comparison Lib/IMPL/Web/QueryHandler/SecureCookie.pm @ 73:2f31ecabe9ea

doc security
author wizard
date Mon, 29 Mar 2010 06:56:05 +0400
parents Lib/IMPL/Web/QueryHandler/AuthCookie.pm@8c7b88bdb663
children 84aa8c395fce
comparison
equal deleted inserted replaced
72:eac47fa4f262 73:2f31ecabe9ea
1 package IMPL::Web::QueryHandler::SecureCookie;
2
3 use base qw(IMPL::Web::QueryHandler);
4 use Digest::MD5 qw(md5_hex);
5
6 use IMPL::Class::Property;
7 use IMPL::Security::Auth qw(:Const);
8
9 BEGIN {
10 public property salt => prop_all;
11 }
12
13 sub CTOR {
14 my ($this) = @_;
15
16
17 }
18
19 sub Process {
20 my ($this,$action,$nextHandler) = @_;
21
22 my $method = $action->query->cookie('method') || 'simple';
23
24 if ($method eq 'simple') {
25
26 my $sid = $action->query->cookie('sid');
27
28 if ($action->query->cookie('sign') eq md5_hex(
29 $this->salt,
30 $sid,
31 $this->salt
32 ) ) {
33
34 my $context = $action->application->security->Session(
35 id => $sid
36 );
37
38 my ($result,$challenge) = $context->auth->ValidateSession($sid);
39
40 if ($result == AUTH_SUCCESS) {
41 return $context->Impersonate($nextHandler);
42 } else {
43 return $nextHandler->();
44 }
45 }
46 } else {
47 die new IMPL::Exception("Unknown auth method",$method);
48 }
49 }
50
51
52 1;