Commit 231f54dd authored by Xavier Guimard's avatar Xavier Guimard

* New authentication and userDB module : 'Multi' to chain authentication modules.

* Compilation for ModPerl::Registry by default
parent 6bf83771
......@@ -91,16 +91,14 @@ LogLevel warn
## Best performance under ModPerl::Registry ##
##############################################
## Uncomment this to increase performance of Portal:
#<Perl>
# require Lemonldap::NG::Portal::SharedConf;
# Lemonldap::NG::Portal::SharedConf->compile(
# qw(delete header cache read_from_client cookie redirect unescapeHTML));
# # Uncomment this line if you use Lemonldap::NG menu
# require Lemonldap::NG::Portal::Menu;
# # Uncomment this line if you use Lemonldap::NG notifications mechanism
# require Lemonldap::NG::Portal::Notification;
# # Uncomment this line if you use portal SOAP capabilities
# require SOAP::Lite;
#</Perl>
# Uncomment this to increase performance of Portal:
<Perl>
require Lemonldap::NG::Portal::SharedConf;
Lemonldap::NG::Portal::SharedConf->compile(
qw(delete header cache read_from_client cookie redirect unescapeHTML));
# Uncomment this line if you use Lemonldap::NG menu
require Lemonldap::NG::Portal::Menu;
# Uncomment this line if you use portal SOAP capabilities
require SOAP::Lite;
</Perl>
......@@ -94,15 +94,13 @@ LogLevel warn
##############################################
## Uncomment this to increase performance of Portal:
#<Perl>
# require Lemonldap::NG::Portal::SharedConf;
# Lemonldap::NG::Portal::SharedConf->compile(
# qw(delete header cache read_from_client cookie redirect unescapeHTML));
# # Uncomment this line if you use Lemonldap::NG menu
# require Lemonldap::NG::Portal::Menu;
# # Uncomment this line if you use Lemonldap::NG notifications mechanism
# require Lemonldap::NG::Portal::Notification;
# # Uncomment this line if you use portal SOAP capabilities
# require SOAP::Lite;
#</Perl>
<Perl>
require Lemonldap::NG::Portal::SharedConf;
Lemonldap::NG::Portal::SharedConf->compile(
qw(delete header cache read_from_client cookie redirect unescapeHTML));
# Uncomment this line if you use Lemonldap::NG menu
require Lemonldap::NG::Portal::Menu;
# Uncomment this line if you use portal SOAP capabilities
require SOAP::Lite;
</Perl>
......@@ -25,16 +25,14 @@
## Best performance under ModPerl::Registry ##
##############################################
## Uncomment this to increase performance of Portal:
#<Perl>
# require Lemonldap::NG::Portal::SharedConf;
# Lemonldap::NG::Portal::SharedConf->compile(
# qw(delete header cache read_from_client cookie redirect unescapeHTML));
# # Uncomment this line if you use Lemonldap::NG menu
# require Lemonldap::NG::Portal::Menu;
# # Uncomment this line if you use Lemonldap::NG notifications mechanism
# require Lemonldap::NG::Portal::Notification;
# # Uncomment this line if you use portal SOAP capabilities
# require SOAP::Lite;
#</Perl>
# Uncomment this to increase performance of Portal:
<Perl>
require Lemonldap::NG::Portal::SharedConf;
Lemonldap::NG::Portal::SharedConf->compile(
