Merge to 4.0.5-2

inverse-inc · Aug 12, 2013 · 4e50773 · 4e50773
2 parents bd5d18a + 6cce3f5
commit 4e50773
Show file tree

Hide file tree

Showing 9 changed files with 159 additions and 42 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,112 @@
+commit c123e126a4b98a9a377cf10521f178c9b2db5910
+Author: Francis Lachapelle <[email protected]>
+Date:   Mon Aug 12 11:57:05 2013 -0400
+
+    Update NEWS file
+
+M	NEWS.asciidoc
+
+commit 404deb3e186dc03161ffef8c2d7d26fdcf4e53dc
+Author: James Rouzier <[email protected]>
+Date:   Mon Aug 12 11:43:43 2013 -0400
+
+    Remove incorrect array dereference
+
+M	lib/pf/web.pm
+
+commit 3d0ecc3395730912a9a17401a5ecd5e985e6bd7b
+Author: Francis Lachapelle <[email protected]>
+Date:   Mon Aug 12 11:37:56 2013 -0400
+
+    Restore ProfileFactory to previous state
+
+M	lib/pf/Portal/ProfileFactory.pm
+
+commit 6e1fcd5c661a3adeea70a7c0bef3e801260116a1
+Author: Francis Lachapelle <[email protected]>
+Date:   Mon Aug 12 11:33:34 2013 -0400
+
+    WISPr: respect authentication source
+
+M	html/captive-portal/register.cgi
+M	lib/pf/authentication.pm
+M	lib/pf/web.pm
+M	lib/pf/web/wispr.pm
+
+commit 9c52b4e1c2cb263de6677c8fa24bf2aeb48fc35b
+Author: Francis Lachapelle <[email protected]>
+Date:   Mon Aug 12 10:58:40 2013 -0400
+
+    Fix OAuth2 authentication
+
+M	lib/pf/web.pm
+
+commit da3634a29aabb0eee665929427883ecebb254ae2
+Author: Francis Lachapelle <[email protected]>
+Date:   Fri Aug 9 17:47:22 2013 -0400
+
+    Bump to version 4.0.5-2
+
+M	conf/pf-release
+
+commit 17ab0853a347d3838f3ba25007290d755c1f03fc
+Author: James Rouzier <[email protected]>
+Date:   Fri Aug 9 19:17:05 2013 -0400
+
+    Fixed the call to update_profiles_guest_modes by adding the proper parameters to it
+
+M	lib/pf/authentication.pm
+
+commit f32963b2dbe2b0cc828b73cfc4e56466a03e6184
+Author: James Rouzier <[email protected]>
+Date:   Fri Aug 9 18:57:10 2013 -0400
+
+    match function expects a source_id or an array ref of source objects
+
+M	lib/pf/authentication.pm
+
+commit 8d3a7b314817c6dc998edfab8b58732410942b4f
+Author: Francis Lachapelle <[email protected]>
+Date:   Fri Aug 9 16:34:06 2013 -0400
+
+    Fix auth::match to handle multiple sources
+
+M	html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm
+M	lib/pf/authentication.pm
+
+commit 509a7f0b0dbf32ed1db23e0874f3213ea07eb231
+Author: Durand Fabrice <[email protected]>
+Date:   Fri Aug 9 14:54:47 2013 -0400
+
+    Fix syntax
+
+M	lib/pf/SNMP/MockedSwitch.pm
+
+commit 9378252275947f4a57770ad00d562c586fa1efaa
+Author: Francis Lachapelle <[email protected]>
+Date:   Fri Aug 9 14:26:38 2013 -0400
+
+    Improve Administration Guide
+
+M	docs/PacketFence_Administration_Guide.asciidoc
+
+commit f100940f94c2e3f40c1465002b95fa508dc50dc6
+Author: Francis Lachapelle <[email protected]>
+Date:   Fri Aug 9 14:21:43 2013 -0400
+
+    Update documentation for releae 4.0.5
+
+M	ChangeLog
+M	NEWS.asciidoc
+M	UPGRADE.asciidoc
+M	addons/packages/packetfence.spec
+M	conf/documentation.conf
+M	debian/changelog
+M	docs/PacketFence_Administration_Guide-docinfo.xml
+M	docs/PacketFence_Administration_Guide.asciidoc
+M	docs/docinfo.xml
+M	docs/includes/global-attributes.asciidoc
+
 commit 51985fbf88e38a94b79e18b98b76c585ec3dd759
 Author: Derek Wuelfrath <[email protected]>
 Date:   Fri Aug 9 13:53:02 2013 -0400

diff --git a/NEWS.asciidoc b/NEWS.asciidoc
@@ -11,6 +11,16 @@ This is a list of noteworthy changes across releases.
 For more details and developer visible changes see the ChangeLog file.
 For a list of compatibility related changes see the UPGRADE.asciidoc file.
 
+Version 4.0.5-2 released on 2013-08-12
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Bug Fixes
++++++++++
+
+* Fixed authentication with multiple sources
+* Fixed oauth2
+* Authentication source is now respected when using WISPr
+
 Version 4.0.5 released on 2013-08-09
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

diff --git a/conf/pf-release b/conf/pf-release
@@ -1 +1 @@
-PacketFence 4.0.5
+PacketFence 4.0.5-2
diff --git a/html/captive-portal/register.cgi b/html/captive-portal/register.cgi
@@ -67,7 +67,7 @@ if (defined($cgi->param('username')) && $cgi->param('username') ne '') {
     exit(0);
   }
 
-  my ($auth_return, $error, $source) = pf::web::web_user_authenticate($portalSession);
+  my ($auth_return, $error, $source_id) = pf::web::web_user_authenticate($portalSession);
   if ($auth_return != 1) {
     $logger->trace("authentication failed for " . $portalSession->getClientMac());
     pf::web::generate_login_page($portalSession, $error);
@@ -85,7 +85,7 @@ if (defined($cgi->param('username')) && $cgi->param('username') ne '') {
 
   # obtain node information provided by authentication module. We need to get the role (category here)
   # as web_node_register() might not work if we've reached the limit
-  my $value = &pf::authentication::match($source, $params, $Actions::SET_ROLE);
+  my $value = &pf::authentication::match($source_id, $params, $Actions::SET_ROLE);
 
   $logger->trace("Got role '$value' for username $pid");
 
@@ -96,13 +96,13 @@ if (defined($cgi->param('username')) && $cgi->param('username') ne '') {
 
   # If an access duration is defined, use it to compute the unregistration date;
   # otherwise, use the unregdate when defined.
-  $value = &pf::authentication::match($source, $params, $Actions::SET_ACCESS_DURATION);
+  $value = &pf::authentication::match($source_id, $params, $Actions::SET_ACCESS_DURATION);
   if (defined $value) {
       $value = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($value)));
       $logger->trace("Computed unrege date from access duration: $value");
   }
   else {
-      $value = &pf::authentication::match($source, $params, $Actions::SET_UNREG_DATE);
+      $value = &pf::authentication::match($source_id, $params, $Actions::SET_UNREG_DATE);
   }
   if (defined $value) {
       $logger->trace("Got unregdate $value for username $pid");

diff --git a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm
@@ -38,7 +38,7 @@ sub supported_features {
 sub check_password {
   my ( $self, $password ) = @_;
 
-  my @internal_sources_id = map { $_->{'id'} } pf::authentication::getInternalAuthenticationSources();
+  my @internal_sources_id = map { $_->{'id'} } @{pf::authentication::getInternalAuthenticationSources()};
   my ($result, $message, $source_id) = &pf::authentication::authenticate($self->_user, $password, @internal_sources_id);
 
   if ($result) {

diff --git a/lib/pf/Portal/ProfileFactory.pm b/lib/pf/Portal/ProfileFactory.pm
@@ -34,12 +34,12 @@ Create a new pf::Portal::Profile instance based on parameters given.
 =cut
 
 sub instantiate {
-    my ( $self, $mac, $options ) = @_;
+    my ( $self, $mac ) = @_;
     my $logger = Log::Log4perl::get_logger(__PACKAGE__);
 
     # We apply portal profiles based on the SSID and VLAN, we check the last_ssid for the given MAC and try to match
     # a portal profile using the previously fetched filters. If no match, we instantiate the default portal profile.
-    my $node_info = $options || node_view($mac);
+    my $node_info = node_view($mac);
     my @filter_ids = ((map { "$_:" . $node_info->{"last_$_"}  } qw(ssid vlan)), @{$node_info}{'last_ssid','last_vlan'});
     my $filtered_profile =
         first {exists $Profiles_Config{$_}}

diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm
@@ -95,8 +95,6 @@ our %TYPE_TO_SOURCE = (
 our $logger = get_logger();
 
 
-$cached_profiles_config->addReloadCallbacks(update_profiles_guest_modes => \&update_profiles_guest_modes);
-
 readAuthenticationConfigFile();
 
 =item availableAuthenticationSourceTypes
@@ -206,12 +204,14 @@ sub readAuthenticationConfigFile {
                     }
                     push(@authentication_sources, $current_source);
                 }
-                update_profiles_guest_modes();
+                update_profiles_guest_modes($cached_profiles_config,"update_profiles_guest_modes");
             }]
         );
+        $cached_profiles_config->addReloadCallbacks(update_profiles_guest_modes => \&update_profiles_guest_modes);
+
     } else {
         $cached_authentication_config->ReadConfig();
-        update_profiles_guest_modes();
+        update_profiles_guest_modes($cached_profiles_config,"update_profiles_guest_modes");
     }
 }
 
@@ -343,7 +343,8 @@ Return instances of pf::Authentication::Source for internal sources
 =cut
 
 sub getInternalAuthenticationSources {
-    return grep { $_->{'class'} eq 'internal' } @authentication_sources;
+    my @internal = grep { $_->{'class'} eq 'internal' } @authentication_sources;
+    return \@internal;
 }
 
 =item deleteAuthenticationSource
@@ -468,32 +469,30 @@ sub _authenticate_from_sources {
 
 =item match
 
-This method tries to match a set of params in a specific source. If source_id is
-undef, all sources will be tried. If action is undef, all actions will be returned.
+This method tries to match a set of params in one or multiple sources.
 
-If action is set, it'll return the value of the action immediately.
+If action is undef, all actions will be returned.
+If action is set, it will return the value of the action immediately.
 
 =cut
 
 sub match {
     my ($source_id, $params, $action) = @_;
-    my $actions;
+    my ($actions, @sources);
 
     $logger->debug("Match called with parameters ".join(", ", map { "$_ => $params->{$_}" } keys %$params));
 
-    foreach my $current_source ( @authentication_sources ) {
-        if (defined $source_id && $source_id eq $current_source->id) {
-            $actions = $current_source->match($params);
-            last;
-        }
-        elsif (!defined $source_id) {
-            $actions = $current_source->match($params);
+    if (ref($source_id) eq 'ARRAY') {
+        @sources = @{$source_id};
+        $source_id = undef;
+    }
+    else {
+        @sources = first { $_->id eq $source_id  } @authentication_sources;
+    }
 
-            # First match in a source wins, and we stop looping
-            if (defined $actions) {
-                last;
-            }
-        }
+    foreach my $current_source ( @sources ) {
+        # First match in a source wins, and we stop looping
+        last if defined( $actions = $current_source->match($params));
     }
 
     if (defined $action && defined $actions) {

diff --git a/lib/pf/web.pm b/lib/pf/web.pm
@@ -383,11 +383,11 @@ sub generate_oauth2_result {
    my $token;
 
    eval {
-      $token = oauth2_client($provider)->get_access_token($portalSession->getCgi()->url_param('code'));
+      $token = oauth2_client($portalSession, $provider)->get_access_token($portalSession->getCgi()->url_param('code'));
    };
 
    if ($@) {
-       $logger->info("OAuth2: failed to receive the token from the provider, redireting to login page");
+       $logger->warn("OAuth2: failed to receive the token from the provider: $@");
        generate_login_page( $portalSession, i18n("OAuth2 Error: Failed to get the token") );
        return 0;
    }
@@ -563,9 +563,8 @@ sub validate_form {
 
 =item web_user_authenticate
 
-    return (1, pf::web::auth subclass) for successfull authentication
-    return (0, undef) for inability to check credentials
-    return (0, pf::web::auth subclass) otherwise (pf::web::auth can give detailed error)
+    return (1, message string, source id string) for successfull authentication
+    return (0, message string, undef) otherwise
 
 =cut
 
@@ -577,15 +576,15 @@ sub web_user_authenticate {
     my $session = $portalSession->getSession();
 
     # validate login and password
-    my ($return, $message, $source) = &pf::authentication::authenticate($portalSession->cgi->param("username"),
-                                                                        $portalSession->cgi->param("password"),
-                                                                        @{$portalSession->getProfile->getInternalSources});
+    my ($return, $message, $source_id) = &pf::authentication::authenticate($portalSession->cgi->param("username"),
+                                                                           $portalSession->cgi->param("password"),
+                                                                           $portalSession->getProfile->getInternalSources);
 
     if (defined($return) && $return == 1) {
         # save login into session
         $portalSession->session->param( "username", $portalSession->cgi->param("username") );
     }
-    return ($return, $message, $source);
+    return ($return, $message, $source_id);
 }
 
 sub generate_registration_page {

diff --git a/lib/pf/web/wispr.pm b/lib/pf/web/wispr.pm
@@ -74,7 +74,7 @@ sub handler {
     # Trace the user in the apache log
     $r->user($req->param("username"));
 
-    my ($return, $message) = &pf::web::web_user_authenticate($portalSession);
+    my ($return, $message, $source_id) = &pf::web::web_user_authenticate($portalSession);
     if ($return) {
         $logger->info("Authentification success for wispr client");
         $stash = {
@@ -107,7 +107,7 @@ sub handler {
 
     # obtain node information provided by authentication module. We need to get the role (category here)
     # as web_node_register() might not work if we've reached the limit
-    my $value = &pf::authentication::match(undef, $params, $Actions::SET_ROLE);
+    my $value = &pf::authentication::match($source_id, $params, $Actions::SET_ROLE);
 
     $logger->warn("Got role $value for username $pid");
 
@@ -116,15 +116,15 @@ sub handler {
         %info = (%info, (category => $value));
     }
 
-    $value = &pf::authentication::match(undef, $params, $Actions::SET_ACCESS_DURATION);
+    $value = &pf::authentication::match($source_id, $params, $Actions::SET_ACCESS_DURATION);
 
     if (defined $value) {
         $logger->trace("No unregdate found - computing it from access duration");
         $value = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($value)));
     }
     else {
         $logger->trace("Unregdate found, we use it right away");
-        $value = &pf::authentication::match(undef, $params, $Actions::SET_UNREG_DATE);
+        $value = &pf::authentication::match($source_id, $params, $Actions::SET_UNREG_DATE);
     }
 
     $logger->trace("Got unregdate $value for username $pid");