wip: basic OpenID

issue #2050

Author: frankiejol

lib/Ravada/Auth/OpenID.pm

@@ -0,0 +1,79 @@
+package Ravada::Auth::OpenID;
+
+use strict;
+use warnings;
+
+use Data::Dumper;
+use Authen::ModAuthPubTkt;
+use URI::Escape;
+use LWP::UserAgent;
+
+=head1 NAME
+
+Ravada::Auth::SSO - SSO library for Ravada
+
+=cut
+
+use Moose;
+
+no warnings "experimental::signatures";
+use feature qw(signatures state);
+
+use Ravada::Auth::SQL;
+
+with 'Ravada::Auth::User';
+
+our $CONFIG = \$Ravada::CONFIG;
+our $ERR;
+
+sub BUILD {
+    my $self = shift;
+    die sprintf('ERROR: Login failed %s', $self->name)
+        if !$self->login();
+    return $self;
+}
+
+sub add_user($name, $password, $storage='rfc2307', $algorithm=undef) { }
+
+sub remove_user { }
+
+sub search_user { }
+
+sub _check_user_profile($self) {
+    my $user_sql = Ravada::Auth::SQL->new(name => $self->name);
+    if ( $user_sql->id ) {
+        if ($user_sql->external_auth ne 'openid') {
+            $user_sql->external_auth('openid');
+        }
+        return;
+    }
+
+    Ravada::Auth::SQL::add_user(name => $self->name, is_external => 1, is_temporary => 0
+        , external_auth => 'openid');
+}
+
+sub is_admin { }
+
+sub is_external { }
+
+sub login_external($name, $header) {
+
+    for my $field (qw(OIDC_CLAIM_exp OIDC_access_token_expires)) {
+        if ( $header->{$field} < time() ) {
+            warn localtime($header->{$field})." $field expired \n";
+            return 0;
+        }
+    }
+
+    my $self = Ravada::Auth::OpenID->new(name => $name);
+    $self->_check_user_profile();
+    return $self;
+}
+
+sub login($self) {
+    my $user_sql = Ravada::Auth::SQL->new(name => $self->name);
+    return 1 if $user_sql->external_auth && $user_sql->external_auth eq 'openid';
+    return 1;
+}
+
+1;

script/rvd_front

@@ -28,6 +28,7 @@ no warnings "experimental::signatures";
 use feature qw(signatures);
 
 use Ravada::Auth;
+use Ravada::Auth::OpenID;
 use Ravada::Booking;
 use Ravada::Front;
 use Ravada::Front::Domain;
@@ -280,6 +281,9 @@ any '/robots.txt' => sub {
 
 any '/' => sub {
     my $c = shift;
+
+my %header;
+
     return quick_start($c);
 };
 
@@ -294,12 +298,17 @@ any '/login' => sub {
 };
 
 any '/protected' => sub($c) {
-my %header;
+    my %header;
     for my $name (@{$c->req->headers->names}) {
-        $header{$name} = $c->req->headers->header($name);
+        $header{$name} = $c->req->headers->header($name)
+        if $name =~ /OIDC/;
     }
 
     warn Dumper(\%header);
+    my $auth_ok;
+    warn ''.localtime($header{OIDC_access_token_expires});
+    my $username = $header{OIDC_CLAIM_preferred_username};
+    $auth_ok = Ravada::Auth::OpenID::login_external($username, \%header);
     return $c->render("text" => "protected\n".Dumper(\%header));
 };