NAME
Lemonldap::NG::Portal::Main::Plugin - Base class for Lemonldap::NG::Portal modules (plugins, authentication modules,...).
SYNOPSIS
packageLemonldap::NG::Portal::My::Plugin;useMouse;subinit {my($self) =@_;$self->addUnauthRoute(mypath=>'hello', ['GET','PUT'] );$self->addAuthRoute(mypath=>'welcome', ['GET','PUT'] );return1;}subverifyIP {my($self,$req) =@_;returnPE_ERRORif($req->address !~ /^10/);returnPE_OK;}subhello {my($self,$req) =@_;...return$self->p->sendJSONresponse($req, {hello=> 1 });}subwelcome {my($self,$req) =@_;...return$self->p->sendHtml($req,'template',params=> {WELCOME=> 1 });}
DESCRIPTION
Lemonldap::NG::Portal::Main::Plugin provides many methods to easily write Lemonldap::NG addons.
init() is called for each plugin. If a plugin initialization fails (init() returns 0), the portal responds a 500 status code for each request.
Writing plugins
Custom plugins can be inserted in portal by declaring them in lemonldap-ng.ini file, section [portal], key customPlugins:
[portal]customPlugins = ::My::Plugin1, ::My::Plugin2
Plugins must be valid packages well found in @INC.
Plugin entry points
Entry point based on PATH_INFO
Plugins can declare unauthRoutes/authRoutes during initialization (= /path/info). Methods declared in this way must be declared in the plugin class. They will be called with $req argument. $req is the HTTP request. (See Lemonldap::NG::Portal::Main::Request). These methods must return a valid PSGI response. You can also use sendJSONresponse() or sendHtml() methods (see Lemonldap::NG::Common::PSGI).
Example:
subinit {my($self) =@_;$self->addUnauthRoute(mypath=>'hello', ['GET','PUT'] );$self->addAuthRoute(mypath=>'welcome', ['GET','PUT'] );return1;}subhello {my($self,$req) =@_;...return$self->p->sendJSONresponse($req, {hello=> 1 });}subwelcome {my($self,$req) =@_;...return$self->p->sendHtml($req,'template',params=> {WELLCOME=> 1 });}
If you want to get a "protected application" behavior, you can use addAuthRouteWithRedirect. This methods calls addAuthRoute with given arguments and build a "unAuth" route that build a redirection after authentication.
Entry point in auth process
A plugin which wants to be inserted in authentication process has to declare constants set with method name to run. Following entry points are available.
beforeAuth: method called before authentication processbetweenAuthAndData: method called after authentication and before settingsessionInfoprovisionningafterData: method called aftersessionInfoprovisionning (macros, groups,...). This entry point is called after 'storeHistory' if login process fails and before 'validSession' if succeeds.authCancel: method called when user click on "cancel" during auth processforAuthUser: method called for already authenticated usersbeforeLogout: method called before logout
Note: methods inserted so must return a PE_* constant. See Lemonldap::NG::Portal::Main::Constants.
Advanced entry points
These entry points are not stored in $req->step but launched on the fly:
afterSub: hash ref that give methods to call after given main method is called. Example:-
getUser=>'mysub',}submysub {my($self,$req) =@_;# Do somethingreturnPE_OK;} aroundSub: hash ref that give methods to call instead of given main method. Example:-
getUser=>'mysub',};submysub {my($self,$sub,$req) =@_;# Do something beforemy$ret=$sub->($req);# Do something afterreturn$ret;}Do not launch "getUser" but use the given
$sub. This permits multiple plugins to use "aroundSub" in the same time. hook: hash ref that gives methods to call when a hook is triggered in the LemonLDAP::NG code. Example:-
oidcGenerateIDToken=>'addClaimToIDToken'};subaddClaimToIDToken {my($self,$req,$payload,$rp) =@_;$payload->{"id_token_hook"} = 1;returnPE_OK;}
LOGGING
Logging is provided by $self->logger and $self->userLogger. The following rules must be applied:
- logger->debug: technical debugging messages
- logger->info: simple technical information
- logger->notice: technical information that could interest administrators
- logger->warn: technical warning
- logger->error: error that must be reported to administrator
- userLogger->info: simple information about user's action
- userLogger->notice: information that may be registered (auth success,...)
- userLogger->warn: bad action of a user (auth failure). Auth/Combination transform it to "info" when another authentication scheme is available
- userLogger->error: bad action of a user that must be reported, (even if another backend is available with Combination)
SEE ALSO
OTHER POD FILES
- Writing an authentication module: Lemonldap::NG::Portal::Auth
- Writing a UserDB module: Lemonldap::NG::Portal::UserDB
- Writing a second factor module: Lemonldap::NG::Portal::Main::SecondFactor
- Writing an issuer module: Lemonldap::NG::Portal::Main::Issuer
- Writing another plugin: Lemonldap::NG::Portal::Main::Plugin
- Request object: Lemonldap::NG::Portal::Main::Request
- Adding parameters in the manager: Lemonldap::NG::Manager::Build
AUTHORS
- LemonLDAP::NG team http://lemonldap-ng.org/team
BUG REPORT
Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues
DOWNLOAD
Lemonldap::NG is available at https://lemonldap-ng.org/download
COPYRIGHT AND LICENSE
See COPYING file for details.
This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.