Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Xavier Bachelot
lemonldap-ng
Commits
ddc16155
Commit
ddc16155
authored
Apr 06, 2017
by
Yadd
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Kerberos-by-Ajax skeleton (#707)
TODO: write javascript
parent
98948533
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
109 additions
and
15 deletions
+109
-15
lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm
lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm
+7
-7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
+57
-8
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+45
-0
No files found.
lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm
View file @
ddc16155
...
...
@@ -128,13 +128,6 @@ sub sendError {
$err
||=
$req
->
error
;
$code
||=
500
;
$self
->
lmLog
(
"
Error
$code
:
$err
",
$code
>
499
?
'
error
'
:
'
notice
'
);
my
$title
=
(
$code
>=
500
?
'
Server error
'
:
$code
==
403
?
'
Forbidden
'
:
$code
==
401
?
'
Authentication required
'
:
$code
==
400
?
'
Bad request
'
:
'
Error
'
);
# SOAP responses
if
(
$req
->
env
->
{
HTTP_SOAPACTION
}
)
{
...
...
@@ -166,6 +159,13 @@ sub sendError {
# Default response: HTML
else
{
my
$title
=
(
$code
>=
500
?
'
Server error
'
:
$code
==
403
?
'
Forbidden
'
:
$code
==
401
?
'
Authentication required
'
:
$code
==
400
?
'
Bad request
'
:
'
Error
'
);
my
$s
=
"
<html><head><title>
$title
</title>
<style>
body{background:#000;color:#fff;padding:10px 50px;font-family:sans-serif;}a{text-decoration:none;color:#fff;}h1{text-align:center;}
...
...
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
View file @
ddc16155
...
...
@@ -7,6 +7,7 @@ use MIME::Base64;
use
Lemonldap::NG::Portal::Main::
Constants
qw(
PE_BADCREDENTIALS
PE_ERROR
PE_FIRSTACCESS
PE_OK
PE_SENDRESPONSE
)
;
...
...
@@ -32,19 +33,67 @@ sub extractFormInfo {
my
(
$self
,
$req
)
=
@_
;
my
$auth
=
$req
->
env
->
{
HTTP_AUTHORIZATION
};
unless
(
$auth
)
{
$req
->
response
(
[
401
,
[
'
WWW-Authenticate
'
=>
'
Negotiate
'
],
['
Authentication required
']
]
);
return
PE_SENDRESPONSE
;
# Case 1: simple usage or first Kerberos Ajax request
# => return 401 to initiate Kerberos
if
(
!
$self
->
{
conf
}
->
{
krbByJs
}
or
$req
->
param
('
krb
')
)
{
# Case 1.1: Ajax request
if
(
$req
->
wantJSON
)
{
$req
->
response
(
[
401
,
[
'
WWW-Authenticate
'
=>
'
Negotiate
',
'
Content-Type
'
=>
'
application/json
',
'
Content-Length
'
=>
35
],
['
{"error":"Authentication required"}
']
]
);
}
# Case 1.2: HTML request: error is customized
else
{
$req
->
error
(
PE_BADCREDENTIALS
);
push
@
{
$req
->
respHeaders
},
'
WWW-Authenticate
'
=>
'
Negotiate
';
my
(
$tpl
,
$prms
)
=
$self
->
p
->
display
(
$req
);
$req
->
response
(
$self
->
p
->
sendHtml
(
$req
,
$tpl
,
params
=>
$prms
,
code
=>
401
)
);
}
return
PE_SENDRESPONSE
;
}
# Case 2: Ajax Kerberos request has failed, and javascript has reloaded
# page with "kerberos=0". Return an error to be able to switch to
# another backend (Combination)
# switch to another backend
elsif
(
defined
$req
->
param
('
krb
')
)
{
return
PE_BADCREDENTIALS
;
}
# Case 3: Display kerberos auth page (with javascript)
else
{
$req
->
datas
->
{
customScript
}
.=
'
<script type="text/javascript" src="
'
.
$self
->
p
->
staticPrefix
.
'
common/js/kerberos.js"></script>
';
return
PE_FIRSTACCESS
;
}
}
# Case 4: an "Authorization header" has been sent
if
(
$auth
!~
/^Negotiate (.*)$/
)
{
$self
->
userLogger
->
error
('
Bad authorization header
');
return
PE_BADCREDENTIALS
;
}
# Case 5: Kerberos ticket received
my
$data
;
eval
{
$data
=
MIME::Base64::
decode
(
$
1
)
};
if
(
$@
)
{
...
...
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
View file @
ddc16155
...
...
@@ -50,6 +50,11 @@ sub display {
AUTH_URL
=>
$req
->
{
datas
}
->
{
_url
},
CHOICE_PARAM
=>
$self
->
conf
->
{
authChoiceParam
},
CHOICE_VALUE
=>
$req
->
datas
->
{
_authChoice
},
(
$req
->
datas
->
{
customScript
}
?
(
CUSTOM_SCRIPT
=>
$req
->
datas
->
{
customScript
}
)
:
()
),
);
}
...
...
@@ -74,6 +79,11 @@ sub display {
CONFIRMKEY
=>
$self
->
stamp
(),
LIST
=>
$req
->
datas
->
{
list
}
||
[]
,
REMEMBER
=>
$req
->
datas
->
{
confirmRemember
},
(
$req
->
datas
->
{
customScript
}
?
(
CUSTOM_SCRIPT
=>
$req
->
datas
->
{
customScript
}
)
:
()
),
);
}
...
...
@@ -91,6 +101,11 @@ sub display {
FORM_METHOD
=>
$self
->
conf
->
{
infoFormMethod
},
CHOICE_PARAM
=>
$self
->
conf
->
{
authChoiceParam
},
CHOICE_VALUE
=>
$req
->
datas
->
{
_authChoice
},
(
$req
->
datas
->
{
customScript
}
?
(
CUSTOM_SCRIPT
=>
$req
->
datas
->
{
customScript
}
)
:
()
),
);
}
...
...
@@ -108,6 +123,11 @@ sub display {
AUTH_ERROR_TYPE
=>
$req
->
error_type
,
PROVIDERURI
=>
$p
,
MSG
=>
$req
->
info
(),
(
$req
->
datas
->
{
customScript
}
?
(
CUSTOM_SCRIPT
=>
$req
->
datas
->
{
customScript
}
)
:
()
),
);
$templateParams
{
ID
}
=
$req
->
datas
->
{
_openidPortal
}
.
$id
if
(
$id
);
}
...
...
@@ -121,6 +141,11 @@ sub display {
URL
=>
$req
->
{
urldc
},
HIDDEN_INPUTS
=>
$self
->
buildHiddenForm
(
$req
),
FORM_METHOD
=>
$req
->
datas
->
{
redirectFormMethod
}
||
'
get
',
(
$req
->
datas
->
{
customScript
}
?
(
CUSTOM_SCRIPT
=>
$req
->
datas
->
{
customScript
}
)
:
()
),
);
}
...
...
@@ -136,6 +161,11 @@ sub display {
APPSLIST_ORDER
=>
$req
->
{
sessionInfo
}
->
{'
appsListOrder
'},
PING
=>
$self
->
conf
->
{
portalPingInterval
},
$self
->
menu
->
params
(
$req
),
(
$req
->
datas
->
{
customScript
}
?
(
CUSTOM_SCRIPT
=>
$req
->
datas
->
{
customScript
}
)
:
()
),
);
}
...
...
@@ -146,6 +176,11 @@ sub display {
CONFIRMKEY
=>
$self
->
stamp
,
PORTAL
=>
$self
->
conf
->
{
portal
},
URL
=>
$req
->
datas
->
{
_url
},
(
$req
->
datas
->
{
customScript
}
?
(
CUSTOM_SCRIPT
=>
$req
->
datas
->
{
customScript
}
)
:
()
),
);
}
...
...
@@ -158,6 +193,11 @@ sub display {
%templateParams
=
(
AUTH_ERROR
=>
$req
->
error
,
AUTH_ERROR_TYPE
=>
$req
->
error_type
,
(
$req
->
datas
->
{
customScript
}
?
(
CUSTOM_SCRIPT
=>
$req
->
datas
->
{
customScript
}
)
:
()
),
);
}
...
...
@@ -179,6 +219,11 @@ sub display {
REGISTER_URL
=>
$self
->
conf
->
{
registerUrl
},
HIDDEN_INPUTS
=>
$self
->
buildHiddenForm
(
$req
),
STAYCONNECTED
=>
$self
->
conf
->
{
stayConnected
},
(
$req
->
datas
->
{
customScript
}
?
(
CUSTOM_SCRIPT
=>
$req
->
datas
->
{
customScript
}
)
:
()
),
);
# Display captcha if it's enabled
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment