Lemonldap-NG-Manager
view release on metacpan or search on metacpan
lib/Lemonldap/NG/Manager/Api/Providers/OidcRp.pm view on Meta::CPAN
return $self->sendError( $req, 'Invalid input: clientId is not a string',
400 )
if ( ref $replace->{clientId} );
return $self->sendError( $req, 'Invalid input: redirectUris is missing',
400 )
unless ( defined $replace->{redirectUris} );
return $self->sendError( $req,
'Invalid input: redirectUris must be an array', 400 )
unless ( ref( $replace->{redirectUris} ) eq "ARRAY" );
$self->logger->debug(
"[API] OIDC RP $confKey configuration replace requested");
# Get latest configuration
my $conf = $self->_confAcc->getConf( { noCache => 1 } );
# Return 404 if not found
return $self->sendError( $req,
"OIDC relying party '$confKey' not found", 404 )
unless ( defined $self->_getOidcRpByConfKey( $conf, $confKey ) );
# check if new clientID exists already
my $res = $self->_isNewOidcRpClientIdUnique( $conf, $confKey, $replace );
return $self->sendError( $req, $res->{msg}, 409 )
unless ( $res->{res} eq 'ok' );
$replace->{options} = {} unless ( defined $replace->{options} );
$replace->{options}->{clientId} = $replace->{clientId};
$replace->{options}->{redirectUris} = $replace->{redirectUris};
$res = $self->_pushOidcRp( $conf, $confKey, $replace, 1 );
return $self->sendError( $req, $res->{msg}, 400 )
unless ( $res->{res} eq 'ok' );
return $self->sendJSONresponse( $req, undef, code => 204 );
}
sub deleteOidcRp {
my ( $self, $req ) = @_;
my $confKey = $req->params('confKey')
or return $self->sendError( $req, 'confKey is missing', 400 );
# Get latest configuration
my $conf = $self->_confAcc->getConf( { noCache => 1 } );
my $delete = $self->_getOidcRpByConfKey( $conf, $confKey );
# Return 404 if not found
return $self->sendError( $req,
"OIDC relying party '$confKey' not found", 404 )
unless ( defined $delete );
delete $conf->{oidcRPMetaDataOptions}->{$confKey};
delete $conf->{oidcRPMetaDataExportedVars}->{$confKey};
delete $conf->{oidcRPMetaDataOptionsExtraClaims}->{$confKey};
delete $conf->{oidcRPMetaDataMacros}->{$confKey};
delete $conf->{oidcRPMetaDataScopeRules}->{$confKey};
# Save configuration
$self->_saveApplyConf($conf);
return $self->sendJSONresponse( $req, undef, code => 204 );
}
sub _getOidcRpByConfKey {
my ( $self, $conf, $confKey ) = @_;
# Check if confKey is defined
return undef unless ( defined $conf->{oidcRPMetaDataOptions}->{$confKey} );
# Get Client ID
my $clientId = $conf->{oidcRPMetaDataOptions}->{$confKey}
->{oidcRPMetaDataOptionsClientID};
# Get exported vars
my $exportedVars = $conf->{oidcRPMetaDataExportedVars}->{$confKey};
# Get extra claim
my $extraClaims = $conf->{oidcRPMetaDataOptionsExtraClaims}->{$confKey};
# Get macros
my $macros = $conf->{oidcRPMetaDataMacros}->{$confKey} || {};
# Get scope rules
my $scopeRules = $conf->{oidcRPMetaDataScopeRules}->{$confKey} || {};
# Redirect URIs, filled later
my $redirectUris = $self->_translateValueConfToApi(
'oidcRPMetaDataOptionsRedirectUris',
$conf->{oidcRPMetaDataOptions}->{$confKey}
->{oidcRPMetaDataOptionsRedirectUris}
);
# Get options
my $options = {};
for
my $configOption ( keys %{ $conf->{oidcRPMetaDataOptions}->{$confKey} } )
{
my $apiName = $self->_translateOptionConfToApi($configOption);
my $apiValue = $self->_translateValueConfToApi( $configOption,
$conf->{oidcRPMetaDataOptions}->{$confKey}->{$configOption} );
$options->{$apiName} = $apiValue;
}
return {
confKey => $confKey,
clientId => $clientId,
redirectUris => $redirectUris,
exportedVars => $exportedVars,
extraClaims => $extraClaims,
macros => $macros,
scopeRules => $scopeRules,
options => $options
};
}
sub _getOidcRpByClientId {
