Mercurial > pub > Impl
annotate Lib/IMPL/Web/QueryHandler/SecureCookie.pm @ 103:c289ed9662ca
Schema beta 2
More strict validation, support for inflating a simple nodes and properties
author | wizard |
---|---|
date | Fri, 07 May 2010 18:17:40 +0400 |
parents | 964587c5183c |
children | a9f4ba4783eb |
rev | line source |
---|---|
73 | 1 package IMPL::Web::QueryHandler::SecureCookie; |
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
2 use strict; |
68 | 3 |
4 use base qw(IMPL::Web::QueryHandler); | |
5 use Digest::MD5 qw(md5_hex); | |
6 | |
7 use IMPL::Class::Property; | |
69 | 8 use IMPL::Security::Auth qw(:Const); |
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
9 use IMPL::Security; |
68 | 10 |
11 BEGIN { | |
12 public property salt => prop_all; | |
13 } | |
14 | |
69 | 15 sub CTOR { |
16 my ($this) = @_; | |
17 | |
75 | 18 $this->salt('DeadBeef') unless $this->salt; |
69 | 19 } |
20 | |
68 | 21 sub Process { |
22 my ($this,$action,$nextHandler) = @_; | |
23 | |
75 | 24 return undef unless $nextHandler; |
25 | |
97 | 26 local $IMPL::Security::authority = $this; |
27 | |
68 | 28 my $method = $action->query->cookie('method') || 'simple'; |
29 | |
30 if ($method eq 'simple') { | |
31 | |
69 | 32 my $sid = $action->query->cookie('sid'); |
75 | 33 my $cookie = $action->query->cookie('sdata'); |
34 my $sign = $action->query->cookie('sign'); | |
69 | 35 |
75 | 36 if ( |
37 $sid and | |
38 $cookie and | |
39 $sign and | |
40 $sign eq md5_hex( | |
41 $this->salt, | |
42 $sid, | |
43 $cookie, | |
44 $this->salt | |
45 ) | |
46 ) { | |
89 | 47 my $context = $action->application->security->sourceSession->find( |
48 { id => $sid } | |
49 ) or return $nextHandler->(); | |
69 | 50 |
74 | 51 my ($result,$challenge) = $context->auth->ValidateSession($cookie); |
68 | 52 |
69 | 53 if ($result == AUTH_SUCCESS) { |
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
54 $context->authority($this); |
69 | 55 return $context->Impersonate($nextHandler); |
56 } else { | |
57 return $nextHandler->(); | |
58 } | |
97 | 59 } else { |
60 return $nextHandler->(); | |
68 | 61 } |
62 } else { | |
97 | 63 return $nextHandler->(); |
68 | 64 } |
65 } | |
66 | |
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
67 sub WriteResponse { |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
68 my ($this,$response,$sid,$cookie,$method) = @_; |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
69 |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
70 my $sign = md5_hex( |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
71 $this->salt, |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
72 $sid, |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
73 $cookie, |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
74 $this->salt |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
75 ); |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
76 |
97 | 77 $response->setCookie(sid => $sid); |
78 $response->setCookie(sdata => $cookie); | |
79 $response->setCookie(sign => $sign); | |
80 $response->setCookie(method => $method) if $method; | |
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
81 } |
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
82 |
75 | 83 1; |
68 | 84 |
75 | 85 __END__ |
86 | |
87 =pod | |
88 | |
89 =head1 NAME | |
90 | |
91 C<IMPL::Web::QueryHandler::SecureCookie> | |
92 | |
93 =head1 DESCRIPTION | |
94 | |
95 C<use base qw(IMPL::Web::QueryHandler)> | |
96 | |
97 Возобновляет сессию пользователя на основе информации переданной через Cookie. | |
98 | |
99 Использует механизм подписи информации для проверки верности входных данных перед | |
100 началом каких-либо действий. | |
101 | |
102 Данный обработчик возвращает результат выполнения следдующего обработчика. | |
103 | |
104 =head1 MEMBERS | |
105 | |
106 =over | |
107 | |
108 =item C<[get,set] salt> | |
109 | |
110 Скаляр, использующийся для подписи данных. | |
111 | |
112 =back | |
113 | |
114 =cut |