qw(delete header cache read_from_client cookie redirect unescapeHTML));
# Uncomment this line if you use Lemonldap::NG menu
require Lemonldap::NG::Portal::Menu;
# Uncomment this line if you use portal SOAP capabilities
require SOAP::Lite;
</Perl>
......@@ -25,16 +25,14 @@
## Best performance under ModPerl::Registry ##
##############################################
## Uncomment this to increase performance of Portal:
#<Perl>
# require Lemonldap::NG::Portal::SharedConf;
# Lemonldap::NG::Portal::SharedConf->compile(
# qw(delete header cache read_from_client cookie redirect unescapeHTML));
# # Uncomment this line if you use Lemonldap::NG menu
# require Lemonldap::NG::Portal::Menu;
# # Uncomment this line if you use Lemonldap::NG notifications mechanism
# require Lemonldap::NG::Portal::Notification;
# # Uncomment this line if you use portal SOAP capabilities
# require SOAP::Lite;
#</Perl>
# Uncomment this to increase performance of Portal:
<Perl>
require Lemonldap::NG::Portal::SharedConf;
Lemonldap::NG::Portal::SharedConf->compile(
qw(delete header cache read_from_client cookie redirect unescapeHTML));
# Uncomment this line if you use Lemonldap::NG menu
require Lemonldap::NG::Portal::Menu;
# Uncomment this line if you use portal SOAP capabilities
require SOAP::Lite;
</Perl>
......@@ -81,6 +81,7 @@ example/slavePortal.pl
lib/Lemonldap/NG/Portal.pm
lib/Lemonldap/NG/Portal/_i18n.pm
lib/Lemonldap/NG/Portal/_LDAP.pm
lib/Lemonldap/NG/Portal/_Multi.pm
lib/Lemonldap/NG/Portal/_Remote.pm
lib/Lemonldap/NG/Portal/_SOAP.pm
lib/Lemonldap/NG/Portal/_WebForm.pm
......@@ -88,6 +89,7 @@ lib/Lemonldap/NG/Portal/AuthApache.pm
lib/Lemonldap/NG/Portal/AuthCAS.pm
lib/Lemonldap/NG/Portal/AuthLA.pm
lib/Lemonldap/NG/Portal/AuthLDAP.pm
lib/Lemonldap/NG/Portal/AuthMulti.pm
lib/Lemonldap/NG/Portal/AuthRemote.pm
lib/Lemonldap/NG/Portal/AuthSSL.pm
lib/Lemonldap/NG/Portal/CDA.pm
......@@ -99,6 +101,7 @@ lib/Lemonldap/NG/Portal/Notification/File.pm
lib/Lemonldap/NG/Portal/SharedConf.pm
lib/Lemonldap/NG/Portal/Simple.pm
lib/Lemonldap/NG/Portal/UserDBLDAP.pm
lib/Lemonldap/NG/Portal/UserDBMulti.pm
lib/Lemonldap/NG/Portal/UserDBRemote.pm
Makefile.PL
MANIFEST This list of files
......
package Lemonldap::NG::Portal::AuthMulti;
use Lemonldap::NG::Portal::_Multi;
sub authInit {
my $self = shift;
return $self->_multi->try('authInit',0);
}
sub extractFormInfo {
my $self = shift;
return $self->_multi->try('extractFormInfo',0);
}
sub setAuthSessionInfo {
my $self = shift;
return $self->_multi->try('setAuthSessionInfo',0);
}
sub authenticate {
my $self = shift;
return $self->_multi->try('authenticate',0);
}
1;
......@@ -69,6 +69,7 @@ use constant {
PE_PASSWORD_OK => 35,
PE_NOTIFICATION => 36,
PE_BADURL => 37,
PE_NOSCHEME => 38,
};
# EXPORTER PARAMETERS
......@@ -81,7 +82,8 @@ our @EXPORT =
PE_PP_MUST_SUPPLY_OLD_PASSWORD PE_PP_INSUFFICIENT_PASSWORD_QUALITY
PE_PP_PASSWORD_TOO_SHORT PE_PP_PASSWORD_TOO_YOUNG
PE_PP_PASSWORD_IN_HISTORY PE_PP_GRACE PE_PP_EXP_WARNING
PE_PASSWORD_MISMATCH PE_PASSWORD_OK PE_NOTIFICATION PE_BADURL );
