pub/Impl: Lib/IMPL/Web/Handler/SecureCookie.pm annotate

annotate Lib/IMPL/Web/Handler/SecureCookie.pm @ 339:97628101b765

refactoring: application now holds a security object factory rather than a security object

author	cin
date	Wed, 19 Jun 2013 03:25:44 +0400
parents	63709a4e6da0
children	c090d9102a38

rev	line source
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	1 package IMPL::Web::Handler::SecureCookie;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	2 use strict;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	3
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	4
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	5 use Digest::MD5 qw(md5_hex);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	6 use IMPL::Const qw(:prop);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	7 use IMPL::Security::Auth qw(:Const GenSSID);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	8 use IMPL::declare {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	9 require => {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	10 SecurityContext => 'IMPL::Security::Context',
238 b8c724f6de36 DOM model refactoring sergey parents: 233 diff changeset	11 User => 'IMPL::Security::Principal',
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	12 AuthSimple => 'IMPL::Security::Auth::Simple',
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	13 Exception => 'IMPL::Exception',
ff1e8fa932f2 sync sergey parents: 230 diff changeset	14 OperationException => '-IMPL::InvalidOperationException',
ff1e8fa932f2 sync sergey parents: 230 diff changeset	15 HttpResponse => '-IMPL::Web::HttpResponse'
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	16 },
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	17 base => {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	18 'IMPL::Object' => undef,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	19 'IMPL::Object::Autofill' => '@_',
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	20 'IMPL::Object::Serializable' => undef
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	21 },
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	22 props => [
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	23 salt => PROP_RO,
238 b8c724f6de36 DOM model refactoring sergey parents: 233 diff changeset	24 _manager => PROP_RO,
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	25 _cookies => PROP_RW
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	26 ]
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	27 };
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	28
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	29 sub CTOR {
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	30 my ($this) = @_;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	31
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	32 $this->salt('DeadBeef') unless $this->salt;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	33 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	34
262 4ac39b9e2ca4 sync sergey parents: 254 diff changeset	35 sub ValidateCookie {
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	36 my ($this,$sid,$cookie,$sign) = @_;
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	37
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	38 return 1 if $sid and $cookie and $sign and $sign eq md5_hex($this->salt,$sid,$cookie,$this->salt);
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	39
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	40 return 0;
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	41 }
4ac39b9e2ca4 sync sergey parents: 254 diff changeset	42
263 0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	43 sub AuthCookie {
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	44 my ($this,$sid,$cookie,$sign, $context) = @_;
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	45
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	46 if (eval { $context->auth->isa(AuthSimple) }) {
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	47 my ($result,$challenge) = $context->auth->DoAuth($cookie);
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	48 return $result;
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	49 }
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	50
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	51 return AUTH_FAIL;
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	52 }
0f59b2de72af fixed IMPL::DOM::Schema circular module references sergey* parents: 262 diff changeset	53
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	54 sub Invoke {
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	55 my ($this,$action,$nextHandler) = @_;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	56
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	57 return unless $nextHandler;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	58
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	59 my $context;
339 97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	60 $this->_manager($action->application->security->new());
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	61
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	62
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	63 my $sid = $action->cookie('sid',qr/(\w+)/);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	64 my $cookie = $action->cookie('sdata',qr/(\w+)/);
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	65 my $sign = $action->cookie('sign',qw/(\w+)/);
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	66
262 4ac39b9e2ca4 sync sergey parents: 254 diff changeset	67 if ( $this->ValidateCookie($sid,$cookie,$sign) ) {
328 63709a4e6da0 Security framework refactoring cin parents: 263 diff changeset	68 # TODO: add a DeferredProxy to deffer a request to a data source
63709a4e6da0 Security framework refactoring cin parents: 263 diff changeset	69 if ( $context = $this->_manager->sessions->GetById($sid) ) {
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	70 if ( eval { $context->auth->isa(AuthSimple) } ) {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	71 my ($result,$challenge) = $context->auth->DoAuth($cookie);
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	72
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	73 $context->authority($this);
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	74
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	75 if ($result == AUTH_FAIL) {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	76 $context = undef;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	77 }
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	78 } else {
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	79 undef $context;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	80 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	81 }
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	82
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	83 }
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	84
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	85 $context \|\|= SecurityContext->new(principal => User->nobody, authority => $this);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	86
339 97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	87 my $httpResponse = eval { $context->Impersonate($nextHandler,$action); };
97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	88 my $e = $@;
97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	89
97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	90 $this->_manager->Dispose();
97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	91
97628101b765 refactoring: application now holds a security object factory rather than a security object cin parents: 328 diff changeset	92 die $e if $e;
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	93
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	94 die OperationException->new("A HttpResponse instance is expected")
ff1e8fa932f2 sync sergey parents: 230 diff changeset	95 unless ref $httpResponse && eval { $httpResponse->isa(HttpResponse) };
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	96
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	97 return $this->WriteResponse($httpResponse);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	98 }
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	99
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	100 sub InitSession {
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	101 my ($this,$user,$roles,$auth,$challenge) = @_;
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	102
254 fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	103 my ($status,$answer);
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	104
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	105 if ($auth) {
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	106 ($status,$answer) = $auth->DoAuth($challenge);
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	107 } else {
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	108 $status = AUTH_SUCCESS;
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	109 }
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	110
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	111 die OperationException->new("This provider doesn't support multiround auth")
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	112 if ($status == AUTH_INCOMPLETE \|\| $answer);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	113
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	114 if ($status == AUTH_SUCCESS) {
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	115 my $sid = GenSSID();
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	116 my $cookie = GenSSID();
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	117
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	118 $this->_cookies({
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	119 sid => $sid,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	120 sdata => $cookie
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	121 });
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	122
328 63709a4e6da0 Security framework refactoring cin parents: 263 diff changeset	123 my $context = $this->_manager->sessions->Create({
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	124 sessionId => $sid,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	125 principal => $user,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	126 auth => AuthSimple->Create(password => $cookie),
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	127 authority => $this,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	128 rolesAssigned => $roles
328 63709a4e6da0 Security framework refactoring cin parents: 263 diff changeset	129 });
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	130
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	131 $context->Apply();
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	132
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	133 }
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	134
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	135 return $status;
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	136 }
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	137
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	138 sub CloseSession {
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	139 my ($this) = @_;
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	140 if(my $session = SecurityContext->current) {
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	141 $this->_cookies({
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	142 sid => undef,
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	143 sdata => undef
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	144 })
23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	145 }
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	146 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	147
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	148 sub WriteResponse {
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	149 my ($this,$response) = @_;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	150
238 b8c724f6de36 DOM model refactoring sergey parents: 233 diff changeset	151 if (my $data = $this->_cookies) {
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	152
239 23daf2fae33a security subsytem bugfixes sergey* parents: 238 diff changeset	153 my $sign = $data->{sid} && md5_hex(
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	154 $this->salt,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	155 $data->{sid},
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	156 $data->{sdata},
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	157 $this->salt
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	158 );
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	159
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	160 $response->cookies->{sid} = $data->{sid};
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	161 $response->cookies->{sdata} = $data->{sdata};
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	162 $response->cookies->{sign} = $sign;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	163 }
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	164
ff1e8fa932f2 sync sergey parents: 230 diff changeset	165 return $response;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	166 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	167
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	168 1;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	169
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	170 __END__
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	171
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	172 =pod
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	173
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	174 =head1 NAME
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	175
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	176 C<IMPL::Web::Handler::SecureCookie>
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	177
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	178 =head1 DESCRIPTION
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	179
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	180 Возобновляет сессию пользователя на основе информации переданной через Cookie.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	181
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	182 Использует механизм подписи информации для проверки верности входных данных перед
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	183 началом каких-либо действий.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	184
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	185 Данный обработчик возвращает результат выполнения следдующего обработчика.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	186
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	187
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	188
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	189 =head1 MEMBERS
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	190
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	191 =head2 C<[get,set] salt>
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	192
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	193 Скаляр, использующийся для подписи данных.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	194
233 3cebcf6fdb9b refactoring, cleaning code sergey parents: 231 diff changeset	195
254 fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	196 =head2 C<InitSession($user,$roles,$auth,$challenge)>
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	197
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	198 Инициирует сессию, поскольку данный модуль отвечает за взаимодействие с клиентом
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	199 при проверки аутентификации, ему передаются данные аутентификации для
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	200 продолжения обмена данными с клиентом. Если создается новая сессия, по
fb52014f6931 updated web-session creation sergey parents: 239 diff changeset	201 инициативе веб-приложения, то C<$auth> должно быть пусто.
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	202
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	203 =cut

Mercurial > pub > Impl

annotate Lib/IMPL/Web/Handler/SecureCookie.pm @ 339:97628101b765