Skip to content
Snippets Groups Projects
Commit a3b7e158 authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

more consistency in hash keys syntax

parent d58fcee1
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bin/account-manager-client.pl
+ 64
65
View file @ a3b7e158
...@@ -87,17 +87,17 @@ sub add_test_account { ...@@ -87,17 +87,17 @@ sub add_test_account {
pod2usage( pod2usage(
-message => "missing account_profile option, aborting\n", -message => "missing account_profile option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{'account_profile'}; ) unless $options{account_profile};
pod2usage( pod2usage(
-message => "missing sp_entityid option, aborting\n", -message => "missing sp_entityid option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{'sp_entityid'}; ) unless $options{sp_entityid};
my $test_account = IdPAccountManager::Data::TestAccount->new( my $test_account = IdPAccountManager::Data::TestAccount->new(
db => $db, db => $db,
account_profile => $options{'account_profile'}, account_profile => $options{account_profile},
sp_entityid => $options{'sp_entityid'} sp_entityid => $options{sp_entityid}
); );
die "Failed to create test account\n" die "Failed to create test account\n"
...@@ -105,7 +105,7 @@ sub add_test_account { ...@@ -105,7 +105,7 @@ sub add_test_account {
die "Failed to save test account\n" die "Failed to save test account\n"
unless $test_account->save( unless $test_account->save(
accounts_validity_period => $configuration->{'accounts_validity_period'} accounts_validity_period => $configuration->{accounts_validity_period}
); );
printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n", printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n",
...@@ -115,17 +115,16 @@ sub add_test_account { ...@@ -115,17 +115,16 @@ sub add_test_account {
sub list_test_accounts { sub list_test_accounts {
my %args; my %args;
if ($options{'sp_entityid'}) { if ($options{sp_entityid}) {
push @{ $args{'query'} }, 'sp_entityid' => $options{'sp_entityid'}; push @{ $args{query} }, sp_entityid => $options{sp_entityid};
} }
if ($options{'account_profile'}) { if ($options{account_profile}) {
push @{ $args{'query'} }, push @{ $args{query} }, account_profile => $options{account_profile};
'account_profile' => $options{'account_profile'};
} }
if ($options{'filter_expired'}) { if ($options{filter_expired}) {
push @{ $args{'query'} }, 'expiration_date' => { lt => time }; push @{ $args{query} }, expiration_date => { lt => time };
} }
my $accounts = my $accounts =
...@@ -137,17 +136,17 @@ sub list_test_accounts { ...@@ -137,17 +136,17 @@ sub list_test_accounts {
foreach my $account (@$accounts) { foreach my $account (@$accounts) {
$account->print(); $account->print();
next unless $options{'delete'}; next unless $options{delete};
die "failed to delete test account\n" die "failed to delete test account\n"
unless $account->delete(); unless $account->delete();
} }
if ($options{'delete'}) { if ($options{delete}) {
printf "%d accounts removed\n", @$accounts; printf "%d accounts removed\n", @$accounts;
die "failed to update simpleSAMLphp configuration file\n" die "failed to update simpleSAMLphp configuration file\n"
unless IdPAccountManager::Tools::update_ssp_authsources( unless IdPAccountManager::Tools::update_ssp_authsources(
$configuration->{'root_manager_dir'}, $configuration->{root_manager_dir},
$configuration $configuration
); );
...@@ -162,24 +161,24 @@ sub parse_federation_metadata { ...@@ -162,24 +161,24 @@ sub parse_federation_metadata {
die "unable to load federation metadata\n" die "unable to load federation metadata\n"
unless $federation_metadata->load( unless $federation_metadata->load(
federation_metadata_file_path => federation_metadata_file_path =>
$configuration->{'federation_metadata_file_path'} $configuration->{federation_metadata_file_path}
); );
my %args; my %args;
if ($options{'sp_entityid'}) { if ($options{sp_entityid}) {
$args{'filter_entity_id'} = $options{'sp_entityid'}; $args{filter_entity_id} = $options{sp_entityid};
} }
die "unable to parse federation metadata\n" die "unable to parse federation metadata\n"
unless $federation_metadata->parse(%args); unless $federation_metadata->parse(%args);
printf "Document %s parsed\n", printf "Document %s parsed\n",
$configuration->{'federation_metadata_file_path'}; $configuration->{federation_metadata_file_path};
## List SAML entities ## List SAML entities
printf "Hashref representing the metadata:\n"; printf "Hashref representing the metadata:\n";
IdPAccountManager::Tools::dump_var( IdPAccountManager::Tools::dump_var(
$federation_metadata->{'federation_metadata_as_hashref'}, $federation_metadata->{federation_metadata_as_hashref},
0, \*STDOUT); 0, \*STDOUT);
} }
...@@ -189,33 +188,33 @@ sub add_service_provider { ...@@ -189,33 +188,33 @@ sub add_service_provider {
pod2usage( pod2usage(
-message => "missing sp_entityid option, aborting\n", -message => "missing sp_entityid option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{'sp_entityid'}; ) unless $options{sp_entityid};
pod2usage( pod2usage(
-message => "missing contacts option, aborting\n", -message => "missing contacts option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{'contacts'}; ) unless $options{contacts};
## Check if entry already exists in DB first ## Check if entry already exists in DB first
my $service_provider = my $service_provider =
IdPAccountManager::Data::ServiceProvider->new( IdPAccountManager::Data::ServiceProvider->new(
db => $db, db => $db,
entityid => $options{'sp_entityid'} entityid => $options{sp_entityid}
); );
if ($service_provider->load(speculative => 1)) { if ($service_provider->load(speculative => 1)) {
printf "Entry for %s already in DB; update it with new data\n", printf "Entry for %s already in DB; update it with new data\n",
$options{'sp_entityid'}; $options{sp_entityid};
$service_provider->contacts($options{'contacts'}); $service_provider->contacts($options{contacts});
$service_provider->displayname($options{'displayname'}) $service_provider->displayname($options{displayname})
if ($options{'displayname'}); if ($options{displayname});
} else { } else {
$service_provider = IdPAccountManager::Data::ServiceProvider->new( $service_provider = IdPAccountManager::Data::ServiceProvider->new(
db => $db, db => $db,
entityid => $options{'sp_entityid'}, entityid => $options{sp_entityid},
contacts => $options{'contacts'}, contacts => $options{contacts},
displayname => $options{'displayname'} displayname => $options{displayname}
); );
die "failed to create service provider\n" die "failed to create service provider\n"
unless $service_provider; unless $service_provider;
...@@ -246,15 +245,15 @@ sub list_service_providers { ...@@ -246,15 +245,15 @@ sub list_service_providers {
sub list_authentication_tokens { sub list_authentication_tokens {
my %args; my %args;
if ($options{'sp_entityid'}) { if ($options{sp_entityid}) {
push @{ $args{'query'} }, 'sp_entityid' => $options{'sp_entityid'}; push @{ $args{query} }, sp_entityid => $options{sp_entityid};
} }
if ($options{'token'}) { if ($options{token}) {
push @{ $args{'query'} }, 'token' => $options{'token'}; push @{ $args{query} }, token => $options{token};
} }
if ($options{'filter_expired'}) { if ($options{filter_expired}) {
push @{ $args{'query'} }, 'creation_date' => push @{ $args{query} }, creation_date =>
{ lt => time - ($configuration->{'tokens_validity_period'} * 3600) }; { lt => time - ($configuration->{tokens_validity_period} * 3600) };
} }
my $tokens = my $tokens =
...@@ -266,12 +265,12 @@ sub list_authentication_tokens { ...@@ -266,12 +265,12 @@ sub list_authentication_tokens {
foreach my $token (@$tokens) { foreach my $token (@$tokens) {
$token->print(); $token->print();
next unless $options{'delete'}; next unless $options{delete};
die "failed to delete authentication token\n" die "failed to delete authentication token\n"
unless $token->delete(); unless $token->delete();
} }
if ($options{'delete'}) { if ($options{delete}) {
printf "%d tokens removed\n", @$tokens; printf "%d tokens removed\n", @$tokens;
} }
...@@ -281,8 +280,8 @@ sub list_authentication_tokens { ...@@ -281,8 +280,8 @@ sub list_authentication_tokens {
sub get_authentication_token { sub get_authentication_token {
my %args; my %args;
if ($options{'token'}) { if ($options{token}) {
$args{'token'} = $options{'token'}; $args{token} = $options{token};
} }
my $authentication_token = my $authentication_token =
...@@ -291,10 +290,10 @@ sub get_authentication_token { ...@@ -291,10 +290,10 @@ sub get_authentication_token {
die "No corresponding token found in DB\n" die "No corresponding token found in DB\n"
unless $authentication_token->load(); unless $authentication_token->load();
if ($options{'sp_entityid'}) { if ($options{sp_entityid}) {
die "Authentication token cannot be used for this SP\n" die "Authentication token cannot be used for this SP\n"
unless $authentication_token->get('sp_entityid') unless $authentication_token->get('sp_entityid')
eq $options{'sp_entityid'}; eq $options{sp_entityid};
} }
$authentication_token->print(); $authentication_token->print();
...@@ -306,17 +305,17 @@ sub add_authentication_token { ...@@ -306,17 +305,17 @@ sub add_authentication_token {
pod2usage( pod2usage(
-message => "missing email_address option, aborting\n", -message => "missing email_address option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{'email_address'}; ) unless $options{email_address};
pod2usage( pod2usage(
-message => "missing sp_entityid option, aborting\n", -message => "missing sp_entityid option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{'sp_entityid'}; ) unless $options{sp_entityid};
my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new( my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
db => $db, db => $db,
'email_address' => $options{'email_address'}, email_address => $options{email_address},
'sp_entityid' => $options{'sp_entityid'} sp_entityid => $options{sp_entityid}
); );
die "failed to create authentication token\n" die "failed to create authentication token\n"
...@@ -328,9 +327,9 @@ sub add_authentication_token { ...@@ -328,9 +327,9 @@ sub add_authentication_token {
unless $authentication_token->delete(); unless $authentication_token->delete();
$authentication_token = IdPAccountManager::Data::AuthenticationToken->new( $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
db => $db, db => $db,
'email_address' => $options{'email_address'}, email_address => $options{email_address},
'sp_entityid' => $options{'sp_entityid'} sp_entityid => $options{sp_entityid}
); );
die "failed to create authentication token\n" die "failed to create authentication token\n"
unless $authentication_token; unless $authentication_token;
...@@ -348,27 +347,27 @@ sub send_notice { ...@@ -348,27 +347,27 @@ sub send_notice {
pod2usage( pod2usage(
-message => "missing email_address option, aborting\n", -message => "missing email_address option, aborting\n",
-verbose => 0 -verbose => 0
) unless $options{'email_address'}; ) unless $options{email_address};
my $logger = IdPAccountManager::Logger->new( my $logger = IdPAccountManager::Logger->new(
file => $configuration->{'log_file'}, file => $configuration->{log_file},
verbosity => $configuration->{'log_level'} verbosity => $configuration->{log_level}
); );
die "Failed to send mail notice to $options{'email_address'}\n" die "Failed to send mail notice to $options{email_address}\n"
unless IdPAccountManager::Tools::mail_notice( unless IdPAccountManager::Tools::mail_notice(
'template' => 'templates/mail/notification_generic_error.tt2.eml', template => 'templates/mail/notification_generic_error.tt2.eml',
'data' => {}, data => {},
'to' => $options{'email_address'}, to => $options{email_address},
'logger' => $logger, logger => $logger,
'conf' => $configuration, conf => $configuration,
'admin_email' => $configuration->{'admin_email'}, admin_email => $configuration->{admin_email},
'dev_no_mail_outside' => $configuration->{'dev_no_mail_outside'}, dev_no_mail_outside => $configuration->{dev_no_mail_outside},
'dev_sp_contact' => $configuration->{'dev_sp_contact'}, dev_sp_contact => $configuration->{dev_sp_contact},
'notice_from' => $configuration->{'notice_from'} notice_from => $configuration->{notice_from}
); );
printf "Mail notice sent to $options{'email_address'}\n"; printf "Mail notice sent to $options{email_address}\n";
} }
......
bin/account-manager-web.pl
+ 2
2
View file @ a3b7e158
...@@ -40,13 +40,13 @@ my %actions = ( ...@@ -40,13 +40,13 @@ my %actions = (
'account_wizard' => { 'title_en' => 'Select your Service Provider' }, 'account_wizard' => { 'title_en' => 'Select your Service Provider' },
'generate_token' => { 'title_en' => 'Generate an authentication token' }, 'generate_token' => { 'title_en' => 'Generate an authentication token' },
'validate_token' => { 'title_en' => 'Complete Email Challenge' }, 'validate_token' => { 'title_en' => 'Complete Email Challenge' },
'home' => { 'title_en' => $Conf::global{'app_name'} }, 'home' => { 'title_en' => $Conf::global{app_name} },
); );
## Gives writes for the group ## Gives writes for the group
umask 0002; umask 0002;
chdir $Conf::global{'root_manager_dir'}; chdir $Conf::global{root_manager_dir};
my $configuration = IdPAccountManager::Configuration->new( my $configuration = IdPAccountManager::Configuration->new(
file => 'conf/IdPAccountManager.conf' file => 'conf/IdPAccountManager.conf'
......
lib/IdPAccountManager/Data/TestAccount.pm
+ 1
1
View file @ a3b7e158
...@@ -51,7 +51,7 @@ sub save { ...@@ -51,7 +51,7 @@ sub save {
IdPAccountManager::Tools::sha256_hash($self->{user_password})); IdPAccountManager::Tools::sha256_hash($self->{user_password}));
$self->creation_date(time); $self->creation_date(time);
$self->expiration_date( $self->expiration_date(
time + ($args{'accounts_validity_period'} * 3600 * 24)); time + ($args{accounts_validity_period} * 3600 * 24));
} }
$self->SUPER::save(); $self->SUPER::save();
......
lib/IdPAccountManager/SAMLMetadata.pm
+ 64
68
View file @ a3b7e158
...@@ -29,7 +29,7 @@ sub new { ...@@ -29,7 +29,7 @@ sub new {
sub load { sub load {
my ($self, %args) = @_; my ($self, %args) = @_;
unless ($args{'federation_metadata_file_path'}) { unless ($args{federation_metadata_file_path}) {
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Missing parameter 'federation_metadata_file_path'" message => "Missing parameter 'federation_metadata_file_path'"
...@@ -37,34 +37,34 @@ sub load { ...@@ -37,34 +37,34 @@ sub load {
return undef; return undef;
} }
$self->{'federation_metadata_file_path'} = $self->{federation_metadata_file_path} =
$args{'federation_metadata_file_path'}; $args{federation_metadata_file_path};
unless (-r $self->{'federation_metadata_file_path'}) { unless (-r $self->{federation_metadata_file_path}) {
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => message =>
"Failed to read $args{'federation_metadata_file_path'} : $ERRNO" "Failed to read $args{federation_metadata_file_path} : $ERRNO"
); );
return undef; return undef;
} }
unless ($self->{'federation_metadata_as_xml'} = unless ($self->{federation_metadata_as_xml} =
$self->_get_xml_object($args{'federation_metadata_file_path'})) $self->_get_xml_object($args{federation_metadata_file_path}))