my ( $self, $conf, $clientId ) = @_;
foreach ( keys %{ $conf->{oidcRPMetaDataOptions} } ) {
return $self->_getOidcRpByConfKey( $conf, $_ )
if ( $conf->{oidcRPMetaDataOptions}->{$_}
->{oidcRPMetaDataOptionsClientID} eq $clientId );
}
return undef;
}
sub _isNewOidcRpClientIdUnique {
my ( $self, $conf, $confKey, $oidcRp ) = @_;
my $curClientId = $self->_getOidcRpByConfKey( $conf, $confKey )->{clientId};
my $newClientId =
$oidcRp->{clientId}
|| $oidcRp->{options}->{clientId}
|| "";
if ( $newClientId ne '' && $newClientId ne $curClientId ) {
return {
res => 'ko',
msg =>
"An OIDC relying party with clientId '$newClientId' already exists"
}
if ( defined $self->_getOidcRpByClientId( $conf, $newClientId ) );
}
return { res => 'ok' };
}
sub _pushOidcRp {
my ( $self, $conf, $confKey, $push, $replace ) = @_;
my $translatedOptions = {};
if ($replace) {
$conf->{oidcRPMetaDataOptions}->{$confKey} = {};
$conf->{oidcRPMetaDataExportedVars}->{$confKey} = {};
$conf->{oidcRPMetaDataOptionsExtraClaims}->{$confKey} = {};
$conf->{oidcRPMetaDataScopeRules}->{$confKey} = {};
$conf->{oidcRPMetaDataMacros}->{$confKey} = {};
$translatedOptions = $self->_getDefaultValues('oidcRPMetaDataNode');
}
if ( defined $push->{options} ) {
foreach ( keys %{ $push->{options} } ) {
my $optionName = $self->_translateOptionApiToConf( $_, 'oidcRP' );
eval {
my $optionValue =
$self->_translateValueApiToConf( $optionName,
$push->{options}->{$_} );
$translatedOptions->{$optionName} = $optionValue;
};
if ($@) {
return {
res => 'ko',
msg => "Invalid input: $@",
};
}
}
my $res = $self->_hasAllowedAttributes( $translatedOptions,
'oidcRPMetaDataNode' );
return $res unless ( $res->{res} eq 'ok' );
$self->_merge_hash( $conf, 'oidcRPMetaDataOptions', $confKey,
$translatedOptions );
}
$conf->{oidcRPMetaDataOptions}->{$confKey}->{oidcRPMetaDataOptionsClientID}
= $push->{clientId}
if ( defined $push->{clientId} );
if ( defined $push->{exportedVars} ) {
if ( $self->_isSimpleKeyValueHash( $push->{exportedVars} ) ) {
$self->_merge_hash(
$conf, 'oidcRPMetaDataExportedVars',
$confKey, $push->{exportedVars}
);
}
else {
return {
res => 'ko',
msg =>
"Invalid input: exportedVars is not a hash object with \"key\":\"value\" attributes"
};
}
}
if ( defined $push->{macros} ) {
if ( $self->_isSimpleKeyValueHash( $push->{macros} ) ) {
$self->_merge_hash( $conf, 'oidcRPMetaDataMacros', $confKey,
$push->{macros} );
}
else {
return {
res => 'ko',
msg => "Invalid input: macros is not a hash object"
. " with \"key\":\"value\" attributes"
};
}
}
if ( defined $push->{scopeRules} ) {
if ( $self->_isSimpleKeyValueHash( $push->{scopeRules} ) ) {
$self->_merge_hash(
$conf, 'oidcRPMetaDataScopeRules',
$confKey, $push->{scopeRules}
);
}
else {
return {
res => 'ko',
msg => "Invalid input: scopeRules is not a hash object"
. " with \"key\":\"value\" attributes"
};
}
}
if ( defined $push->{extraClaims} ) {
if ( $self->_isSimpleKeyValueHash( $push->{extraClaims} ) ) {
$self->_merge_hash( $conf, 'oidcRPMetaDataOptionsExtraClaims',
$confKey, $push->{extraClaims} );
}
else {
return {
res => 'ko',
msg => "Invalid input: extraClaims is not a hash object"
. " with \"key\":\"value\" attributes"
};
}
}
# Test new configuration
my $parser = Lemonldap::NG::Manager::Conf::Parser->new( {
refConf => $self->_confAcc->getConf( { noCache => 1 } ),
newConf => $conf,
req => {},
}
);
unless ( $parser->testNewConf( $self->p ) ) {
return {
res => 'ko',
code => 400,
msg => "Configuration error: "
. join( ". ", map { $_->{message} } @{ $parser->errors } ),
};
}
# Save configuration
$self->_saveApplyConf($conf);
( run in 2.220 seconds using v1.01-cache-2.11-cpan-98e64b0badf )