|
196
|
1 package IMPL::Web::QueryHandler::SecureCookie;
|
|
|
2 use strict;
|
|
|
3
|
|
|
4 use parent qw(IMPL::Web::QueryHandler);
|
|
|
5 use Digest::MD5 qw(md5_hex);
|
|
|
6
|
|
|
7 use IMPL::Class::Property;
|
|
|
8 use IMPL::Security::Auth qw(:Const);
|
|
|
9 use IMPL::Security;
|
|
|
10
|
|
|
11 BEGIN {
|
|
|
12 public property salt => prop_all;
|
|
|
13 }
|
|
|
14
|
|
|
15 sub CTOR {
|
|
|
16 my ($this) = @_;
|
|
|
17
|
|
|
18 $this->salt('DeadBeef') unless $this->salt;
|
|
|
19 }
|
|
|
20
|
|
|
21 sub Process {
|
|
|
22 my ($this,$action,$nextHandler) = @_;
|
|
|
23
|
|
|
24 return undef unless $nextHandler;
|
|
|
25
|
|
|
26 local $IMPL::Security::authority = $this;
|
|
|
27
|
|
|
28 my $method = $action->query->cookie('method') || 'simple';
|
|
|
29
|
|
|
30 if ($method eq 'simple') {
|
|
|
31
|
|
|
32 my $sid = $action->query->cookie('sid');
|
|
|
33 my $cookie = $action->query->cookie('sdata');
|
|
|
34 my $sign = $action->query->cookie('sign');
|
|
|
35
|
|
|
36 if (
|
|
|
37 $sid and
|
|
|
38 $cookie and
|
|
|
39 $sign and
|
|
|
40 $sign eq md5_hex(
|
|
|
41 $this->salt,
|
|
|
42 $sid,
|
|
|
43 $cookie,
|
|
|
44 $this->salt
|
|
|
45 )
|
|
|
46 ) {
|
|
|
47 # TODO: add a DefferedProxy to deffer a request to a data source
|
|
|
48 my $context = $action->application->security->sourceSession->find(
|
|
|
49 { id => $sid }
|
|
|
50 ) or return $nextHandler->();
|
|
|
51
|
|
|
52 my ($result,$challenge) = $context->auth->ValidateSession($cookie);
|
|
|
53
|
|
|
54 if ($result == AUTH_SUCCESS) {
|
|
|
55 $context->authority($this);
|
|
|
56 return $context->Impersonate($nextHandler);
|
|
|
57 } else {
|
|
|
58 return $nextHandler->();
|
|
|
59 }
|
|
|
60 } else {
|
|
|
61 return $nextHandler->();
|
|
|
62 }
|
|
|
63 } else {
|
|
|
64 return $nextHandler->();
|
|
|
65 }
|
|
|
66 }
|
|
|
67
|
|
|
68 sub WriteResponse {
|
|
|
69 my ($this,$response,$sid,$cookie,$method) = @_;
|
|
|
70
|
|
|
71 my $sign = md5_hex(
|
|
|
72 $this->salt,
|
|
|
73 $sid,
|
|
|
74 $cookie,
|
|
|
75 $this->salt
|
|
|
76 );
|
|
|
77
|
|
|
78 $response->setCookie(sid => $sid);
|
|
|
79 $response->setCookie(sdata => $cookie);
|
|
|
80 $response->setCookie(sign => $sign);
|
|
|
81 $response->setCookie(method => $method) if $method;
|
|
|
82 }
|
|
|
83
|
|
|
84 1;
|
|
|
85
|
|
|
86 __END__
|
|
|
87
|
|
|
88 =pod
|
|
|
89
|
|
|
90 =head1 NAME
|
|
|
91
|
|
|
92 C<IMPL::Web::QueryHandler::SecureCookie>
|
|
|
93
|
|
|
94 =head1 DESCRIPTION
|
|
|
95
|
|
|
96 C<use parent qw(IMPL::Web::QueryHandler)>
|
|
|
97
|
|
|
98 Возобновляет сессию пользователя на основе информации переданной через Cookie.
|
|
|
99
|
|
|
100 Использует механизм подписи информации для проверки верности входных данных перед
|
|
|
101 началом каких-либо действий.
|
|
|
102
|
|
|
103 Данный обработчик возвращает результат выполнения следдующего обработчика.
|
|
|
104
|
|
|
105 =head1 MEMBERS
|
|
|
106
|
|
|
107 =over
|
|
|
108
|
|
|
109 =item C<[get,set] salt>
|
|
|
110
|
|
|
111 Скаляр, использующийся для подписи данных.
|
|
|
112
|
|
|
113 =back
|
|
|
114
|
|
|
115 =cut
|