{ {
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to parse file $args{'metadata_file'} : $ERRNO" message => "Failed to parse file $args{metadata_file} : $ERRNO"
); );
return undef; return undef;
} }
my $root = $self->{'federation_metadata_as_xml'}->documentElement(); my $root = $self->{federation_metadata_as_xml}->documentElement();
unless ($root->nodeName() =~ /EntitiesDescriptor$/) { unless ($root->nodeName() =~ /EntitiesDescriptor$/) {
$self->{logger}->( $self->{logger}->(
level => LOG_ERROR, level => LOG_ERROR,
message => sprintf( message => sprintf(
"Root element of file $args{'federation_metadata_file_path'} is of type '%s'; should be 'EntitiesDescriptor'", "Root element of file $args{federation_metadata_file_path} is of type '%s'; should be 'EntitiesDescriptor'",
$root->nodeName() $root->nodeName()
) )
); );
...@@ -79,17 +79,17 @@ sub parse { ...@@ -79,17 +79,17 @@ sub parse {
my ($self, %args) = @_; my ($self, %args) = @_;
my %parser_args = ( my %parser_args = (
'metadata_as_xml' => $self->{'federation_metadata_as_xml'}, metadata_as_xml => $self->{federation_metadata_as_xml},
'filter_entity_type' => 'sp' filter_entity_type => 'sp'
); );
if ($args{'filter_entity_id'}) { if ($args{filter_entity_id}) {
$parser_args{'filter_entity_id'} = $args{'filter_entity_id'}; $parser_args{filter_entity_id} = $args{filter_entity_id};
} }
$self->{'federation_metadata_as_hashref'} = $self->{federation_metadata_as_hashref} =
$self->_parse_saml_metadata(%parser_args); $self->_parse_saml_metadata(%parser_args);
unless (defined $self->{'federation_metadata_as_hashref'}) { unless (defined $self->{federation_metadata_as_hashref}) {
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to parse federation metadata" message => "Failed to parse federation metadata"
...@@ -105,7 +105,7 @@ sub print { ...@@ -105,7 +105,7 @@ sub print {
my ($self, $fd) = @_; my ($self, $fd) = @_;
$fd = \*STDOUT unless $fd; $fd = \*STDOUT unless $fd;
my $root = $self->{'federation_metadata_as_xml'}->documentElement(); my $root = $self->{federation_metadata_as_xml}->documentElement();
print $fd $root->toString(); print $fd $root->toString();
} }
...@@ -167,7 +167,7 @@ sub _get_xml_object { ...@@ -167,7 +167,7 @@ sub _get_xml_object {
sub _parse_saml_metadata { sub _parse_saml_metadata {
my ($self, %args) = @_; my ($self, %args) = @_;
my $root = $args{'metadata_as_xml'}; my $root = $args{metadata_as_xml};
my @extracted_array; my @extracted_array;
foreach my $EntityDescriptor ( foreach my $EntityDescriptor (
...@@ -178,15 +178,15 @@ sub _parse_saml_metadata { ...@@ -178,15 +178,15 @@ sub _parse_saml_metadata {
if ($EntityDescriptor->hasAttributes()) { if ($EntityDescriptor->hasAttributes()) {
foreach my $attr ($EntityDescriptor->getAttribute('entityID')) { foreach my $attr ($EntityDescriptor->getAttribute('entityID')) {
$extracted_data->{'entityid'} = $attr; $extracted_data->{entityid} = $attr;
} }
} }
next next
if ($args{'filter_entity_id'} if ($args{filter_entity_id}
&& ($args{'filter_entity_id'} ne $extracted_data->{'entityid'})); && ($args{filter_entity_id} ne $extracted_data->{entityid}));
$extracted_data->{'xml_md'} = $extracted_data->{xml_md} =
IdPAccountManager::Tools::escape_xml($EntityDescriptor->toString()); IdPAccountManager::Tools::escape_xml($EntityDescriptor->toString());
foreach my $child ($EntityDescriptor->childNodes()) { foreach my $child ($EntityDescriptor->childNodes()) {
...@@ -196,7 +196,7 @@ sub _parse_saml_metadata { ...@@ -196,7 +196,7 @@ sub _parse_saml_metadata {
if ($child->nodeName =~ /IDPSSODescriptor$/) { if ($child->nodeName =~ /IDPSSODescriptor$/) {
$extracted_data->{'type'} = 'idp'; $extracted_data->{type} = 'idp';
foreach my $sso ( foreach my $sso (
$child->getElementsByLocalName('SingleSignOnService')) $child->getElementsByLocalName('SingleSignOnService'))
...@@ -206,24 +206,22 @@ sub _parse_saml_metadata { ...@@ -206,24 +206,22 @@ sub _parse_saml_metadata {
#next unless ($sso->getAttribute('Binding') && defined $supported_saml_bindings{$sso->getAttribute('Binding')}); #next unless ($sso->getAttribute('Binding') && defined $supported_saml_bindings{$sso->getAttribute('Binding')});
## On extrait les infos sur les endpoints ## On extrait les infos sur les endpoints
push @{ $extracted_data->{'idp_endpoints'} }, push @{ $extracted_data->{idp_endpoints} }, {
{ type => 'SingleSignOnService',
'type' => 'SingleSignOnService', binding => $sso->getAttribute('Binding'),
'binding' => $sso->getAttribute('Binding'), location => $sso->getAttribute('Location'),
'location' => $sso->getAttribute('Location'), };
};
} }
## Getting domains declared for scoped attributes ## Getting domains declared for scoped attributes
foreach my $scope ($child->getElementsByLocalName('Scope')) { foreach my $scope ($child->getElementsByLocalName('Scope')) {
push @{ $extracted_data->{'domain'} }, push @{ $extracted_data->{domain} }, $scope->textContent();
$scope->textContent();
} }
} elsif ($child->nodeName =~ /SPSSODescriptor$/) { } elsif ($child->nodeName =~ /SPSSODescriptor$/) {
$extracted_data->{'type'} = 'sp'; $extracted_data->{type} = 'sp';
## We check the Binding of the ACS that should match "urn:oasis:names:tc:SAML:1.0:profiles:browser-post" ## We check the Binding of the ACS that should match "urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
## We also check the index to select the ACS that has the lower index ## We also check the index to select the ACS that has the lower index
...@@ -233,17 +231,15 @@ sub _parse_saml_metadata { ...@@ -233,17 +231,15 @@ sub _parse_saml_metadata {
{ {
## Extracting endpoints information ## Extracting endpoints information
push @{ $extracted_data->{'sp_endpoints'} }, push @{ $extracted_data->{sp_endpoints} }, {
{ type => 'AssertionConsumerService',
'type' => 'AssertionConsumerService', binding => $sso->getAttribute('Binding'),
'binding' => $sso->getAttribute('Binding'), location => $sso->getAttribute('Location'),
'location' => $sso->getAttribute('Location'), index => $sso->getAttribute('index'),
'index' => $sso->getAttribute('index'), isdefault => IdPAccountManager::Tools::boolean2integer(
'isdefault' =>
IdPAccountManager::Tools::boolean2integer(
$sso->getAttribute('isDefault') $sso->getAttribute('isDefault')
) )
}; };
#$self->{logger}->log( #$self->{logger}->log(
# level => LOG_TRACE, # level => LOG_TRACE,
...@@ -262,7 +258,7 @@ sub _parse_saml_metadata { ...@@ -262,7 +258,7 @@ sub _parse_saml_metadata {
{ {
## Requested attributes information ## Requested attributes information
push @{ $extracted_data->{'requested_attribute'} }, push @{ $extracted_data->{requested_attribute} },
{ {
'friendly_name' => 'friendly_name' =>
IdPAccountManager::Tools::encode_utf8( IdPAccountManager::Tools::encode_utf8(
...@@ -284,11 +280,11 @@ sub _parse_saml_metadata { ...@@ -284,11 +280,11 @@ sub _parse_saml_metadata {
$child->getElementsByLocalName('RegistrationInfo')) $child->getElementsByLocalName('RegistrationInfo'))
{ {
$extracted_data->{'registration_info'} $extracted_data->{registration_info}
{'registration_authority'} = {registration_authority} =
$registrationinfo->getAttribute('registrationAuthority'); $registrationinfo->getAttribute('registrationAuthority');
$extracted_data->{'registration_info'} $extracted_data->{registration_info}
{'registration_instant'} = {registration_instant} =
$registrationinfo->getAttribute('registrationInstant'); $registrationinfo->getAttribute('registrationInstant');
foreach my $registrationpolicy ( foreach my $registrationpolicy (
$registrationinfo->getElementsByLocalName( $registrationinfo->getElementsByLocalName(
...@@ -296,8 +292,8 @@ sub _parse_saml_metadata { ...@@ -296,8 +292,8 @@ sub _parse_saml_metadata {
) )
{ {
if ($registrationpolicy->getAttribute('lang') eq 'en') { if ($registrationpolicy->getAttribute('lang') eq 'en') {
$extracted_data->{'registration_info'} $extracted_data->{registration_info}
{'registration_policy'} = {registration_policy} =
IdPAccountManager::Tools::encode_utf8( IdPAccountManager::Tools::encode_utf8(
$registrationpolicy->textContent()); $registrationpolicy->textContent());
} }
...@@ -305,14 +301,14 @@ sub _parse_saml_metadata { ...@@ -305,14 +301,14 @@ sub _parse_saml_metadata {
} }
} elsif ($child->nodeName =~ /ContactPerson$/) { } elsif ($child->nodeName =~ /ContactPerson$/) {
my %contact_details; my %contact_details;
$contact_details{'type'} = $child->getAttribute('contactType'); $contact_details{type} = $child->getAttribute('contactType');
if (defined $contact_details{'type'}) { if (defined $contact_details{type}) {
foreach my $contact_child ($child->childNodes()) { foreach my $contact_child ($child->childNodes()) {
$contact_details{ $contact_child->localName } = $contact_details{ $contact_child->localName } =
IdPAccountManager::Tools::encode_utf8( IdPAccountManager::Tools::encode_utf8(
$contact_child->textContent()); $contact_child->textContent());
} }
push @{ $extracted_data->{'contacts'} }, \%contact_details; push @{ $extracted_data->{contacts} }, \%contact_details;
} }
} }
...@@ -320,7 +316,7 @@ sub _parse_saml_metadata { ...@@ -320,7 +316,7 @@ sub _parse_saml_metadata {
my $displayname ($child->getElementsByLocalName('DisplayName')) my $displayname ($child->getElementsByLocalName('DisplayName'))
{ {
$extracted_data->{'display_name'} $extracted_data->{display_name}
{ $displayname->getAttribute('xml:lang') } = { $displayname->getAttribute('xml:lang') } =
IdPAccountManager::Tools::encode_utf8( IdPAccountManager::Tools::encode_utf8(
$displayname->textContent()); $displayname->textContent());
...@@ -328,10 +324,10 @@ sub _parse_saml_metadata { ...@@ -328,10 +324,10 @@ sub _parse_saml_metadata {
## Set a default displayName in case no English version is provided ## Set a default displayName in case no English version is provided
## However there is no way to determine the native displayName ## However there is no way to determine the native displayName
## We take the first one as default ## We take the first one as default
if ( !$extracted_data->{'default_display_name'} if ( !$extracted_data->{default_display_name}
|| $displayname->getAttribute('xml:lang')) || $displayname->getAttribute('xml:lang'))
{ {
$extracted_data->{'default_display_name'} = $extracted_data->{default_display_name} =
IdPAccountManager::Tools::encode_utf8( IdPAccountManager::Tools::encode_utf8(
$displayname->textContent()); $displayname->textContent());
} }
...@@ -342,7 +338,7 @@ sub _parse_saml_metadata { ...@@ -342,7 +338,7 @@ sub _parse_saml_metadata {
my $description ($child->getElementsByLocalName('Description')) my $description ($child->getElementsByLocalName('Description'))
{ {
$extracted_data->{'description'} $extracted_data->{description}
{ $description->getAttribute('xml:lang') } = { $description->getAttribute('xml:lang') } =
IdPAccountManager::Tools::encode_utf8( IdPAccountManager::Tools::encode_utf8(
$description->textContent()); $description->textContent());
...@@ -355,7 +351,7 @@ sub _parse_saml_metadata { ...@@ -355,7 +351,7 @@ sub _parse_saml_metadata {
->log(level => LOG_TRACE, message => "ContactPerson"); ->log(level => LOG_TRACE, message => "ContactPerson");
my %contact_details; my %contact_details;
$contact_details{'type'} = $contact_details{type} =
$contact->getAttribute('contactType'); $contact->getAttribute('contactType');
foreach my $contact_child ($EntityDescriptor->childNodes()) { foreach my $contact_child ($EntityDescriptor->childNodes()) {
$self->{logger}->log( $self->{logger}->log(
...@@ -367,33 +363,33 @@ sub _parse_saml_metadata { ...@@ -367,33 +363,33 @@ sub _parse_saml_metadata {
IdPAccountManager::Tools::encode_utf8( IdPAccountManager::Tools::encode_utf8(
$contact_child->textContent()); $contact_child->textContent());
} }
push @{ $extracted_data->{'contacts'} }, \%contact_details; push @{ $extracted_data->{contacts} }, \%contact_details;
} }
foreach my $sso ( foreach my $sso (
$child->getElementsByLocalName('OrganizationDisplayName')) $child->getElementsByLocalName('OrganizationDisplayName'))
{ {
$extracted_data->{'organization'} = $extracted_data->{organization} =
IdPAccountManager::Tools::encode_utf8($sso->textContent()); IdPAccountManager::Tools::encode_utf8($sso->textContent());
} }
## Getting X.509 certificates ## Getting X.509 certificates
foreach my $cert ($child->getElementsByLocalName('X509Certificate')) foreach my $cert ($child->getElementsByLocalName('X509Certificate'))
{ {
$extracted_data->{'certificate'} = $extracted_data->{certificate} =
IdPAccountManager::Tools::encode_utf8($cert->textContent()); IdPAccountManager::Tools::encode_utf8($cert->textContent());
} }
} }
## Filter entities based on type ## Filter entities based on type
next next
if (defined $args{'filter_entity_type'} if (defined $args{filter_entity_type}
&& ($args{'filter_entity_type'} ne $extracted_data->{'type'})); && ($args{filter_entity_type} ne $extracted_data->{type}));
## Merge domains in a single string ## Merge domains in a single string
my $domains = join(',', @{ $extracted_data->{'domain'} }) my $domains = join(',', @{ $extracted_data->{domain} })
if ($extracted_data->{'domain'}); if ($extracted_data->{domain});
$extracted_data->{'domain'} = $domains; $extracted_data->{domain} = $domains;
#$self->{logger}->log(level => LOG_DEBUG, message => "Scopes : %s", $domains); #$self->{logger}->log(level => LOG_DEBUG, message => "Scopes : %s", $domains);
...@@ -418,8 +414,8 @@ SAMLMetadata - loading SAML federation metadata ...@@ -418,8 +414,8 @@ SAMLMetadata - loading SAML federation metadata
} }
my %args; my %args;
if ($options{'sp_entityid'}) { if ($options{sp_entityid}) {
$args{'filter_entity_id'} = $options{'sp_entityid'}; $args{filter_entity_id} = $options{sp_entityid};
} }
unless ($federation_metadata->parse(sp_entityid => 'https://test.federation.renater.fr/test/ressource')) { unless ($federation_metadata->parse(sp_entityid => 'https://test.federation.renater.fr/test/ressource')) {
...@@ -428,7 +424,7 @@ SAMLMetadata - loading SAML federation metadata ...@@ -428,7 +424,7 @@ SAMLMetadata - loading SAML federation metadata
## List SAML entities ## List SAML entities
printf "Hashref representing the metadata:\n"; printf "Hashref representing the metadata:\n";
IdPAccountManager::Tools::dump_var($federation_metadata->{'federation_metadata_as_hashref'}, 0, \*STDOUT); IdPAccountManager::Tools::dump_var($federation_metadata->{federation_metadata_as_hashref}, 0, \*STDOUT);
=head1 DESCRIPTION =head1 DESCRIPTION
......
lib/IdPAccountManager/Tools.pm
+ 18
18
View file @ a3b7e158
...@@ -60,7 +60,7 @@ sub generate_password { ...@@ -60,7 +60,7 @@ sub generate_password {
'0' .. '9', '_', '%', ';', '0' .. '9', '_', '%', ';',
':', '!', '?', '&', ':', '!', '?', '&',
'$', '*', '(', ')', '$', '*', '(', ')',
'{', '}', '[', ']', '{, }', '[', ']',
'.', '=', '-', '#' '.', '=', '-', '#'
); );
foreach (6 .. $length_of_randomstring) { foreach (6 .. $length_of_randomstring) {
...@@ -87,15 +87,15 @@ sub update_ssp_authsources { ...@@ -87,15 +87,15 @@ sub update_ssp_authsources {
my ($root_manager_dir, $conf) = @_; my ($root_manager_dir, $conf) = @_;
my $tt2 = Template->new({ my $tt2 = Template->new({
'INCLUDE_PATH' => $root_manager_dir . ':' . INCLUDE_PATH => $root_manager_dir . ':' .
$root_manager_dir . '/templates/accountProfiles' $root_manager_dir . '/templates/accountProfiles'
}); });
my %args = ( my %args = (
'accounts' => IdPAccountManager::TestAccount::Data::Manager->get_testaccounts(), accounts => IdPAccountManager::TestAccount::Data::Manager->get_testaccounts(),
'conf' => $conf, conf => $conf,
); );
#chdir $Conf::global{'root_manager_dir'}; #chdir $Conf::global{root_manager_dir};
my $template_file = 'templates/accountProfiles/valid-accounts.php.tt2'; my $template_file = 'templates/accountProfiles/valid-accounts.php.tt2';
my $output_file = 'conf/valid-accounts.php'; my $output_file = 'conf/valid-accounts.php';
...@@ -146,24 +146,24 @@ sub dump_var { ...@@ -146,24 +146,24 @@ sub dump_var {
## data : data used by the TT2 parser ## data : data used by the TT2 parser
sub mail_notice { sub mail_notice {
my (%args) = @_; my (%args) = @_;
my $tt2_file = $args{'template'}; my $tt2_file = $args{template};
my $mail_data = $args{'data'}; my $mail_data = $args{data};
my $logger = $args{'logger'}; my $logger = $args{logger};
$mail_data->{'conf'} ||= $args{'conf'}; $mail_data->{conf} ||= $args{conf};
my $notice_email = $args{'to'} || $args{'admin_email'}; my $notice_email = $args{to} || $args{admin_email};
$mail_data->{'to'} = $notice_email; $mail_data->{to} = $notice_email;
## Protection to prevent notifications during test dev phases ## Protection to prevent notifications during test dev phases
## Notify only admin_email or dev_sp_contact addresses ## Notify only admin_email or dev_sp_contact addresses
if ($args{'dev_no_mail_outside'}) { if ($args{dev_no_mail_outside}) {
my %rcpt = map { $_ => 1 } split(/,/, $notice_email); my %rcpt = map { $_ => 1 } split(/,/, $notice_email);
my %authorized_rcpt = map { $_ => 1 } split( my %authorized_rcpt = map { $_ => 1 } split(
/,/, /,/,
join(',', join(',',
$args{'admin_email'}, $args{admin_email},
$args{'dev_sp_contact'}) $args{dev_sp_contact})
); );
my $change_rcpt = 0; my $change_rcpt = 0;
...@@ -182,18 +182,18 @@ sub mail_notice { ...@@ -182,18 +182,18 @@ sub mail_notice {
$notice_email $notice_email
) )
); );
$notice_email = $args{'admin_email'}; $notice_email = $args{admin_email};
} }
} }
$logger->log( $logger->log(
level => LOG_TRACE, level => LOG_TRACE,
message => sprintf('(template=%s, to=%s)', $in{'template'}, $mail_data->{'to'}) message => sprintf('(template=%s, to=%s)', $in{template}, $mail_data->{to})
); );
open SENDMAIL, open SENDMAIL,
"|/usr/sbin/sendmail -f " "|/usr/sbin/sendmail -f "
. $args{'notice_from'} . $args{notice_from}
. " $notice_email"; . " $notice_email";
my $tt2 = Template->new(FILTERS => { qencode => [ \qencode, 0 ] }); my $tt2 = Template->new(FILTERS => { qencode => [ \qencode, 0 ] });
......
lib/IdPAccountManager/WebRequest.pm
+ 138
138
View file @ a3b7e158
...@@ -20,8 +20,8 @@ sub new { ...@@ -20,8 +20,8 @@ sub new {
}; };
$self->{logger} = IdPAccountManager::Logger->new( $self->{logger} = IdPAccountManager::Logger->new(
file => $self->{configuration}->{'log_file'}, file => $self->{configuration}->{log_file},
verbosity => $self->{configuration}->{'log_level'} verbosity => $self->{configuration}->{log_level}
); );
$self->{logger}->log( $self->{logger}->log(
level => LOG_INFO, level => LOG_INFO,
...@@ -42,47 +42,47 @@ sub new { ...@@ -42,47 +42,47 @@ sub new {
## Input parameters ## Input parameters
my %in_vars = $http_query->Vars; my %in_vars = $http_query->Vars;
$self->{'param_in'} = \%in_vars; $self->{param_in} = \%in_vars;
## Check if admin acts as another user ## Check if admin acts as another user
$self->{'cookies'} = CGI::Cookie->fetch; $self->{cookies} = CGI::Cookie->fetch;
#if (defined $self->{'cookies'}{'as_user'} && $request->{'is_admin'}) { #if (defined $self->{cookies}->{as_user} && $request->{is_admin}) {
# $self->{'utilisateur'} = $request->{'as_user'} = $request->{'cookies'}{'as_user'}->value; # $self->{utilisateur} = $request->{as_user} = $request->{cookies}->{as_user}->value;
# $self->{'is_admin'} = 0; # $self->{is_admin} = 0;
#} #}
## Usefull data for output (web pages or mail notices) ## Usefull data for output (web pages or mail notices)
$self->{'param_out'}{'url_cgi'} = $ENV{'SCRIPT_NAME'}; $self->{param_out}->{url_cgi} = $ENV{SCRIPT_NAME};
$self->{'param_out'}{'env'} = \%ENV; $self->{param_out}->{env} = \%ENV;
$self->{'param_out'}{'actions'} = $args{actions}; $self->{param_out}->{actions} = $args{actions};
$self->{'param_out'}{'conf'} = $self->{configuration}; $self->{param_out}->{conf} = $self->{configuration};
## Clean input vars ## Clean input vars
foreach my $key (keys %{ $self->{'param_in'} }) { foreach my $key (keys %{ $self->{param_in} }) {
## Removing all ^M (0D) ## Removing all ^M (0D)
$self->{'param_in'}{$key} =~ s/\r//g; $self->{param_in}->{$key} =~ s/\r//g;
$self->{'param_in'}{$key} =~ s/\s+$//; ## Remove trailing spaces $self->{param_in}->{$key} =~ s/\s+$//; ## Remove trailing spaces
$self->{'param_in'}{$key} =~ s/^\s+//; ## Remove leading spaces $self->{param_in}->{$key} =~ s/^\s+//; ## Remove leading spaces
## If action_xx param is set, then action=xx ## If action_xx param is set, then action=xx
## Usefull to have sementicless values in submit forms ## Usefull to have sementicless values in submit forms
if ($key =~ /^action_(\w+)$/) { if ($key =~ /^action_(\w+)$/) {
#$self->{logger}->log(level => LOG_TRACE, message => "ACTION $key"); #$self->{logger}->log(level => LOG_TRACE, message => "ACTION $key");
$self->{'param_in'}{'action'} = $1; $self->{param_in}->{action} = $1;
} }
} }
## Check the requested action ## Check the requested action
if ($self->{'param_in'}{'action'}) { if ($self->{param_in}->{action}) {
$self->{'action'} = $self->{'param_in'}{'action'}; $self->{action} = $self->{param_in}->{action};
} else { } else {
## Default action ## Default action
$self->{logger}->log(level => LOG_INFO, message => 'Default action'); $self->{logger}->log(level => LOG_INFO, message => 'Default action');
$self->{'action'} = 'home'; $self->{action} = 'home';
} }
bless $self, $pkg; bless $self, $pkg;
...@@ -98,13 +98,13 @@ sub execute { ...@@ -98,13 +98,13 @@ sub execute {
my $status; my $status;
## Check input parameters format ## Check input parameters format
foreach my $key (keys %{ $self->{'param_in'} }) { foreach my $key (keys %{ $self->{param_in} }) {
if ( $self->{'param_in'}{$key} !~ /^\s*$/ if ( $self->{param_in}->{$key} !~ /^\s*$/
&& defined $self->{format}->{$key} && defined $self->{format}->{$key}
&& !ref($self->{format}->{$key})) && !ref($self->{format}->{$key}))
{ {
unless ($self->{'param_in'}{$key} =~ /^$self->format->{$key}$/) { unless ($self->{param_in}->{$key} =~ /^$self->format->{$key}$/) {
push @{ $self->{'param_out'}{'errors'} }, "format_$key"; push @{ $self->{param_out}->{errors} }, "format_$key";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Incorrect parameter format : $key" message => "Incorrect parameter format : $key"
...@@ -116,26 +116,26 @@ sub execute { ...@@ -116,26 +116,26 @@ sub execute {
do { do {
## Actions can be chained ## Actions can be chained
$self->{'action'} = $self->{'next_action'} if ($self->{'next_action'}); $self->{action} = $self->{next_action} if ($self->{next_action});
delete $self->{'next_action'}; ## Prevent loops delete $self->{next_action}; ## Prevent loops
if (defined $self->actions->{ $self->{'action'} }) { if (defined $self->actions->{ $self->{action} }) {
## Execute the target subroutine named req_actionName ## Execute the target subroutine named req_actionName
no strict 'refs'; no strict 'refs';
my $sub = 'req_' . $self->{'action'}; my $sub = 'req_' . $self->{action};
$status = &{$sub}($self); $status = &{$sub}($self);
} else { } else {
