pub/Impl: Lib/IMPL/Web/Handler/SecureCookie.pm annotate

annotate Lib/IMPL/Web/Handler/SecureCookie.pm @ 231:ff1e8fa932f2

sync

author	sergey
date	Tue, 09 Oct 2012 03:09:41 +0400
parents	6d8092d8ce1b
children	3cebcf6fdb9b

rev	line source
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	1 package IMPL::Web::Handler::SecureCookie;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	2 use strict;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	3
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	4
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	5 use Digest::MD5 qw(md5_hex);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	6 use IMPL::Const qw(:prop);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	7 use IMPL::Security::Auth qw(:Const GenSSID);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	8 use IMPL::declare {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	9 require => {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	10 SecurityContext => 'IMPL::Security::Context',
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	11 User => 'IMPL::Security::User',
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	12 AuthSimple => 'IMPL::Security::Auth::Simple',
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	13 Exception => 'IMPL::Exception',
ff1e8fa932f2 sync sergey parents: 230 diff changeset	14 OperationException => '-IMPL::InvalidOperationException',
ff1e8fa932f2 sync sergey parents: 230 diff changeset	15 HttpResponse => '-IMPL::Web::HttpResponse'
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	16 },
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	17 base => {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	18 'IMPL::Object' => undef,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	19 'IMPL::Object::Autofill' => '@_',
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	20 'IMPL::Object::Serializable' => undef
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	21 },
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	22 props => [
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	23 salt => PROP_RO,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	24 manager => PROP_RO,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	25 _cookies => PROP_RW
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	26 ]
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	27 };
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	28
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	29 sub CTOR {
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	30 my ($this) = @_;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	31
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	32 $this->salt('DeadBeef') unless $this->salt;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	33 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	34
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	35 sub Invoke {
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	36 my ($this,$action,$nextHandler) = @_;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	37
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	38 return unless $nextHandler;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	39
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	40 my $context;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	41
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	42
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	43 my $sid = $action->cookie('sid',qr/(\w+)/);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	44 my $cookie = $action->cookie('sdata',qr/(\w+)/);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	45 my $sign = $action->cookie('sign',qw/(\w+)/);
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	46
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	47 if (
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	48 $sid and
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	49 $cookie and
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	50 $sign and
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	51 $sign eq md5_hex(
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	52 $this->salt,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	53 $sid,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	54 $cookie,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	55 $this->salt
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	56 )
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	57 ) {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	58 # TODO: add a DefferedProxy to deffer a request to a data source
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	59 if ( $context = $this->manager->GetSession($sid) ) {
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	60
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	61 if ( eval { $context->auth->isa(AuthSimple) } ) {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	62 my ($result,$challenge) = $context->auth->DoAuth($cookie);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	63
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	64 $action->manager->SaveSession($context);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	65
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	66 if ($result == AUTH_FAIL) {
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	67 $context = undef;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	68 }
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	69 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	70 }
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	71
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	72 }
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	73
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	74 $context \|\|= SecurityContext->new(principal => User->nobody, authority => $this);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	75
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	76 my $httpResponse = $context->Impersonate($nextHandler);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	77
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	78 die OperationException->new("A HttpResponse instance is expected")
ff1e8fa932f2 sync sergey parents: 230 diff changeset	79 unless ref $httpResponse && eval { $httpResponse->isa(HttpResponse) };
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	80
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	81 return $this->WriteResponse($httpResponse);
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	82 }
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	83
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	84 sub InitSession {
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	85 my ($this,$user,$auth,$roles) = @_;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	86
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	87 my $sid = GenSSID();
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	88 my $cookie = GenSSID();
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	89
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	90 $this->_cookies({
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	91 sid => $sid,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	92 sdata => $cookie
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	93 })
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	94
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	95 my $context = $this->$manager->CreateSession(
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	96 sessionId => $sid,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	97 principal => $user,
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	98 auth => AuthSimple->new(password => $cookie),
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	99 authority => $this,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	100 assignedRoles => $roles
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	101 );
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	102
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	103 $context->Apply();
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	104
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	105 return $context;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	106 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	107
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	108 sub WriteResponse {
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	109 my ($this,$response) = @_;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	110
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	111 if (my $data $this->_cookies) {
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	112
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	113 my $sign = md5_hex(
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	114 $this->salt,
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	115 $data->{sid},
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	116 $data->{sdata},
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	117 $this->salt
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	118 );
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	119
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	120 $response->cookies->{sid} = $data->{sid};
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	121 $response->cookies->{sdata} = $data->{sdata};
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	122 $response->cookies->{sign} = $sign;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	123 }
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	124
ff1e8fa932f2 sync sergey parents: 230 diff changeset	125 return $response;
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	126 }
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	127
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	128 1;
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	129
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	130 __END__
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	131
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	132 =pod
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	133
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	134 =head1 NAME
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	135
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	136 C<IMPL::Web::Handler::SecureCookie>
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	137
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	138 =head1 DESCRIPTION
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	139
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	140 Возобновляет сессию пользователя на основе информации переданной через Cookie.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	141
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	142 Использует механизм подписи информации для проверки верности входных данных перед
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	143 началом каких-либо действий.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	144
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	145 Данный обработчик возвращает результат выполнения следдующего обработчика.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	146
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	147
6d8092d8ce1b reworked IMPL::Security sergey* parents: 196 diff changeset	148
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	149 =head1 MEMBERS
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	150
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	151 =head2 C<[get,set] salt>
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	152
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	153 Скаляр, использующийся для подписи данных.
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	154
231 ff1e8fa932f2 sync sergey parents: 230 diff changeset	155 =head2 C<InitSession($user,$auth,$roles)>
196 a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	156
a705e848dcc7 added IMPL::Config::Reference cin parents: diff changeset	157 =cut

Mercurial > pub > Impl

annotate Lib/IMPL/Web/Handler/SecureCookie.pm @ 231:ff1e8fa932f2