Lemonldap-NG-Portal
view release on metacpan or search on metacpan
lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm view on Meta::CPAN
}
return $self->p->sendJSONresponse( $req, $sessions );
}
# The "hashStore" here doesn't override configuration:
# Lemonldap::NG::Common::Session::REST module check the configuration
# parameter. So here it means "use hashed id if possible" and of course
# if session kind is OIDC or SSO
my $session = $self->getApacheSession(
$mod, $id,
info => $infos,
force => $force,
hashStore => ( $mod->{kind} =~ reHashedKinds ),
);
return $self->p->sendError( $req, 'Unable to create session', 500 )
unless ($session);
$self->logger->debug(
"REST request create a new session (" . $session->id . ")" );
return $self->p->sendJSONresponse( $req,
{ result => 1, session => $session->data } );
}
sub newAuthSession {
my ( $self, $req, $id ) = @_;
# Check secret
my $secret = $req->param('secret');
unless ( $self->_checkSecret($secret) ) {
return $self->p->sendError( $req, 'Bad secret', 403 );
}
$req->env->{AuthBasic} = 1;
$req->{id} = $id;
$req->{force} = 1;
$req->user( $req->param('user') );
$req->data->{password} = $req->param('password');
$req->steps( [
@{ $self->p->beforeAuth },
$self->p->authProcess,
@{ $self->p->betweenAuthAndData },
$self->p->sessionData,
@{ $self->p->afterData },
$self->p->validSession,
@{ $self->p->endAuth }
]
);
$req->{error} = $self->p->process($req);
$self->logger->debug(
"REST authentication result for $req->{user}: code $req->{error}");
if ( $req->error != 0 ) {
$self->p->deleteSession($req);
return $self->p->sendError( $req, 'Unauthorized', 401 );
}
return $self->session( $req,
$self->conf->{hashedSessionStore} ? id2storage($id) : $id );
}
sub updateSession {
my ( $self, $req, $id, $attr ) = @_;
$self->logger->debug("REST request to update session $id");
my $mod = $self->getMod($req)
or return $self->p->sendError( $req, undef, 400 );
return $self->p->sendError( $req, 'ID is required', 400 ) unless ($id);
# Get new info
my $infos = $req->jsonBodyToObj
or return $self->p->sendError( $req, undef, 400 );
$infos = { $attr => $infos } if $attr;
# Get secret if given
my $secret = delete $infos->{__secret};
my $force = $self->_checkSecret($secret);
# Get session and store info
# The hashed store is used if explicitly asked and if session type is
# SSO or OIDC
my $session = $self->getApacheSession(
$mod, $id,
info => $infos,
force => $force,
hashStore => (
( $mod->{kind} =~ reHashedKinds )
? ( $req->param('hash') ) // 0
: 0
),
) or return $self->p->sendError( $req, 'Session Id does not exist', 400 );
return $self->p->sendJSONresponse( $req, { result => 1 } );
}
sub delSession {
my ( $self, $req, $id ) = @_;
my $mod = $self->getMod($req)
or return $self->p->sendError( $req, undef, 400 );
return $self->p->sendError( $req, 'ID is required', 400 ) unless ($id);
# Get session
# The hashed store is used if explicitly asked and if session type is
# SSO or OIDC
my $session = $self->getApacheSession(
$mod, $id,
hashStore => (
( $mod->{kind} =~ reHashedKinds )
? ( $req->param('hash') ) // 0
: 0
),
) or return $self->p->sendError( $req, 'Session Id does not exist', 400 );
# Delete it
$self->logger->debug("REST request to delete session $id");
my $res = $self->p->_deleteSession( $req, $session );
$self->logger->debug(" Result is $res");
return $self->p->sendJSONresponse( $req, { result => $res } );
}
sub delMySession {
lib/Lemonldap/NG/Portal/Plugins/RESTServer.pm view on Meta::CPAN
# Verify authorizationfor arg
elsif ( my $url = $req->param('authorizationfor') ) {
# Verify that value is base64 encoded
return $self->p->sendError( $req, "Value must be in BASE64", 400 )
if ( $url =~ m#[^A-Za-z0-9\+/=]# );
$req->urldc( decode_base64($url) );
# Check for XSS problems
return $self->p->sendError( $req, 'XSS attack detected', 400 )
if ( $self->p->checkXSSAttack( 'authorizationfor', $req->urldc ) );
# Split URL
my ( $host, $uri );
if ( $req->urldc =~ URIRE ) {
( $host, $uri ) = ( $3 . ( $4 ? ":$4" : '' ), $5 );
$uri ||= '/';
return $self->p->sendError( $req, "Bad URL $req->{urldc}", 400 )
unless ($host);
}
else {
return $self->p->sendError( $req, "Bad URL $req->{urldc}", 400 );
}
$self->logger->debug("Looking for authorization for $url");
# Now check for authorization
my $res =
$self->p->HANDLER->grant( $req, $req->userData, $uri, undef, $host );
$self->logger->debug(" Result is $res");
return $self->p->sendJSONresponse( $req, { result => $res } );
}
return $self->p->sendError( $req,
'whoami or authorizationfor is required', 400 );
}
sub getMyKey {
my ( $self, $req, $key ) = @_;
# All /my/ API are called with user's session, so indicates here that
# it uses hashed store if available
$req->data->{hashStore} = 1;
$key ||= '';
if ($key) {
$self->logger->debug(
"REST request to get personal session attribute: $key");
}
else {
my $keys = $self->exportedAttr;
$keys =~ s/\[|\]//g;
$keys =~ s/,/, /g;
$self->logger->debug("REST request to get exported attributes: $keys");
}
my $id = $req->userData->{_session_id};
$id = id2storage($id) if $req->userData->{_session_hashed};
return $self->session( $req, $id, $key || $self->exportedAttr );
}
sub updateMySession {
my ( $self, $req ) = @_;
# All /my/ API are called with user's session, so indicates here that
# it uses hashed store if available
$req->data->{hashStore} = 1;
my $res = 0;
my $mKeys = [];
if ( my $token = $req->param('token') ) {
if ( $self->ott->getToken($token) ) {
if ( $req->param('sessionType') eq 'persistent' ) {
foreach
my $key ( @{ $self->conf->{mySessionAuthorizedRWKeys} } )
{
my $v;
if ( $key =~ /\*/ ) {
$key =~ s/\*/\.\*/g;
if ( my ($k) = grep( /$key/, $req->params ) ) {
$v = $req->param($k);
}
}
else {
$v = $req->param($key);
}
if ( defined $v ) {
$res++;
push @$mKeys, $key;
$self->p->updatePersistentSession( $req,
{ $key => $v } );
$self->logger->debug(
"Request to update session -> Key : $key");
}
}
}
}
else {
$self->logger->error('Update session request with invalid token');
}
}
else {
$self->logger->error('Update session request without token');
}
return $self->p->sendError( $req, 'Modification refused', 403 ) unless $res;
return $self->p->sendJSONresponse( $req,
{ result => 1, count => $res, modifiedKeys => $mKeys } );
}
sub delKeyInMySession {
my ( $self, $req ) = @_;
# All /my/ API are called with user's session, so indicates here that
# it uses hashed store if available
$req->data->{hashStore} = 1;
my $res = 0;
my $mKeys = [];
my $dkey = $req->param('key');
my $sub = $req->param('sub');
if ( my $token = $req->param('token') ) {
( run in 2.953 seconds using v1.01-cache-2.11-cpan-ceb78f64989 )