PE_PASSWORD_MISMATCH PE_PASSWORD_OK PE_NOTIFICATION PE_BADURL
PE_NOSCHEME);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
......@@ -137,10 +139,12 @@ sub new {
# $self->{authentication} and $self->{userDB} can contains arguments
# (key1 = scalar_value; key2 = ...)
$tmp = $self->{$_};
$tmp =~ s/^\w+\s*//;
my %h = split( /\s*[=;]\s*/, $tmp ) if ($tmp);
%$self = ( %h, %$self );
unless ( $self->{$_} =~ /^Multi/ ) {
$tmp = $self->{$_};
$tmp =~ s/^\w+\s*//;
my %h = split( /\s*[=;]\s*/, $tmp ) if ($tmp);
%$self = ( %h, %$self );
}
}
if ( $self->{notification} ) {
require Lemonldap::NG::Portal::Notification;
......@@ -445,7 +449,7 @@ sub safe {
}";
$self->lmLog( $@, 'error' ) if ($@);
}
$safe->share( '&encode_base64', @t );
$safe->share( '&encode_base64', '%ENV', @t );
return $safe;
}
......@@ -623,11 +627,10 @@ sub setSessionInfo {
# Store IP address and start time
$self->{sessionInfo}->{ipAddr} = $ENV{REMOTE_ADDR};
$self->{sessionInfo}->{startTime} =
&POSIX::strftime( "%Y%m%d%H%M%S", localtime() );
&POSIX::strftime( "%Y%m%d%H%M%S", localtime() );
return $self->SUPER::setSessionInfo();
}
##@apmethod int setMacro()
# 10) macro mechanism.
# * store macro results in $self->{sessionInfo}
......
package Lemonldap::NG::Portal::UserDBMulti;
use Lemonldap::NG::Portal::_Multi;
sub userDBInit {
my $self = shift;
return $self->_multi->try('userDBInit',1);
}
sub getUser {
my $self = shift;
return $self->_multi->try('getUser',1);
}
sub setSessionInfo {
my $self = shift;
return $self->_multi->try('setSessionInfo',1);
}
1;
## @file
# Authentication and UserDB chaining mechanism
## @class
# Authentication and UserDB chaining mechanism.
# To use it set your authentication module like this :
# authentication => 'Multi CAS;LDAP'
#
# If CAS failed, LDAP will be used. You can also add a condition. Example:
# authentication => 'Multi Remote $ENV{REMOTE_ADDR}=~/^192/;LDAP $ENV{REMOTE_ADDR}!~/^192/'
package Lemonldap::NG::Portal::_Multi;
use Lemonldap::NG::Portal::Simple;
## @cmethod Lemonldap::NG::Portal::_Multi new(Lemonldap::NG::Portal::Simple portal)
# Constructor
# @param $portal Lemonldap::NG::Portal::Simple object
# @return new Lemonldap::NG::Portal::_Multi object
sub new {
my ( $class, $portal ) = @_;
my $self = bless { p => $portal, res => PE_NOSCHEME }, $class;
my @stack = ( $portal->{authentication}, $portal->{userDB} );
for ( my $i = 0 ; $i < 2 ; $i++ ) {
$stack[$i] =~ s/^Multi\s*//;
foreach my $l ( split /;/, $stack[$i] ) {
$l =~ /^([\w#]+)(?:\s+(.*))?$/
or $portal->abort( 'Bad configuration', "Unable to read $l" );
my ( $mod, $cond ) = ( $1, $2 );
my $name = $mod;
$mod =~ s/#(.*)$//;
$cond = 1 unless ( defined $cond );
$mod = "Lemonldap::NG::Portal::" . [ 'Auth', 'UserDB' ]->[$i] . $mod
unless ( $mod =~ /::/ );
eval { require $mod };
$portal->abort( 'Bad configuration', "Unable to load $mod ($@)" )
if ($@);
push @{ $self->{stack}->[$i] },
{ m => $mod, c => $cond, n => $name };
}
}
return $self;
}
## @method int try(string sub,int type)
# Main method: try to call $sub method in the current authentication or
# userDB module. If it fails, call next() and replay()
# @param sub name of the method to launch
# @param type 0 for authentication, 1 for userDB
# @return Lemonldap::NG::Portal error code returned by method $sub
sub try {
my ( $self, $sub, $type ) = @_;
my $res;
my $s = $self->{stack}->[$type]->[0]->{m} . "::$sub";
my $old = $self->{stack}->[$type]->[0]->{n};
my $ci;
if ( $ci = $self->{p}->safe->reval( $self->{stack}->[$type]->[0]->{c} ) ) {
$res = $self->{p}->$s();
return $res if ( $res <= 0 );
}
unless ( $self->next($type) ) {
return ( $ci ? $res : $self->{res} );
}
$self->{res} = $res if ( defined($res) );
$self->{p}->lmLog(
[ 'Authentication', 'Retriving user' ]->[$type]
. " with $old failed, trying next",
'info'
) if ($ci);
$res = $self->replay( $sub, $type );
return $res;
}
## @method protected boolean next(int type)
# Set the next authentication or userDB module as current. If both
# authentication and userDB module have the same name, both are changed if
# possible.
# @param type 0 for authentication, 1 for userDB
# return true if an other module is available
sub next {
my ( $self, $type ) = @_;
if($self->{stack}->[$type]->[0]->{n} eq $self->{stack}->[1-$type]->[0]->{n} and $self->{stack}->[1-$type]->[1]) {
shift @{ $self->{stack}->[1-$type] };
}
shift @{ $self->{stack}->[$type] };
return 0 unless ( @{ $self->{stack}->[$type] } );
%{ $self->{p} } = (
%{ $self->{p} },
%{ $self->{p}->{multi}->{$self->{stack}->[$type]->[0]->{n}} }
) if ( $self->{p}->{multi}->{$self->{stack}->[$type]->[0]->{n}} );
return 1;
}
## @method protected int replay(string sub)
# replay all methods since authInit() until method $sub with the new module.
# @param $sub name of the method who has failed
# @return Lemonldap::NG::Portal error code
sub replay {
my ( $self, $sub ) = @_;
my @subs = ();
foreach (
qw(authInit extractFormInfo setAuthSessionInfo userDBInit getUser
setSessionInfo)
)
{
push @subs, $_;
last if ( $_ eq $sub );
}
return $self->{p}->_subProcess(@subs);
}
package Lemonldap::NG::Portal::Simple;
## @method private Lemonldap::NG::Portal::_Multi _multi()
# Return Lemonldap::NG::Portal::_Multi object and builds it if it was not build
# before. This method is used if authentication is set to "Multi".
# @return Lemonldap::NG::Portal::_Multi object
sub _multi {
my $self = shift;
return $self->{_multi} if ( $self->{_multi} );
return $self->{_multi} = Lemonldap::NG::Portal::_Multi->new($self);
}
1;
......@@ -74,6 +74,7 @@ __END__
# * PE_PASSWORD_OK 35
# * PE_NOTIFICATION 36
# * PE_BADURL 37
# * PE_NOSCHEME 38
# Not used in errors:
# * PE_DONE -1
......@@ -123,6 +124,7 @@ sub error_fr {
"Le mot de passe a &eacute;t&eacute; chang&eacute;",
"Vous avez un nouveau message",
'Mauvaise URL',
'Aucun sch&eacute;ma disponible',
];
}
......@@ -169,6 +171,7 @@ sub error_en {
'Password successfully changed',
'You have a new message',
'Bad URL',
'No scheme available',
];
}
......@@ -216,5 +219,6 @@ sub error_ro {
'Parola a fost schimbată',
'Ai un mesaj nou',
'Rea URL',
'No scheme available',
];
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment