CheckState plugin (fixes: #1400)

e40d8ccc · Xavier Guimard · 86283952 · e40d8ccc · e40d8ccc · e40d8ccc
Commit e40d8ccc authored May 15, 2018 by Xavier Guimard
14 changed files
--- a/fastcgi-server/man/llng-fastcgi-server.1p
+++ b/fastcgi-server/man/llng-fastcgi-server.1p
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "llng-fastcgi-server 1"
-.TH llng-fastcgi-server 1 "2018-03-22" "perl v5.26.1" "User Contributed Perl Documentation"
+.TH llng-fastcgi-server 1 "2018-05-13" "perl v5.26.2" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@@ -753,6 +753,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
        'cfgVersion' => {
            'type' => 'text'
        },
+        'checkState' => {
+            'type' => 'bool'
+        },
+        'checkStateSecret' => {
+            'type' => 'text'
+        },
        'checkXSS' => {
            'default' => 1,
            'type'    => 'bool'

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -368,6 +368,14 @@ sub attributes {
            type          => 'bool',
            documentation => 'Enable StayConnected plugin',
        },
+        checkState => {
+            type => 'bool',
+            documentation => 'Enable CheckState plugin',
+        },
+        checkStateSecret => {
+            type => 'text',
+            documentation => 'Secret token for CheckState plugin',
+        },

        # Loggers (ini only)
        logLevel => {

--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@@ -635,6 +635,11 @@ sub tree {
                            help  => 'autoSignin.html',
                            nodes => ['autoSigninRules'],
                        },
+                        {
+                            title => 'stateCheck',
+                            help  => 'checkstate.html',
+                            nodes => [ 'checkState', 'checkStateSecret', ],
+                        },
                    ]
                },
                {

--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@@ -146,6 +146,8 @@
 "cfgVersion":"عملية ضبط الإصدارات",
 "checkXSS":"تحقق من هجمات XSS",
 "clickHereToForce":"انقر هنا لإجبار",
+"checkState":"Activation",
+"checkStateSecret":"Shared secret",
 "choiceParams":"اختيارالإعدادات",
 "chooseLogo":"اختيار الشعار",
 "chooseSkin":"اختيار الغلاف",
@@ -704,6 +706,7 @@
 "SSLVar":"حقل الشهادة الرقمية المستخرجة",
 "SSLVarIf":"حقل الشهادة الرقمية المستخرجة الشرطية",
 "ssoSessions":"جلسات السسو",
+"stateCheck":"State Check",
 "stayConnected":"الاتصالات المستمرة",
 "successfullySaved":"تم الحفظ بنجاح",
 "storePassword":"تخزين كلمة مرور المستخدم في بيانات الجلسة",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@@ -146,6 +146,8 @@
 "cfgVersion":"Configuration version",
 "checkXSS":"Check XSS attacks",
 "clickHereToForce":"Click here to force",
+"checkState":"Activation",
+"checkStateSecret":"Shared secret",
 "choiceParams":"Choice parameters",
 "chooseLogo":"Choose logo",
 "chooseSkin":"Choose skin",
@@ -704,6 +706,7 @@
 "SSLVar":"Extracted certificate field",
 "SSLVarIf":"Conditional extracted certificate field",
 "ssoSessions":"SSO sessions",
+"stateCheck":"State Check",
 "stayConnected":"Persistent connections",
 "successfullySaved":"Successfully saved",
 "storePassword":"Store user password in session datas",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@@ -146,6 +146,8 @@
 "cfgVersion":"Version de la configuration",
 "checkXSS":"Contrôler les attaques XSS",
 "clickHereToForce":"Cliquer ici pour forcer",
+"checkState":"Activation",
+"checkStateSecret":"Secret partagé",
 "choiceParams":"Paramètres des choix",
 "chooseLogo":"Choisir le logo",
 "chooseSkin":"Choisir le thème",
@@ -704,6 +706,7 @@
 "SSLVar":"Champ extrait du certificat",
 "SSLVarIf":"Champ conditionnel extrait du certificat",
 "ssoSessions":"Sessions SSO",
+"stateCheck":"Vérification de l'état",
 "stayConnected":"Connexions persistantes",
 "successfullySaved":"Sauvegarde effectuée",
 "storePassword":"Stocke le mot de passe de l'utilisateur en session",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@@ -146,6 +146,8 @@
 "cfgVersion":"Versione configurazione",
 "checkXSS":"Verifica attacchi XSS",
 "clickHereToForce":"Clicca qui per forzare",
+"checkState":"Activation",
+"checkStateSecret":"Shared secret",
 "choiceParams":"Scelta parametri",
 "chooseLogo":"Scegli logo",
 "chooseSkin":"Scegli interfaccia",
@@ -704,6 +706,7 @@
 "SSLVar":"Campo certificato estratto",
 "SSLVarIf":"Campo di certificato estratto condizionale",
 "ssoSessions":"Sessioni SSO",
+"stateCheck":"State Check",
 "stayConnected":"Connessioni persistenti",
 "successfullySaved":"Salvato con successo",
 "storePassword":"Memorizzare la password dell'utente nei dati di sessione",

