annotate Lib/IMPL/Web/Handler/SecureCookie.pm @ 230:6d8092d8ce1b

*reworked IMPL::Security *reworked IMPL::Web::Security *refactoring
author sergey
date Mon, 08 Oct 2012 03:37:37 +0400
parents a705e848dcc7
children ff1e8fa932f2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
1 package IMPL::Web::Handler::SecureCookie;
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
2 use strict;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
3
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
4
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
5 use Digest::MD5 qw(md5_hex);
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
6 use IMPL::Const qw(:prop);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
7 use IMPL::Security::Auth qw(:Const GenSSID);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
8 use IMPL::declare {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
9 require => {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
10 SecurityContext => 'IMPL::Security::Context',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
11 User => 'IMPL::Security::User',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
12 AuthSimple => 'IMPL::Security::Auth::Simple',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
13 },
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
14 base => {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
15 'IMPL::Object' => undef,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
16 'IMPL::Object::Autofill' => '@_',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
17 'IMPL::Object::Serializable' => undef
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
18 },
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
19 props => [
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
20 salt => PROP_RO,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
21 manager => PROP_RO,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
22 _cookies => PROP_RW
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
23 ]
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
24 };
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
25
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
26 sub CTOR {
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
27 my ($this) = @_;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
28
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
29 $this->salt('DeadBeef') unless $this->salt;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
30 }
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
31
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
32 sub Invoke {
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
33 my ($this,$action,$nextHandler) = @_;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
34
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
35 return unless $nextHandler;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
36
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
37 my $context;
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
38
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
39
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
40 my $sid = $action->cookie('sid',qr/(\w+)/);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
41 my $cookie = $action->cookie('sdata',qr/(\w+)/);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
42 my $sign = $action->cookie('sign',qw/(\w+)/);
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
43
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
44 if (
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
45 $sid and
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
46 $cookie and
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
47 $sign and
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
48 $sign eq md5_hex(
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
49 $this->salt,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
50 $sid,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
51 $cookie,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
52 $this->salt
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
53 )
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
54 ) {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
55 # TODO: add a DefferedProxy to deffer a request to a data source
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
56 if ( $context = $this->manager->GetSession($sid) ) {
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
57
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
58 if ( eval { $context->auth->isa(AuthSimple) } ) {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
59 my ($result,$challenge) = $context->auth->DoAuth($cookie);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
60
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
61 $action->manager->SaveSession($context);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
62
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
63 if ($result == AUTH_FAIL) {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
64 $context = undef;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
65 }
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
66 }
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
67 }
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
68
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
69 }
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
70
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
71 $context = SecurityContext->new(principal => User->nobody, authority => $this);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
72
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
73 my $httpResponse = $context->Impersonate($nextHandler);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
74
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
75 $this->WriteResponse($httpResponse);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
76
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
77 }
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
78
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
79 sub CreateContext {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
80 my ($this,$user,$auth,$roles) = @_;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
81
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
82 my $sid = GenSSID();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
83 my $cookie = GenSSID();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
84
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
85 $this->_cookies({
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
86 sid => $sid,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
87 sdata => $cookie
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
88 })
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
89
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
90 my $context = $this->$manager->CreateSession(
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
91 sessionId => $sid,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
92 principal => $user,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
93 auth => AuthSimple->(password => $cookie),
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
94 authority => $this,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
95 assignedRoles => $roles
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
96 );
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
97
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
98 $context->Apply();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
99
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
100 return $context;
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
101 }
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
102
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
103 sub WriteResponse {
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
104 my ($this,$response) = @_;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
105
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
106 if (my $data $this->_cookies) {
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
107
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
108 my $sign = md5_hex(
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
109 $this->salt,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
110 $data->{sid},
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
111 $data->{sdata},
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
112 $this->salt
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
113 );
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
114
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
115 $response->cookies->{sid} = $data->{sid};
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
116 $response->cookies->{sdata} = $data->{sdata};
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
117 $response->cookies->{sign} = $sign;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
118 }
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
119 }
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
120
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
121 1;
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
122
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
123 __END__
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
124
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
125 =pod
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
126
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
127 =head1 NAME
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
128
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
129 C<IMPL::Web::Handler::SecureCookie>
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
130
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
131 =head1 DESCRIPTION
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
132
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
133 Возобновляет сессию пользователя на основе информации переданной через Cookie.
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
134
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
135 Использует механизм подписи информации для проверки верности входных данных перед
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
136 началом каких-либо действий.
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
137
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
138 Данный обработчик возвращает результат выполнения следдующего обработчика.
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
139
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
140
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 196
diff changeset
141
196
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
142 =head1 MEMBERS
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
143
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
144 =over
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
145
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
146 =item C<[get,set] salt>
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
147
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
148 Скаляр, использующийся для подписи данных.
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
149
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
150 =back
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
151
a705e848dcc7 added IMPL::Config::Reference
cin
parents:
diff changeset
152 =cut