Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package IdPAccountManager::AuthenticationToken;
use strict;
use IdPAccountManager::Data::Authenticationtoken;
use IdPAccountManager::Data::Authenticationtoken::Manager;
use IdPAccountManager::Tools;
use Conf;
use Digest::MD5;
require Exporter;
my @ISA = qw(Exporter);
my @EXPORT = qw();
use Carp;
INIT {
## Set error mode to non fatal
IdPAccountManager::Data::Authenticationtoken::Manager->error_mode('return');
}
sub new {
my ($pkg) = shift;
my %args = @_;
my $self = {};
## Bless AuthenticationToken object
bless $self, $pkg;
## Object may be created either with a hashref as argument or an IdPAccountManager::Data::Authenticationtoken object
## Second case is usefull when fetching a set of IdPAccountManager::Data::Authenticationtoken via IdPAccountManager::Data::Authenticationtoken::Manager
if (ref($_[0]) eq 'IdPAccountManager::Data::Authenticationtoken') {
$self->{'persistent'} = $_[0];
}else {
$self->{'persistent'} = IdPAccountManager::Data::Authenticationtoken->new(%args);
}
return $self;
}
## Load an authentication token from DB
sub load {
my $self = shift;
return $self->{'persistent'}->load(speculative => 1);
}
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
## Get object parameter
sub get {
my $self = shift;
my $attribute_name = shift;
return $self->{'persistent'}->$attribute_name;
}
## Set object parameters
sub set {
my $self = shift;
my %parameters = @_;
foreach my $parameter_name (keys %parameters) {
$self->{'persistent'}->$parameter_name($parameters{$parameter_name});
}
return 1;
}
## Save object to DB
sub save {
my $self = shift;
## If no id is defined, it is a new account
unless (defined $self->{'persistent'}->id) {
$self->{'persistent'}->creation_date(time);
$self->{'persistent'}->token(&_generate_token($self->{'persistent'}->{'email_address'}));
}
unless ($self->{'persistent'}->save()) {
IdPAccountManager::Tools::do_log('error', "Failed to save Authenticationtoken in DB");
return undef;
}
}
## Delete a test account
sub delete {
my $self = shift;
unless ($self->{'persistent'}->delete()) {
IdPAccountManager::Tools::do_log('error', "Failed to delete a Authenticationtoken in DB");
return undef;
}
}
## Print the content of a test account
sub print {
my $self = shift;
my $fd = shift || \*STDOUT;
printf $fd "AuthenticationToken ID=%s; token=%s; email_address=%s; sp_entityid=%s; creation_date=%s\n",
$self->get('id'), $self->get('token'), $self->get('email_address'), $self->get('sp_entityid'),
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
&POSIX::strftime('%Y:%m:%d', localtime($self->get('creation_date')));
return 1.
}
## list all authentication tokens
## Class method
sub list_authentication_tokens {
my %args = @_;
my $persistent_tokens = IdPAccountManager::Data::Authenticationtoken::Manager->get_authenticationtokens(%args);
my $authentication_tokens;
foreach my $persistent_token (@{$persistent_tokens}) {
my $authentication_token = new IdPAccountManager::AuthenticationToken($persistent_token);
push @$authentication_tokens, $authentication_token;
}
return $authentication_tokens;
}
## generate a random authentication token
sub _generate_token {
my $salt = shift;
my $size = shift || 20;
## ID is based on time + PID
return substr(Digest::MD5::md5_hex(time.$$.$salt), -1*$size);
}
1; # Magic true value required at end of module
__END__
=head1 NAME
IdPAccountManager::AuthenticationToken - Manage Authentication tokens used to validate test account creation requests
=head1 SYNOPSIS
my $authentication_token = new IdPAccountManager::AuthenticationToken(token => 'sdfkl4fslkj44');
unless ($authentication_token->load()) {
die "No corresponding token found in DB\n";
}
$authentication_token->print();
=head1 DESCRIPTION
The Test Account manager instanciates test accounts associated to a SAML Identity Provider.
This module allows to manage authentication tokens to validate requestor identity.
=head1 SUBROUTINES/METHODS
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
=over 8
=item C<new ARGS>
Class method. Create a new IdPAccountManager::AuthenticationToken object.
Example:
my $authentication_token = new IdPAccountManager::AuthenticationToken(token => 'sdfkl4fslkj44');
Supported arguments include:
=over 12
=item C<token>
ID of the token.
=item C<sp_entityid>
EntityID (SAML ID) of the Service Provider associated to the authentication token.
=item C<email_address>
Email address of the user associated to the authentication token.
=back
=item C<delete>
Deletes the token in the database.
=item C<get> ATTR_NAME
Returns the value of the specified ATTR_NAME attribute of the token.
=item C<list_authentication_tokens ARGS>
Class method. List all tokens in database.
Supported arguments include:
=over 12
=item C<sp_entityid>
Entityid of a SAML Service Provider to list only tokens linked to this Service Provider.
=item C<token>
ID of the tokens to list only those tokens.
=back
=item C<load>
Loads the token from the database.
=item C<print FD>
Dumps the content of the authentication token to the specified FD file handler (default to STDOUT)
=item C<set ARGS>
Sets token attributes in ARGS.
=item C<save>
Save the token in the database.
=back
=head1 AUTHOR
Olivier Salaün (olivier.salaun@renater.fr)