Mercurial > pub > Impl

comparison Lib/IMPL/Web/QueryHandler/SecureCookie.pm @ 194:4d0e1962161c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Replaced tabs with spaces IMPL::Web::View - fixed document model, new features (control classes, document constructor parameters)
author cin
date Tue, 10 Apr 2012 20:08:29 +0400
parents d1676be8afcc
children
comparison
equal deleted inserted replaced
193:8e8401c0aea4 194:4d0e1962161c
7 use IMPL::Class::Property; 7 use IMPL::Class::Property;
8 use IMPL::Security::Auth qw(:Const); 8 use IMPL::Security::Auth qw(:Const);
9 use IMPL::Security; 9 use IMPL::Security;
10 10
11 BEGIN { 11 BEGIN {
12 public property salt => prop_all; 12 public property salt => prop_all;
13 } 13 }
14 14
15 sub CTOR { 15 sub CTOR {
16 my ($this) = @_; 16 my ($this) = @_;
17 17
18 $this->salt('DeadBeef') unless $this->salt; 18 $this->salt('DeadBeef') unless $this->salt;
19 } 19 }
20 20
21 sub Process { 21 sub Process {
22 my ($this,$action,$nextHandler) = @_; 22 my ($this,$action,$nextHandler) = @_;
23 23
24 return undef unless $nextHandler; 24 return undef unless $nextHandler;
25 25
26 local $IMPL::Security::authority = $this; 26 local $IMPL::Security::authority = $this;
27 27
28 my $method = $action->query->cookie('method') || 'simple'; 28 my $method = $action->query->cookie('method') || 'simple';
29 29
30 if ($method eq 'simple') { 30 if ($method eq 'simple') {
31 31
32 my $sid = $action->query->cookie('sid'); 32 my $sid = $action->query->cookie('sid');
33 my $cookie = $action->query->cookie('sdata'); 33 my $cookie = $action->query->cookie('sdata');
34 my $sign = $action->query->cookie('sign'); 34 my $sign = $action->query->cookie('sign');
35 35
36 if ( 36 if (
37 $sid and 37 $sid and
38 $cookie and 38 $cookie and
39 $sign and 39 $sign and
40 $sign eq md5_hex( 40 $sign eq md5_hex(
41 $this->salt, 41 $this->salt,
42 $sid, 42 $sid,
43 $cookie, 43 $cookie,
44 $this->salt 44 $this->salt
45 ) 45 )
46 ) { 46 ) {
47 # TODO: add a DefferedProxy to deffer a request to a data source 47 # TODO: add a DefferedProxy to deffer a request to a data source
48 my $context = $action->application->security->sourceSession->find( 48 my $context = $action->application->security->sourceSession->find(
49 { id => $sid } 49 { id => $sid }
50 ) or return $nextHandler->(); 50 ) or return $nextHandler->();
51 51
52 my ($result,$challenge) = $context->auth->ValidateSession($cookie); 52 my ($result,$challenge) = $context->auth->ValidateSession($cookie);
53 53
54 if ($result == AUTH_SUCCESS) { 54 if ($result == AUTH_SUCCESS) {
55 $context->authority($this); 55 $context->authority($this);
56 return $context->Impersonate($nextHandler); 56 return $context->Impersonate($nextHandler);
57 } else { 57 } else {
58 return $nextHandler->(); 58 return $nextHandler->();
59 } 59 }
60 } else { 60 } else {
61 return $nextHandler->(); 61 return $nextHandler->();
62 } 62 }
63 } else { 63 } else {
64 return $nextHandler->(); 64 return $nextHandler->();
65 } 65 }
66 } 66 }
67 67
68 sub WriteResponse { 68 sub WriteResponse {
69 my ($this,$response,$sid,$cookie,$method) = @_; 69 my ($this,$response,$sid,$cookie,$method) = @_;
70 70
71 my $sign = md5_hex( 71 my $sign = md5_hex(
72 $this->salt, 72 $this->salt,
73 $sid, 73 $sid,
74 $cookie, 74 $cookie,
75 $this->salt 75 $this->salt
76 ); 76 );
77 77
78 $response->setCookie(sid => $sid); 78 $response->setCookie(sid => $sid);
79 $response->setCookie(sdata => $cookie); 79 $response->setCookie(sdata => $cookie);
80 $response->setCookie(sign => $sign); 80 $response->setCookie(sign => $sign);
81 $response->setCookie(method => $method) if $method; 81 $response->setCookie(method => $method) if $method;
82 } 82 }
83 83
84 1; 84 1;
85 85
86 __END__ 86 __END__