## Inknown action ## Inknown action
push @{ $self->{'param_out'}{'errors'} }, "unknown_action"; push @{ $self->{param_out}->{errors} }, "unknown_action";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Unknown action '%s'", message => "Unknown action '%s'",
$self->{'action'} $self->{action}
); );
} }
} while ($self->{'next_action'}); } while ($self->{next_action});
return 1; return 1;
} }
...@@ -148,14 +148,14 @@ sub respond { ...@@ -148,14 +148,14 @@ sub respond {
## Automatic pass object entries to the output hash ## Automatic pass object entries to the output hash
foreach my $key (keys %{$self}) { foreach my $key (keys %{$self}) {
$self->{'param_out'}{$key} ||= $self->{$key} $self->{param_out}{$key} ||= $self->{$key}
unless ($key eq 'param_out'); unless ($key eq 'param_out');
} }
## An action may redirect to an external URL ## An action may redirect to an external URL
if ($self->{'url_redirection'}) { if ($self->{url_redirection}) {
printf "Location: %s\n\n", $self->{'url_redirection'}; printf "Location: %s\n\n", $self->{url_redirection};
} else { } else {
...@@ -164,13 +164,13 @@ sub respond { ...@@ -164,13 +164,13 @@ sub respond {
{ {
ENCODING => 'iso-8859-1', ## le défaut apparemment ENCODING => 'iso-8859-1', ## le défaut apparemment
FILTERS => { FILTERS => {
'encode_utf8', => encode_utf8 =>
[ \&IdPAccountManager::Tools::encode_utf8, 0 ], [ \&IdPAccountManager::Tools::encode_utf8, 0 ],
'escape_quotes' => escape_quotes =>
[ \&IdPAccountManager::Tools::escape_quotes, 0 ] [ \&IdPAccountManager::Tools::escape_quotes, 0 ]
}, },
INCLUDE_PATH => $self->{configuration}->{'root_manager_dir'} . ':' INCLUDE_PATH => $self->{configuration}->{root_manager_dir} . ':'
. $self->{configuration}->{'root_manager_dir'} . $self->{configuration}->{root_manager_dir}
. '/templates/accountProfiles', . '/templates/accountProfiles',
#DEBUG => 'all', #DEBUG => 'all',
...@@ -182,13 +182,13 @@ sub respond { ...@@ -182,13 +182,13 @@ sub respond {
my $template; my $template;
## nobanner is used to do AJAX to get only pieces of HTML to load in the web client ## nobanner is used to do AJAX to get only pieces of HTML to load in the web client
if ($self->{'param_in'}{'style'} eq 'nobanner') { if ($self->{param_in}->{style} eq 'nobanner') {
$template = 'templates/web/index-nobanner.tt2.html'; $template = 'templates/web/index-nobanner.tt2.html';
} else { } else {
$template = 'templates/web/index.tt2.html'; $template = 'templates/web/index.tt2.html';
} }
unless ($tt2->process($template, $self->{'param_out'}, \*STDOUT)) { unless ($tt2->process($template, $self->{param_out}, \*STDOUT)) {
printf "Content-type: text/plain\n\n Error: %s", $tt2->error(); printf "Content-type: text/plain\n\n Error: %s", $tt2->error();
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
...@@ -199,7 +199,7 @@ sub respond { ...@@ -199,7 +199,7 @@ sub respond {
## Ignore some type of errors ## Ignore some type of errors
my @errors_admin; my @errors_admin;
foreach my $id_error (@{ $self->{'param_out'}{'errors'} }) { foreach my $id_error (@{ $self->{param_out}->{errors} }) {
unless ($id_error =~ /^(error_x)$/) { unless ($id_error =~ /^(error_x)$/) {
push @errors_admin, $id_error; push @errors_admin, $id_error;
} }
...@@ -207,16 +207,16 @@ sub respond { ...@@ -207,16 +207,16 @@ sub respond {
## Mail notification of admins about the error ## Mail notification of admins about the error
if (@errors_admin) { if (@errors_admin) {
$self->{'param_out'}{'subject'} = 'Error notification - web interface'; $self->{param_out}->{subject} = 'Error notification - web interface';
IdPAccountManager::Tools::mail_notice( IdPAccountManager::Tools::mail_notice(
'template' => 'templates/mail/notification_generic_error.tt2.eml', template => 'templates/mail/notification_generic_error.tt2.eml',
'data' => $self->{'param_out'}, data => $self->{param_out},
'logger' => $self->{'logger'}, logger => $self->{logger},
'conf' => $self->{configuration}, conf => $self->{configuration},
'admin_email' => $self->{configuration}->{'admin_email'}, admin_email => $self->{configuration}->{admin_email},
'dev_no_mail_outside' => $self->{configuration}->{'dev_no_mail_outside'}, dev_no_mail_outside => $self->{configuration}->{dev_no_mail_outside},
'dev_sp_contact' => $self->{configuration}->{'dev_sp_contact'}, dev_sp_contact => $self->{configuration}->{dev_sp_contact},
'notice_from' => $self->{configuration}->{'notice_from'} notice_from => $self->{configuration}->{notice_from}
); );
} }
} }
...@@ -233,11 +233,11 @@ sub req_account_wizard { ...@@ -233,11 +233,11 @@ sub req_account_wizard {
unless ( unless (
$federation_metadata->load( $federation_metadata->load(
federation_metadata_file_path => federation_metadata_file_path =>
$self->{configuration}->{'federation_metadata_file_path'} $self->{configuration}->{federation_metadata_file_path}
) )
) )
{ {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to load federation metadata : $ERRNO" message => "Failed to load federation metadata : $ERRNO"
...@@ -246,7 +246,7 @@ sub req_account_wizard { ...@@ -246,7 +246,7 @@ sub req_account_wizard {
} }
unless ($federation_metadata->parse()) { unless ($federation_metadata->parse()) {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to parse federation metadata : $ERRNO" message => "Failed to parse federation metadata : $ERRNO"
...@@ -254,8 +254,8 @@ sub req_account_wizard { ...@@ -254,8 +254,8 @@ sub req_account_wizard {
return undef; return undef;
} }
$self->{'param_out'}{'federation_metadata_as_hashref'} = $self->{param_out}->{federation_metadata_as_hashref} =
$federation_metadata->{'federation_metadata_as_hashref'}; $federation_metadata->{federation_metadata_as_hashref};
return 1; return 1;
} }
...@@ -266,8 +266,8 @@ sub req_select_sp { ...@@ -266,8 +266,8 @@ sub req_select_sp {
my ($self) = @_; my ($self) = @_;
$self->{logger}->log(level => LOG_INFO, message => ""); $self->{logger}->log(level => LOG_INFO, message => "");
unless ($self->{'param_in'}{'sp_entityid'}) { unless ($self->{param_in}->{sp_entityid}) {
push @{ $self->{'param_out'}{'errors'} }, "missing_sp_entityid"; push @{ $self->{param_out}->{errors} }, "missing_sp_entityid";
$self->{logger} $self->{logger}
->log(level => LOG_ERROR, message => "Missing parameter sp_entityid"); ->log(level => LOG_ERROR, message => "Missing parameter sp_entityid");
return undef; return undef;
...@@ -280,11 +280,11 @@ sub req_select_sp { ...@@ -280,11 +280,11 @@ sub req_select_sp {
unless ( unless (
$federation_metadata->load( $federation_metadata->load(
federation_metadata_file_path => federation_metadata_file_path =>
$self->{configuration}->{'federation_metadata_file_path'} $self->{configuration}->{federation_metadata_file_path}
) )
) )
{ {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to load federation metadata : $ERRNO" message => "Failed to load federation metadata : $ERRNO"
...@@ -294,11 +294,11 @@ sub req_select_sp { ...@@ -294,11 +294,11 @@ sub req_select_sp {
unless ( unless (
$federation_metadata->parse( $federation_metadata->parse(
filter_entity_id => $self->{'param_in'}{'sp_entityid'} filter_entity_id => $self->{param_in}->{sp_entityid}
) )
) )
{ {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to parse federation metadata : $ERRNO" message => "Failed to parse federation metadata : $ERRNO"
...@@ -309,33 +309,33 @@ sub req_select_sp { ...@@ -309,33 +309,33 @@ sub req_select_sp {
## Create a serviceprovider object to store major parameters for this SP in DB ## Create a serviceprovider object to store major parameters for this SP in DB
my $service_provider = IdPAccountManager::Data::ServiceProvider->new( my $service_provider = IdPAccountManager::Data::ServiceProvider->new(
db => $self->{db}, db => $self->{db},
entityid => $self->{'param_in'}{'sp_entityid'}, entityid => $self->{param_in}->{sp_entityid},
dev_sp_contact => $self->{configuration}->{'dev_sp_contact'} dev_sp_contact => $self->{configuration}->{dev_sp_contact}
); );
## Prepare data ## Prepare data
my $sp_metadata_as_hashref = my $sp_metadata_as_hashref =
$federation_metadata->{'federation_metadata_as_hashref'}[0]; $federation_metadata->{federation_metadata_as_hashref}->[0];
my @contacts; my @contacts;
if (defined $sp_metadata_as_hashref->{'contacts'}) { if (defined $sp_metadata_as_hashref->{contacts}) {
foreach my $contact (@{ $sp_metadata_as_hashref->{'contacts'} }) { foreach my $contact (@{ $sp_metadata_as_hashref->{contacts} }) {
my $email = $contact->{'EmailAddress'}; my $email = $contact->{EmailAddress};
$email =~ s/^(mailto:)//; ## Remove 'mailto:' prefixes if any $email =~ s/^(mailto:)//; ## Remove 'mailto:' prefixes if any
push @contacts, $email; push @contacts, $email;
} }
} }
my $display_name; my $display_name;
if (defined $sp_metadata_as_hashref->{'display_name'}) { if (defined $sp_metadata_as_hashref->{display_name}) {
## Use English version of displayName if available ## Use English version of displayName if available
if ($sp_metadata_as_hashref->{'display_name'}{'en'}) { if ($sp_metadata_as_hashref->{display_name}->{en}) {
$display_name = $sp_metadata_as_hashref->{'display_name'}{'en'}; $display_name = $sp_metadata_as_hashref->{display_name}->{en};
## Else any language ## Else any language
} else { } else {
foreach foreach
my $lang (keys %{ $sp_metadata_as_hashref->{'display_name'} }) my $lang (keys %{ $sp_metadata_as_hashref->{display_name} })
{ {
$display_name = $display_name =
$sp_metadata_as_hashref->{'display_name'}{$lang}; $sp_metadata_as_hashref->{display_name}->{$lang};
last; last;
} }
} }
...@@ -350,13 +350,13 @@ sub req_select_sp { ...@@ -350,13 +350,13 @@ sub req_select_sp {
$service_provider = IdPAccountManager::Data::ServiceProvider->new( $service_provider = IdPAccountManager::Data::ServiceProvider->new(
db => $self->{db}, db => $self->{db},
entityid => $self->{'param_in'}{'sp_entityid'}, entityid => $self->{param_in}->{sp_entityid},
contacts => join(',', @contacts), contacts => join(',', @contacts),
displayname => $display_name, displayname => $display_name,
dev_sp_contact => $self->{configuration}->{'dev_sp_contact'} dev_sp_contact => $self->{configuration}->{dev_sp_contact}
); );
unless (defined $service_provider) { unless (defined $service_provider) {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to create serviceprovider object" message => "Failed to create serviceprovider object"
...@@ -366,7 +366,7 @@ sub req_select_sp { ...@@ -366,7 +366,7 @@ sub req_select_sp {
} }
unless ($service_provider->save()) { unless ($service_provider->save()) {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to save serviceprovider object" message => "Failed to save serviceprovider object"
...@@ -374,9 +374,9 @@ sub req_select_sp { ...@@ -374,9 +374,9 @@ sub req_select_sp {
return undef; return undef;
} }
$self->{'param_out'}{'sp_metadata_as_hashref'} = $self->{param_out}->{sp_metadata_as_hashref} =
$federation_metadata->{'federation_metadata_as_hashref'}[0]; $federation_metadata->{federation_metadata_as_hashref}->[0];
$self->{'param_out'}{'serviceprovider'} = $service_provider; $self->{param_out}->{serviceprovider} = $service_provider;
return 1; return 1;
} }
...@@ -387,15 +387,15 @@ sub req_generate_token { ...@@ -387,15 +387,15 @@ sub req_generate_token {
my ($self) = @_; my ($self) = @_;
$self->{logger}->log(level => LOG_INFO, message => ""); $self->{logger}->log(level => LOG_INFO, message => "");
unless ($self->{'param_in'}{'sp_entityid'}) { unless ($self->{param_in}->{sp_entityid}) {
push @{ $self->{'param_out'}{'errors'} }, "missing_sp_entityid"; push @{ $self->{param_out}->{errors} }, "missing_sp_entityid";
$self->{logger} $self->{logger}
->log(level => LOG_ERROR, message => "Missing parameter sp_entityid"); ->log(level => LOG_ERROR, message => "Missing parameter sp_entityid");
return undef; return undef;
} }
unless ($self->{'param_in'}{'email_address'}) { unless ($self->{param_in}->{email_address}) {
push @{ $self->{'param_out'}{'errors'} }, "email_address"; push @{ $self->{param_out}->{errors} }, "email_address";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Missing parameter email_address" message => "Missing parameter email_address"
...@@ -406,42 +406,42 @@ sub req_generate_token { ...@@ -406,42 +406,42 @@ sub req_generate_token {
## Create a serviceprovider object to load parameters for this SP from DB ## Create a serviceprovider object to load parameters for this SP from DB
my $service_provider = IdPAccountManager::Data::ServiceProvider->new( my $service_provider = IdPAccountManager::Data::ServiceProvider->new(
db => $self->{db}, db => $self->{db},
entityid => $self->{'param_in'}{'sp_entityid'}, entityid => $self->{param_in}->{sp_entityid},
dev_sp_contact => $self->{configuration}->{'dev_sp_contact'} dev_sp_contact => $self->{configuration}->{dev_sp_contact}
); );
# Try loading DB object first # Try loading DB object first
unless ($service_provider->load(speculative => 1)) { unless ($service_provider->load(speculative => 1)) {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to load SP with entityid '%s'", message => "Failed to load SP with entityid '%s'",
$self->{'param_in'}{'sp_entityid'} $self->{param_in}->{sp_entityid}
); );
return undef; return undef;
} }
## Check that email_address is a known contact for this SP ## Check that email_address is a known contact for this SP
unless ($service_provider->is_contact($self->{'param_in'}{'email_address'})) unless ($service_provider->is_contact($self->{param_in}->{email_address}))
{ {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => message =>
"Requested a token for %s for an unautorized address '%s'", "Requested a token for %s for an unautorized address '%s'",
$self->{'param_in'}{'sp_entityid'}, $self->{param_in}->{sp_entityid},
$self->{'param_in'}{'email_address'} $self->{param_in}->{email_address}
); );
return undef; return undef;
} }
my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new( my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
db => $self->{db}, db => $self->{db},
'email_address' => $self->{'param_in'}{'email_address'}, email_address => $self->{param_in}->{email_address},
'sp_entityid' => $self->{'param_in'}{'sp_entityid'} sp_entityid => $self->{param_in}->{sp_entityid}
); );
unless (defined $authentication_token) { unless (defined $authentication_token) {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to create authentication token" message => "Failed to create authentication token"
...@@ -452,7 +452,7 @@ sub req_generate_token { ...@@ -452,7 +452,7 @@ sub req_generate_token {
## First remove token if one exist for this email+SP ## First remove token if one exist for this email+SP
if ($authentication_token->load(speculative => 1)) { if ($authentication_token->load(speculative => 1)) {
unless ($authentication_token->delete()) { unless ($authentication_token->delete()) {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => sprintf( message => sprintf(
...@@ -464,12 +464,12 @@ sub req_generate_token { ...@@ -464,12 +464,12 @@ sub req_generate_token {
} }
$authentication_token = IdPAccountManager::Data::AuthenticationToken->new( $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
db => $self->{db}, db => $self->{db},
'email_address' => $self->{'param_in'}{'email_address'}, email_address => $self->{param_in}->{email_address},
'sp_entityid' => $self->{'param_in'}{'sp_entityid'} sp_entityid => $self->{param_in}->{sp_entityid}
); );
unless (defined $authentication_token) { unless (defined $authentication_token) {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to create authentication token" message => "Failed to create authentication token"
...@@ -479,7 +479,7 @@ sub req_generate_token { ...@@ -479,7 +479,7 @@ sub req_generate_token {
} }
unless ($authentication_token->save()) { unless ($authentication_token->save()) {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{param_out}->{errors} }, "internal";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to save authentication token" message => "Failed to save authentication token"
...@@ -487,27 +487,26 @@ sub req_generate_token { ...@@ -487,27 +487,26 @@ sub req_generate_token {
return undef; return undef;
} }
$self->{'param_out'}{'authentication_token'} = $self->{param_out}->{email_address} = $self->{param_in}->{email_address};
$authentication_token->get('token'); $self->{param_out}->{sp_entityid} = $self->{param_in}->{sp_entityid};
$self->{'param_out'}{'email_address'} = $self->{param_out}->{to} = $self->{param_in}->{email_address};
$self->{'param_in'}{'email_address'}; $self->{param_out}->{authentication_token} =
$self->{'param_out'}{'sp_entityid'} = $self->{'param_in'}{'sp_entityid'}; $authentication_token->get('token');
$self->{'param_out'}{'to'} = $self->{'param_in'}{'email_address'};
## Send the challenge email with the token ## Send the challenge email with the token
IdPAccountManager::Tools::mail_notice( IdPAccountManager::Tools::mail_notice(
'template' => 'templates/mail/send_authentication_token.tt2.eml', template => 'templates/mail/send_authentication_token.tt2.eml',
'to' => $self->{'param_in'}{'email_address'}, to => $self->{param_in}->{email_address},
'data' => $self->{'param_out'}, data => $self->{param_out},
'logger' => $self->{'logger'} logger => $self->{logger}
); );
$self->{logger}->log( $self->{logger}->log(
level => LOG_INFO, level => LOG_INFO,
message => "Token send to %s for sp_entityid=%s;token=%s", message => "Token send to %s for sp_entityid=%s;token=%s",
$self->{'param_in'}{'email_address'}, $self->{param_in}->{email_address},
$self->{'param_in'}{'sp_entityid'}, $self->{param_in}->{sp_entityid},
$self->{'param_out'}{'authentication_token'} $self->{param_out}->{authentication_token}
); );
return 1; return 1;
...@@ -520,15 +519,16 @@ sub req_validate_token { ...@@ -520,15 +519,16 @@ sub req_validate_token {
my ($self) = @_; my ($self) = @_;
$self->{logger}->log(level => LOG_INFO, message => ""); $self->{logger}->log(level => LOG_INFO, message => "");
unless ($self->{'param_in'}{'sp_entityid'}) { unless ($self->{param_in}->{sp_entityid}) {
push @{ $self->{'param_out'}{'errors'} }, "missing_sp_entityid"; push @{ $self->{param_out}->{errors} }, "missing_sp_entityid";
$self->{logger} $self->{logger}->log(
->log(level => LOG_ERROR, message => "Missing parameter sp_entityid"); level => LOG_ERROR, message => "Missing parameter sp_entityid"
);
return undef; return undef;
} }
unless ($self->{'param_in'}{'authentication_token'}) { unless ($self->{param_in}->{authentication_token}) {
push @{ $self->{'param_out'}{'errors'} }, push @{ $self->{param_out}->{errors} },
"missing_authentication_token"; "missing_authentication_token";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
...@@ -539,30 +539,30 @@ sub req_validate_token { ...@@ -539,30 +539,30 @@ sub req_validate_token {
my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new( my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
db => $self->{db}, db => $self->{db},
token => $self->{'param_in'}{'authentication_token'}); token => $self->{param_in}->{authentication_token});
unless ($authentication_token->load()) { unless ($authentication_token->load()) {
push @{ $self->{'param_out'}{'errors'} }, "wrong_token"; push @{ $self->{param_out}->{errors} }, "wrong_token";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => message =>
"Failed to validate authentication token %s for sp_entityid %s", "Failed to validate authentication token %s for sp_entityid %s",
$self->{'param_in'}{'authentication_token'}, $self->{param_in}->{authentication_token},
$self->{'param_in'}{'sp_entityid'} $self->{param_in}->{sp_entityid}
); );
return undef; return undef;
} }
unless ($authentication_token->get('sp_entityid') eq unless ($authentication_token->get('sp_entityid') eq
$self->{'param_in'}{'sp_entityid'}) $self->{param_in}->{sp_entityid})
{ {
push @{ $self->{'param_out'}{'errors'} }, "wrong_token_for_sp"; push @{ $self->{param_out}->{errors} }, "wrong_token_for_sp";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => message =>
"Authentication token %s cannot be used for SP with entityid %s", "Authentication token %s cannot be used for SP with entityid %s",
$self->{'param_in'}{'authentication_token'}, $self->{param_in}->{authentication_token},
$self->{'param_in'}{'sp_entityid'} $self->{param_in}->{sp_entityid}
); );
return undef; return undef;
} }
...@@ -572,18 +572,18 @@ sub req_validate_token { ...@@ -572,18 +572,18 @@ sub req_validate_token {
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to delete authentication token %s", message => "Failed to delete authentication token %s",
$self->{'param_in'}{'authentication_token'} $self->{param_in}->{authentication_token}
); );
} }
## create test accounts ## create test accounts
my @test_accounts; my @test_accounts;
foreach my $profile ($self->{configuration}->{'account_profiles'}) { foreach my $profile ($self->{configuration}->{account_profiles}) {
my $test_account = IdPAccountManager::Data::TestAccount->new( my $test_account = IdPAccountManager::Data::TestAccount->new(
db => $self->{db}, db => $self->{db},
account_profile => $profile, account_profile => $profile,
sp_entityid => $self->{'param_in'}{'sp_entityid'} sp_entityid => $self->{param_in}->{sp_entityid}
); );
next unless $test_account; next unless $test_account;
next unless $test_account->save(); next unless $test_account->save();
...@@ -591,21 +591,21 @@ sub req_validate_token { ...@@ -591,21 +591,21 @@ sub req_validate_token {
} }
unless (@test_accounts) { unless (@test_accounts) {
push @{ $self->{'param_out'}{'errors'} }, "accounts_creation_failed"; push @{ $self->{param_out}->{errors} }, "accounts_creation_failed";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to create test accounts for SP with entityid %s", message => "Failed to create test accounts for SP with entityid %s",
$self->{'param_in'}{'sp_entityid'} $self->{param_in}->{sp_entityid}
); );
return undef; return undef;
} }
## Update simpleSAMLphp configuration to enable test accounts ## Update simpleSAMLphp configuration to enable test accounts
unless (IdPAccountManager::Tools::update_ssp_authsources( unless (IdPAccountManager::Tools::update_ssp_authsources(
$self->{configuration}->{'root_manager_dir'}, $self->{configuration}->{root_manager_dir},
$self->{configuration} $self->{configuration}
)) { )) {
push @{ $self->{'param_out'}{'errors'} }, "accounts_creation_failed"; push @{ $self->{param_out}->{errors} }, "accounts_creation_failed";
$self->{logger}->log( $self->{logger}->log(
level => LOG_ERROR, level => LOG_ERROR,
message => "Failed to create simpleSAMLphp configuration file" message => "Failed to create simpleSAMLphp configuration file"
...@@ -616,12 +616,12 @@ sub req_validate_token { ...@@ -616,12 +616,12 @@ sub req_validate_token {
$self->{logger}->log( $self->{logger}->log(
level => LOG_INFO, level => LOG_INFO,
message => "Token validated for sp_entityid=%s;token=%s", message => "Token validated for sp_entityid=%s;token=%s",
$self->{'param_in'}{'sp_entityid'}, $self->{param_in}->{sp_entityid},
$self->{'param_in'}{'authentication_token'} $self->{param_in}->{authentication_token}
); );
$self->{'param_out'}{'sp_entityid'} = $self->{'param_in'}{'sp_entityid'}; $self->{param_out}->{sp_entityid} = $self->{param_in}->{sp_entityid};
$self->{'param_out'}{'test_accounts'} = \@test_accounts; $self->{param_out}->{test_accounts} = \@test_accounts;
return 1; return 1;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment