Skip to content

Commit 0bf53bc

Browse files
committed
wip: basic OpenID
issue #2050
1 parent 431f9b0 commit 0bf53bc

File tree

2 files changed

+90
-2
lines changed

2 files changed

+90
-2
lines changed

lib/Ravada/Auth/OpenID.pm

Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,79 @@
1+
package Ravada::Auth::OpenID;
2+
3+
use strict;
4+
use warnings;
5+
6+
use Data::Dumper;
7+
use Authen::ModAuthPubTkt;
8+
use URI::Escape;
9+
use LWP::UserAgent;
10+
11+
=head1 NAME
12+
13+
Ravada::Auth::SSO - SSO library for Ravada
14+
15+
=cut
16+
17+
use Moose;
18+
19+
no warnings "experimental::signatures";
20+
use feature qw(signatures state);
21+
22+
use Ravada::Auth::SQL;
23+
24+
with 'Ravada::Auth::User';
25+
26+
our $CONFIG = \$Ravada::CONFIG;
27+
our $ERR;
28+
29+
sub BUILD {
30+
my $self = shift;
31+
die sprintf('ERROR: Login failed %s', $self->name)
32+
if !$self->login();
33+
return $self;
34+
}
35+
36+
sub add_user($name, $password, $storage='rfc2307', $algorithm=undef) { }
37+
38+
sub remove_user { }
39+
40+
sub search_user { }
41+
42+
sub _check_user_profile($self) {
43+
my $user_sql = Ravada::Auth::SQL->new(name => $self->name);
44+
if ( $user_sql->id ) {
45+
if ($user_sql->external_auth ne 'openid') {
46+
$user_sql->external_auth('openid');
47+
}
48+
return;
49+
}
50+
51+
Ravada::Auth::SQL::add_user(name => $self->name, is_external => 1, is_temporary => 0
52+
, external_auth => 'openid');
53+
}
54+
55+
sub is_admin { }
56+
57+
sub is_external { }
58+
59+
sub login_external($name, $header) {
60+
61+
for my $field (qw(OIDC_CLAIM_exp OIDC_access_token_expires)) {
62+
if ( $header->{$field} < time() ) {
63+
warn localtime($header->{$field})." $field expired \n";
64+
return 0;
65+
}
66+
}
67+
68+
my $self = Ravada::Auth::OpenID->new(name => $name);
69+
$self->_check_user_profile();
70+
return $self;
71+
}
72+
73+
sub login($self) {
74+
my $user_sql = Ravada::Auth::SQL->new(name => $self->name);
75+
return 1 if $user_sql->external_auth && $user_sql->external_auth eq 'openid';
76+
return 1;
77+
}
78+
79+
1;

script/rvd_front

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ no warnings "experimental::signatures";
2828
use feature qw(signatures);
2929

3030
use Ravada::Auth;
31+
use Ravada::Auth::OpenID;
3132
use Ravada::Booking;
3233
use Ravada::Front;
3334
use Ravada::Front::Domain;
@@ -280,6 +281,9 @@ any '/robots.txt' => sub {
280281

281282
any '/' => sub {
282283
my $c = shift;
284+
285+
my %header;
286+
283287
return quick_start($c);
284288
};
285289

@@ -294,12 +298,17 @@ any '/login' => sub {
294298
};
295299

296300
any '/protected' => sub($c) {
297-
my %header;
301+
my %header;
298302
for my $name (@{$c->req->headers->names}) {
299-
$header{$name} = $c->req->headers->header($name);
303+
$header{$name} = $c->req->headers->header($name)
304+
if $name =~ /OIDC/;
300305
}
301306

302307
warn Dumper(\%header);
308+
my $auth_ok;
309+
warn ''.localtime($header{OIDC_access_token_expires});
310+
my $username = $header{OIDC_CLAIM_preferred_username};
311+
$auth_ok = Ravada::Auth::OpenID::login_external($username, \%header);
303312
return $c->render("text" => "protected\n".Dumper(\%header));
304313
};
305314

0 commit comments

Comments
 (0)