Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:extendedfunctions [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== Extended functions ======
  
 +===== Presentation =====
 +
 +When [[writingrulesand_headers|writing rules and headers]], you can use Perl expressions that will be evaluated in a jail, to prevent bad code execution.
 +
 +This is also true for:
 +  * [[portalmenu#​menu_modules|Menu modules activation rules]]
 +  * [[formreplay|Form replay data]]
 +  * Macros
 +  * Issuer databases use rules
 +  * etc.
 +
 +Inside this jail, you can access to:
 +  * all session values and CGI environment variables //(through $ENV{<​HTTP_NAME>​})//​
 +  * Core Perl subroutines (split, pop, map, etc.)
 +  * [[customfunctions|Custom functions]]
 +  * The [[http://​perldoc.perl.org/​MIME/​Base64.html|encode_base64]] subroutine
 +  * [[#Request information|Information about current request]]
 +  * [[#Extended functions list|Extended functions]]:​
 +    * [[#​date|date]]
 +    * [[#​checkLogonHours|checkLogonHours]]
 +    * [[#​checkDate|checkDate]]
 +    * [[#​basic|basic]]
 +    * [[#​unicode2iso|unicode2iso]]
 +    * [[#​iso2unicode|iso2unicode]]
 +    * [[#​groupMatch|groupMatch]]
 +    * [[#​encrypt|encrypt]]
 +    * [[#​token|token]]
 +    * [[#​isInNet6|isInNet6]]
 +
 +<note tip>To know more about the jail, check [[http://​perldoc.perl.org/​Safe.html|Safe module documentation]].</​note>​
 +
 +
 +===== Extended Functions List =====
 +
 +==== date ====
 +
 +Returns the date, in format YYYYMMDDHHMMSS,​ local time by default, GMT by calling <​code>​date(1)</​code>​
 +
 +==== checkLogonHours ====
 +
 +This function will check the day and the hour of current request, and compare it to allowed days and hours. It returns 1 if this match, 0 else.
 +All e
 +By default, the allowed days and hours is an hexadecimal value, representing each hour of the week. A day has 24 hours, and a week 7 days, so the value contains 168 bits, converted into 42 hexadecimal characters. Sunday is the first day.
 +
 +For example, for a full access, excepted week-end:
 +<​code>​
 +000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000
 +</​code>​
 +
 +<note tip>The [[authldap#​schema_extension|LDAP schema extension]] can be used to store this value. You can also use the binary value from the logonHours attribute of Active Directory</​note>​
 +
 +Functions parameters:
 +  * **logon_hours**:​ string representing allowed logon hours (GMT)
 +  * **syntax** (optional): ''​hexadecimal''​ (default) or ''​octetstring''​
 +  * **time_correction** (optional): hours to add or to subtract
 +  * **default_access** (optional): what result to return if **logon_hours** is empty
 +
 +Simple usage example:
 +<​code>​
 +checkLogonHours($ssoLogonHours)
 +</​code>​
 +
 +If you use the binary value (Active Directory), use this:
 +<​code>​All e
 +checkLogonHours($ssoLogonHours,​ '​octetstring'​)
 +</​code>​
 +
 +You can also configure jetlag (if all of your users use the same timezone):
 +<​code>​
 +checkLogonHours($ssoLogonHours,​ '',​ '​+2'​)
 +</​code>​
 +
 +If you manage different timezones, you have to take the jetlag into account in ssoLogonHours values, or use the $_timezone parameter. This parameter is set by the portal and use javascript to get the connected user timezone. It should works on every browser:
 +<​code>​
 +checkLogonHours($ssoLogonHours,​ '',​ $_timezone)
 +</​code>​
 +
 +You can modify the default behavior for people without value in ssoLogonHours. Indeed, by default, users without logon hours values are rejected. You can allow these users instead of reject them:
 +<​code>​
 +checkLogonHours($ssoLogonHours,​ '',​ '',​ '​1'​)
 +</​code>​
 +
 +==== checkDate ====
 +
 +This function will check the date of current request, and compare it to a start date and an end date. It returns 1 if this match, 0 else.
 +
 +<note tip>The [[authldap#​schema_extension|LDAP schema extension]] can be used to store these values</​note>​
 +
 +The date format is the LDAP date syntax, for example for the 1st March 2009:
 +<​code>​
 +20090301000000Z
 +</​code>​
 +
 +Functions parameters:
 +  * **start**: Start date (GMT)
 +  * **end**: End date (GMT)
 +  * **default_access** (optional): what result to return if **start** and **end** are empty
 +
 +Simple usage example:
 +<​code>​
 +checkDate($ssoStartDate,​ $ssoEndDate)
 +</​code>​
 +
 +==== basic ====
 +
 +<note important>​This function is not compliant with [[safejail|Safe jail]], you will need to disable the jail to use it.</​note>​
 +
 +This function builds the ''​Authorization''​ HTTP header used in [[.applications:​authbasic|HTTP Basic authentication scheme]]. It will force conversion from UTF-8 to ISO-8859-1 of user and password data.
 +
 +Functions parameters:
 +  * **user**
 +  * **password**
 +
 +Simple usage example:
 +<​code>​
 +basic($uid,​$_password)
 +</​code>​
 +
 +==== unicode2iso ====
 +
 +<note important>​This function is not compliant with [[safejail|Safe jail]], you will need to disable the jail to use it.</​note>​
 +
 +This function convert a string from UTF-8 to ISO-8859-1.
 +
 +Functions parameters:
 +  * **string**
 +
 +Simple usage example:
 +<​code>​
 +unicode2iso($name)
 +</​code>​
 +
 +==== iso2unicode ====
 +
 +<note important>​This function is not compliant with [[safejail|Safe jail]], you will need to disable the jail to use it.</​note>​
 +
 +This function convert a string from ISO-8859-1 to UTF-8.
 +
 +Functions parameters:
 +  * **string**
 +
 +Simple usage example:
 +<​code>​
 +iso2unicode($name)
 +</​code>​
 +
 +==== groupMatch ====
 +
 +this function allows one to parse the ''​$hGroups''​ variable to check if a value is present inside a group attribute.
 +
 +Function parameter:
 +  * **groups**: ''​$hGroups''​ variable
 +  * **attribute**:​ Name of group attribute
 +  * **value**: Value to check
 +
 +Simple usage example:
 +<​code>​
 +groupMatch($hGroups,​ '​description',​ '​Service 1')
 +</​code>​
 +
 +==== encrypt ====
 +
 +<note tip>​Since version 2.0, this function is now compliant with [[safejail|Safe jail]].</​note>​
 +
 +This function uses the secret key of LLNG configuration to crypt a data. This can be used to anonymize identifier given to the protected application.
 +
 +<​code>​
 +encrypt($_whatToTrace)
 +</​code>​
 +
 +==== token ====
 +
 +This function generates token used to [[documentation:​2.0:​servertoserver|handle server webservice calls]].
 +
 +<​code>​
 +token($_session_id,'​webapp1.example.com','​webapp2.example.com'​)
 +</​code>​
 +
 +==== isInNet6 ====
 +
 +Function to check if an IPv6 address is in a subnet. Example //check if IP address is local//:
 +
 +<code perl>
 +isInNet6($ipAddr,​ '​fe80::/​10'​)
 +</​code>​