Mercurial > pub > Impl

comparison Lib/IMPL/Web/Handler/SecureCookie.pm @ 239:23daf2fae33a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
*security subsytem bugfixes *HttpResponse: cookies which values are set to undefined will be deleted from browser
author sergey
date Tue, 16 Oct 2012 20:14:11 +0400
parents b8c724f6de36
children fb52014f6931
comparison
equal deleted inserted replaced
238:b8c724f6de36 239:23daf2fae33a
41 $this->_manager($action->application->security); 41 $this->_manager($action->application->security);
42 42
43 43
44 my $sid = $action->cookie('sid',qr/(\w+)/); 44 my $sid = $action->cookie('sid',qr/(\w+)/);
45 my $cookie = $action->cookie('sdata',qr/(\w+)/); 45 my $cookie = $action->cookie('sdata',qr/(\w+)/);
46 my $sign = $action->cookie('sign',qw/(\w+)/); 46 my $sign = $action->cookie('sign',qw/(\w+)/);
47 47
48 if ( 48 if (
49 $sid and 49 $sid and
50 $cookie and 50 $cookie and
51 $sign and 51 $sign and
56 $this->salt 56 $this->salt
57 ) 57 )
58 ) { 58 ) {
59 # TODO: add a DefferedProxy to deffer a request to a data source 59 # TODO: add a DefferedProxy to deffer a request to a data source
60 if ( $context = $this->_manager->GetSession($sid) ) { 60 if ( $context = $this->_manager->GetSession($sid) ) {
61
62 if ( eval { $context->auth->isa(AuthSimple) } ) { 61 if ( eval { $context->auth->isa(AuthSimple) } ) {
63 my ($result,$challenge) = $context->auth->DoAuth($cookie); 62 my ($result,$challenge) = $context->auth->DoAuth($cookie);
64 63
65 $action->_manager->SaveSession($context); 64 $context->authority($this);
66 65
67 if ($result == AUTH_FAIL) { 66 if ($result == AUTH_FAIL) {
68 $context = undef; 67 $context = undef;
69 } 68 }
69 } else {
70 undef $context;
70 } 71 }
71 } 72 }
72 73
73 } 74 }
74 75
81 82
82 return $this->WriteResponse($httpResponse); 83 return $this->WriteResponse($httpResponse);
83 } 84 }
84 85
85 sub InitSession { 86 sub InitSession {
86 my ($this,$user,$auth,$roles) = @_; 87 my ($this,$user,$roles,$auth,$challenge) = @_;
87 88
88 my $sid = GenSSID(); 89 my ($status,$answer) = $auth->DoAuth($challenge);
89 my $cookie = GenSSID();
90 90
91 $this->_cookies({ 91 die OperationException->new("This provider doesn't support multiround auth")
92 sid => $sid, 92 if ($status == AUTH_INCOMPLETE || $answer);
93 sdata => $cookie 93
94 }); 94 if ($status == AUTH_SUCCESS) {
95 my $sid = GenSSID();
96 my $cookie = GenSSID();
97
98 $this->_cookies({
99 sid => $sid,
100 sdata => $cookie
101 });
102
103 my $context = $this->_manager->CreateSession(
104 sessionId => $sid,
105 principal => $user,
106 auth => AuthSimple->Create(password => $cookie),
107 authority => $this,
108 rolesAssigned => $roles
109 );
110
111 $context->Apply();
112
113 $this->_manager->SaveSession($context);
114 }
115
116 return $status;
117 }
95 118
96 my $context = $this->_manager->CreateSession( 119 sub CloseSession {
97 sessionId => $sid, 120 my ($this) = @_;
98 principal => $user, 121 if(my $session = SecurityContext->current) {
99 auth => AuthSimple->Create(password => $cookie), 122 $this->_cookies({
100 authority => $this, 123 sid => undef,
101 assignedRoles => $roles 124 sdata => undef
102 ); 125 })
103 126 }
104 $context->Apply();
105
106 return $context;
107 } 127 }
108 128
109 sub WriteResponse { 129 sub WriteResponse {
110 my ($this,$response) = @_; 130 my ($this,$response) = @_;
111 131
112 if (my $data = $this->_cookies) { 132 if (my $data = $this->_cookies) {
113 133
114 my $sign = md5_hex( 134 my $sign = $data->{sid} && md5_hex(
115 $this->salt, 135 $this->salt,
116 $data->{sid}, 136 $data->{sid},
117 $data->{sdata}, 137 $data->{sdata},
118 $this->salt 138 $this->salt
119 ); 139 );