pub/Impl: Lib/IMPL/Web/Handler/SecureCookie.pm annotate

annotate Lib/IMPL/Web/Handler/SecureCookie.pm @ 398:38cb0b80e88e

minor changes

author	sergey
date	Thu, 08 May 2014 03:53:17 +0400
parents	69a1f1508696
children

rev	line source
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	1 package IMPL::Web::Handler::SecureCookie;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	2 use strict;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	3
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	4
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	5 use Digest::MD5 qw(md5_hex);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	6 use IMPL::Const qw(:prop);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	7 use IMPL::Security::Auth qw(:Const GenSSID);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	8 use IMPL::declare {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	9 require => {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	10 SecurityContext => 'IMPL::Security::Context',
238 b8c724f6de36 DOM model refactoring sergey parents: 233 diff changeset	11 User => 'IMPL::Security::Principal',
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	12 AuthSimple => 'IMPL::Security::Auth::Simple',
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	13 Exception => 'IMPL::Exception',
ff1e8fa932f2 sync sergey parents: 230 diff changeset	14 OperationException => '-IMPL::InvalidOperationException',
ff1e8fa932f2 sync sergey parents: 230 diff changeset	15 HttpResponse => '-IMPL::Web::HttpResponse'
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	16 },
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	17 base => {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	18 'IMPL::Object' => undef,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	19 'IMPL::Object::Autofill' => '@_',
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	20 'IMPL::Object::Serializable' => undef
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	21 },
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	22 props => [
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	23 salt => PROP_RO,
371 d5c8b955bf8d refactoring cin parents: 357 diff changeset	24 _security => PROP_RW,
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	25 _cookies => PROP_RW
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	26 ]
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	27 };
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	28
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	29 sub CTOR {
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	30 my ($this) = @_;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	31
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	32 $this->salt('DeadBeef') unless $this->salt;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	33 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	34
262 4ac39b9e2ca4 sync sergey parents: 254 diff changeset	35 sub ValidateCookie {
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	36 my ($this,$sid,$cookie,$sign) = @_;
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	37
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	38 return 1 if $sid and $cookie and $sign and $sign eq md5_hex($this->salt,$sid,$cookie,$this->salt);
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	39
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	40 return 0;
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	41 }
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	42
263 0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	43 sub AuthCookie {
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	44 my ($this,$sid,$cookie,$sign, $context) = @_;
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	45
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	46 if (eval { $context->auth->isa(AuthSimple) }) {
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	47 my ($result,$challenge) = $context->auth->DoAuth($cookie);
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	48 return $result;
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	49 }
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	50
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	51 return AUTH_FAIL;
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	52 }
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	53
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	54 sub Invoke {
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	55 my ($this,$action,$nextHandler) = @_;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	56
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	57 return unless $nextHandler;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	58
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	59 my $context;
357 ec58c47edb52 web security: code cleanup, refactoring cin parents: 340 diff changeset	60 $this->_security($action->security);
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	61
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	62
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	63 my $sid = $action->cookie('sid',qr/(\w+)/);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	64 my $cookie = $action->cookie('sdata',qr/(\w+)/);
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	65 my $sign = $action->cookie('sign',qw/(\w+)/);
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	66
262 4ac39b9e2ca4 sync sergey parents: 254 diff changeset	67 if ( $this->ValidateCookie($sid,$cookie,$sign) ) {
328 63709a4e6da0 Security framework refactoring cin parents: 263 diff changeset	68 # TODO: add a DeferredProxy to deffer a request to a data source
357 ec58c47edb52 web security: code cleanup, refactoring cin parents: 340 diff changeset	69 if ( $context = $this->_security->sessions->GetById($sid) ) {
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	70 if ( eval { $context->auth->isa(AuthSimple) } ) {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	71 my ($result,$challenge) = $context->auth->DoAuth($cookie);
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	72
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	73 $context->authority($this);
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	74
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	75 if ($result == AUTH_FAIL) {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	76 $context = undef;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	77 }
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	78 } else {
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	79 undef $context;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	80 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	81 }
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	82
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	83 }
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	84
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	85 $context \|\|= SecurityContext->new(principal => User->nobody, authority => $this);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	86
339 97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	87 my $httpResponse = eval { $context->Impersonate($nextHandler,$action); };
97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	88 my $e = $@;
97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	89
97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	90 die $e if $e;
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	91
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	92 die OperationException->new("A HttpResponse instance is expected")
ff1e8fa932f2 sync sergey parents: 230 diff changeset	93 unless ref $httpResponse && eval { $httpResponse->isa(HttpResponse) };
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	94
393 69a1f1508696 minor security refactoring cin parents: 371 diff changeset	95 return $this->_WriteResponse($httpResponse);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	96 }
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	97
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	98 sub InitSession {
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	99 my ($this,$user,$roles,$auth,$challenge) = @_;
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	100
254 fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	101 my ($status,$answer);
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	102
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	103 if ($auth) {
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	104 ($status,$answer) = $auth->DoAuth($challenge);
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	105 } else {
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	106 $status = AUTH_SUCCESS;
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	107 }
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	108
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	109 die OperationException->new("This provider doesn't support multiround auth")
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	110 if ($status == AUTH_INCOMPLETE \|\| $answer);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	111
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	112 if ($status == AUTH_SUCCESS) {
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	113 my $sid = GenSSID();
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	114 my $cookie = GenSSID();
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	115
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	116 $this->_cookies({
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	117 sid => $sid,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	118 sdata => $cookie
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	119 });
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	120
357 ec58c47edb52 web security: code cleanup, refactoring cin parents: 340 diff changeset	121 my $context = $this->_security->sessions->Create({
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	122 sessionId => $sid,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	123 principal => $user,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	124 auth => AuthSimple->Create(password => $cookie),
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	125 authority => $this,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	126 rolesAssigned => $roles
328 63709a4e6da0 Security framework refactoring cin parents: 263 diff changeset	127 });
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	128
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	129 $context->Apply();
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	130
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	131 }
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	132
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	133 return $status;
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	134 }
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	135
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	136 sub CloseSession {
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	137 my ($this) = @_;
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	138 if(my $session = SecurityContext->current) {
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	139 $this->_cookies({
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	140 sid => undef,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	141 sdata => undef
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	142 })
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	143 }
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	144 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	145
393 69a1f1508696 minor security refactoring cin parents: 371 diff changeset	146 sub _WriteResponse {
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	147 my ($this,$response) = @_;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	148
238 b8c724f6de36 DOM model refactoring sergey parents: 233 diff changeset	149 if (my $data = $this->_cookies) {
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	150
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	151 my $sign = $data->{sid} && md5_hex(
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	152 $this->salt,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	153 $data->{sid},
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	154 $data->{sdata},
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	155 $this->salt
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	156 );
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	157
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	158 $response->cookies->{sid} = $data->{sid};
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	159 $response->cookies->{sdata} = $data->{sdata};
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	160 $response->cookies->{sign} = $sign;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	161 }
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	162
ff1e8fa932f2 sync sergey parents: 230 diff changeset	163 return $response;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	164 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	165
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	166 1;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	167
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	168 __END__
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	169
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	170 =pod
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	171
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	172 =head1 NAME
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	173
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	174 C<IMPL::Web::Handler::SecureCookie>
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	175
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	176 =head1 DESCRIPTION
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	177
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	178 Возобновляет сессию пользователя на основе информации переданной через Cookie.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	179
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	180 Использует механизм подписи информации для проверки верности входных данных перед
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	181 началом каких-либо действий.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	182
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	183 Данный обработчик возвращает результат выполнения следдующего обработчика.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	184
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	185
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	186
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	187 =head1 MEMBERS
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	188
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	189 =head2 C<[get,set] salt>
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	190
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	191 Скаляр, использующийся для подписи данных.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	192
233 3cebcf6fdb9b refactoring, cleaning code sergey parents: 231 diff changeset	193
254 fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	194 =head2 C<InitSession($user,$roles,$auth,$challenge)>
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	195
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	196 Инициирует сессию, поскольку данный модуль отвечает за взаимодействие с клиентом
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	197 при проверки аутентификации, ему передаются данные аутентификации для
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	198 продолжения обмена данными с клиентом. Если создается новая сессия, по
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	199 инициативе веб-приложения, то C<$auth> должно быть пусто.
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	200
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	201 =cut

Mercurial > pub > Impl

annotate Lib/IMPL/Web/Handler/SecureCookie.pm @ 398:38cb0b80e88e