--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@@ -146,6 +146,8 @@
 "cfgVersion":"Phiên bản cấu hình",
 "checkXSS":"Kiểm tra tấn công XSS",
 "clickHereToForce":"Nhấp vào đây để bắt buộc",
+"checkState":"Activation",
+"checkStateSecret":"Shared secret",
 "choiceParams":"Các tham số lựa chọn",
 "chooseLogo":"Chọn logo",
 "chooseSkin":"Chọn giao diện",
@@ -659,8 +661,8 @@
 "save":"Lưu",
 "saveReport":"Lưu báo cáo",
 "savingConfirmation":"Lưu xác nhận",
-"secondFactors":"Second factors",
 "search":"Search ...",
+"secondFactors":"Second factors",
 "securedCookie":"Cookie bảo mật (SSL)",
 "security":"An ninh",
 "serverError":"Lỗi máy chủ",
@@ -704,6 +706,7 @@
 "SSLVar":"Trích xuất trường chứng chỉ",
 "SSLVarIf":"Trích xuất trường chứng chỉ có điều kiện",
 "ssoSessions":"Phiên SSO",
+"stateCheck":"State Check",
 "stayConnected":"Duy trì kết nối",
 "successfullySaved":"Lưu thành công",
 "storePassword":"Lưu trữ mật khẩu người dùng trong các dữ liệu phiên",

--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@@ -94,6 +94,7 @@ lib/Lemonldap/NG/Portal/Password/Null.pm
 lib/Lemonldap/NG/Portal/Password/REST.pm
 lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm
 lib/Lemonldap/NG/Portal/Plugins/CDA.pm
+lib/Lemonldap/NG/Portal/Plugins/CheckState.pm
 lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm
 lib/Lemonldap/NG/Portal/Plugins/History.pm
 lib/Lemonldap/NG/Portal/Plugins/MailReset.pm

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm
@@ -22,6 +22,7 @@ our @pList = (
    grantSessionRule           => '::Plugins::GrantSession',
    upgradeSession             => '::Plugins::Upgrade',
    autoSigninRules            => '::Plugins::AutoSignin',
+    checkState                 => '::Plugins::CheckState',
 );

 ##@method list enabledPlugins

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckState.pm
+# Check state plugin
+#
+# test if portal is well loaded. If user/pasword parameters are set, it tests
+# also login process
+
+package Lemonldap::NG::Portal::Plugins::CheckState;
+
+use strict;
+use Mouse;
+
+our $VERSION = '2.0.0';
+
+extends 'Lemonldap::NG::Portal::Main::Plugin';
+
+# INITIALIZATION
+
+sub init {
+    my ($self) = @_;
+    unless ( $self->conf->{checkStateSecret} ) {
+        $self->logger->error(
+            'checkStateSecret is required for "check state" plugin');
+        return 0;
+    }
+    $self->addUnauthRoute( checkstate => 'check', ['GET'] );
+    return 1;
+}
+
+sub check {
+    my ( $self, $req ) = @_;
+    my @rep;
+    unless ($req->param('secret')
+        and $req->param('secret') eq $self->conf->{checkStateSecret} )
+    {
+        return $self->p->sendError( $req, 'Bad secret' );
+    }
+    $req->steps( [ 'controlUrl', @{ $self->p->beforeAuth } ] );
+    my $res = $self->p->process($req);
+    if ( $res > 0 ) {
+        push @rep, "Bad result before auth: $res";
+    }
+    if ( my $user = $req->param('user') and my $pwd = $req->param('password') )
+    {
+        # Note that "extractFormInfo" isn't launched due to "token"
+        $req->user($user);
+        $req->datas->{password} = $pwd;
+        $req->steps(
+            [
+                'getUser',                          'authenticate',
+                @{ $self->p->betweenAuthAndDatas }, $self->p->sessionDatas,
+                @{ $self->p->afterDatas }
+            ]
+        );
+        if ( $res = $self->p->process( $req, ) ) {
+            push @rep, "Bad result during auth: $res";
+        }
+        $self->p->deleteSession($req);
+    }
+    if (@rep) {
+        return $self->p->sendError( $req, join( ",\n", @rep ), 500 );
+    }
+    else {
+        return $self->p->sendJSONresponse( $req, { result => 1 } );
+    }
+}
+
+1;