mirror of
https://github.com/inverse-inc/sogo.git
synced 2026-07-09 02:15:08 +00:00
opendid part2
This commit is contained in:
+281
-35
@@ -145,6 +145,7 @@ static const NSString *kJwtKey = @"jwt";
|
||||
|
||||
- (WOCookie *) _authLocationCookie: (BOOL) cookieReset
|
||||
withName: (NSString *) cookieName
|
||||
withValue: (NSString *) _value
|
||||
{
|
||||
WOCookie *locationCookie;
|
||||
NSString *appName;
|
||||
@@ -152,7 +153,10 @@ static const NSString *kJwtKey = @"jwt";
|
||||
NSCalendarDate *date;
|
||||
|
||||
rq = [context request];
|
||||
locationCookie = [WOCookie cookieWithName: cookieName value: [rq uri]];
|
||||
if(_value)
|
||||
locationCookie = [WOCookie cookieWithName: cookieName value: _value];
|
||||
else
|
||||
locationCookie = [WOCookie cookieWithName: cookieName value: [rq uri]];
|
||||
appName = [rq applicationName];
|
||||
[locationCookie setPath: [NSString stringWithFormat: @"/%@/", appName]];
|
||||
if (cookieReset)
|
||||
@@ -165,6 +169,28 @@ static const NSString *kJwtKey = @"jwt";
|
||||
return locationCookie;
|
||||
}
|
||||
|
||||
- (WOCookie *) _domainCookie: (BOOL) cookieReset
|
||||
withDomain: (NSString *) _domain
|
||||
{
|
||||
WOCookie *domainCookie;
|
||||
NSString *appName;
|
||||
WORequest *rq;
|
||||
NSCalendarDate *date;
|
||||
|
||||
rq = [context request];
|
||||
domainCookie = [WOCookie cookieWithName: @"sogo-user-domain" value: _domain];
|
||||
appName = [rq applicationName];
|
||||
[domainCookie setPath: [NSString stringWithFormat: @"/%@/", appName]];
|
||||
if (cookieReset)
|
||||
{
|
||||
date = [NSCalendarDate calendarDate];
|
||||
[date setTimeZone: [NSTimeZone timeZoneForSecondsFromGMT: 0]];
|
||||
[domainCookie setExpires: [date yesterday]];
|
||||
}
|
||||
|
||||
return domainCookie;
|
||||
}
|
||||
|
||||
//
|
||||
//
|
||||
//
|
||||
@@ -389,6 +415,7 @@ static const NSString *kJwtKey = @"jwt";
|
||||
return response;
|
||||
}
|
||||
|
||||
|
||||
- (NSDictionary *) _casRedirectKeys
|
||||
{
|
||||
NSDictionary *redirectKeys;
|
||||
@@ -462,7 +489,8 @@ static const NSString *kJwtKey = @"jwt";
|
||||
/* login callback, we expire the "cas-location" cookie, created
|
||||
below */
|
||||
casLocationCookie = [self _authLocationCookie: YES
|
||||
withName: @"cas-location"];
|
||||
withName: @"cas-location"
|
||||
withValue: nil];
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -501,7 +529,8 @@ static const NSString *kJwtKey = @"jwt";
|
||||
newLocation = [SOGoCASSession CASURLWithAction: @"login"
|
||||
andParameters: [self _casRedirectKeys]];
|
||||
casLocationCookie = [self _authLocationCookie: NO
|
||||
withName: @"cas-location"];
|
||||
withName: @"cas-location"
|
||||
withValue: nil];
|
||||
}
|
||||
response = [self redirectToLocation: newLocation];
|
||||
if (casCookie)
|
||||
@@ -512,7 +541,7 @@ static const NSString *kJwtKey = @"jwt";
|
||||
return response;
|
||||
}
|
||||
|
||||
- (id <WOActionResults>) _openidDefaultAction
|
||||
- (id <WOActionResults>) _openidDefaultAction: (NSString *) _domain
|
||||
{
|
||||
WOResponse *response;
|
||||
NSString *login, *redirectLocation, *serverUrl;
|
||||
@@ -520,7 +549,7 @@ static const NSString *kJwtKey = @"jwt";
|
||||
NSURL *newLocation, *oldLocation;
|
||||
NSDictionary *formValues;
|
||||
SOGoUser *loggedInUser;
|
||||
WOCookie *openIdCookie, *openIdCookieLocation, *openIdRefreshCookie;
|
