Skip to content

Commit

Permalink
wip: basic OpenID
Browse files Browse the repository at this point in the history 
issue #2050
  • Loading branch information
@frankiejol
frankiejol committed Jul 24, 2024
1 parent 431f9b0 commit 0bf53bc
Show file tree
Hide file tree
Showing 2 changed files with 90 additions and 2 deletions.
79 changes: 79 additions & 0 deletions lib/Ravada/Auth/OpenID.pm
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
package Ravada::Auth::OpenID;

use strict;
use warnings;

use Data::Dumper;
use Authen::ModAuthPubTkt;
use URI::Escape;
use LWP::UserAgent;

=head1 NAME
Ravada::Auth::SSO - SSO library for Ravada
=cut

use Moose;

no warnings "experimental::signatures";
use feature qw(signatures state);

use Ravada::Auth::SQL;

with 'Ravada::Auth::User';

our $CONFIG = \$Ravada::CONFIG;
our $ERR;

sub BUILD {
my $self = shift;
die sprintf('ERROR: Login failed %s', $self->name)
if !$self->login();
return $self;
}

sub add_user($name, $password, $storage='rfc2307', $algorithm=undef) { }

sub remove_user { }

sub search_user { }

sub _check_user_profile($self) {
my $user_sql = Ravada::Auth::SQL->new(name => $self->name);
if ( $user_sql->id ) {
if ($user_sql->external_auth ne 'openid') {
$user_sql->external_auth('openid');
}
return;
}

Ravada::Auth::SQL::add_user(name => $self->name, is_external => 1, is_temporary => 0
, external_auth => 'openid');
}

sub is_admin { }

sub is_external { }

sub login_external($name, $header) {

for my $field (qw(OIDC_CLAIM_exp OIDC_access_token_expires)) {
if ( $header->{$field} < time() ) {
warn localtime($header->{$field})." $field expired \n";
return 0;
}
}

my $self = Ravada::Auth::OpenID->new(name => $name);
$self->_check_user_profile();
return $self;
}

sub login($self) {
my $user_sql = Ravada::Auth::SQL->new(name => $self->name);
return 1 if $user_sql->external_auth && $user_sql->external_auth eq 'openid';
return 1;
}

1;
13 changes: 11 additions & 2 deletions script/rvd_front
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ no warnings "experimental::signatures";
use feature qw(signatures);

use Ravada::Auth;
use Ravada::Auth::OpenID;
use Ravada::Booking;
use Ravada::Front;
use Ravada::Front::Domain;
Expand Down Expand Up @@ -280,6 +281,9 @@ any '/robots.txt' => sub {

any '/' => sub {
my $c = shift;

my %header;

return quick_start($c);
};

Expand All @@ -294,12 +298,17 @@ any '/login' => sub {
};

any '/protected' => sub($c) {
my %header;
my %header;
for my $name (@{$c->req->headers->names}) {
$header{$name} = $c->req->headers->header($name);
$header{$name} = $c->req->headers->header($name)
if $name =~ /OIDC/;
}

warn Dumper(\%header);
my $auth_ok;
warn ''.localtime($header{OIDC_access_token_expires});
my $username = $header{OIDC_CLAIM_preferred_username};
$auth_ok = Ravada::Auth::OpenID::login_external($username, \%header);
return $c->render("text" => "protected\n".Dumper(\%header));
};

Expand Down

0 comments on commit 0bf53bc

Please sign in to comment.