|
73
|
1 package IMPL::Web::QueryHandler::SecureCookie;
|
|
68
|
2
|
|
|
3 use base qw(IMPL::Web::QueryHandler);
|
|
|
4 use Digest::MD5 qw(md5_hex);
|
|
|
5
|
|
|
6 use IMPL::Class::Property;
|
|
69
|
7 use IMPL::Security::Auth qw(:Const);
|
|
68
|
8
|
|
|
9 BEGIN {
|
|
|
10 public property salt => prop_all;
|
|
|
11 }
|
|
|
12
|
|
69
|
13 sub CTOR {
|
|
|
14 my ($this) = @_;
|
|
|
15
|
|
|
16
|
|
|
17 }
|
|
|
18
|
|
68
|
19 sub Process {
|
|
|
20 my ($this,$action,$nextHandler) = @_;
|
|
|
21
|
|
|
22 my $method = $action->query->cookie('method') || 'simple';
|
|
|
23
|
|
|
24 if ($method eq 'simple') {
|
|
|
25
|
|
69
|
26 my $sid = $action->query->cookie('sid');
|
|
|
27
|
|
68
|
28 if ($action->query->cookie('sign') eq md5_hex(
|
|
|
29 $this->salt,
|
|
69
|
30 $sid,
|
|
68
|
31 $this->salt
|
|
|
32 ) ) {
|
|
|
33
|
|
69
|
34 my $context = $action->application->security->Session(
|
|
73
|
35 id => $sid
|
|
69
|
36 );
|
|
|
37
|
|
|
38 my ($result,$challenge) = $context->auth->ValidateSession($sid);
|
|
68
|
39
|
|
69
|
40 if ($result == AUTH_SUCCESS) {
|
|
|
41 return $context->Impersonate($nextHandler);
|
|
|
42 } else {
|
|
|
43 return $nextHandler->();
|
|
|
44 }
|
|
68
|
45 }
|
|
|
46 } else {
|
|
|
47 die new IMPL::Exception("Unknown auth method",$method);
|
|
|
48 }
|
|
|
49 }
|
|
|
50
|
|
|
51
|
|
|
52 1; |