||||
WOCookie *openIdCookie, *openIdCookieLocation, *openIdRefreshCookie, *domainCookie;
|
||||
WORequest *rq;
|
||||
SOGoWebAuthenticator *auth;
|
||||
SOGoOpenIdSession *openIdSession;
|
||||
@@ -529,9 +558,16 @@ static const NSString *kJwtKey = @"jwt";
|
||||
openIdCookie = nil;
|
||||
openIdCookieLocation = nil;
|
||||
openIdRefreshCookie = nil;
|
||||
domainCookie = nil;
|
||||
newLocation = nil;
|
||||
|
||||
openIdSession = [SOGoOpenIdSession OpenIdSession];
|
||||
rq = [context request];
|
||||
|
||||
//Check if the domain is stored in a cookie if not given
|
||||
if(_domain == nil || [_domain length] == 0)
|
||||
_domain = [rq cookieValueForKey: @"sogo-user-domain"]; //_domain can still be nil aftert his
|
||||
|
||||
openIdSession = [SOGoOpenIdSession OpenIdSession: _domain];
|
||||
|
||||
if(![openIdSession sessionIsOk])
|
||||
{
|
||||
@@ -540,7 +576,6 @@ static const NSString *kJwtKey = @"jwt";
|
||||
}
|
||||
|
||||
login = [[context activeUser] login];
|
||||
rq = [context request];
|
||||
if ([login isEqualToString: @"anonymous"])
|
||||
login = nil;
|
||||
if (!login)
|
||||
@@ -548,7 +583,6 @@ static const NSString *kJwtKey = @"jwt";
|
||||
//You get here if you nerver been logged in or if you token is expired
|
||||
serverUrl = [[context serverURL] absoluteString];
|
||||
redirectLocation = [NSString stringWithFormat: @"%@/%@/", serverUrl, [rq applicationName]];
|
||||
NSLog(@"ServerUrl %@ and redirect: %@", serverUrl, redirectLocation);
|
||||
if((formValues = [rq formValues]) && [formValues objectForKey: @"code"])
|
||||
{
|
||||
//You get here if this is the callback of openid after you logged in
|
||||
@@ -559,6 +593,7 @@ static const NSString *kJwtKey = @"jwt";
|
||||
// sessionState = [value lastObject];
|
||||
// else
|
||||
// sessionState = value;
|
||||
|
||||
value = [formValues objectForKey: @"code"];
|
||||
if ([value isKindOfClass: [NSArray class]])
|
||||
code = [value lastObject];
|
||||
@@ -574,7 +609,8 @@ static const NSString *kJwtKey = @"jwt";
|
||||
inContext: context];
|
||||
}
|
||||
newLocation = [rq cookieValueForKey: @"openid-location"];
|
||||
openIdCookieLocation = [self _authLocationCookie: YES withName: @"openid-location"];
|
||||
openIdCookieLocation = [self _authLocationCookie: YES withName: @"openid-location" withValue: nil];
|
||||
domainCookie = [self _domainCookie: YES withDomain: _domain];
|
||||
}
|
||||
// else if((formValues = [rq formValues]) && [formValues objectForKey: @"action"])
|
||||
// {
|
||||
@@ -596,8 +632,13 @@ static const NSString *kJwtKey = @"jwt";
|
||||
// //To avoid making a redirection to openid server after a post request, we first redirect to a get method
|
||||
// newLocation = [NSString stringWithFormat: @"%@?action=redirect", redirectLocation];
|
||||
// else
|
||||
newLocation = [openIdSession loginUrl: redirectLocation];
|
||||
openIdCookieLocation = [self _authLocationCookie: NO withName: @"openid-location"];
|
||||
if(_domain != nil && [_domain length] > 0)
|
||||
{
|
||||
//add the domain cookie to get it after the redirect
|
||||
domainCookie = [self _domainCookie: NO withDomain: _domain];
|
||||
}
|
||||
newLocation = [openIdSession loginUrl: redirectLocation];
|
||||
openIdCookieLocation = [self _authLocationCookie: NO withName: @"openid-location" withValue: nil];
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -617,10 +658,14 @@ static const NSString *kJwtKey = @"jwt";
|
||||
[response addCookie: openIdCookie];
|
||||
if (openIdCookieLocation)
|
||||
[response addCookie: openIdCookieLocation];
|
||||
if(domainCookie)
|
||||
[response addCookie: domainCookie];
|
||||
//[response setStatus: 303];
|
||||
return response;
|
||||
}
|
||||
|
||||
|
||||
|
||||
#if defined(SAML2_CONFIG)
|
||||
- (id <WOActionResults>) _saml2DefaultAction
|
||||
{
|
||||
@@ -644,7 +689,8 @@ static const NSString *kJwtKey = @"jwt";
|
||||
newLocation = [rq cookieValueForKey: @"saml2-location"];
|
||||
if (newLocation)
|
||||
saml2LocationCookie = [self _authLocationCookie: YES
|
||||
withName: @"saml2-location"];
|
||||
withName: @"saml2-location"
|
||||
withValue: nil];
|
||||
else
|
||||
{
|
||||
oldLocation = [[self clientObject] baseURLInContext: context];
|
||||
@@ -659,7 +705,8 @@ static const NSString *kJwtKey = @"jwt";
|
||||
{
|
||||
newLocation = [SOGoSAML2Session authenticationURLInContext: context];
|
||||
saml2LocationCookie = [self _authLocationCookie: NO
|
||||
withName: @"saml2-location"];
|
||||
withName: @"saml2-location"
|
||||
withValue: nil];
|
||||
}
|
||||
|
||||
response = [self redirectToLocation: newLocation];
|
||||
@@ -680,13 +727,11 @@ static const NSString *kJwtKey = @"jwt";
|
||||
login = nil;
|
||||
|
||||
if (login)
|
||||
{
|
||||
oldLocation = [[self clientObject] baseURLInContext: context];
|
||||
response
|
||||
= [self redirectToLocation: [NSString stringWithFormat: @"%@%@",
|
||||
oldLocation,
|
||||
[[SOGoUser getEncryptedUsernameIfNeeded:login request: [context request]] stringByEscapingURL]]];
|
||||
}
|
||||
{
|
||||
oldLocation = [[self clientObject] baseURLInContext: context];
|
||||
response = [self redirectToLocation: [NSString stringWithFormat: @"%@%@", oldLocation,
|
||||
[[SOGoUser getEncryptedUsernameIfNeeded:login request: [context request]] stringByEscapingURL]]];
|
||||
}
|
||||
else
|
||||
{
|
||||
oldLocation = [[context request] uri];
|
||||
@@ -699,23 +744,174 @@ static const NSString *kJwtKey = @"jwt";
|
||||
return response;
|
||||
}
|
||||
|
||||
- (WOResponse *) connectNameAction
|
||||
{
|
||||
WOResponse *response;
|
||||
WORequest *request;
|
||||
NSDictionary *params;
|
||||
NSString *username, *language, *domain, *type, *serverUrl, *redirectLocation;
|
||||
NSRange r;
|
||||
|
||||
request = [context request];
|
||||
params = [[request contentAsString] objectFromJSONString];
|
||||
|
||||
username = [params objectForKey: @"userName"];
|
||||
|
||||
//Extract the domain
|
||||
r = [username rangeOfString: @"@"];
|
||||
if (r.location != NSNotFound)
|
||||
{
|
||||
domain = [username substringFromIndex: r.location+1];
|
||||
type = [[SOGoSystemDefaults sharedSystemDefaults] getLoginTypeForDomain: domain];
|
||||
if(type != nil)
|
||||
{
|
||||
if([type isEqualToString: @"plain"])
|
||||
{
|
||||
//Only reload the page with the name
|
||||
serverUrl = [[context serverURL] absoluteString];
|
||||
redirectLocation = [NSString stringWithFormat: @"%@/%@/login?hint=%@", serverUrl, [request applicationName], username];
|
||||
//response = [self redirectToLocation: [NSString stringWithFormat: @"%@/", redirectLocation]];
|
||||
response = [self responseWithStatus: 200 andJSONRepresentation:
|
||||
[NSDictionary dictionaryWithObjectsAndKeys: redirectLocation, @"redirect", nil]];
|
||||
}
|
||||
else if([type isEqualToString: @"openid"])
|
||||
{
|
||||
SOGoOpenIdSession *openIdSession;
|
||||
WOCookie *domainCookie, *openIdCookieLocation;
|
||||
|
||||
//With openId, the user will be redirected to the openid server for login
|
||||
//With set the domain in a cookie to know it after the openid does the callbacl
|
||||
serverUrl = [[context serverURL] absoluteString];
|
||||
redirectLocation = [NSString stringWithFormat: @"%@/%@/", serverUrl, [request applicationName]];
|
||||
|
||||
openIdSession = [SOGoOpenIdSession OpenIdSession: domain];
|
||||
|
||||
domainCookie = [self _domainCookie: NO withDomain: domain];
|
||||
openIdCookieLocation = [self _authLocationCookie: NO withName: @"openid-location" withValue: redirectLocation];
|
||||
|
||||
response = [self responseWithStatus: 200 andJSONRepresentation:
|
||||
[NSDictionary dictionaryWithObjectsAndKeys: [openIdSession loginUrl: redirectLocation], @"redirect", nil]];
|
||||
[response addCookie: domainCookie];
|
||||
[response addCookie: openIdCookieLocation];
|
||||
}
|
||||
else if([type isEqualToString: @"cas"] || [type isEqualToString: @"saml2"])
|
||||
{
|
||||
[self logWithFormat: @"Unsupported type for now: %@", type];
|
||||
response = [self responseWithStatus: 400
|
||||
andString: @"Domain Authentication type not supported"];
|
||||
}
|
||||
else
|
||||
{
|
||||
[self logWithFormat: @"Unknown type: %@", type];
|
||||
response = [self responseWithStatus: 400
|
||||
andString: @"Unknwon Authentication type"];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
[self logWithFormat: @"Auth type for Domain given is not set or there is no default value: %@", domain];
|
||||
response = [self responseWithStatus: 400
|
||||
andString: @"Domain unknown"];
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
[self logWithFormat: @"Domain is required but not found for user recovery exception for user %@", username];
|
||||
response = [self responseWithStatus: 400
|
||||
andString: @"Domain needed in the login"];
|
||||
}
|
||||
|
||||
return response;
|
||||
}
|
||||
|
||||
|
||||
- (id <WOActionResults>) defaultAction
|
||||
{
|
||||
NSString *authenticationType;
|
||||
NSString *authenticationType, *loginDomain, *type, *_domain;
|
||||
SOGoSystemDefaults* sd;
|
||||
id <WOActionResults> result;
|
||||
|
||||
authenticationType = [[SOGoSystemDefaults sharedSystemDefaults]
|
||||
authenticationType];
|
||||
if ([authenticationType isEqualToString: @"cas"])
|
||||
result = [self _casDefaultAction];
|
||||
else if ([authenticationType isEqualToString: @"openid"])
|
||||
result = [self _openidDefaultAction];
|
||||
#if defined(SAML2_CONFIG)
|
||||
else if ([authenticationType isEqualToString: @"saml2"])
|
||||
result = [self _saml2DefaultAction];
|
||||
#endif /* SAML2_CONFIG */
|
||||
else
|
||||
result = [self _standardDefaultAction];
|
||||
loginDomain = nil;
|
||||
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||
if([sd doesLoginTypeByDomain])
|
||||
{
|
||||
NSString *login;
|
||||
//In this mode sogo will ask the mail of the user before doing any authentication
|
||||
//Check if a user is already logged in
|
||||
|
||||
_domain = [[context request] cookieValueForKey: @"sogo-user-domain"]; //_domain can still be nil aftert his
|
||||
if(_domain != nil)
|
||||
{
|
||||
//This is a callback of an openid session.
|
||||
return [self _openidDefaultAction: _domain];
|
||||
}
|
||||
|
||||
login = [[context activeUser] login];
|
||||
if ([login isEqualToString: @"anonymous"])
|
||||
login = nil;
|
||||
if(!login && !_domain)
|
||||
return [self _standardDefaultAction];
|
||||
else
|
||||
{
|
||||
//User already logged in. Extract the domain in that case
|
||||
NSRange r;
|
||||
r = [login rangeOfString: @"@"];
|
||||
if (r.location != NSNotFound)
|
||||
{
|
||||
loginDomain = [login substringFromIndex: r.location+1];
|
||||
type = [sd getLoginTypeForDomain: loginDomain];
|
||||
if(type)
|
||||
{
|
||||
if([type isEqualToString: @"plain"])
|
||||
{
|
||||
result = [self _standardDefaultAction];
|
||||
}
|
||||
else if([type isEqualToString: @"openid"])
|
||||
{
|
||||
result = [self _openidDefaultAction: loginDomain];
|
||||
}
|
||||
else if([type isEqualToString: @"cas"] || [type isEqualToString: @"saml2"])
|
||||
{
|
||||
[self logWithFormat: @"Unsupported type for now: %@", type];
|
||||
result = [self responseWithStatus: 400
|
||||
andString: @"Domain Authentication type not supported"];
|
||||
}
|
||||
else
|
||||
{
|
||||
[self logWithFormat: @"Unknown type: %@", type];
|
||||
result = [self responseWithStatus: 400
|
||||
andString: @"Unknwon Authentication type"];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
[self logWithFormat: @"Auth type for Domain given is not set or there is no default value: %@", loginDomain];
|
||||
result = [self responseWithStatus: 400
|
||||
andString: @"Domain unknown"];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
loginDomain = nil;
|
||||
result = [self _standardDefaultAction];
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
authenticationType = [sd authenticationType];
|
||||
|
||||
if ([authenticationType isEqualToString: @"cas"])
|
||||
result = [self _casDefaultAction];
|
||||
else if ([authenticationType isEqualToString: @"openid"])
|
||||
result = [self _openidDefaultAction: loginDomain];
|
||||
#if defined(SAML2_CONFIG)
|
||||
else if ([authenticationType isEqualToString: @"saml2"])
|
||||
result = [self _saml2DefaultAction];
|
||||
#endif /* SAML2_CONFIG */
|
||||
else
|
||||
result = [self _standardDefaultAction];
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@@ -745,6 +941,57 @@ static const NSString *kJwtKey = @"jwt";
|
||||
return ([[self loginDomains] count] > 0);
|
||||
}
|
||||
|
||||
- (BOOL) doLoginUsernameFirst
|
||||
{
|
||||
return [[SOGoSystemDefaults sharedSystemDefaults] doesLoginTypeByDomain];
|
||||
}
|
||||
|
||||
- (BOOL) doFullLogin
|
||||
{
|
||||
//Either we directly do the full login (meaning the user inputs its username and password)
|
||||
//Or we do it in two times:
|
||||
//phase 1: user types its username first -> only show the username input
|
||||
//phase 2: user types its password -> show all inputs
|
||||
//In phase 2, the username will be in the query at key "login"
|
||||
if([self doLoginUsernameFirst]){
|
||||
WORequest *rq;
|
||||
BOOL hasLogin;
|
||||
NSDictionary *formValues;
|
||||
|
||||
rq = [context request];
|
||||
hasLogin = ((formValues=[rq formValues]) && [formValues objectForKey: @"hint"]);
|
||||
return hasLogin;
|
||||
}
|
||||
|
||||
return YES;
|
||||
}
|
||||
|
||||
- (BOOL) doPartialLogin
|
||||
{
|
||||
return ![self doFullLogin];
|
||||
}
|
||||
|
||||
|
||||
- (NSString *) getLoginHint
|
||||
{
|
||||
id value;
|
||||
WORequest *rq;
|
||||
NSString* login;
|
||||
NSDictionary *formValues;
|
||||
|
||||
login = @"";
|
||||
|
||||
rq = [context request];
|
||||
if((formValues=[rq formValues]) && (value=[formValues objectForKey: @"hint"]))
|
||||
{
|
||||
if ([value isKindOfClass: [NSArray class]])
|
||||
login = [value lastObject];
|
||||
else
|
||||
login = value;
|
||||
}
|
||||
return login;
|
||||
}
|
||||
|
||||
- (BOOL) hasPasswordRecovery
|
||||
{
|
||||
return [[SOGoSystemDefaults sharedSystemDefaults] isPasswordRecoveryEnabled];
|
||||
@@ -1108,8 +1355,7 @@ static const NSString *kJwtKey = @"jwt";
|
||||
message = [[request contentAsString] objectFromJSONString];
|
||||
username = [message objectForKey: @"userName"];
|
||||
domain = [message objectForKey: @"domain"];
|
||||
if ([[SOGoSystemDefaults sharedSystemDefaults]
|
||||
isPasswordRecoveryEnabled]) {
|
||||
if ([[SOGoSystemDefaults sharedSystemDefaults] isPasswordRecoveryEnabled]) {
|
||||
// If no domain, try to retrieve domain from username
|
||||
if (nil != domain && domain != [NSNull null]) {
|
||||
domainName = domain;
|
||||
|
||||
Reference in New Issue
Block a user