Commit 5ac69452 authored by Xavier Guimard's avatar Xavier Guimard

CAS in progress (#595)

parent d01e3472
......@@ -110,6 +110,7 @@ sub authenticate {
# calculating remaining time before password expiration
my $remainingTime = $_pwdExpire - $timestamp;
$self->info(
$req,
"<h3>"
. sprintf(
$self->msg(PM_PP_EXP_WARNING),
......
......@@ -53,7 +53,7 @@ sub extractFormInfo {
my ( $self, $req ) = @_;
# Local URL
my $local_url = $self->conf->{portal} . $req->uri;
my $local_url = $self->p->fullUrl($req);
# Add request state parameters
if ( $req->datas->{_url} ) {
......@@ -82,7 +82,7 @@ sub extractFormInfo {
if ( $self->proxy ) {
$self->lmLog( "CAS: Proxy mode activated", 'debug' );
my $proxy_url = $req->uri . '?casProxy=1';
my $proxy_url = $self->p->fullUrl($req) . '?casProxy=1';
if ( my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) {
$proxy_url .= '&' . $self->conf->{authChoiceParam} . "=$tmp";
......@@ -198,7 +198,8 @@ sub authLogout {
my ( $self, $req ) = @_;
# Build CAS logout URL
my $logout_url = $self->cas->getServerLogoutURL( $req->uri );
my $logout_url =
$self->cas->getServerLogoutURL( uri_escape( $self->p->fullUrl($req) ) );
$self->lmLog( "Build CAS logout URL: $logout_url", 'debug' );
......
......@@ -214,10 +214,11 @@ sub run {
# Display a link to the provided URL
$self->lmLog( "Logout URL $logout_url will be displayed", 'debug' );
$self->info(
$self->info( $req,
'<h3 trmsg="back2CasUrl">The application you just logged out of has provided a link it would like you to follow</h3>'
);
$self->info("<p><a href=\"$logout_url\">$logout_url</a></p>");
$self->info( $req,
"<p><a href=\"$logout_url\">$logout_url</a></p>" );
$self->{activeTimer} = 0;
return PE_CONFIRM;
......@@ -397,7 +398,8 @@ sub validate {
# Get username
my $username =
$localSession->data->{ $self->conf->{casAttr} || $self->conf->{whatToTrace} };
$localSession->data->{ $self->conf->{casAttr}
|| $self->conf->{whatToTrace} };
$self->lmLog( "Get username $username", 'debug' );
......
......@@ -79,6 +79,7 @@ qr/^($saml_slo_get_url|$saml_slo_get_url_ret|$saml_slo_post_url|$saml_slo_post_u
# Required to manage SLO in Proxy mode
and $self->loadIDPs()
);
# SOAP routes (access without authentication)
$self->addRouteFromMetaDataURL(
'samlIDPSSODescriptorArtifactResolutionServiceArtifact',
......@@ -865,10 +866,9 @@ sub run {
. " width=\"0\" height=\"0\" frameborder=\"0\">"
. "</iframe>";
# TODO: replace this
#$self->info( "<h3>" . $self->msg(PM_CDC_WRITER) . "</h3>" );
$self->info( $req, $cdc_iframe );
$self->info( $req,
'<h3 trspan="updateCdc">Update Common Domain Cookie</h3>'
. $cdc_iframe );
}
# HTTP-REDIRECT
......
......@@ -206,13 +206,17 @@ sub userBind {
if ( $resp->grace_authentications_remaining ) {
# TODO
$self->{portal}->info( "<h3>"
. $resp->grace_authentications_remaining . " "
. $self->{portal}->msg(PM_PP_GRACE)
. "</h3>" );
$self->{portal}->info( $req,
'<h3>'
. $resp->grace_authentications_remaining
. ' <span trmsg="ppGrace">authentications remaining, change your password!</span></h3>'
);
}
if ( $resp->time_before_expiration ) {
die 'TODO: change this by JS conversion';
$self->{portal}->info(
$req,
"<h3>"
. sprintf(
$self->{portal}->msg(PM_PP_EXP_WARNING),
......
......@@ -8,7 +8,6 @@ use constant {
# Portal errors
# Developers warning, do not use PE_INFO, it's reserved to autoRedirect.
# If you want to send an information, use $self->info('text').
PE_SENDRESPONSE => -4,
PE_INFO => -3,
PE_REDIRECT => -2,
......
......@@ -145,7 +145,7 @@ sub deleteSession {
$self->lmLog( "Create iFrames to forward logout to services", 'debug' );
$self->info('<h3 trmsg="logoutFromOtherApp"></h3>');
$self->info( $req, '<h3 trmsg="logoutFromOtherApp"></h3>' );
foreach ( keys %{ $req->datas->{logoutServices} } ) {
my $logoutServiceName = $_;
......@@ -153,7 +153,7 @@ sub deleteSession {
$req->datas->{logoutServices}->{$logoutServiceName};
$self->lmLog(
"Find lo#gout service $logoutServiceName ($logoutServiceUrl)",
"Find logout service $logoutServiceName ($logoutServiceUrl)",
'debug'
);
......@@ -165,11 +165,12 @@ sub deleteSession {
. " width=\"0\" height=\"0\" frameborder=\"0\">"
. "</iframe>";
$self->info($iframe);
$self->info( $req, $iframe );
}
# Redirect on logout page if no other target defined
if ( !$req->urldc and !$req->postUrl ) {
$self->lmLog('No other target defined, redirect on logout','debug');
$req->urldc( $req->scriptname . "?logout=1" );
}
}
......
......@@ -164,6 +164,7 @@ sub do {
or ( $err == PE_REDIRECT
and $req->datas->{redirectFormMethod}
and $req->datas->{redirectFormMethod} eq 'post' )
or ( $err == PE_REDIRECT and $req->info )
)
)
{
......@@ -590,4 +591,11 @@ sub info {
return $req->info($info);
}
sub fullUrl {
my ( $self, $req ) = @_;
my $pHost = $self->conf->{portal};
$pHost =~ s#^(https?://[^/]+)(?:/.*)?$#$1#;
return $pHost . $req->uri;
}
1;
......@@ -167,6 +167,7 @@
"openSessionSpace":"This space allow you to open a SSO session. This will help you to securely access to all applications authorized by your profil.",
"openSSOSession":"Open your SSO session",
"password": "Password",
"ppGrace": "authentications remaining, change your password!",
"pwdChanged":"Your password was changed.",
"pwdChange":"Password change",
"pwdIs":"Your password is",
......@@ -188,6 +189,7 @@
"serviceProvidedBy":"Service provided by",
"SSOSessionInactive":"SSO session inactive",
"submit":"Submit",
"updateCdc": "Update Common Domain Cookie",
"user":"User",
"useYubikey":"use your Yubikey",
"wait":"Wait",
......
......@@ -167,6 +167,7 @@
"openSessionSpace":"Cet espace vous permet d'ouvrir une session SSO. Celle-ci vous aidera à accéder de manière totalement sécurisée à l'ensemble des applications autorisées par votre profil utilisateur.",
"openSSOSession":"Ouvrir une session SSO",
"password": "Mot-de-passe",
"ppGrace": "authentifications restantes, changez votre mot de passe !",
"pwdChange":"Changement de mot de passe",
"pwdChanged":"Votre mot de passe a été changé.",
"pwdIs":"Votre mot de passe est",
......@@ -188,6 +189,7 @@
"serviceProvidedBy":"Ce service est fourni par",
"SSOSessionInactive":"Session SSO inactive",
"submit":"Envoyer",
"updateCdc": "Mise à jour du cookie de domaine commun",
"user":"Utilisateur",
"useYubikey":"utilisez votre Yubikey",
"wait":"Attendre",
......
......@@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 14;
my $maintests = 19;
my $debug = 'debug';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
......@@ -95,8 +95,28 @@ SKIP: {
switch ('sp');
ok( $res = $sp->_get( '/', query => $query, accept => 'text/html' ),
'Query SP with ticket' );
$cookies = $sp->getCookies($res);
my $spId;
ok( $spId = $cookies->{lemonldap}, 'Get cookie' )
or explain( $res, 'Set-Cookie: something' );
# Test authentication
ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
ok( $res->[0] == 200, 'User is authentified' ) or explain( $res->[0], 200 );
ok( $sp->getUser($res) eq 'dwho', 'User is identified as dwho' )
or explain( $res->[1], 'Lm-Remote-User: dwho' );
#print STDERR Dumper($res);
# Logout initiated by SP
ok(
$res = $sp->_get(
'/',
query => 'logout',
cookie => "lemonldap=$spId",
accept => 'text/html'
),
'Query SP for logout'
);
print STDERR Dumper($res);
}
count($maintests);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment