Skip to content
Snippets Groups Projects
Commit 6d620153 authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

factorize failure handling code

parent 783832fb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/AccountManager/App.pm
+ 179
329
View file @ 6d620153
...@@ -169,13 +169,9 @@ sub run { ...@@ -169,13 +169,9 @@ sub run {
my $method = $actions{$action}; my $method = $actions{$action};
$self->$method(); $self->$method();
} else { } else {
## unknown action $self->abort(
$self->{logger}->error( "Unknown action '$action'"); logs => "Unknown action '$action'",
$self->respond( user => "Unknown action '$action'"
template => 'errors.tt2.html',
data => {
errors => [ "Unknown action '$action'" ]
}
); );
} }
...@@ -224,6 +220,20 @@ sub respond { ...@@ -224,6 +220,20 @@ sub respond {
exit 0; exit 0;
} }
sub abort {
my $self = shift;
my %args = @_;
$self->{logger}->error($args{log}) if $args{log};
$self->respond(
template => 'errors.tt2.html',
data => {
errors => [ $args{user} ]
}
);
}
sub req_start { sub req_start {
my ($self) = @_; my ($self) = @_;
...@@ -256,43 +266,27 @@ sub req_select_sp { ...@@ -256,43 +266,27 @@ sub req_select_sp {
my $federation = $self->{in}->{federation}; my $federation = $self->{in}->{federation};
if (!$federation) { $self->abort(
$self->{logger}->error("Missing parameter: federation"); log => "Missing parameter: federation",
$self->respond( user => "missing_federation"
template => 'errors.tt2.html', ) if !$federation;
data => {
errors => [ "missing_federation" ]
}
);
}
my $file = $self->{configuration}->{federations}->{$federation}; my $file = $self->{configuration}->{federations}->{$federation};
if (!$file) { $self->abort(
$self->{logger}->error("Incorrect parameter: federation"); log => "Incorrect parameter: federation",
$self->respond( user => "invalid_federation"
template => 'errors.tt2.html', ) if !$file;
data => {
errors => [ "invalid_federation" ]
}
);
}
my $metadata; my $metadata;
eval { eval {
$metadata = AccountManager::Metadata->new( $metadata = AccountManager::Metadata->new(
file => $file file => $file
); );
}; };
if ($EVAL_ERROR) { $self->abort(
$self->{logger}->error("Failed to load federation metadata: $EVAL_ERROR"); log => "Failed to load federation metadata: $EVAL_ERROR",
$self->respond( user => "internal"
template => 'errors.tt2.html', ) if $EVAL_ERROR;
data => {
errors => [ "internal" ]
}
);
}
$self->respond( $self->respond(
template => 'select_sp.tt2.html', template => 'select_sp.tt2.html',
...@@ -308,47 +302,25 @@ sub req_select_email { ...@@ -308,47 +302,25 @@ sub req_select_email {
my ($self) = @_; my ($self) = @_;
my $federation = $self->{in}->{federation}; my $federation = $self->{in}->{federation};
$self->abort(
if (!$federation) { log => "Missing parameter: federation",
$self->{logger}->error("Missing parameter: federation"); user => "missing_federation"
$self->respond( ) if !$federation;
template => 'errors.tt2.html',
data => {
errors => [ "missing_federation" ]
}
);
}
my $file = $self->{configuration}->{federations}->{$federation}; my $file = $self->{configuration}->{federations}->{$federation};
if (!$file) { $self->abort(
$self->{logger}->error("Incorrect parameter: federation"); log => "Incorrect parameter: federation",
$self->respond( user => "invalid_federation"
template => 'errors.tt2.html', ) if !$file;
data => {
errors => [ "invalid_federation" ] $self->abort(
} log => "Missing parameter: entityid",
); user => "missing_entityid"
} ) if !$self->{in}->{entityid};
$self->abort(
if (! $self->{in}->{entityid}) { log => "Incorrect parameter format: entityid",
$self->{logger}->error("Missing parameter: entityid"); user => "format_entityid"
$self->respond( ) if $self->{in}->{entityid} !~ $entity_id_pattern;
template => 'errors.tt2.html',
data => {
errors => [ "missing_entityid" ]
}
);
}
if ($self->{in}->{entityid} !~ $entity_id_pattern) {
$self->{logger}->error("Incorrect parameter format: entityid");
$self->respond(
template => 'errors.tt2.html',
data => {
errors => [ "format_entityid" ]
}
);
}
# Create a persistent service provider object # Create a persistent service provider object
my $sp = AccountManager::Service->new( my $sp = AccountManager::Service->new(
...@@ -367,29 +339,17 @@ sub req_select_email { ...@@ -367,29 +339,17 @@ sub req_select_email {
file => $file file => $file
); );
}; };
if ($EVAL_ERROR) { $self->abort(
$self->{logger}->error("Failed to load federation metadata: $EVAL_ERROR"); log => "Failed to load federation metadata: $EVAL_ERROR",
$self->respond( user => "internal"
template => 'errors.tt2.html', ) if $EVAL_ERROR;
data => {
errors => [ "internal" ]
}
);
}
my $entities = $metadata->parse(id => $self->{in}->{entityid}); my $entities = $metadata->parse(id => $self->{in}->{entityid});
if (!@$entities) {
$self->{logger}->errorf(
"No such SP '%s' in metadata", $self->{in}->{entityid}
);
$self->respond(
template => 'errors.tt2.html',
data => {
errors => [ "no_such_entity" ]
}
);
}
my $entity = $entities->[0]; my $entity = $entities->[0];
$self->abort(
log => sprintf("No such SP '%s' in metadata", $self->{in}->{entityid}),
user => "no_such_entity"
) if !$entity;
# complete persistent object # complete persistent object
$sp->displayname($entity->{display_name}); $sp->displayname($entity->{display_name});
...@@ -397,21 +357,15 @@ sub req_select_email { ...@@ -397,21 +357,15 @@ sub req_select_email {
if $entity->{contacts}; if $entity->{contacts};
# save in DB # save in DB
unless ($sp->save()) { $self->abort(
$self->{logger}->error("Failed to save service provider object"); log => "Failed to save service provider object",
$self->respond( user => "internal"
template => 'errors.tt2.html', ) if !$sp->save();
data => {
errors => [ "internal" ]
}
);
}
} }
# override metadata contacts if needed # override metadata contacts if needed
my $id = $self->{in}->{entityid};
my $contacts = my $contacts =
$self->{configuration}->{$id}->{contacts} || $self->{configuration}->{$self->{in}->{entityid}}->{contacts} ||
$self->{configuration}->{service}->{contacts}; $self->{configuration}->{service}->{contacts};
if ($contacts) { if ($contacts) {
if ($contacts =~ /^\+(.+)/) { if ($contacts =~ /^\+(.+)/) {
...@@ -429,7 +383,7 @@ sub req_select_email { ...@@ -429,7 +383,7 @@ sub req_select_email {
action => 'select_email', action => 'select_email',
federation => $federation, federation => $federation,
sp => $sp, sp => $sp,
entityid => $sp->entityid(), entityid => $self->{in}->{entityid},
} }
); );
} }
...@@ -438,67 +392,43 @@ sub req_complete_challenge { ...@@ -438,67 +392,43 @@ sub req_complete_challenge {
my ($self) = @_; my ($self) = @_;
my $federation = $self->{in}->{federation}; my $federation = $self->{in}->{federation};
$self->abort(
if (!$federation) { log => "Missing parameter: federation",
$self->{logger}->error("Missing parameter: federation"); user => "missing_federation"
$self->respond( ) if !$federation;
template => 'errors.tt2.html',
data => {
errors => [ "missing_federation" ]
}
);
}
my $file = $self->{configuration}->{federations}->{$federation}; my $file = $self->{configuration}->{federations}->{$federation};
if (!$file) { $self->abort(
$self->{logger}->error("Incorrect parameter: federation"); log => "Incorrect parameter: federation",
$self->respond( user => "invalid_federation"
template => 'errors.tt2.html', ) if !$file;
data => {
errors => [ "invalid_federation" ] $self->abort(
} log => "Missing parameter: entityid",
); user => "missing_entityid"
} ) if !$self->{in}->{entityid};
$self->abort(
unless ($self->{in}->{entityid}) { log => "Incorrect parameter format: entityid",
$self->{logger}->error("Missing parameter entityid"); user => "format_entityid"
$self->respond( ) if $self->{in}->{entityid} !~ $entity_id_pattern;
template => 'errors.tt2.html',
data => { $self->abort(
errors => [ "missing_entityid" ] log => "Missing parameter: email",
} user => "missing_email"
); ) if !$self->{in}->{email};
}
unless ($self->{in}->{email}) {
$self->{logger}->error("Missing parameter email");
$self->respond(
template => 'errors.tt2.html',
data => {
errors => [ "missing_email" ]
}
);
}
my $provider = AccountManager::Service->new( my $provider = AccountManager::Service->new(
db => $self->{db}, db => $self->{db},
entityid => $self->{in}->{entityid}, entityid => $self->{in}->{entityid},
); );
$self->abort(
unless ($provider->load(speculative => 1)) { log => sprintf("No such SP '%s' in database", $self->{in}->{entityid}),
$self->{logger}->errorf("No such SP '%s' in database", $self->{in}->{entityid}); user => "no_such_entity"
$self->respond( ) if !$provider->load(speculative => 1);
template => 'errors.tt2.html',
data => {
errors => [ "no_such_entity" ]
}
);
}
# override metadata contacts if needed # override metadata contacts if needed
my $entity = $self->{in}->{entityid};
my $contacts = my $contacts =
$self->{configuration}->{$entity}->{contacts} || $self->{configuration}->{$self->{in}->{entityid}}->{contacts} ||
$self->{configuration}->{service}->{contacts}; $self->{configuration}->{service}->{contacts};
if ($contacts) { if ($contacts) {
if ($contacts =~ /^\+(.+)/) { if ($contacts =~ /^\+(.+)/) {
...@@ -511,41 +441,27 @@ sub req_complete_challenge { ...@@ -511,41 +441,27 @@ sub req_complete_challenge {
} }
## Check that email is a known contact for this SP ## Check that email is a known contact for this SP
unless ($provider->is_contact($self->{in}->{email})) $self->abort(
{ log => sprintf(
$self->{logger}->errorf(
"Requested a token for %s for an unautorized address '%s'", "Requested a token for %s for an unautorized address '%s'",
$self->{in}->{entityid}, $self->{in}->entityid,
$self->{in}->{email} $self->{in}->{email}
); ),
$self->respond( user => "internal",
template => 'errors.tt2.html', ) if !$provider->is_contact($self->{in}->{email});
data => {
errors => [ "internal" ]
}
);
}
# delete any previous token for the same email/service couple # delete any previous token for the same email/service couple
my $old_token = AccountManager::Token->new( my $old_token = AccountManager::Token->new(
db => $self->{db}, db => $self->{db},
email_address => $self->{in}->{email}, email_address => $self->{in}->{email},
sp_entityid => $self->{in}->{entityid} sp_entityid => $self->{in}->{entityid},
); );
if ($old_token->load(speculative => 1)) { if ($old_token->load(speculative => 1)) {
unless ($old_token->delete()) { $self->abort(
$self->{logger}->errorf( log => sprintf("Failed to delete previous authentication token with ID %s", $old_token->id()),
"Failed to delete previous authentication token with ID %s", user => "internal"
$old_token->id() ) if !$old_token->delete();
);
$self->respond(
template => 'errors.tt2.html',
data => {
errors => [ "internal" ]
}
);
}
} }
# compute a new token # compute a new token
...@@ -561,15 +477,10 @@ sub req_complete_challenge { ...@@ -561,15 +477,10 @@ sub req_complete_challenge {
token => AccountManager::Tools::generate_secret(20) token => AccountManager::Tools::generate_secret(20)
); );
unless ($token->save()) { $self->abort(
$self->{logger}->error("Failed to save authentication token"); log => "Failed to save service authentication token",
$self->respond( user => "internal"
template => 'errors.tt2.html', ) if !$token->save();
data => {
errors => [ "internal" ]
}
);
}
# build content # build content
my $tt2 = Template->new({ my $tt2 = Template->new({
...@@ -635,15 +546,10 @@ sub req_complete_challenge { ...@@ -635,15 +546,10 @@ sub req_complete_challenge {
eval { eval {
Email::Sender::Simple->send($email); Email::Sender::Simple->send($email);
}; };
if ($EVAL_ERROR) { $self->abort(
$self->{logger}->errorf("Mail notification error: %s", $EVAL_ERROR); log => "Mail notification error: $EVAL_ERROR",
$self->respond( user => "mail_notification_failure"
template => 'errors.tt2.html', ) if $EVAL_ERROR;
data => {
errors => [ "mail_notification_failure" ]
}
);
}
$self->{logger}->infof( $self->{logger}->infof(
"Token send to %s for entityid=%s;token=%s", "Token send to %s for entityid=%s;token=%s",
...@@ -666,68 +572,47 @@ sub req_complete_challenge { ...@@ -666,68 +572,47 @@ sub req_complete_challenge {
sub req_create_accounts { sub req_create_accounts {
my ($self) = @_; my ($self) = @_;
unless ($self->{in}->{entityid}) { $self->abort(
$self->{logger}->error("Missing parameter entityid"); log => "Missing parameter: entityid",
$self->respond( user => "missing_entityid"
template => 'errors.tt2.html', ) if !$self->{in}->{entityid};
data => { $self->abort(
errors => [ "missing_entityid" ] log => "Incorrect parameter format: entityid",
} user => "format_entityid"
); ) if $self->{in}->{entityid} !~ $entity_id_pattern;
}
$self->abort(
unless ($self->{in}->{token}) { log => "Missing parameter: token",
$self->{logger}->error("Missing parameter token"); user => "missing_token"
$self->respond( ) if !$self->{in}->{token};
template => 'errors.tt2.html',
data => { $self->abort(
errors => [ "missing_token" ] log => "Missing parameter: email",
} user => "missing_email"
); ) if !$self->{in}->{email};
}
unless ($self->{in}->{email}) {
$self->{logger}->error("Missing parameter email");
$self->respond(
template => 'errors.tt2.html',
data => {
errors => [ "missing_email" ]
}
);
}
my $token = AccountManager::Token->new( my $token = AccountManager::Token->new(
db => $self->{db}, db => $self->{db},
token => $self->{in}->{token} token => $self->{in}->{token}
); );
if (! $token->load(speculative => 1)) { $self->abort(
$self->{logger}->errorf( log => sprintf(
"Failed to validate authentication token %s for entityid %s", "Failed to validate authentication token %s for entityid %s",
$self->{in}->{token}, $self->{in}->{token},
$self->{in}->{entityid} $self->{in}->{entityid}
); ),
$self->respond( user => "wrong_token"
template => 'errors.tt2.html', ) if !$token->load(speculative => 1);
data => {
errors => [ "wrong_token" ]
}
);
}
if (! $token->sp_entityid() eq $self->{in}->{entityid}) { $self->abort(
$self->{logger}->errorf( log => sprintf(
"Authentication token %s cannot be used for SP with entityid %s", "Authentication token %s cannot be used for SP with entityid %s",
$self->{in}->{token}, $self->{in}->{token},
$self->{in}->{entityid} $self->{in}->{entityid}
); ),
$self->respond( user => "wrong_token_for_sp"
template => 'errors.tt2.html', ) if $token->sp_entityid() ne $self->{in}->{entityid};
data => {
errors => [ "wrong_token_for_sp" ]
}
);
}
## delete the token ## delete the token
unless ($token->delete()) { unless ($token->delete()) {
...@@ -758,15 +643,10 @@ sub req_create_accounts { ...@@ -758,15 +643,10 @@ sub req_create_accounts {
token => AccountManager::Tools::generate_secret(20) token => AccountManager::Tools::generate_secret(20)
); );
unless ($download_token->save()) { $self->abort(
$self->{logger}->error("Failed to save authentication token"); log => "Failed to save download authentication token",
$self->respond( user => "internal"
template => 'errors.tt2.html', ) if !$download_token->save();
data => {
errors => [ "internal" ]
}
);
}
my $key = AccountManager::Tools::generate_secret(10); my $key = AccountManager::Tools::generate_secret(10);
...@@ -788,18 +668,13 @@ sub req_create_accounts { ...@@ -788,18 +668,13 @@ sub req_create_accounts {
push @accounts, $account; push @accounts, $account;
} }
unless (@accounts) { $self->abort(
$self->{logger}->errorf( log => sprintf(
"Failed to create test accounts for SP with entityid %s", "Failed to create test accounts for SP with entityid %s",
$self->{in}->{entityid} $self->{in}->{entityid}
); ),
$self->respond( user => "accounts_creation_failure"
template => 'errors.tt2.html', ) if !@accounts;
data => {
errors => [ "accounts_creation_failure" ]
}
);
}
## Update simpleSAMLphp configuration to enable test accounts ## Update simpleSAMLphp configuration to enable test accounts
my $accounts = AccountManager::Account::Manager->get_accounts( my $accounts = AccountManager::Account::Manager->get_accounts(
...@@ -813,18 +688,13 @@ sub req_create_accounts { ...@@ -813,18 +688,13 @@ sub req_create_accounts {
$accounts $accounts
); );
}; };
if ($EVAL_ERROR) { $self->abort(
$self->{logger}->errorf( log => sprintf(
"Failed to create simpleSAMLphp configuration file: %s", "Failed to create simpleSAMLphp configuration file: %s",
$EVAL_ERROR $EVAL_ERROR
); ),
$self->respond( user => "accounts_creation_failed"
template => 'errors.tt2.html', ) if $EVAL_ERROR;
data => {
errors => [ "accounts_creation_failed" ]
}
);
}
$self->{logger}->infof( $self->{logger}->infof(
"Token validated for entityid=%s;token=%s", "Token validated for entityid=%s;token=%s",
...@@ -849,67 +719,47 @@ sub req_create_accounts { ...@@ -849,67 +719,47 @@ sub req_create_accounts {
sub req_download_accounts { sub req_download_accounts {
my ($self) = @_; my ($self) = @_;
unless ($self->{in}->{entityid}) { $self->abort(
$self->{logger}->error("Missing parameter entityid"); log => "Missing parameter: entityid",
$self->respond( user => "missing_entityid"
template => 'errors.tt2.html', ) if !$self->{in}->{entityid};
data => { $self->abort(
errors => [ "missing_entityid" ] log => "Incorrect parameter format: entityid",
} user => "format_entityid"
); ) if $self->{in}->{entityid} !~ $entity_id_pattern;
}
$self->abort(
unless ($self->{in}->{token}) { log => "Missing parameter: token",
$self->{logger}->error("Missing parameter token"); user => "missing_token"
$self->respond( ) if !$self->{in}->{token};
template => 'errors.tt2.html',
data => { $self->abort(
errors => [ "missing_token" ] log => "Missing parameter: key",
} user => "missing_key"
); ) if !$self->{in}->{key};
}
unless ($self->{in}->{key}) {
$self->{logger}->error("Missing parameter key");
$self->respond(
template => 'errors.tt2.html',
data => {
errors => [ "missing_key" ]
}
);
}
my $token = AccountManager::Token->new( my $token = AccountManager::Token->new(
db => $self->{db}, db => $self->{db},
token => $self->{in}->{token} token => $self->{in}->{token}
); );
if (! $token->load(speculative => 1)) { $self->abort(
$self->{logger}->errorf( log => sprintf(
"Non-existing authentication token %s", "Failed to validate authentication token %s for entityid %s",
$self->{in}->{token}, $self->{in}->{token},
); $self->{in}->{entityid}
$self->respond( ),
template => 'errors.tt2.html', user => "wrong_token"
data => { ) if !$token->load(speculative => 1);
errors => [ "wrong_token" ]
}
);
}
if (! $token->sp_entityid() eq $self->{in}->{entityid}) { $self->abort(
$self->{logger}->errorf( log => sprintf(
"Authentication token %s cannot be used for SP %s", "Authentication token %s cannot be used for SP with entityid %s",
$self->{in}->{token}, $self->{in}->{token},
$self->{in}->{entityid} $self->{in}->{entityid}
); ),
$self->respond( user => "wrong_token_for_sp"
template => 'errors.tt2.html', ) if $token->sp_entityid() ne $self->{in}->{entityid};
data => {
errors => [ "wrong_token_for_sp" ]
}
);
}
# delete the token # delete the token
unless ($token->delete()) { unless ($token->delete()) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment