Skip to content
Snippets Groups Projects
Commit d58fcee1 authored by Guillaume ROUSSE's avatar Guillaume ROUSSE
Browse files

use a plain text file for configuration

parent b65a48b3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bin/account-manager-client.pl
+ 23
18
View file @ d58fcee1
......@@ -25,6 +25,7 @@ use IdPAccountManager::Data::TestAccount::Manager;
use IdPAccountManager::Data::ServiceProvider;
use IdPAccountManager::Data::ServiceProvider::Manager;
use IdPAccountManager::SAMLMetadata;
use IdPAccountManager::Configuration;
use IdPAccountManager::Logger;
my %options;
......@@ -50,12 +51,16 @@ pod2usage(
-verbose => 0
) unless $action;
my $configuration = IdPAccountManager::Configuration->new(
file => 'conf/IdPAccountManager.conf'
);
IdPAccountManager::DB->register_db(
driver => $Conf::global{database_type},
database => $Conf::global{database_name},
host => $Conf::global{database_host},
password => $Conf::global{database_password},
username => $Conf::global{database_user}
driver => $configuration->{database_type},
database => $configuration->{database_name},
host => $configuration->{database_host},
password => $configuration->{database_password},
username => $configuration->{database_user}
);
my $db = IdPAccountManager::DB->new();
......@@ -100,7 +105,7 @@ sub add_test_account {
die "Failed to save test account\n"
unless $test_account->save(
accounts_validity_period => $Conf::global{'accounts_validity_period'}
accounts_validity_period => $configuration->{'accounts_validity_period'}
);
printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n",
......@@ -142,8 +147,8 @@ sub list_test_accounts {
die "failed to update simpleSAMLphp configuration file\n"
unless IdPAccountManager::Tools::update_ssp_authsources(
$Conf::global{'root_manager_dir'},
\%Conf::global
$configuration->{'root_manager_dir'},
$configuration
);
printf "Update simpleSamlPhp configuration file...\n";
......@@ -157,7 +162,7 @@ sub parse_federation_metadata {
die "unable to load federation metadata\n"
unless $federation_metadata->load(
federation_metadata_file_path =>
$Conf::global{'federation_metadata_file_path'}
$configuration->{'federation_metadata_file_path'}
);
my %args;
......@@ -169,7 +174,7 @@ sub parse_federation_metadata {
unless $federation_metadata->parse(%args);
printf "Document %s parsed\n",
$Conf::global{'federation_metadata_file_path'};
$configuration->{'federation_metadata_file_path'};
## List SAML entities
printf "Hashref representing the metadata:\n";
......@@ -249,7 +254,7 @@ sub list_authentication_tokens {
}
if ($options{'filter_expired'}) {
push @{ $args{'query'} }, 'creation_date' =>
{ lt => time - ($Conf::global{'tokens_validity_period'} * 3600) };
{ lt => time - ($configuration->{'tokens_validity_period'} * 3600) };
}
my $tokens =
......@@ -346,8 +351,8 @@ sub send_notice {
) unless $options{'email_address'};
my $logger = IdPAccountManager::Logger->new(
file => $Conf::global{'log_file'},
verbosity => $Conf::global{'log_level'}
file => $configuration->{'log_file'},
verbosity => $configuration->{'log_level'}
);
die "Failed to send mail notice to $options{'email_address'}\n"
......@@ -356,11 +361,11 @@ sub send_notice {
'data' => {},
'to' => $options{'email_address'},
'logger' => $logger,
'conf' => \%Conf::global,
'admin_email' => $Conf::global{'admin_email'},
'dev_no_mail_outside' => $Conf::global{'dev_no_mail_outside'},
'dev_sp_contact' => $Conf::global{'dev_sp_contact'},
'notice_from' => $Conf::global{'notice_from'}
'conf' => $configuration,
'admin_email' => $configuration->{'admin_email'},
'dev_no_mail_outside' => $configuration->{'dev_no_mail_outside'},
'dev_sp_contact' => $configuration->{'dev_sp_contact'},
'notice_from' => $configuration->{'notice_from'}
);
printf "Mail notice sent to $options{'email_address'}\n";
......
bin/account-manager-web.pl
+ 8
3
View file @ d58fcee1
......@@ -18,9 +18,9 @@ use CGI::Util;
use Template;
use Template::Constants qw( :debug );
use Conf;
use IdPAccountManager::SAMLMetadata;
use IdPAccountManager::Configuration;
use IdPAccountManager::WebRequest;
## Defining parameters format
......@@ -48,9 +48,14 @@ umask 0002;
chdir $Conf::global{'root_manager_dir'};
my $configuration = IdPAccountManager::Configuration->new(
file => 'conf/IdPAccountManager.conf'
);
my $request = new IdPAccountManager::WebRequest(
actions => \%actions,
format => \%format
actions => \%actions,
format => \%format,
configuration => $configuration
);
if (defined $request) {
......
conf/Conf.pm deleted 100644 → 0
+ 0
113
View file @ b65a48b3
package Conf;
our %global = (
## Code version
'version' => 'open Beta 1',
## Name of the application used in web pages, mail notices
'app_name' => 'eduGAIN Access Check',
## URL of the application
'app_url' => 'https://my.fqdn/accountmanager',
## Validity period of test accounts, in days
'accounts_validity_period' => 7,
## Token validity period, in hours
'tokens_validity_period' => 2,
## Scope used by the associated IdP
'idp_scope' => 'my.fqdn',
## EntityID of the IdP
'idp_entityid' => 'https://my.fqdn/simplesaml/saml2/idp/metadata.php',
## Name of the IdP
'idp_displayname' => 'eduGAIN Access Check',
## Root simpleSamlPhp directory
'root_ssp_dir' => '/opt/testidp/simplesamlphp',
## Root test account manager directory
'root_manager_dir' => '/opt/testidp/IdPAccountManager',
## Database type refers to a Perl Database Driver name
## However only a subset of existing DBDs are supported by Rose::DB::Object:
## Pg, mysql, SQLite, Informix, Oracle (DBD names are case sensitives)
'database_type' => 'mysql',
## Database hostname
'database_host' => 'localhost',
## Database_name
'database_name' => 'idp_account_manager',
## Database username
'database_user' => 'root',
## Database user password
'database_password' => 'root',
## Log file for the manager
'log_file' => '/opt/testidp/IdPAccountManager/log/manager.log',
## Log level : debug, info, trace, notice, error
'log_level' => 'info',
## email address to contact admins
'admin_email' => 'john@my.fqdn',
## email address to ask for support
'support_email' => 'support@my.fqdn',
## Development feature
## Protection to prevent notifications during test dev phases
## Notify only admin_email above
'dev_no_mail_outside' => 1,
## Development feature
## hard-coded list of contactPersons
## these email addresses will be added to the list of contacts for any SP
'dev_sp_contact' => 'john@my.fqdn,sarah@my.fqdn',
## From field use by the account manager
'notice_from' => 'edugain-access-check.fqdn',
## federation metadata local copy path
'federation_metadata_file_path' =>
'/opt/testidp/IdPAccountManager/conf/edugain-md.xml',
## Valid account profiles
'account_profiles' => [
'fullset1', 'limitedset1', 'generic1', 'student1',
'student2', 'teacher1', 'teacher2', 'alumni1',
'librarywalkin1', 'employee1', 'researcher1'
],
);
1; # Magic true value required at end of module
__END__
=head1 NAME
Conf - Configuration of the Test Account manager
=head1 SYNOPSIS
use Conf;
printf "Version: %s\n", $Conf::global{'version'};
=head1 DESCRIPTION
The Test Account manager instanciates test accounts associated to a SAML Identity Provider. This module is the main configuration file for the
software.
=head1 CONFIGURATION OPTIONS
See the code for the list of supported configuration options
=head1 AUTHOR
Olivier Salaün (olivier.salaun@renater.fr)
conf/IdPAccountManager.conf 0 → 100644
+ 77
0
View file @ d58fcee1
# Code version
version = open Beta 1
# Name of the application used in web pages, mail notices
app_name = eduGAIN Access Check
# URL of the application
app_url = https://my.fqdn/accountmanager
# Validity period of test accounts, in days
accounts_validity_period = 7
# Token validity period, in hours
tokens_validity_period = 2
# Scope used by the associated IdP
idp_scope = my.fqdn
# EntityID of the IdP
idp_entityid = https://my.fqdn/simplesaml/saml2/idp/metadata.php
# Name of the IdP
idp_displayname = eduGAIN Access Check
# Root simpleSamlPhp directory
root_ssp_dir = /opt/testidp/simplesamlphp
# Root test account manager directory
root_manager_dir = /opt/testidp/IdPAccountManager
# Database type refers to a Perl Database Driver name
# However only a subset of existing DBDs are supported by Rose::DB::Object:
# Pg, mysql, SQLite, Informix, Oracle (DBD names are case sensitives)
database_type = mysql
# Database hostname
database_host = localhost
# Database_name
database_name = idp_account_manager
# Database username
database_user = idpadmin
# Database user password
database_password = secret
# Log file for the manager
log_file = /opt/testidp/IdPAccountManager/log/manager.log
# Log level : debug, info, trace, notice, error
log_level = info
# email address to contact admins
admin_email = john@my.fqdn
# email address to ask for support
support_email = support@my.fqdn
# Development feature
# Protection to prevent notifications during test dev phases
# Notify only admin_email above
dev_no_mail_outside = 1
# Development feature
# hard-coded list of contactPersons
# these email addresses will be added to the list of contacts for any SP
dev_sp_contact = john@my.fqdn, sarah@my.fqdn
# From field use by the account manager
notice_from = edugain-access-check.fqdn
# federation metadata local copy path
federation_metadata_file_path = /opt/testidp/IdPAccountManager/conf/edugain-md.xml
# Valid account profiles
account_profiles = fullset1, limitedset1, generic1, student1, student2, teacher1, teacher2, alumni1, librarywalkin1, employee1, researcher1
lib/IdPAccountManager/Configuration.pm 0 → 100644
+ 33
0
View file @ d58fcee1
package IdPAccountManager::Configuration;
use strict;
use warnings;
use English qw(-no_match_vars);
sub new {
my ($pkg) = shift;
my %args = @_;
die "missing argument 'file'" unless $args{file};
die "non-existing file $args{file}" unless -f $args{file};
die "non-readable file $args{file}" unless -r $args{file};
my $self = {};
my $handle;
open($handle, '<', $args{file}) or die "Failed to open $args{file}: $ERRNO";
while (my $line = <$handle>) {
next unless $line =~ /^(\S+)\s*=\s*(.+)$/;
my $key = $1;
my $val = $2;
$self->{$1} = $2;
}
close $handle;
bless $self, $pkg;
return $self;
}
1;
lib/IdPAccountManager/WebRequest.pm
+ 29
29
View file @ d58fcee1
......@@ -8,20 +8,20 @@ use IdPAccountManager::Logger;
use IdPAccountManager::Data::TestAccount;
use IdPAccountManager::Data::AuthenticationToken;
use IdPAccountManager::Data::ServiceProvider;
use Conf;
## New web request
sub new {
my ($pkg, %args) = @_;
my $self = {
format => $args{format},
actions => $args{actions},
format => $args{format},
actions => $args{actions},
configuration => $args{configuration},
};
$self->{logger} = IdPAccountManager::Logger->new(
file => $Conf::global{'log_file'},
verbosity => $Conf::global{'log_level'}
file => $self->{configuration}->{'log_file'},
verbosity => $self->{configuration}->{'log_level'}
);
$self->{logger}->log(
level => LOG_INFO,
......@@ -29,11 +29,11 @@ sub new {
);
IdPAccountManager::DB->register_db(
driver => $Conf::global{database_type},
database => $Conf::global{database_name},
host => $Conf::global{database_host},
password => $Conf::global{database_password},
username => $Conf::global{database_user}
driver => $self->{configuration}->{database_type},
database => $self->{configuration}->{database_name},
host => $self->{configuration}->{database_host},
password => $self->{configuration}->{database_password},
username => $self->{configuration}->{database_user}
);
$self->{db} = IdPAccountManager::DB->new();
......@@ -56,7 +56,7 @@ sub new {
$self->{'param_out'}{'url_cgi'} = $ENV{'SCRIPT_NAME'};
$self->{'param_out'}{'env'} = \%ENV;
$self->{'param_out'}{'actions'} = $args{actions};
$self->{'param_out'}{'conf'} = \%Conf::global;
$self->{'param_out'}{'conf'} = $self->{configuration};
## Clean input vars
foreach my $key (keys %{ $self->{'param_in'} }) {
......@@ -169,8 +169,8 @@ sub respond {
'escape_quotes' =>
[ \&IdPAccountManager::Tools::escape_quotes, 0 ]
},
INCLUDE_PATH => $Conf::global{'root_manager_dir'} . ':'
. $Conf::global{'root_manager_dir'}
INCLUDE_PATH => $self->{configuration}->{'root_manager_dir'} . ':'
. $self->{configuration}->{'root_manager_dir'}
. '/templates/accountProfiles',
#DEBUG => 'all',
......@@ -209,14 +209,14 @@ sub respond {
if (@errors_admin) {
$self->{'param_out'}{'subject'} = 'Error notification - web interface';
IdPAccountManager::Tools::mail_notice(
'template' => 'templates/mail/notification_generic_error.tt2.eml',
'data' => $self->{'param_out'},
'logger' => $self->{'logger'},
'conf' => \%Conf::global,
'admin_email' => $Conf::global{'admin_email'},
'dev_no_mail_outside' => $Conf::global{'dev_no_mail_outside'},
'dev_sp_contact' => $Conf::global{'dev_sp_contact'},
'notice_from' => $Conf::global{'notice_from'}
'template' => 'templates/mail/notification_generic_error.tt2.eml',
'data' => $self->{'param_out'},
'logger' => $self->{'logger'},
'conf' => $self->{configuration},
'admin_email' => $self->{configuration}->{'admin_email'},
'dev_no_mail_outside' => $self->{configuration}->{'dev_no_mail_outside'},
'dev_sp_contact' => $self->{configuration}->{'dev_sp_contact'},
'notice_from' => $self->{configuration}->{'notice_from'}
);
}
}
......@@ -233,7 +233,7 @@ sub req_account_wizard {
unless (
$federation_metadata->load(
federation_metadata_file_path =>
$Conf::global{'federation_metadata_file_path'}
$self->{configuration}->{'federation_metadata_file_path'}
)
)
{
......@@ -280,7 +280,7 @@ sub req_select_sp {
unless (
$federation_metadata->load(
federation_metadata_file_path =>
$Conf::global{'federation_metadata_file_path'}
$self->{configuration}->{'federation_metadata_file_path'}
)
)
{
......@@ -310,7 +310,7 @@ sub req_select_sp {
my $service_provider = IdPAccountManager::Data::ServiceProvider->new(
db => $self->{db},
entityid => $self->{'param_in'}{'sp_entityid'},
dev_sp_contact => $Conf::global{'dev_sp_contact'}
dev_sp_contact => $self->{configuration}->{'dev_sp_contact'}
);
## Prepare data
......@@ -353,7 +353,7 @@ sub req_select_sp {
entityid => $self->{'param_in'}{'sp_entityid'},
contacts => join(',', @contacts),
displayname => $display_name,
dev_sp_contact => $Conf::global{'dev_sp_contact'}
dev_sp_contact => $self->{configuration}->{'dev_sp_contact'}
);
unless (defined $service_provider) {
push @{ $self->{'param_out'}{'errors'} }, "internal";
......@@ -407,7 +407,7 @@ sub req_generate_token {
my $service_provider = IdPAccountManager::Data::ServiceProvider->new(
db => $self->{db},
entityid => $self->{'param_in'}{'sp_entityid'},
dev_sp_contact => $Conf::global{'dev_sp_contact'}
dev_sp_contact => $self->{configuration}->{'dev_sp_contact'}
);
# Try loading DB object first
......@@ -579,7 +579,7 @@ sub req_validate_token {
## create test accounts
my @test_accounts;
foreach my $profile ($Conf::global{'account_profiles'}) {
foreach my $profile ($self->{configuration}->{'account_profiles'}) {
my $test_account = IdPAccountManager::Data::TestAccount->new(
db => $self->{db},
account_profile => $profile,
......@@ -602,8 +602,8 @@ sub req_validate_token {
## Update simpleSAMLphp configuration to enable test accounts
unless (IdPAccountManager::Tools::update_ssp_authsources(
$Conf::global{'root_manager_dir'},
\%Conf::global
$self->{configuration}->{'root_manager_dir'},
$self->{configuration}
)) {
push @{ $self->{'param_out'}{'errors'} }, "accounts_creation_failed";
$self->{logger}->log(
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment