Commit 93fcfbe5 authored by Christophe Maudoux's avatar Christophe Maudoux 🐛

Delete OIDC Consents from sessions explorer (#1464)

parent 9464c47a
......@@ -55,6 +55,70 @@ sub delSession {
return $self->sendJSONresponse( $req, { result => 1 } );
}
sub deleteOIDCConsent {
my ( $self, $req ) = @_;
return $self->sendJSONresponse( $req, { result => 1 } )
if ( $self->{demoMode} );
my $mod = $self->getMod($req)
or return $self->sendError( $req, undef, 400 );
my $id = $req->params('sessionId')
or return $self->sendError( $req, 'sessionId is missing', 400 );
# Try to read session
$self->logger->debug("Loading session : $id");
my $session = $self->getApacheSession( $mod, $id )
or return $self->sendError( $req, undef, 400 );
# Try to read OIDC Consent parameters
$self->logger->debug("Reading parameters ...");
my $params = $req->parameters();
my $rp = $params->{rp}
or return $self->sendError( $req, 'OIDC Consent RP is missing', 400 );
my $epoch = $params->{epoch}
or return $self->sendError( $req, 'OIDC Consent Epoch is missing', 400 );
# Try to load 2F Device(s) from session
$self->logger->debug("Looking for OIDC Consent(s) ...");
my $_oidcConsents;
if ( $session->data->{_oidcConsents} ) {
$_oidcConsents = eval {
from_json( $session->data->{_oidcConsents}, { allow_nonref => 1 } );
};
if ($@) {
$self->logger->error("Corrupted session (_oidcConsents) : $@");
return $self->p->sendError( $req, "Corrupted session", 500 );
}
}
else {
$self->logger->debug("No OIDC Consent found");
$_oidcConsents = [];
}
# Delete OIDC Consent
$self->logger->debug("Reading OIDC Consent(s) ...");
my @keep = ();
while (@$_oidcConsents) {
my $element = shift @$_oidcConsents;
$self->logger->debug(
"Searching for OIDC Consent to delete -> $rp / $epoch ...");
push @keep, $element
unless ( ( $element->{rp} eq $rp )
and ( $element->{epoch} eq $epoch ) );
}
# Update session
$self->logger->debug("Saving OIDC Consents ...");
$session->data->{_oidcConsents} = to_json( \@keep );
$self->logger->debug("Updating session ...");
$session->update( \%{ $session->data } );
Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
if ( $session->error ) {
return $self->sendError( $req, $session->error, 200 );
}
return $self->sendJSONresponse( $req, { result => 1 } );
}
sub delete2F {
my ( $self, $req ) = @_;
return $self->sendJSONresponse( $req, { result => 1 } )
......@@ -100,7 +164,7 @@ sub delete2F {
while (@$_2fDevices) {
my $element = shift @$_2fDevices;
$self->logger->debug(
"Searching 2F device to delete -> $type / $epoch ...");
"Searching for 2F device to delete -> $type / $epoch ...");
push @keep, $element
unless ( ( $element->{type} eq $type )
and ( $element->{epoch} eq $epoch ) );
......
......@@ -40,6 +40,15 @@ sub addRoutes {
['DELETE']
);
# DELETE OIDC CONSENT
->addRoute(
sessions => {
OIDCConsent =>
{ ':sessionType' => { ':sessionId' => 'delOIDCConsent' } }
},
['DELETE']
);
$self->setTypes($conf);
$self->{ipField} ||= 'ipAddr';
......@@ -48,9 +57,34 @@ sub addRoutes {
}
#######################
# II. DISPLAY METHODS #
# II. CONSENT METHODS #
#######################
sub delOIDCConsent {
my ( $self, $req, $session, $skey ) = @_;
my $mod = $self->getMod($req)
or return $self->sendError( $req, undef, 400 );
my $params = $req->parameters();
my $epoch = $params->{epoch};
my $rp = $params->{rp};
if ( $rp =~ /\b[\w-]+\b/ and defined $epoch ) {
$self->logger->debug(
"Call procedure deleteOIDCConsent with RP=$rp and epoch=$epoch");
return $self->deleteOIDCConsent( $req, $session, $skey );
}
else {
return $self->sendError( $req, undef, 400 );
}
}
########################
# III. DISPLAY METHODS #
########################
sub sessions {
my ( $self, $req, $session, $skey ) = @_;
......
......@@ -140,6 +140,19 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
# SESSION MANAGEMENT
# Delete RP Consent
$scope.deleteOIDCConsent = (rp, epoch) ->
item = angular.element(".data-#{epoch}")
item.remove()
$scope.waiting = true
$http['delete']("#{scriptname}sessions/OIDCConsent/#{sessionType}/#{$scope.currentSession.id}?rp=#{rp}&epoch=#{epoch}").then (response) ->
$scope.waiting = false
, (resp) ->
$scope.waiting = false
$scope.showT = false
# Delete
$scope.deleteSession = ->
$scope.waiting = true
......
......@@ -97,7 +97,19 @@
<td class="col-md-3" ng-if="node.title!='type' && node.title!='rp'" >{{node.value}}</td>
<th ng-if="node.title=='type' || node.title=='rp'">{{translate(node.epoch)}}</th>
<td class="col-md-3" ng-if="node.epoch > 1500000000">{{localeDate(node.epoch)}}</td>
<td></td>
<td class="data-{{node.epoch}}">
<span ng-if="node.td=='1'" class="link text-danger glyphicon glyphicon-minus-sign" ng-click="deleteOIDCConsent(node.title, node.epoch)"></span>
<!--
<span ng-if="$last && ( node.title=='TOTP' || node.title=='UBK' || node.title=='U2F' )" class="link text-success glyphicon glyphicon-plus-sign" ng-click="menuClick({title:'newRule'})"></span>
-->
</td>
</div>
</script>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment