Commit 832d7d87 authored by Christophe Maudoux's avatar Christophe Maudoux

Fix AuthSSL with Choice (#1636)

parent f33697de
......@@ -25,6 +25,22 @@ sub _authCancel {
sub extractFormInfo {
my ( $self, $req ) = @_;
unless ( $self->checkChoice($req) ) {
foreach my $mod ( values %{ $self->modules } ) {
$self->logger->debug("Auth module -> $mod");
if ( $mod =~ /::Auth::SSL/
and $self->conf->{sslByAjax}
and not $req->param('nossl') )
{
$self->logger->debug('Send SSL javascript');
$req->data->{customScript}
.= '<script type="application/init">{"sslHost":"'
. $self->conf->{sslHost}
. '"}</script>';
$self->logger->debug(
"Send JS -> " . $req->data->{customScript} );
}
}
foreach my $mod ( values %{ $self->modules } ) {
if ( $mod->can('setSecurity') ) {
$mod->setSecurity($req);
......
......@@ -44,6 +44,7 @@ sub extractFormInfo {
'<script type="application/init">{"sslHost":"'
. $self->conf->{sslHost}
. '"}</script>';
$self->logger->debug("Send JS -> " . $req->data->{customScript});
return PE_FIRSTACCESS;
}
else {
......
# Launch SSL request
tryssl = () ->
console.log 'Call URL -> ', window.datas.sslHost
$.ajax window.datas.sslHost,
dataType: 'json'
# Called if browser can't find Kerberos ticket will display
# PE_BADCREDENTIALS
statusCode:
401: () ->
$('#lform').submit()
console.log 'Error code 401'
# If request succeed, cookie is set, posting form to get redirection
# or menu
success: (data) ->
$('#lform').submit()
console.log 'Success -> ', data
# Case else, will display PE_BADCREDENTIALS or fallback to next auth
# backend
error: () ->
$('#lform').submit()
console.log 'Error'
$(document).ready ->
$('.sslclick').on 'click', tryssl
# Launch SSL request
tryssl = () ->
console.log 'Call URL -> ', window.datas.sslHost
$.ajax window.datas.sslHost,
dataType: 'json'
# PE_BADCREDENTIALS
statusCode:
401: () ->
$('#lformSSL').submit()
console.log 'Error code 401'
# If request succeed, cookie is set, posting form to get redirection
# or menu
success: (data) ->
$('#lformSSL').submit()
console.log 'Success -> ', data
# Case else, will display PE_BADCREDENTIALS or fallback to next auth
# backend
error: () ->
$('#lformSSL').submit()
console.log 'Error'
$(document).ready ->
$('.sslclick').on 'click', tryssl
// Generated by CoffeeScript 1.10.0
// Generated by CoffeeScript 1.12.7
(function() {
var tryssl;
tryssl = function() {
console.log('Call URL -> ', window.datas.sslHost);
return $.ajax(window.datas.sslHost, {
dataType: 'json',
statusCode: {
401: function() {
return $('#lform').submit();
$('#lform').submit();
return console.log('Error code 401');
}
},
success: function(data) {
return $('#lform').submit();
$('#lform').submit();
return console.log('Success -> ', data);
},
error: function() {
return $('#lform').submit();
$('#lform').submit();
return console.log('Error');
}
});
};
......
(function(){var a;a=function(){return $.ajax(window.datas.sslHost,{dataType:"json",statusCode:{401:function(){return $("#lform").submit()}},success:function(b){return $("#lform").submit()},error:function(){return $("#lform").submit()}})};$(document).ready(function(){return $(".sslclick").on("click",a)})}).call(this);
\ No newline at end of file
(function(){var tryssl;tryssl=function(){console.log("Call URL -> ",window.datas.sslHost);return $.ajax(window.datas.sslHost,{dataType:"json",statusCode:{401:function(){$("#lform").submit();return console.log("Error code 401")}},success:function(data){$("#lform").submit();return console.log("Success -> ",data)},error:function(){$("#lform").submit();return console.log("Error")}})};$(document).ready(function(){return $(".sslclick").on("click",tryssl)})}).call(this);
// Generated by CoffeeScript 1.12.7
(function() {
var tryssl;
tryssl = function() {
console.log('Call URL -> ', window.datas.sslHost);
return $.ajax(window.datas.sslHost, {
dataType: 'json',
statusCode: {
401: function() {
$('#lformSSL').submit();
return console.log('Error code 401');
}
},
success: function(data) {
$('#lformSSL').submit();
return console.log('Success -> ', data);
},
error: function() {
$('#lformSSL').submit();
return console.log('Error');
}
});
};
$(document).ready(function() {
return $('.sslclick').on('click', tryssl);
});
}).call(this);
(function(){var tryssl;tryssl=function(){console.log("Call URL -> ",window.datas.sslHost);return $.ajax(window.datas.sslHost,{dataType:"json",statusCode:{401:function(){$("#lformSSL").submit();return console.log("Error code 401")}},success:function(data){$("#lformSSL").submit();return console.log("Success -> ",data)},error:function(){$("#lformSSL").submit();return console.log("Error")}})};$(document).ready(function(){return $(".sslclick").on("click",tryssl)})}).call(this);
......@@ -37,7 +37,7 @@
<div id="<TMPL_VAR NAME="key">">
<form action="<TMPL_VAR NAME="url">" method="post" class="login <TMPL_VAR NAME="module">">
<form id="lform<TMPL_VAR NAME="module">" action="<TMPL_VAR NAME="url">" method="post" class="login <TMPL_VAR NAME="module">">
<!-- Hidden fields -->
<TMPL_VAR NAME="HIDDEN_INPUTS">
......@@ -59,7 +59,7 @@
</TMPL_IF>
<TMPL_IF NAME="sslform">
<TMPL_INCLUDE NAME="sslform.tpl">
<TMPL_INCLUDE NAME="sslformChoice.tpl">
</TMPL_IF>
<TMPL_IF NAME="logo">
......
<!-- //if:jsminified
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/ssl.min.js"></script>
//else -->
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/sslChoice.js"></script>
<!-- //endif -->
<div class="form">
<input type="hidden" name="nossl" value="1" />
<div class="sslclick">
<img src="<TMPL_VAR NAME="STATIC_PREFIX">common/modules/SSL.png" alt="<TMPL_VAR NAME="module">" class="img-thumbnail mb-3" />
</div>
<TMPL_INCLUDE NAME="checklogins.tpl">
<button type="submit" class="btn btn-success sslclick" >
<span class="fa fa-sign-in"></span>
<span trspan="connect">Connect</span>
</button>
</div>
......@@ -5,7 +5,7 @@ use IO::String;
require 't/test-lib.pm';
my $res;
my $maintests = 12;
my $maintests = 13;
eval { unlink 't/userdb.db' };
......@@ -48,6 +48,8 @@ SKIP: {
dbiAuthPasswordHash => '',
customAuth => '::Auth::Apache',
customAddParams => {},
sslByAjax => 1,
sslHost => 'https://authssl.example.com:19876'
}
}
);
......@@ -63,9 +65,12 @@ SKIP: {
ok( $res->[2]->[0] =~ qr%<img src="/static/common/modules/SSL.png"%,
'Found 5_ssl Logo' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<form action="https://test.example.com"%,
ok( $res->[2]->[0] =~ m%<form id="lformDemo" action="https://test.example.com"%,
' Redirect URL found' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<script type="application/init">\{"sslHost":"https://authssl.example.com:19876"\}</script>%,
' SSL AJAX URL found' )
or print STDERR Dumper( $res->[2]->[0] );
my $header = getHeader( $res, 'Content-Security-Policy' );
ok( $header =~ m%;form-action \'self\' https://test.example.com;%,
' CSP URL found' )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment