-
Notifications
You must be signed in to change notification settings - Fork 2
/
appgrid.patch
109 lines (103 loc) · 3.47 KB
/
appgrid.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
diff --git a/usr/share/perl5/Lemonldap/NG/Handler/Lib/OAuth2.pm b/usr/share/perl5/Lemonldap/NG/Handler/Lib/OAuth2.pm
index 129ea713c..5c9f18253 100644
--- a/usr/share/perl5/Lemonldap/NG/Handler/Lib/OAuth2.pm
+++ b/usr/share/perl5/Lemonldap/NG/Handler/Lib/OAuth2.pm
@@ -73,7 +73,7 @@ sub retrieveSession {
}
sub fetchId {
- my ( $class, $req ) = @_;
+ my ( $class, $req, $oauth2Only ) = @_;
my $access_token;
my $authorization = $req->{env}->{HTTP_AUTHORIZATION};
@@ -84,7 +84,9 @@ sub fetchId {
$class->logger->debug( 'Found OAuth2 access token ' . $access_token );
}
else {
- return $class->Lemonldap::NG::Handler::Main::fetchId($req);
+ return $oauth2Only
+ ? undef
+ : $class->Lemonldap::NG::Handler::Main::fetchId($req);
}
# Get access token session
@@ -126,6 +128,8 @@ sub fetchId {
return "O-$_session_id";
}
+ return undef if $oauth2Only;
+
my $value = $class->Lemonldap::NG::Handler::Main::fetchId($req);
unless ($value) {
$req->data->{oauth2_error} = 'invalid_token';
diff --git a/usr/share/perl5/Lemonldap/NG/Portal/Lib/OAuth2Handler.pm b/usr/share/perl5/Lemonldap/NG/Portal/Lib/OAuth2Handler.pm
new file mode 100644
index 000000000..bb2f280a8
--- /dev/null
+++ b/usr/share/perl5/Lemonldap/NG/Portal/Lib/OAuth2Handler.pm
@@ -0,0 +1,43 @@
+package Lemonldap::NG::Portal::Lib::OAuth2Handler;
+
+use Lemonldap::NG::Handler::PSGI::OAuth2;
+
+sub addOauth2Route {
+ my ( $self, $path, $subNameOrHash, $unAuthSubName, $methods ) = @_;
+ $self->addUnauthRoute(
+ $path, $subNameOrHash, $methods,
+
+ # Transform method to see if Oauth2 token is available
+ sub {
+ my ($subName) = @_;
+ return sub {
+ shift;
+ my ($req) = @_;
+ if ( &tryAuth( $self, $req ) ) {
+ return ref $subName
+ ? $subName->( $self, @_ )
+ : $self->$subName(@_);
+ }
+ else {
+ return ref $unAuthSubName
+ ? $unAuthSubName->( $self, @_ )
+ : $self->$unAuthSubName(@_);
+ }
+ }
+ }
+ );
+ return $self;
+}
+
+sub tryAuth {
+ my ( $self, $req ) = @_;
+ my $id = Lemonldap::NG::Handler::PSGI::OAuth2->fetchId( $req, 1 );
+ return undef unless $id;
+ my $data =
+ Lemonldap::NG::Handler::PSGI::OAuth2->retrieveSession( $req, $id );
+ return undef unless $data;
+ $req->userData($data);
+ return 1;
+}
+
+1;
diff --git a/usr/share/perl5/Lemonldap/NG/Portal/Plugins/RESTServer.pm b/usr/share/perl5/Lemonldap/NG/Portal/Plugins/RESTServer.pm
index 3938378..8fc0294 100644
--- a/usr/share/perl5/Lemonldap/NG/Portal/Plugins/RESTServer.pm
+++ b/usr/share/perl5/Lemonldap/NG/Portal/Plugins/RESTServer.pm
@@ -265,6 +265,22 @@ sub init {
return 1;
}
+sub addAuthRoute {
+ my ( $self, $path, $subNameOrHash, $methods ) = @_;
+ $self->SUPER::addAuthRoute( $path, $subNameOrHash, $methods );
+ if ( $self->conf->{restAllowOauth2} ) {
+ require Lemonldap::NG::Portal::Lib::OAuth2Handler;
+ Lemonldap::NG::Portal::Lib::OAuth2Handler::addOauth2Route( $self,
+ $path, $subNameOrHash, 'forbidden', $methods );
+ }
+ return $self;
+}
+
+sub forbidden {
+ my ( $self, $req ) = @_;
+ return $self->p->sendError( $req, 'Authentication required', 401 );
+}
+
sub newSession {
my ( $self, $req, $id ) = @_;