Mercurial > pub > Impl
comparison Lib/IMPL/Web/QueryHandler/SecureCookie.pm @ 73:2f31ecabe9ea
doc
security
| author | wizard |
|---|---|
| date | Mon, 29 Mar 2010 06:56:05 +0400 |
| parents | Lib/IMPL/Web/QueryHandler/AuthCookie.pm@8c7b88bdb663 |
| children | 84aa8c395fce |
comparison
equal
deleted
inserted
replaced
| 72:eac47fa4f262 | 73:2f31ecabe9ea |
|---|---|
| 1 package IMPL::Web::QueryHandler::SecureCookie; | |
| 2 | |
| 3 use base qw(IMPL::Web::QueryHandler); | |
| 4 use Digest::MD5 qw(md5_hex); | |
| 5 | |
| 6 use IMPL::Class::Property; | |
| 7 use IMPL::Security::Auth qw(:Const); | |
| 8 | |
| 9 BEGIN { | |
| 10 public property salt => prop_all; | |
| 11 } | |
| 12 | |
| 13 sub CTOR { | |
| 14 my ($this) = @_; | |
| 15 | |
| 16 | |
| 17 } | |
| 18 | |
| 19 sub Process { | |
| 20 my ($this,$action,$nextHandler) = @_; | |
| 21 | |
| 22 my $method = $action->query->cookie('method') || 'simple'; | |
| 23 | |
| 24 if ($method eq 'simple') { | |
| 25 | |
| 26 my $sid = $action->query->cookie('sid'); | |
| 27 | |
| 28 if ($action->query->cookie('sign') eq md5_hex( | |
| 29 $this->salt, | |
| 30 $sid, | |
| 31 $this->salt | |
| 32 ) ) { | |
| 33 | |
| 34 my $context = $action->application->security->Session( | |
| 35 id => $sid | |
| 36 ); | |
| 37 | |
| 38 my ($result,$challenge) = $context->auth->ValidateSession($sid); | |
| 39 | |
| 40 if ($result == AUTH_SUCCESS) { | |
| 41 return $context->Impersonate($nextHandler); | |
| 42 } else { | |
| 43 return $nextHandler->(); | |
| 44 } | |
| 45 } | |
| 46 } else { | |
| 47 die new IMPL::Exception("Unknown auth method",$method); | |
| 48 } | |
| 49 } | |
| 50 | |
| 51 | |
| 52 1; |