Skip to content
Snippets Groups Projects
Commit 08dc4956 authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

code factorization

parent 5c185edc
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/AccountManager/App.pm
+ 106
172
View file @ 08dc4956
...@@ -18,15 +18,17 @@ use AccountManager::Tools; ...@@ -18,15 +18,17 @@ use AccountManager::Tools;
use AccountManager::L10N; use AccountManager::L10N;
# Format de type URL HTTP ou URN # Format de type URL HTTP ou URN
my $entity_id_pattern = qr{ my %patterns = (
^ entityid => qr{
(?: ^
https?://[\w.:/-]+ (?:
| https?://[\w.:/-]+
urn:[\w.:-]+ |
) urn:[\w.:-]+
$ )
}x; $
}x
);
my %actions = ( my %actions = (
home => 'req_home', home => 'req_home',
...@@ -242,22 +244,15 @@ sub req_select_federation { ...@@ -242,22 +244,15 @@ sub req_select_federation {
sub req_select_sp { sub req_select_sp {
my ($self, %args) = @_; my ($self, %args) = @_;
my $federation = $args{federation} || $self->{cgi}->param('federation'); my $federation = $args{federation} ||
$self->abort( $self->get_parameter(name => 'federation');
log => "Missing parameter: federation",
user => "missing_federation"
) if !$federation;
my $file = $self->{configuration}->{federations}->{$federation}; my $metadata_file = $self->get_metadata_file(federation => $federation);
$self->abort(
log => "Incorrect parameter: federation",
user => "invalid_federation"
) if !$file;
my $metadata; my $metadata;
eval { eval {
$metadata = AccountManager::Metadata->new( $metadata = AccountManager::Metadata->new(
file => $file file => $metadata_file
); );
}; };
$self->abort( $self->abort(
...@@ -278,27 +273,10 @@ sub req_select_sp { ...@@ -278,27 +273,10 @@ sub req_select_sp {
sub req_select_email { sub req_select_email {
my ($self, %args) = @_; my ($self, %args) = @_;
my $federation = $self->{cgi}->param('federation'); my $federation = $self->get_parameter(name => 'federation');
$self->abort( my $entityid = $self->get_parameter(name => 'entityid');
log => "Missing parameter: federation",
user => "missing_federation"
) if !$federation;
my $file = $self->{configuration}->{federations}->{$federation};
$self->abort(
log => "Incorrect parameter: federation",
user => "invalid_federation"
) if !$file;
my $entityid = $self->{cgi}->param('entityid'); my $metadata_file = $self->get_metadata_file(federation => $federation);
$self->abort(
log => "Missing parameter: entityid",
user => "missing_entityid"
) if !$entityid;
$self->abort(
log => "Incorrect parameter format: entityid",
user => "format_entityid"
) if $entityid !~ $entity_id_pattern;
# Create a persistent service provider object # Create a persistent service provider object
my $sp = AccountManager::ServiceProvider->new( my $sp = AccountManager::ServiceProvider->new(
...@@ -314,7 +292,7 @@ sub req_select_email { ...@@ -314,7 +292,7 @@ sub req_select_email {
eval { eval {
$metadata = AccountManager::Metadata->new( $metadata = AccountManager::Metadata->new(
file => $file file => $metadata_file
); );
}; };
$self->abort( $self->abort(
...@@ -369,33 +347,11 @@ sub req_select_email { ...@@ -369,33 +347,11 @@ sub req_select_email {
sub req_complete_challenge { sub req_complete_challenge {
my ($self, %args) = @_; my ($self, %args) = @_;
my $federation = $self->{cgi}->param('federation'); my $federation = $self->get_parameter(name => 'federation');
$self->abort( my $entityid = $self->get_parameter(name => 'entityid');
log => "Missing parameter: federation", my $email = $self->get_parameter(name => 'email');
user => "missing_federation"
) if !$federation;
my $file = $self->{configuration}->{federations}->{$federation}; my $metadata_file = $self->get_metadata_file(federation => $federation);
$self->abort(
log => "Incorrect parameter: federation",
user => "invalid_federation"
) if !$file;
my $entityid = $self->{cgi}->param('entityid');
$self->abort(
log => "Missing parameter: entityid",
user => "missing_entityid"
) if !$entityid;
$self->abort(
log => "Incorrect parameter format: entityid",
user => "format_entityid"
) if $entityid !~ $entity_id_pattern;
my $email = $self->{cgi}->param('email');
$self->abort(
log => "Missing parameter: email",
user => "missing_email"
) if !$email;
my $provider = AccountManager::ServiceProvider->new( my $provider = AccountManager::ServiceProvider->new(
db => $self->{db}, db => $self->{db},
...@@ -552,58 +508,11 @@ sub req_complete_challenge { ...@@ -552,58 +508,11 @@ sub req_complete_challenge {
sub req_create_accounts { sub req_create_accounts {
my ($self, %args) = @_; my ($self, %args) = @_;
my $entityid = $self->{cgi}->param('entityid'); my $entityid = $self->get_parameter(name => 'entityid');
$self->abort( my $token = $self->get_parameter(name => 'token');
log => "Missing parameter: entityid", my $email = $self->get_parameter(name => 'email');
user => "missing_entityid"
) if !$entityid;
$self->abort(
log => "Incorrect parameter format: entityid",
user => "format_entityid"
) if $entityid !~ $entity_id_pattern;
my $token_secret = $self->{cgi}->param('token');
$self->abort(
log => "Missing parameter: token",
user => "missing_token"
) if !$token_secret;
my $email = $self->{cgi}->param('email'); $self->check_token(token => $token, entityid => $entityid);
$self->abort(
log => "Missing parameter: email",
user => "missing_email"
) if !$email;
my $token = AccountManager::Token->new(
db => $self->{db},
secret => $token_secret
);
$self->abort(
log => sprintf(
"Failed to validate authentication token %s for entityid %s",
$token_secret,
$entityid
),
user => "wrong_token"
) if !$token->load(speculative => 1);
$self->abort(
log => sprintf(
"Authentication token %s cannot be used for SP with entityid %s",
$token_secret,
$entityid
),
user => "wrong_token_for_sp"
) if $token->sp_entityid() ne $entityid;
## delete the token
unless ($token->delete()) {
$self->{logger}->errorf(
"Failed to delete authentication token %s",
$token_secret
);
}
## create test accounts ## create test accounts
my @accounts; my @accounts;
...@@ -677,9 +586,8 @@ sub req_create_accounts { ...@@ -677,9 +586,8 @@ sub req_create_accounts {
) if $EVAL_ERROR; ) if $EVAL_ERROR;
$self->{logger}->infof( $self->{logger}->infof(
"Token validated for entityid=%s;token=%s", "Token validated for entityid=%s",
$entityid, $entityid,
$token_secret
); );
$self->respond( $self->respond(
...@@ -699,64 +607,17 @@ sub req_create_accounts { ...@@ -699,64 +607,17 @@ sub req_create_accounts {
sub req_download_accounts { sub req_download_accounts {
my ($self) = @_; my ($self) = @_;
my $entityid = $self->{cgi}->param('entityid'); my $entityid = $self->get_parameter(name => 'entityid');
$self->abort( my $token = $self->get_parameter(name => 'token');
log => "Missing parameter: entityid", my $key = $self->get_parameter(name => 'key');
user => "missing_entityid"
) if !$entityid;
$self->abort(
log => "Incorrect parameter format: entityid",
user => "format_entityid"
) if $entityid !~ $entity_id_pattern;
my $token_secret = $self->{cgi}->param('token');
$self->abort(
log => "Missing parameter: token",
user => "missing_token"
) if !$token_secret;
my $key = $self->{cgi}->param('key');
$self->abort(
log => "Missing parameter: key",
user => "missing_key"
) if !$key;
my $token = AccountManager::Token->new(
db => $self->{db},
secret => $token_secret
);
$self->abort(
log => sprintf(
"Failed to validate authentication token %s for entityid %s",
$token_secret,
$entityid
),
user => "wrong_token"
) if !$token->load(speculative => 1);
$self->abort( $self->check_token(token => $token, entityid => $entityid);
log => sprintf(
"Authentication token %s cannot be used for SP with entityid %s",
$token_secret,
$entityid
),
user => "wrong_token_for_sp"
) if $token->sp_entityid() ne $self->{in}->{entityid};
# delete the token
unless ($token->delete()) {
$self->{logger}->errorf(
"Failed to delete authentication token %s",
$token_secret
);
}
# load accounts from database # load accounts from database
my $accounts = AccountManager::Account->get_accounts( my $accounts = AccountManager::Account->get_accounts(
db => $self->{db}, db => $self->{db},
query => [ query => [
token => $token_secret token => $token
], ],
); );
...@@ -818,4 +679,77 @@ sub req_home { ...@@ -818,4 +679,77 @@ sub req_home {
); );
} }
sub get_parameter {
my ($self, %args) = @_;
my $name = $args{name};
my $value = $self->{cgi}->param($name);
$self->abort(
log => "Missing parameter: $name",
user => "missing_$name"
) if !$value;
if ($patterns{$name}) {
$self->abort(
log => "Incorrect parameter format: entityid",
user => "format_entityid"
) if $value !~ $patterns{$name};
}
return $value;
}
sub get_metadata_file {
my ($self, %args) = @_;
my $federation = $args{federation};
my $file = $self->{configuration}->{federations}->{$federation};
$self->abort(
log => "Incorrect parameter: federation",
user => "invalid_federation"
) if !$file;
return $file;
}
sub check_token {
my ($self, %args) = @_;
my $secret = $args{token};
my $token = AccountManager::Token->new(
db => $self->{db},
secret => $secret
);
$self->abort(
log => sprintf(
"Failed to validate authentication token %s for entityid %s",
$secret,
$args{entityid}
),
user => "wrong_token"
) if !$token->load(speculative => 1);
$self->abort(
log => sprintf(
"Authentication token %s cannot be used for SP with entityid %s",
$secret,
$args{entityid}
),
user => "wrong_token_for_sp"
) if $token->sp_entityid() ne $args{entityid};
## delete the token
unless ($token->delete()) {
$self->{logger}->errorf(
"Failed to delete authentication token %s",
$secret
);
}
}
1; 1;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment