annotate Lib/IMPL/Web/Handler/SecureCookie.pm @ 250:129e48bb5afb

DOM refactoring ObjectToDOM methods are virtual QueryToDOM uses inflators Fixed transform for the complex values in the ObjectToDOM QueryToDOM doesn't allow to use complex values (HASHes) as values for nodes (overpost problem)
author sergey
date Wed, 07 Nov 2012 04:17:53 +0400
parents 23daf2fae33a
children fb52014f6931
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
1 package IMPL::Web::Handler::SecureCookie;
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
2 use strict;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
3
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
4
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
5 use Digest::MD5 qw(md5_hex);
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
6 use IMPL::Const qw(:prop);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
7 use IMPL::Security::Auth qw(:Const GenSSID);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
8 use IMPL::declare {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
9 require => {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
10 SecurityContext => 'IMPL::Security::Context',
238
b8c724f6de36 DOM model refactoring
sergey
parents: 233
diff changeset
11 User => 'IMPL::Security::Principal',
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
12 AuthSimple => 'IMPL::Security::Auth::Simple',
231
sergey
parents: 230
diff changeset
13 Exception => 'IMPL::Exception',
sergey
parents: 230
diff changeset
14 OperationException => '-IMPL::InvalidOperationException',
sergey
parents: 230
diff changeset
15 HttpResponse => '-IMPL::Web::HttpResponse'
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
16 },
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
17 base => {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
18 'IMPL::Object' => undef,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
19 'IMPL::Object::Autofill' => '@_',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
20 'IMPL::Object::Serializable' => undef
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
21 },
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
22 props => [
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
23 salt => PROP_RO,
238
b8c724f6de36 DOM model refactoring
sergey
parents: 233
diff changeset
24 _manager => PROP_RO,
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
25 _cookies => PROP_RW
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
26 ]
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
27 };
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
28
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
29 sub CTOR {
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
30 my ($this) = @_;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
31
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
32 $this->salt('DeadBeef') unless $this->salt;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
33 }
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
34
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
35 sub Invoke {
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
36 my ($this,$action,$nextHandler) = @_;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
37
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
38 return unless $nextHandler;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
39
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
40 my $context;
238
b8c724f6de36 DOM model refactoring
sergey
parents: 233
diff changeset
41 $this->_manager($action->application->security);
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
42
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
43
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
44 my $sid = $action->cookie('sid',qr/(\w+)/);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
45 my $cookie = $action->cookie('sdata',qr/(\w+)/);
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
46 my $sign = $action->cookie('sign',qw/(\w+)/);
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
47
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
48 if (
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
49 $sid and
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
50 $cookie and
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
51 $sign and
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
52 $sign eq md5_hex(
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
53 $this->salt,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
54 $sid,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
55 $cookie,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
56 $this->salt
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
57 )
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
58 ) {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
59 # TODO: add a DefferedProxy to deffer a request to a data source
238
b8c724f6de36 DOM model refactoring
sergey
parents: 233
diff changeset
60 if ( $context = $this->_manager->GetSession($sid) ) {
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
61 if ( eval { $context->auth->isa(AuthSimple) } ) {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
62 my ($result,$challenge) = $context->auth->DoAuth($cookie);
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
63
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
64 $context->authority($this);
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
65
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
66 if ($result == AUTH_FAIL) {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
67 $context = undef;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
68 }
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
69 } else {
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
70 undef $context;
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
71 }
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
72 }
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
73
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
74 }
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
75
231
sergey
parents: 230
diff changeset
76 $context ||= SecurityContext->new(principal => User->nobody, authority => $this);
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
77
238
b8c724f6de36 DOM model refactoring
sergey
parents: 233
diff changeset
78 my $httpResponse = $context->Impersonate($nextHandler,$action);
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
79
231
sergey
parents: 230
diff changeset
80 die OperationException->new("A HttpResponse instance is expected")
sergey
parents: 230
diff changeset
81 unless ref $httpResponse && eval { $httpResponse->isa(HttpResponse) };
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
82
231
sergey
parents: 230
diff changeset
83 return $this->WriteResponse($httpResponse);
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
84 }
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
85
231
sergey
parents: 230
diff changeset
86 sub InitSession {
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
87 my ($this,$user,$roles,$auth,$challenge) = @_;
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
88
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
89 my ($status,$answer) = $auth->DoAuth($challenge);
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
90
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
91 die OperationException->new("This provider doesn't support multiround auth")
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
92 if ($status == AUTH_INCOMPLETE || $answer);
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
93
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
94 if ($status == AUTH_SUCCESS) {
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
95 my $sid = GenSSID();
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
96 my $cookie = GenSSID();
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
97
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
98 $this->_cookies({
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
99 sid => $sid,
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
100 sdata => $cookie
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
101 });
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
102
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
103 my $context = $this->_manager->CreateSession(
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
104 sessionId => $sid,
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
105 principal => $user,
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
106 auth => AuthSimple->Create(password => $cookie),
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
107 authority => $this,
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
108 rolesAssigned => $roles
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
109 );
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
110
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
111 $context->Apply();
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
112
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
113 $this->_manager->SaveSession($context);
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
114 }
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
115
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
116 return $status;
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
117 }
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
118
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
119 sub CloseSession {
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
120 my ($this) = @_;
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
121 if(my $session = SecurityContext->current) {
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
122 $this->_cookies({
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
123 sid => undef,
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
124 sdata => undef
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
125 })
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
126 }
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
127 }
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
128
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
129 sub WriteResponse {
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
130 my ($this,$response) = @_;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
131
238
b8c724f6de36 DOM model refactoring
sergey
parents: 233
diff changeset
132 if (my $data = $this->_cookies) {
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
133
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 238
diff changeset
134 my $sign = $data->{sid} && md5_hex(
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
135 $this->salt,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
136 $data->{sid},
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
137 $data->{sdata},
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
138 $this->salt
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
139 );
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
140
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
141 $response->cookies->{sid} = $data->{sid};
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
142 $response->cookies->{sdata} = $data->{sdata};
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
143 $response->cookies->{sign} = $sign;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
144 }
231
sergey
parents: 230
diff changeset
145
sergey
parents: 230
diff changeset
146 return $response;
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
147 }
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
148
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
149 1;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
150
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
151 __END__
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
152
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
153 =pod
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
154
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
155 =head1 NAME
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
156
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
157 C<IMPL::Web::Handler::SecureCookie>
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
158
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
159 =head1 DESCRIPTION
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
160
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
161 Возобновляет сессию пользователя на основе информации переданной через Cookie.
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
162
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
163 Использует механизм подписи информации для проверки верности входных данных перед
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
164 началом каких-либо действий.
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
165
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
166 Данный обработчик возвращает результат выполнения следдующего обработчика.
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
167
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
168
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
169
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
170 =head1 MEMBERS
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
171
231
sergey
parents: 230
diff changeset
172 =head2 C<[get,set] salt>
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
173
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
174 Скаляр, использующийся для подписи данных.
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
175
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 231
diff changeset
176
231
sergey
parents: 230
diff changeset
177 =head2 C<InitSession($user,$auth,$roles)>
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
178
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
179 =cut