Commit dca8b923 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

* Add setUserDBValue method for LDAP and DBI userDB

* Add samlUserDBIdentityKey
* IssuerDBSAML now try to store Lasso identity in UserDB
* References #123
parent 240c2b56
......@@ -894,11 +894,12 @@ sub struct {
# ADVANCED SAML PARAMETERS
samlAdvanced => {
_nodes => [
qw(samlIdPResolveCookie samlMetadataForceUTF8 samlStorage n:samlStorageOptions)
qw(samlIdPResolveCookie samlMetadataForceUTF8 samlUserDBIdentityKey samlStorage n:samlStorageOptions)
],
samlIdPResolveCookie => 'text:/samlIdPResolveCookie',
samlMetadataForceUTF8 => 'bool:/samlMetadataForceUTF8',
samlUserDBIdentityKey => 'text:/samlUserDBIdentityKey',
samlStorage => 'text:/samlStorage',
samlStorageOptions => {
_nodes => ['hash:/samlStorageOptions'],
......@@ -1273,6 +1274,7 @@ sub testStruct {
samlServicePublicKeyEnc => $testNotDefined,
samlIdPResolveCookie => $testNotDefined,
samlMetadataForceUTF8 => $boolean,
samlUserDBIdentityKey => $testNotDefined,
samlStorage => {
test => qr/^[\w:]*$/,
msgFail => 'Bad module name',
......
......@@ -328,6 +328,7 @@ sub en {
samlAdvanced => 'Advanced',
samlIdPResolveCookie => 'IDP resolution cookie name',
samlMetadataForceUTF8 => 'UTF8 metadata conversion',
samlUserDBIdentityKey => 'SAML identity storage key',
samlStorage => 'SAML sessions module name',
samlStorageOptions => 'SAML sessions module options',
};
......@@ -628,6 +629,7 @@ sub fr {
samlAdvanced => 'Avancé',
samlIdPResolveCookie => 'Nom du cookie de résolution IDP',
samlMetadataForceUTF8 => 'Conversion des métadonnées en UTF8',
samlUserDBIdentityKey => 'Clé de stockage de l\'identité SAML',
samlStorage => 'Nom du module des session SAML',
samlStorageOptions => 'Options du module des sessions SAML',
};
......
......@@ -1615,10 +1615,42 @@ sub issuerForAuthUser {
# Save Identity and Session
if ( $login->is_identity_dirty ) {
# Update session
$self->lmLog( "Save Lasso identity in session", 'debug' );
$self->updateSession(
{ _lassoIdentityDump => $login->get_identity->dump },
$session_id );
# Update UserDB
if ( $self->{samlUserDBIdentityKey} ) {
$self->lmLog( "Save Lasso identity in UserDB", 'debug' );
my $result;
eval {
$result = $self->setUserDBValue(
$self->{samlUserDBIdentityKey},
$login->get_identity->dump
);
};
if ($@) {
$self->lmLog(
"Error when storing identity dump in UserDB: $@",
'error' );
}
if ( !$result ) {
$self->lmLog(
"Unknown error when storing identity dump in UserDB",
'error'
);
}
}
else {
$self->lmLog(
"Lasso identity not saved in UserDB, please configure samlUserDBIdentityKey",
'info'
);
}
}
if ( $login->is_session_dirty ) {
......
......@@ -92,5 +92,49 @@ sub setSessionInfo {
sub setGroups {
PE_OK;
}
## @method boolean setUserDBValue(string key, string value)
# Store a value in UserDB
# @param key Key in user information
# @param value Value to store
# @return result
sub setUserDBValue {
my ( $self, $key, $value ) = splice @_;
# Mandatory attributes
return 0 unless defined $key;
# Write in database
$self->lmLog( "Replace $key attribute in database with value $value",
'debug' );
# Connect
my $dbh =
$self->dbh( $self->{dbiUserChain}, $self->{dbiUserUser},
$self->{dbiUserPassword} );
return 0 unless $dbh;
my $table = $self->{dbiUserTable};
my $pivot = $self->{userPivot};
my $user = $self->{user};
$user =~ s/'/''/g;
my $sth;
eval {
$sth =
$dbh->prepare("UPDATE $table SET $key = $value WHERE $pivot='$user'");
$sth->execute();
};
# Check result
if ($@) {
$self->lmLog( "DBI error: $@", 'error' );
return 0;
}
return 1;
}
1;
......@@ -152,5 +152,32 @@ sub setGroups {
PE_OK;
}
## @method boolean setUserDBValue(string key, string value)
# Store a value in UserDB
# @param key Key in user information
# @param value Value to store
# @return result
sub setUserDBValue {
my ( $self, $key, $value ) = splice @_;
# Mandatory attributes
return 0 unless defined $key;
# Write in LDAP
$self->lmLog( "Replace $key attribute in LDAP with value $value", 'debug' );
my $modification =
$self->{ldap}->modify( $self->{dn}, replace => { $key => $value } );
# Check result
if ( $modification->code ) {
$self->lmLog(
"LDAP error " . $modification->code . ": " . $modification->error,
'error' );
return 0;
}
return 1;
}
1;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment