From f4f5e62b4a9a71ee45c135b0ec13519a1dd8fc78 Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Thu, 24 May 2018 13:49:09 +0200
Subject: [PATCH] add multiple federations support
---
conf/manager.conf.in | 4 +-
lib/AccountManager/App.pm | 88 +++++++++++++++++++++--
lib/AccountManager/L10N/fr.pm | 2 +
templates/Makefile.am | 1 +
templates/web/complete_challenge.tt2.html | 1 +
templates/web/home.tt2.html | 2 +-
templates/web/select_email.tt2.html | 1 +
templates/web/select_federation.tt2.html | 27 +++++++
templates/web/select_sp.tt2.html | 4 +-
9 files changed, 120 insertions(+), 10 deletions(-)
create mode 100644 templates/web/select_federation.tt2.html
diff --git a/conf/manager.conf.in b/conf/manager.conf.in
index 8b8941a..8575761 100644
--- a/conf/manager.conf.in
+++ b/conf/manager.conf.in
@@ -4,7 +4,6 @@ support_email = support@my.fqdn
[setup]
# templates directory
templates_dir = @templatesdir@
-federation_metadata_file = /var/lib/access-check/edugain.xml
accounts_file = /var/lib/access-check/accounts.php
[logger]
@@ -25,6 +24,9 @@ username = idpadmin
password = secret
options = mysql_enable_utf8
+[federations]
+edugain = /var/lib/access-check/edugain.xml
+
[idp]
scope = my.fqdn
entityid = https://my.fqdn/simplesaml/saml2/idp/metadata.php
diff --git a/lib/AccountManager/App.pm b/lib/AccountManager/App.pm
index 24075d7..0cfd1e9 100644
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -33,6 +33,7 @@ my $entity_id_pattern = qr{
my %actions = (
home => 'req_home',
+ select_federation => 'req_select_federation',
select_sp => 'req_select_sp',
select_email => 'req_select_email',
complete_challenge => 'req_complete_challenge',
@@ -89,6 +90,18 @@ sub new {
);
}
+ if (!$self->{configuration}->{federations}) {
+ $self->{logger}->fatal(
+ "No federations defined in configuration, aborting"
+ );
+ $self->respond(
+ template => 'errors.tt2.html',
+ data => {
+ errors => [ 'internal' ]
+ }
+ );
+ }
+
if (!$self->{configuration}->{database}) {
$self->{logger}->fatal(
"No database defined in configuration, aborting"
@@ -136,10 +149,11 @@ sub run {
# register needed parameters
$self->{in} = {
- email => $parameters{email},
- entityid => $parameters{entityid},
- token => $parameters{token},
- key => $parameters{key},
+ email => $parameters{email},
+ entityid => $parameters{entityid},
+ token => $parameters{token},
+ key => $parameters{key},
+ federation => $parameters{federation},
};
}
@@ -198,14 +212,50 @@ sub respond {
exit 0;
}
+sub req_select_federation {
+ my ($self) = @_;
+
+ my @federations = keys %{$self->{configuration}->{federations}};
+
+ $self->respond(
+ template => 'select_federation.tt2.html',
+ data => {
+ federations => \@federations
+ }
+ );
+}
+
sub req_select_sp {
my ($self) = @_;
+ my $federation = $self->{in}->{federation};
+
+ if (!$federation) {
+ $self->{logger}->error("Missing parameter: federation");
+ $self->respond(
+ template => 'errors.tt2.html',
+ data => {
+ errors => [ "missing_federation" ]
+ }
+ );
+ }
+
+ my $file = $self->{configuration}->{federations}->{$federation};
+ if (!$file) {
+ $self->{logger}->error("Incorrect parameter: federation");
+ $self->respond(
+ template => 'errors.tt2.html',
+ data => {
+ errors => [ "invalid_federation" ]
+ }
+ );
+ }
+
my $metadata;
eval {
$metadata = AccountManager::Metadata->new(
- file => $self->{configuration}->{setup}->{federation_metadata_file}
+ file => $file
);
};
if ($EVAL_ERROR) {
@@ -224,7 +274,8 @@ sub req_select_sp {
env => {
SCRIPT_NAME => $ENV{SCRIPT_NAME}
},
- metadata => $metadata->parse(type => 'sp'),
+ metadata => $metadata->parse(type => 'sp'),
+ federation => $federation,
}
);
}
@@ -232,6 +283,29 @@ sub req_select_sp {
sub req_select_email {
my ($self) = @_;
+ my $federation = $self->{in}->{federation};
+
+ if (!$federation) {
+ $self->{logger}->error("Missing parameter: federation");
+ $self->respond(
+ template => 'errors.tt2.html',
+ data => {
+ errors => [ "missing_federation" ]
+ }
+ );
+ }
+
+ my $file = $self->{configuration}->{federations}->{$federation};
+ if (!$file) {
+ $self->{logger}->error("Incorrect parameter: federation");
+ $self->respond(
+ template => 'errors.tt2.html',
+ data => {
+ errors => [ "invalid_federation" ]
+ }
+ );
+ }
+
if (! $self->{in}->{entityid}) {
$self->{logger}->error("Missing parameter: entityid");
$self->respond(
@@ -266,7 +340,7 @@ sub req_select_email {
eval {
$metadata = AccountManager::Metadata->new(
- file => $self->{configuration}->{setup}->{federation_metadata_file}
+ file => $file
);
};
if ($EVAL_ERROR) {
diff --git a/lib/AccountManager/L10N/fr.pm b/lib/AccountManager/L10N/fr.pm
index d8bce0f..1d73fed 100644
--- a/lib/AccountManager/L10N/fr.pm
+++ b/lib/AccountManager/L10N/fr.pm
@@ -72,6 +72,8 @@ our %Lexicon = (
"Best Regards" => "Cordialement",
"Next" => "Suivant",
"Previous" => "Précédent",
+ "Select your federation" => "Sélectionnez votre fédération",
+ "Select the federation corresponding to the service you want to test:" => "Sélectionner la fédération correspondant au service à tester:",
);
1;
diff --git a/templates/Makefile.am b/templates/Makefile.am
index 48ea358..8ea379d 100644
--- a/templates/Makefile.am
+++ b/templates/Makefile.am
@@ -4,6 +4,7 @@ nobase_templates_DATA = \
web/errors.tt2.html \
web/home.tt2.html \
web/index.tt2.html \
+ web/select_federation.tt2.html \
web/select_sp.tt2.html \
web/select_email.tt2.html \
web/complete_challenge.tt2.html \
diff --git a/templates/web/complete_challenge.tt2.html b/templates/web/complete_challenge.tt2.html
index a848339..5ed0e32 100644
--- a/templates/web/complete_challenge.tt2.html
+++ b/templates/web/complete_challenge.tt2.html
@@ -2,6 +2,7 @@
<div class="wizard clearfix vertical">
<div class="steps clearfix">
<ol>
+ <li class="done">[% lh.maketext("Select your federation") %]</li>
<li class="done">[% lh.maketext("Select your service") %]</li>
<li class="done">[% lh.maketext("Select your email address") %]</li>
<li class="current">[% lh.maketext("Complete email challenge") %]</li>
diff --git a/templates/web/home.tt2.html b/templates/web/home.tt2.html
index c4376cb..6fff1a9 100644
--- a/templates/web/home.tt2.html
+++ b/templates/web/home.tt2.html
@@ -17,6 +17,6 @@
<h2>[% lh.maketext("Get started") %]</h2>
<p>[% lh.maketext("To start testing your own services, start by selecting one your are administrator for.") %]</p>
-<p class="text-center"><a href="[% app.url %]?action=select_sp" class="button">[% lh.maketext("Get started") %]</a></p>
+<p class="text-center"><a href="[% app.url %]?action=select_federation" class="button">[% lh.maketext("Get started") %]</a></p>
[% END %]
diff --git a/templates/web/select_email.tt2.html b/templates/web/select_email.tt2.html
index fdbd456..9b14a95 100644
--- a/templates/web/select_email.tt2.html
+++ b/templates/web/select_email.tt2.html
@@ -2,6 +2,7 @@
<div class="wizard clearfix">
<div class="steps clearfix">
<ol>
+ <li class="done">[% lh.maketext("Select your federation") %]</li>
<li class="done">[% lh.maketext("Select your service") %]</li>
<li class="current">[% lh.maketext("Select your email address") %]</li>
<li class="disabled">[% lh.maketext("Complete email challenge") %]</li>
diff --git a/templates/web/select_federation.tt2.html b/templates/web/select_federation.tt2.html
new file mode 100644
index 0000000..1983f9e
--- /dev/null
+++ b/templates/web/select_federation.tt2.html
@@ -0,0 +1,27 @@
+[% WRAPPER index.tt2.html %]
+<div class="wizard clearfix">
+ <div class="steps clearfix">
+ <ol>
+ <li class="current">[% lh.maketext("Select your federation") %]</li>
+ <li class="disabled">[% lh.maketext("Select your service") %]</li>
+ <li class="disabled">[% lh.maketext("Select your email address") %]</li>
+ <li class="disabled">[% lh.maketext("Complete email challenge") %]</li>
+ </ol>
+ </div>
+
+ <div class="content clearfix">
+ <h2>[% lh.maketext("Select your federation") %]</h2>
+
+ <form action="[% env.SCRIPT_NAME %]" method="get">
+ <p>[% lh.maketext("Select the federation corresponding to the service you want to test::") %]</p>
+ [% FOREACH federation IN federations.sort %]
+ <input id="[% federation %]" name="federation" value="[% federation %]" type="radio" class="required"/>
+ <label for="[% federation %]">[% federation %]</label>
+ <br/>
+ [% END %]
+ <button class="button disabled" type="submit" name="action" value="">[% lh.maketext("Previous") %]</button>
+ <button class="button" type="submit" name="action" value="select_sp">[% lh.maketext("Next") %]</button>
+ </form>
+ </div>
+</div>
+[% END %]
diff --git a/templates/web/select_sp.tt2.html b/templates/web/select_sp.tt2.html
index d39a6ef..e47b596 100644
--- a/templates/web/select_sp.tt2.html
+++ b/templates/web/select_sp.tt2.html
@@ -2,6 +2,7 @@
<div class="wizard clearfix">
<div class="steps clearfix">
<ol>
+ <li class="done">[% lh.maketext("Select your federation") %]</li>
<li class="current">[% lh.maketext("Select your service") %]</li>
<li class="disabled">[% lh.maketext("Select your email address") %]</li>
<li class="disabled">[% lh.maketext("Complete email challenge") %]</li>
@@ -25,7 +26,8 @@
[% END %]
</select>
<p>[% lh.maketext("Only Service Providers included in eduGAIN metadata are included in the list.") %]</p>
- <button type="submit" class="button disabled" name="action" value="">[% lh.maketext("Previous") %]</button>
+ <input type="hidden" name="federation" value="[% federation %]"/>
+ <button type="submit" class="button" name="action" value="select_federation">[% lh.maketext("Previous") %]</button>
<button type="submit" class="button" name="action" value="select_email">[% lh.maketext("Next") %]</button>
</form>
</div>
--
GitLab