allow per-service configuration override

21df9fac · Guillaume ROUSSE · accd73fd · 21df9fac · 21df9fac · 21df9fac
Commit 21df9fac authored 7 years ago by Guillaume ROUSSE
--- a/bin/account-manager.pl.in
+++ b/bin/account-manager.pl.in
@@ -96,10 +96,13 @@ sub add_account {
    die "Failed to create test account\n"
        unless $test_account;

+    my $entity = $options{sp_entityid};
+    my $validity_period =
+        $configuration->{$entity}->{account_validity_period} ||
+        $configuration->{service}->{account_validity_period};
+
    die "Failed to save test account\n"
-        unless $test_account->save(
-            accounts_validity_period => $configuration->{service}->{account_validity_period}
-        );
+        unless $test_account->save(accounts_validity_period => $validity_period);

    printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n",
      $test_account->id(), $test_account->password();

--- a/conf/manager.conf.in
+++ b/conf/manager.conf.in
@@ -37,6 +37,7 @@ entityid = https://my.fqdn/simplesaml/saml2/idp/metadata.php
 displayname = eduGAIN Access Check
 accounts_file = @sysconfdir@/accounts.php

+# default parameters for all services
 [service]
 # validity period of test accounts, in days
 account_validity_period = 7
@@ -44,3 +45,9 @@ account_validity_period = 7
 account_profiles = fullset1, limitedset1, generic1, student1, student2, teacher1, teacher2, alumni1, librarywalkin1, employee1, researcher1
 # override contacts defined in metadata if defined
 contacts = john@my.fqdn, sarah@my.fqdn
+
+# service-specific parameters
+[https://my.service.fqdn]
+account_validity_period = 90
+account_profiles = student1, teacher1
+contacts = john@my.fqdn
--- a/lib/IdPAccountManager/WebRequest.pm
+++ b/lib/IdPAccountManager/WebRequest.pm
@@ -258,12 +258,12 @@ sub req_select_sp {
        }
    }

-    if ($self->{configuration}->{service}->{contacts}) {
-        # replace SP contacts
-        $provider->contacts(
-            split(/, */, $self->{configuration}->{service}->{contacts})
-        );
-    }
+    # replace metadata contacts from configuration contacts if defined
+    my $entity = $self->{in}->{sp_entityid};
+    my $contacts =
+        $self->{configuration}->{$entity}->{contacts} ||
+        $self->{configuration}->{service}->{contacts};
+    $provider->contacts(split(/, */, $contacts)) if $contacts;

    $self->{out}->{provider} = $provider;
    $self->{out}->{subtitle} = 'Select your Service Provider';
@@ -299,12 +299,12 @@ sub req_generate_token {
        return;
    }

-    if ($self->{configuration}->{service}->{contacts}) {
-        # replace SP contacts
-        $provider->contacts(
-            split(/, */, $self->{configuration}->{service}->{contacts})
-        );
-    }
+    # replace metadata contacts from configuration contacts if defined
+    my $entity = $self->{in}->{sp_entityid};
+    my $contacts =
+        $self->{configuration}->{$entity}->{contacts} ||
+        $self->{configuration}->{service}->{contacts};
+    $provider->contacts(split(/, */, $contacts)) if $contacts;

    ## Check that email_address is a known contact for this SP
    unless ($provider->is_contact($self->{in}->{email_address}))
@@ -464,17 +464,23 @@ sub req_validate_token {
    ## create test accounts
    my @accounts;

-    foreach my $profile (split(/, */, $self->{configuration}->{service}->{account_profiles})) {
+    my $entity = $self->{in}->{sp_entityid};
+    my $profiles =
+        $self->{configuration}->{$entity}->{account_profiles} ||
+        $self->{configuration}->{service}->{account_profiles};
+    my $validity_period =
+        $self->{configuration}->{$entity}->{account_validity_period} ||
+        $self->{configuration}->{service}->{account_validity_period};
+
+    foreach my $profile (split(/, */, $profiles)) {
        my $account = IdPAccountManager::TestAccount->new(
            db          => $self->{db},
            profile     => $profile,
-            sp_entityid => $self->{in}->{sp_entityid},
+            sp_entityid => $entity,
            scope       => $self->{configuration}->{idp}->{scope},
        );
        next unless $account;
-        next unless $account->save(
-            accounts_validity_period => $self->{configuration}->{service}->{account_validity_period}
-        );
+        next unless $account->save(accounts_validity_period => $validity_period);
        push @accounts, $account;
    }