Skip to content
Snippets Groups Projects
Commit cb737a5c authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

merge AuthenticationToken and Data::AuthenticationToken classes

parent ef1df255
No related branches found
No related tags found
No related merge requests found
...@@ -16,11 +16,12 @@ use Getopt::Long qw(:config auto_help); ...@@ -16,11 +16,12 @@ use Getopt::Long qw(:config auto_help);
use Pod::Usage; use Pod::Usage;
use Conf; use Conf;
use IdPAccountManager::Data::AuthenticationToken;
use IdPAccountManager::Data::AuthenticationToken::Manager;
use IdPAccountManager::Data::TestAccount; use IdPAccountManager::Data::TestAccount;
use IdPAccountManager::Data::TestAccount::Manager; use IdPAccountManager::Data::TestAccount::Manager;
use IdPAccountManager::SAMLMetadata; use IdPAccountManager::SAMLMetadata;
use IdPAccountManager::ServiceProvider; use IdPAccountManager::ServiceProvider;
use IdPAccountManager::AuthenticationToken;
use IdPAccountManager::Logger; use IdPAccountManager::Logger;
my %options; my %options;
...@@ -210,22 +211,22 @@ if ($action eq 'add_test_account') { ...@@ -210,22 +211,22 @@ if ($action eq 'add_test_account') {
{ lt => time - ($Conf::global{'tokens_validity_period'} * 3600) }; { lt => time - ($Conf::global{'tokens_validity_period'} * 3600) };
} }
my $all = my $tokens =
IdPAccountManager::AuthenticationToken::list_authentication_tokens(%args); IdPAccountManager::Data::AuthenticationToken::Manager->get_authenticationtokens(%args);
if ($#{$all} < 0) { if (!@$tokens) {
printf "No corresponding token found in DB\n"; printf "No corresponding token found in DB\n";
} }
foreach my $authentication_token (@$all) { foreach my $token (@$tokens) {
$authentication_token->print(); $token->print();
next unless options{'delete'}; next unless $options{'delete'};
die "failed to delete authentication token\n" die "failed to delete authentication token\n"
unless $authentication_token->delete(); unless $token->delete();
} }
if ($options{'delete'}) { if ($options{'delete'}) {
printf "%d tokens removed\n", $#{$all} + 1; printf "%d tokens removed\n", @$tokens;
} }
...@@ -262,7 +263,7 @@ if ($action eq 'add_test_account') { ...@@ -262,7 +263,7 @@ if ($action eq 'add_test_account') {
-verbose => 0 -verbose => 0
) unless $options{'sp_entityid'}; ) unless $options{'sp_entityid'};
my $authentication_token = IdPAccountManager::AuthenticationToken->new( my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
'email_address' => $options{'email_address'}, 'email_address' => $options{'email_address'},
'sp_entityid' => $options{'sp_entityid'} 'sp_entityid' => $options{'sp_entityid'}
); );
...@@ -271,11 +272,11 @@ if ($action eq 'add_test_account') { ...@@ -271,11 +272,11 @@ if ($action eq 'add_test_account') {
unless $authentication_token; unless $authentication_token;
## First remove token if on exist for this email+SP ## First remove token if on exist for this email+SP
if ($authentication_token->load()) { if ($authentication_token->load(speculative => 1)) {
die "failed to delete authentication token\n" die "failed to delete authentication token\n"
unless $authentication_token->delete(); unless $authentication_token->delete();
$authentication_token = IdPAccountManager::AuthenticationToken->new( $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
'email_address' => $options{'email_address'}, 'email_address' => $options{'email_address'},
'sp_entityid' => $options{'sp_entityid'} 'sp_entityid' => $options{'sp_entityid'}
); );
......
...@@ -22,7 +22,6 @@ use Conf; ...@@ -22,7 +22,6 @@ use Conf;
use IdPAccountManager::SAMLMetadata; use IdPAccountManager::SAMLMetadata;
use IdPAccountManager::ServiceProvider; use IdPAccountManager::ServiceProvider;
use IdPAccountManager::AuthenticationToken;
use IdPAccountManager::WebRequest; use IdPAccountManager::WebRequest;
## Defining parameters format ## Defining parameters format
......
package IdPAccountManager::AuthenticationToken;
## Copyright (c) GEANT
## This software was developed by RENATER. The research leading to these results has received funding
## from the European Community¹s Seventh Framework Programme (FP7/2007-2013) under grant agreement nº 238875 (GÉANT).
use strict;
use warnings;
use IdPAccountManager::Data::AuthenticationToken;
use IdPAccountManager::Data::AuthenticationToken::Manager;
use Digest::MD5;
use POSIX qw(strftime);
use Carp;
INIT {
## Set error mode to non fatal
IdPAccountManager::Data::AuthenticationToken::Manager->error_mode('return');
}
sub new {
my ($pkg, %args) = @_;
my $self = {};
bless $self, $pkg;
## Object may be created either with a hashref as argument or an IdPAccountManager::Data::AuthenticationToken object
## Second case is usefull when fetching a set of IdPAccountManager::Data::AuthenticationToken via IdPAccountManager::Data::AuthenticationToken::Manager
if (ref($_[0]) eq 'IdPAccountManager::Data::AuthenticationToken') {
$self->{'persistent'} = $_[0];
} else {
$self->{'persistent'} =
IdPAccountManager::Data::AuthenticationToken->new(%args);
}
return $self;
}
## Load an authentication token from DB
sub load {
my ($self) = @_;
return $self->{'persistent'}->load(speculative => 1);
}
## Get object parameter
sub get {
my ($self, $parameter) = @_;
return $self->{'persistent'}->$parameter;
}
## Set object parameters
sub set {
my ($self, %args) = @_;
foreach my $parameter (keys %args) {
$self->{'persistent'}->$parameter($args{$parameter});
}
}
## Save object to DB
sub save {
my ($self) = @_;
## If no id is defined, it is a new account
unless (defined $self->{'persistent'}->id) {
$self->{'persistent'}->creation_date(time);
$self->{'persistent'}
->token(_generate_token($self->{'persistent'}->{'email_address'}));
}
unless ($self->{'persistent'}->save()) {
return undef;
}
}
## Delete a test account
sub delete {
my ($self) = @_;
unless ($self->{'persistent'}->delete()) {
return undef;
}
}
## Print the content of a test account
sub print {
my ($self, $fd) = @_;
$fd = \*STDOUT unless $fd;
printf $fd
"AuthenticationToken ID=%s; token=%s; email_address=%s; sp_entityid=%s; creation_date=%s\n",
$self->get('id'), $self->get('token'), $self->get('email_address'),
$self->get('sp_entityid'),
POSIX::strftime('%Y:%m:%d', localtime($self->get('creation_date')));
}
## list all authentication tokens
## Class method
sub list_authentication_tokens {
my (%args) = @_;
my $persistent_tokens =
IdPAccountManager::Data::AuthenticationToken::Manager
->get_authenticationtokens(%args);
my $authentication_tokens;
foreach my $persistent_token (@{$persistent_tokens}) {
my $authentication_token =
new IdPAccountManager::AuthenticationToken($persistent_token);
push @$authentication_tokens, $authentication_token;
}
return $authentication_tokens;
}
## generate a random authentication token
sub _generate_token {
my ($salt, $size) = @_;
$size = 20 unless $size;
## ID is based on time + PID
return substr(Digest::MD5::md5_hex(time . $$ . $salt), -1 * $size);
}
1;
__END__
=head1 NAME
IdPAccountManager::AuthenticationToken - Manage Authentication tokens used to validate test account creation requests
=head1 SYNOPSIS
my $authentication_token = new IdPAccountManager::AuthenticationToken(token => 'sdfkl4fslkj44');
unless ($authentication_token->load()) {
die "No corresponding token found in DB\n";
}
$authentication_token->print();
=head1 DESCRIPTION
The Test Account manager instanciates test accounts associated to a SAML Identity Provider.
This module allows to manage authentication tokens to validate requestor identity.
=head1 SUBROUTINES/METHODS
=over 8
=item C<new ARGS>
Class method. Create a new IdPAccountManager::AuthenticationToken object.
Example:
my $authentication_token = new IdPAccountManager::AuthenticationToken(token => 'sdfkl4fslkj44');
Supported arguments include:
=over 12
=item C<token>
ID of the token.
=item C<sp_entityid>
EntityID (SAML ID) of the Service Provider associated to the authentication token.
=item C<email_address>
Email address of the user associated to the authentication token.
=back
=item C<delete>
Deletes the token in the database.
=item C<get> ATTR_NAME
Returns the value of the specified ATTR_NAME attribute of the token.
=item C<list_authentication_tokens ARGS>
Class method. List all tokens in database.
Supported arguments include:
=over 12
=item C<sp_entityid>
Entityid of a SAML Service Provider to list only tokens linked to this Service Provider.
=item C<token>
ID of the tokens to list only those tokens.
=back
=item C<load>
Loads the token from the database.
=item C<print FD>
Dumps the content of the authentication token to the specified FD file handler (default to STDOUT)
=item C<set ARGS>
Sets token attributes in ARGS.
=item C<save>
Save the token in the database.
=back
=head1 AUTHOR
Olivier Salaün (olivier.salaun@renater.fr)
=head1 LICENSE
Copyright (c) GEANT
This software was developed by RENATER. The research leading to these results has received funding
from the European Community¹s Seventh Framework Programme (FP7/2007-2013) under grant agreement nº 238875 (GÉANT).
...@@ -5,6 +5,9 @@ use warnings; ...@@ -5,6 +5,9 @@ use warnings;
use base 'IdPAccountManager::DB::Object'; use base 'IdPAccountManager::DB::Object';
use Digest::MD5;
use POSIX qw(strftime);
__PACKAGE__->meta->setup( __PACKAGE__->meta->setup(
table => 'authenticationtokens', table => 'authenticationtokens',
...@@ -24,5 +27,36 @@ __PACKAGE__->meta->setup( ...@@ -24,5 +27,36 @@ __PACKAGE__->meta->setup(
], ],
); );
sub print {
my ($self, $fd) = @_;
$fd = \*STDOUT unless $fd;
printf $fd
"AuthenticationToken ID=%s; token=%s; email_address=%s; sp_entityid=%s; creation_date=%s\n",
$self->id(), $self->token(), $self->email_address(),
$self->sp_entityid(),
POSIX::strftime('%Y:%m:%d', localtime($self->creation_date()));
}
sub save {
my ($self) = @_;
# If no ID is defined, it is a new account
if (! defined $self->id()) {
$self->creation_date(time);
$self->token(_generate_token($self->email_address()));
}
$self->SUPER::save();
}
sub _generate_token {
my ($salt, $size) = @_;
$size = 20 unless $size;
# ID is based on time + PID
return substr(Digest::MD5::md5_hex(time . $$ . $salt), -1 * $size);
}
1; 1;
...@@ -6,6 +6,7 @@ use warnings; ...@@ -6,6 +6,7 @@ use warnings;
use English qw(-no_match_vars); use English qw(-no_match_vars);
use IdPAccountManager::Logger; use IdPAccountManager::Logger;
use IdPAccountManager::Data::TestAccount; use IdPAccountManager::Data::TestAccount;
use IdPAccountManager::Data::AuthenticationToken;
use Conf; use Conf;
## New web request ## New web request
...@@ -420,7 +421,7 @@ sub req_generate_token { ...@@ -420,7 +421,7 @@ sub req_generate_token {
return undef; return undef;
} }
my $authentication_token = IdPAccountManager::AuthenticationToken->new( my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
'email_address' => $self->{'param_in'}{'email_address'}, 'email_address' => $self->{'param_in'}{'email_address'},
'sp_entityid' => $self->{'param_in'}{'sp_entityid'} 'sp_entityid' => $self->{'param_in'}{'sp_entityid'}
); );
...@@ -434,7 +435,7 @@ sub req_generate_token { ...@@ -434,7 +435,7 @@ sub req_generate_token {
} }
## First remove token if one exist for this email+SP ## First remove token if one exist for this email+SP
if ($authentication_token->load()) { if ($authentication_token->load(speculative => 1)) {
unless ($authentication_token->delete()) { unless ($authentication_token->delete()) {
push @{ $self->{'param_out'}{'errors'} }, "internal"; push @{ $self->{'param_out'}{'errors'} }, "internal";
$self->{logger}->log( $self->{logger}->log(
...@@ -447,7 +448,7 @@ sub req_generate_token { ...@@ -447,7 +448,7 @@ sub req_generate_token {
return undef; return undef;
} }
$authentication_token = IdPAccountManager::AuthenticationToken->new( $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
'email_address' => $self->{'param_in'}{'email_address'}, 'email_address' => $self->{'param_in'}{'email_address'},
'sp_entityid' => $self->{'param_in'}{'sp_entityid'} 'sp_entityid' => $self->{'param_in'}{'sp_entityid'}
); );
...@@ -520,7 +521,7 @@ sub req_validate_token { ...@@ -520,7 +521,7 @@ sub req_validate_token {
return undef; return undef;
} }
my $authentication_token = IdPAccountManager::AuthenticationToken->new( my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
token => $self->{'param_in'}{'authentication_token'}); token => $self->{'param_in'}{'authentication_token'});
unless ($authentication_token->load()) { unless ($authentication_token->load()) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment