUTH_ERROR      => $self->error,
            AUTH_ERROR_TYPE => $req->error_type,
            PROVIDERURI     => $p,
Yadd's avatar
Yadd committed
167
            MSG             => $req->info(),
Clément OUDOT's avatar
Clément OUDOT committed
168
169
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
170
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Yadd's avatar
Yadd committed
171
172
                : ()
            ),
Yadd's avatar
Yadd committed
173
        );
Yadd's avatar
Yadd committed
174
        $templateParams{ID} = $req->data->{_openidPortal} . $id if ($id);
Yadd's avatar
Yadd committed
175
176
    }

Yadd's avatar
Yadd committed
177
178
179
180
181
182
183
184
    # 2. Good authentication

    # 2.1 Redirection
    elsif ( $req->{error} == PE_REDIRECT ) {
        $skinfile       = "redirect";
        %templateParams = (
            URL           => $req->{urldc},
            HIDDEN_INPUTS => $self->buildHiddenForm($req),
Yadd's avatar
Yadd committed
185
            FORM_METHOD   => $req->data->{redirectFormMethod} || 'get',
Clément OUDOT's avatar
Clément OUDOT committed
186
187
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
188
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Yadd's avatar
Yadd committed
189
190
                : ()
            ),
Yadd's avatar
Yadd committed
191
192
193
        );
    }

194
    # 2.2 Case : display menu (with error or not)
195
    elsif ( $req->error == PE_OK ) {
Yadd's avatar
Yadd committed
196
197
198
199
        $skinfile = 'menu';

        #utf8::decode($auth_user);
        %templateParams = (
200
            MAIN_LOGO => $self->conf->{portalMainLogo},
201
            LANGS     => $self->conf->{showLanguages},
Clément OUDOT's avatar
Clément OUDOT committed
202
203
            AUTH_USER => $req->{sessionInfo}->{ $self->conf->{portalUserAttr} },
            NEWWINDOW => $self->conf->{portalOpenLinkInNewWindow},
204
            LOGOUT_URL          => $self->conf->{portal} . "?logout=1",
205
            APPSLIST_ORDER      => $req->{sessionInfo}->{'_appsListOrder'},
206
207
208
            PING                => $self->conf->{portalPingInterval},
            REQUIRE_OLDPASSWORD => $self->conf->{portalRequireOldPassword},
            HIDE_OLDPASSWORD    => 0,
Yadd's avatar
Yadd committed
209
            $self->menu->params($req),
Clément OUDOT's avatar
Clément OUDOT committed
210
211
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
212
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Yadd's avatar
Yadd committed
213
214
                : ()
            ),
Yadd's avatar
Yadd committed
215
216
217
        );
    }

Yadd's avatar
Yadd committed
218
    elsif ( $req->error == PE_RENEWSESSION ) {
219
        $skinfile       = 'upgradesession';
Yadd's avatar
Yadd committed
220
        %templateParams = (
221
            MAIN_LOGO  => $self->conf->{portalMainLogo},
222
            LANGS      => $self->conf->{showLanguages},
Yadd's avatar
Yadd committed
223
224
225
            MSG        => 'askToRenew',
            CONFIRMKEY => $self->stamp,
            PORTAL     => $self->conf->{portal},
Yadd's avatar
Yadd committed
226
            URL        => $req->data->{_url},
Clément OUDOT's avatar
Clément OUDOT committed
227
228
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
229
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Yadd's avatar
Yadd committed
230
231
                : ()
            ),
Yadd's avatar
Yadd committed
232
233
234
        );
    }

235
236
237
    elsif ( $req->error == PE_MUSTAUTHN ) {
        $skinfile       = 'updatesession';
        %templateParams = (
238
            MAIN_LOGO  => $self->conf->{portalMainLogo},
239
            LANGS      => $self->conf->{showLanguages},
240
241
242
243
            MSG        => 'PE87',
            CONFIRMKEY => $self->stamp,
            PORTAL     => $self->conf->{portal},
            URL        => $req->data->{_url},
Clément OUDOT's avatar
Clément OUDOT committed
244
245
            (
                $req->data->{customScript}
246
247
248
249
250
251
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
                : ()
            ),
        );
    }

252
    # 2.3 Case : user authenticated but an error was returned (bad url,...)
Yadd's avatar
Yadd committed
253
254
    elsif (
        $req->noLoginDisplay
Yadd's avatar
Yadd committed
255
        or (    not $req->data->{noerror}
Yadd's avatar
Yadd committed
256
257
            and $req->userData
            and %{ $req->userData } )
Clément OUDOT's avatar
Clément OUDOT committed
258
      )
259
    {
260
261
        $skinfile       = 'error';
        %templateParams = (
262
            MAIN_LOGO       => $self->conf->{portalMainLogo},
263
            LANGS           => $self->conf->{showLanguages},
264
265
            AUTH_ERROR      => $req->error,
            AUTH_ERROR_TYPE => $req->error_type,
Clément OUDOT's avatar
Clément OUDOT committed
266
267
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
268
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Yadd's avatar
Yadd committed
269
270
                : ()
            ),
271
272
273
        );
    }

274
    # 3 Authentication has been refused OR first access
Yadd's avatar
Yadd committed
275
    else {
Yadd's avatar
Yadd committed
276
277
278
        $skinfile = 'login';
        my $login = $self->userId($req);
        $login = '' if ( $login eq 'anonymous' );
Yadd's avatar
Yadd committed
279
        %templateParams = (
Clément OUDOT's avatar
Clément OUDOT committed
280
            MAIN_LOGO             => $self->conf->{portalMainLogo},
281
            LANGS                 => $self->conf->{showLanguages},
Clément OUDOT's avatar
Clément OUDOT committed
282
283
284
285
286
287
288
289
            AUTH_ERROR            => $req->error,
            AUTH_ERROR_TYPE       => $req->error_type,
            AUTH_URL              => $req->{data}->{_url},
            LOGIN                 => $login,
            CHECK_LOGINS          => $self->conf->{portalCheckLogins},
            ASK_LOGINS            => $req->param('checkLogins') || 0,
            DISPLAY_RESETPASSWORD => $self->conf->{portalDisplayResetPassword},
            DISPLAY_REGISTER      => $self->conf->{portalDisplayRegister},
290
            MAIL_URL              => $self->conf->{mailUrl},
Clément OUDOT's avatar
Clément OUDOT committed
291
292
293
294
295
            REGISTER_URL          => $self->conf->{registerUrl},
            HIDDEN_INPUTS         => $self->buildHiddenForm($req),
            STAYCONNECTED         => $self->conf->{stayConnected},
            (
                $req->data->{customScript}
Yadd's avatar
Yadd committed
296
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
Yadd's avatar
Yadd committed
297
298
                : ()
            ),
Yadd's avatar
Yadd committed
299
300
301
        );

        # Display captcha if it's enabled
Yadd's avatar
Yadd committed
302
        if ( $req->captcha ) {
Yadd's avatar
Yadd committed
303
304
            %templateParams = (
                %templateParams,
Yadd's avatar
Yadd committed
305
                CAPTCHA_SRC  => $req->captcha,
Yadd's avatar
Yadd committed
306
                CAPTCHA_SIZE => $self->{conf}->{captcha_size} || 6
Yadd's avatar
Yadd committed
307
308
309
            );
        }
        if ( $req->token ) {
Yadd's avatar
Yadd committed
310
            %templateParams = ( %templateParams, TOKEN => $req->token, );
Yadd's avatar
Yadd committed
311
312
313
314
315
316
317
318
319
320
321
322
323
324
        }

        # Show password form if password policy error
        if (

               $req->{error} == PE_PP_CHANGE_AFTER_RESET
            or $req->{error} == PE_PP_MUST_SUPPLY_OLD_PASSWORD
            or $req->{error} == PE_PP_INSUFFICIENT_PASSWORD_QUALITY
            or $req->{error} == PE_PP_PASSWORD_TOO_SHORT
            or $req->{error} == PE_PP_PASSWORD_TOO_YOUNG
            or $req->{error} == PE_PP_PASSWORD_IN_HISTORY
            or $req->{error} == PE_PASSWORD_MISMATCH
            or $req->{error} == PE_BADOLDPASSWORD
            or $req->{error} == PE_PASSWORDFORMEMPTY
325
326
            or (    $req->{error} == PE_PP_PASSWORD_EXPIRED
                and $self->conf->{ldapAllowResetExpiredPassword} )
Clément OUDOT's avatar
Clément OUDOT committed
327
          )
Yadd's avatar
Yadd committed
328
329
330
331
        {
            %templateParams = (
                %templateParams,
                REQUIRE_OLDPASSWORD =>
Clément OUDOT's avatar
Clément OUDOT committed
332
                  1,    # Old password is required to check user credentials
Yadd's avatar
Yadd committed
333
334
335
336
337
338
339
                DISPLAY_FORM          => 0,
                DISPLAY_OPENID_FORM   => 0,
                DISPLAY_YUBIKEY_FORM  => 0,
                DISPLAY_PASSWORD      => 1,
                DISPLAY_RESETPASSWORD => 0,
                AUTH_LOOP             => [],
                CHOICE_PARAM          => $self->conf->{authChoiceParam},
Yadd's avatar
Yadd committed
340
                CHOICE_VALUE          => $req->data->{_authChoice},
341
                OLDPASSWORD           => $self->checkXSSAttack( 'oldpassword',
Yadd's avatar
Yadd committed
342
                    $req->data->{oldpassword} )
Yadd's avatar
Yadd committed
343
                ? ""
Yadd's avatar
Yadd committed
344
                : $req->data->{oldpassword},
Yadd's avatar
Yadd committed
345
346
347
348
349
350
351
352
                HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
            );
        }

        # Disable all forms on:
        # * Logout message
        # * Bad URL error
        elsif ($req->{error} == PE_LOGOUT_OK
353
            or $req->{error} == PE_WAIT
Yadd's avatar
Yadd committed
354
355
356
357
358
359
360
361
362
363
364
365
366
367
            or $req->{error} == PE_BADURL )
        {
            %templateParams = (
                %templateParams,
                DISPLAY_RESETPASSWORD => 0,
                DISPLAY_FORM          => 0,
                DISPLAY_OPENID_FORM   => 0,
                DISPLAY_YUBIKEY_FORM  => 0,
                AUTH_LOOP             => [],
                MSG                   => $req->info(),
            );

        }

Yadd's avatar
Yadd committed
368
        # Display authentication form
Yadd's avatar
Yadd committed
369
370
371
        else {

            # Authentication loop
Yadd's avatar
Yadd committed
372
            if ( $self->conf->{authentication} eq 'Choice'
Yadd's avatar
Yadd committed
373
374
                and my $authLoop = $self->_buildAuthLoop($req) )
            {
Yadd's avatar
Yadd committed
375
376
                %templateParams = (
                    %templateParams,
Yadd's avatar
Yadd committed
377
                    AUTH_LOOP            => $authLoop,
Yadd's avatar
Yadd committed
378
                    CHOICE_PARAM         => $self->conf->{authChoiceParam},
Yadd's avatar
Yadd committed
379
                    CHOICE_VALUE         => $req->data->{_authChoice},
Yadd's avatar
Yadd committed
380
381
382
383
384
385
386
387
388
                    DISPLAY_FORM         => 0,
                    DISPLAY_OPENID_FORM  => 0,
                    DISPLAY_YUBIKEY_FORM => 0,
                );
            }

            # Choose what form to display if not in a loop
            else {

Clément OUDOT's avatar
Clément OUDOT committed
389
390
                my $displayType =
                  eval { $self->_authentication->getDisplayType($req) };
Yadd's avatar
Yadd committed
391

Yadd's avatar
Yadd committed
392
                $self->logger->debug("Display type $displayType ");
Yadd's avatar
Yadd committed
393
394
395

                %templateParams = (
                    %templateParams,
396
397
                    DISPLAY_FORM => $displayType =~ /\bstandardform\b/ ? 1
                    : 0,
Clément OUDOT's avatar
Clément OUDOT committed
398
                    DISPLAY_OPENID_FORM => $displayType =~ /\bopenidform\b/ ? 1
399
400
401
                    : 0,
                    DISPLAY_YUBIKEY_FORM => $displayType =~ /\byubikeyform\b/
                    ? 1
Yadd's avatar
Yadd committed
402
                    : 0,
Yadd's avatar
Yadd committed
403
                    DISPLAY_SSL_FORM  => $displayType =~ /sslform/ ? 1 : 0,
Yadd's avatar
Yadd committed
404
                    DISPLAY_GPG_FORM  => $displayType =~ /gpgform/ ? 1 : 0,
Yadd's avatar
Yadd committed
405
406
                    DISPLAY_LOGO_FORM => $displayType eq "logo"    ? 1 : 0,
                    module            => $displayType eq "logo"
Yadd's avatar
Yadd committed
407
                    ? $self->getModule( $req, 'auth' )
Yadd's avatar
Yadd committed
408
                    : "",
Clément OUDOT's avatar
Clément OUDOT committed
409
410
411
                    AUTH_LOOP => [],
                    PORTAL_URL =>
                      ( $displayType eq "logo" ? $self->conf->{portal} : 0 ),
Yadd's avatar
Yadd committed
412
413
414
415
416
417
418
419
420
                    MSG => $req->info(),
                );

            }

        }

    }

Yadd's avatar
Yadd committed
421
    $self->logger->debug("Skin returned: $skinfile");
Yadd's avatar
Yadd committed
422
    return ( $skinfile, \%templateParams );
Yadd's avatar
Yadd committed
423
424
425
426
427
428
429
430
}

##@method public void printImage(string file, string type)
# Print image to STDOUT
# @param $file The path to the file to print
# @param $type The content-type to use (ie: image/png)
# @return void
sub staticFile {
Yadd's avatar
Yadd committed
431
    my ( $self, $req, $file, $type ) = @_;
Yadd's avatar
Yadd committed
432
433
434
    require Plack::Util;
    require Cwd;
    require HTTP::Date;
Clément OUDOT's avatar
Clément OUDOT committed
435
436
    open my $fh, '<:raw', $self->conf->{templatesDir} . "/$file"
      or return $self->sendError( $req,
Yadd's avatar
Yadd committed
437
        $self->conf->{templatesDir} . "/$file: $!", 403 );
Yadd's avatar
Yadd committed
438
439
440
441
    my @stat = stat $file;
    Plack::Util::set_io_path( $fh, Cwd::realpath($file) );
    return [
        200,
Clément OUDOT's avatar
Clément OUDOT committed
442
443
        [
            'Content-Type'   => $type,
Yadd's avatar
Yadd committed
444
445
446
447
448
449
450
451
            'Content-Length' => $stat[7],
            'Last-Modified'  => HTTP::Date::time2str( $stat[9] )
        ],
        $fh,
    ];
}

sub buildHiddenForm {
Yadd's avatar
Yadd committed
452
453
454
    my ( $self, $req ) = @_;
    my @keys = keys %{ $req->{portalHiddenFormValues} };
    my $val  = '';
Yadd's avatar
Yadd committed
455
456
457
458
459

    foreach (@keys) {

        # Check XSS attacks
        next
Clément OUDOT's avatar
Clément OUDOT committed
460
          if $self->checkXSSAttack( $_, $req->{portalHiddenFormValues}->{$_} );
Yadd's avatar
Yadd committed
461
462
463

        # Build hidden input HTML code
        $val .= qq{<input type="hidden" name="$_" id="$_" value="}
Clément OUDOT's avatar
Clément OUDOT committed
464
          . $req->{portalHiddenFormValues}->{$_} . '" />';
Yadd's avatar
Yadd committed
465
466
467
468
469
470
471
    }

    return $val;
}

# Return skin name
# @return skin name
Yadd's avatar
Yadd committed
472
# TODO: create property for skinRule
Yadd's avatar
Yadd committed
473
474
475
476
477
478
479
sub getSkin {
    my ( $self, $req ) = @_;

    my $skin = $self->conf->{portalSkin};

    # Fill sessionInfo to eval rule if empty (unauthenticated user)
    $req->{sessionInfo}->{_url}   ||= $req->{urldc};
Yadd's avatar
Yadd committed
480
    $req->{sessionInfo}->{ipAddr} ||= $req->address;
Yadd's avatar
Yadd committed
481
482

    # Load specific skin from skinRules
Yadd's avatar
Yadd committed
483
    foreach my $rule ( @{ $self->{skinRules} } ) {
484
        if ( $rule->[1]->( $req, $req->sessionInfo ) ) {
Yadd's avatar
Yadd committed
485
486
487
488
489
            if ( -d $self->conf->{templateDir} . '/' . $rule->[0] ) {
                $skin = $rule->[0];
                $self->logger->debug("Skin $skin selected from skin rule");
                last;
            }
Yadd's avatar
Yadd committed
490
491
492
493
494
        }
    }

    # Check skin GET/POST parameter
    my $skinParam = $req->param('skin');
Yadd's avatar
Yadd committed
495
    if ( defined $skinParam ) {
Yadd's avatar
Yadd committed
496
        if ( $skinParam =~ /^[\w\-]+$/ ) {
Yadd's avatar
Yadd committed
497
498
499
500
501
502
503
504
505
            if ( -d $self->conf->{templateDir} . '/' . $skinParam ) {
                $skin = $skinParam;
                $self->logger->debug(
                    "Skin $skin selected from GET/POST parameter");
            }
            else {
                $self->userLogger->error(
                    "User tries to access to unexistent skin dir $skinParam");
            }
Yadd's avatar
Yadd committed
506
507
        }
        else {
Yadd's avatar
Yadd committed
508
            $self->userLogger->error("Strange skin parameter: $skinParam");
Yadd's avatar
Yadd committed
509
        }
Yadd's avatar
Yadd committed
510
511
512
513
514
    }

    return $skin;
}

Yadd's avatar
Yadd committed
515
# Build an HTML array to display sessions
Yadd's avatar
Yadd committed
516
# @param $sessions Array ref of hash ref containing sessions data
Yadd's avatar
Yadd committed
517
518
519
520
521
522
523
524
525
# @param $title Title of the array
# @param $displayUser To display "User" column
# @param $displaError To display "Error" column
# @return HTML string
sub mkSessionArray {
    my ( $self, $sessions, $title, $displayUser, $displayError ) = @_;

    return "" unless ( ref $sessions eq "ARRAY" and @$sessions );

526
527
528
529
530
531
532
533
534
    my @fields = sort keys %{ $self->conf->{sessionDataToRemember} };
    return $self->loadTemplate(
        'sessionArray',
        params => {
            title        => $title,
            displayUser  => $displayUser,
            displayError => $displayError,
            fields       => [
                map { { name => $self->conf->{sessionDataToRemember}->{$_} } }
Clément OUDOT's avatar
Clément OUDOT committed
535
                  @fields
536
537
538
539
            ],
            sessions => [
                map {
                    my $session = $_;
Clément OUDOT's avatar
Clément OUDOT committed
540
541
                    {
                        user   => $session->{user},
542
543
544
545
                        utime  => $session->{_utime},
                        ip     => $session->{ipAddr},
                        values => [ map { { v => $session->{$_} } } @fields ],
                        error  => $session->{error},
546
                        displayError => $displayError,
547
548
549
550
551
                    }
                } @$sessions
            ],
        }
    );
Yadd's avatar
Yadd committed
552
553
}

Yadd's avatar
Yadd committed
554
555
sub mkOidcConsent {
    my ( $self, $session ) = @_;
556

557
558
559
    if ( defined( $self->conf->{oidcRPMetaDataOptions} )
        and ref( $self->conf->{oidcRPMetaDataOptions} ) )
    {
560

561
        # Set default RP displayname
562
        foreach my $oidc ( keys %{ $self->conf->{oidcRPMetaDataOptions} } ) {
563
            $self->conf->{oidcRPMetaDataOptions}->{$oidc}
Clément OUDOT's avatar
Clément OUDOT committed
564
              ->{oidcRPMetaDataOptionsDisplayName} ||= $oidc;
565
566
567
        }
    }

568
    # Loading existing oidcConsents
569
570
    $self->logger->debug("Searching OIDC Consents...");
    my $_oidcConsents;
571
    if ( exists $session->{_oidcConsents} ) {
572
        $_oidcConsents = eval {
573
574
575
576
577
            from_json( $session->{_oidcConsents}, { allow_nonref => 1 } );
        };
        if ($@) {
            $self->logger->error("Corrupted session (_oidcConsents): $@");
            return PE_ERROR;
578
579
        }
    }
580
581
582
583
    else {
        $self->logger->debug("No OIDC Consent found");
    }
    my $consents = {};
584
    foreach (@$_oidcConsents) {
585
586
587
588
589
        if ( defined $_->{rp} ) {
            my $rp = $_->{rp};
            $self->logger->debug("RP { $rp } Consent found");
            $consents->{$rp}->{epoch} = $_->{epoch};
            $consents->{$rp}->{scope} = $_->{scope};
Clément OUDOT's avatar
Clément OUDOT committed
590
591
592
            $consents->{$rp}->{displayName} =
              $self->conf->{oidcRPMetaDataOptions}->{$rp}
              ->{oidcRPMetaDataOptionsDisplayName};
593
        }
594
595
    }

596
    # Display existing oidcConsents
597
598
599
600
    return $self->loadTemplate(
        'oidcConsents',
        params => {
            partners => [
601
                map {
Clément OUDOT's avatar
Clément OUDOT committed
602
603
                    {
                        name        => $_,
604
                        epoch       => $consents->{$_}->{epoch},
605
606
607
608
                        scope       => $consents->{$_}->{scope},
                        displayName => $consents->{$_}->{displayName}
                    }
                } ( sort keys %$consents )
609
            ],
610
            consents => join( ",", keys %$consents ),
611
612
        }
    );
Yadd's avatar
Yadd committed
613
614
}

Yadd's avatar
Yadd committed
615
1;