Mercurial > pub > Impl

comparison Lib/IMPL/Web/Handler/SecureCookie.pm @ 230:6d8092d8ce1b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
*reworked IMPL::Security *reworked IMPL::Web::Security *refactoring
author sergey
date Mon, 08 Oct 2012 03:37:37 +0400
parents a705e848dcc7
children ff1e8fa932f2
comparison
equal deleted inserted replaced
229:47f77e6409f7 230:6d8092d8ce1b
1 package IMPL::Web::QueryHandler::SecureCookie; 1 package IMPL::Web::Handler::SecureCookie;
2 use strict; 2 use strict;
3 3
4 use parent qw(IMPL::Web::QueryHandler); 4
5 use Digest::MD5 qw(md5_hex); 5 use Digest::MD5 qw(md5_hex);
6 6 use IMPL::Const qw(:prop);
7 use IMPL::Class::Property; 7 use IMPL::Security::Auth qw(:Const GenSSID);
8 use IMPL::Security::Auth qw(:Const); 8 use IMPL::declare {
9 use IMPL::Security; 9 require => {
10 10 SecurityContext => 'IMPL::Security::Context',
11 BEGIN { 11 User => 'IMPL::Security::User',
12 public property salt => prop_all; 12 AuthSimple => 'IMPL::Security::Auth::Simple',
13 } 13 },
14 base => {
15 'IMPL::Object' => undef,
16 'IMPL::Object::Autofill' => '@_',
17 'IMPL::Object::Serializable' => undef
18 },
19 props => [
20 salt => PROP_RO,
21 manager => PROP_RO,
22 _cookies => PROP_RW
23 ]
24 };
14 25
15 sub CTOR { 26 sub CTOR {
16 my ($this) = @_; 27 my ($this) = @_;
17 28
18 $this->salt('DeadBeef') unless $this->salt; 29 $this->salt('DeadBeef') unless $this->salt;
19 } 30 }
20 31
21 sub Process { 32 sub Invoke {
22 my ($this,$action,$nextHandler) = @_; 33 my ($this,$action,$nextHandler) = @_;
23 34
24 return undef unless $nextHandler; 35 return unless $nextHandler;
25 36
26 local $IMPL::Security::authority = $this; 37 my $context;
27 38
28 my $method = $action->query->cookie('method') || 'simple'; 39
40 my $sid = $action->cookie('sid',qr/(\w+)/);
41 my $cookie = $action->cookie('sdata',qr/(\w+)/);
42 my $sign = $action->cookie('sign',qw/(\w+)/);
29 43
30 if ($method eq 'simple') { 44 if (
45 $sid and
46 $cookie and
47 $sign and
48 $sign eq md5_hex(
49 $this->salt,
50 $sid,
51 $cookie,
52 $this->salt
53 )
54 ) {
55 # TODO: add a DefferedProxy to deffer a request to a data source
56 if ( $context = $this->manager->GetSession($sid) ) {
31 57
32 my $sid = $action->query->cookie('sid'); 58 if ( eval { $context->auth->isa(AuthSimple) } ) {
33 my $cookie = $action->query->cookie('sdata'); 59 my ($result,$challenge) = $context->auth->DoAuth($cookie);
34 my $sign = $action->query->cookie('sign'); 60
61 $action->manager->SaveSession($context);
62
63 if ($result == AUTH_FAIL) {
64 $context = undef;
65 }
66 }
67 }
35 68
36 if (
37 $sid and
38 $cookie and
39 $sign and
40 $sign eq md5_hex(
41 $this->salt,
42 $sid,
43 $cookie,
44 $this->salt
45 )
46 ) {
47 # TODO: add a DefferedProxy to deffer a request to a data source
48 my $context = $action->application->security->sourceSession->find(
49 { id => $sid }
50 ) or return $nextHandler->();
51
52 my ($result,$challenge) = $context->auth->ValidateSession($cookie);
53
54 if ($result == AUTH_SUCCESS) {
55 $context->authority($this);
56 return $context->Impersonate($nextHandler);
57 } else {
58 return $nextHandler->();
59 }
60 } else {
61 return $nextHandler->();
62 }
63 } else {
64 return $nextHandler->();
65 } 69 }
70
71 $context = SecurityContext->new(principal => User->nobody, authority => $this);
72
73 my $httpResponse = $context->Impersonate($nextHandler);
74
75 $this->WriteResponse($httpResponse);
76
77 }
78
79 sub CreateContext {
80 my ($this,$user,$auth,$roles) = @_;
81
82 my $sid = GenSSID();
83 my $cookie = GenSSID();
84
85 $this->_cookies({
86 sid => $sid,
87 sdata => $cookie
88 })
89
90 my $context = $this->$manager->CreateSession(
91 sessionId => $sid,
92 principal => $user,
93 auth => AuthSimple->(password => $cookie),
94 authority => $this,
95 assignedRoles => $roles
96 );
97
98 $context->Apply();
99
100 return $context;
66 } 101 }
67 102
68 sub WriteResponse { 103 sub WriteResponse {
69 my ($this,$response,$sid,$cookie,$method) = @_; 104 my ($this,$response) = @_;
105
106 if (my $data $this->_cookies) {
70 107
71 my $sign = md5_hex( 108 my $sign = md5_hex(
72 $this->salt, 109 $this->salt,
73 $sid, 110 $data->{sid},
74 $cookie, 111 $data->{sdata},
75 $this->salt 112 $this->salt
76 ); 113 );
77 114
78 $response->setCookie(sid => $sid); 115 $response->cookies->{sid} = $data->{sid};
79 $response->setCookie(sdata => $cookie); 116 $response->cookies->{sdata} = $data->{sdata};
80 $response->setCookie(sign => $sign); 117 $response->cookies->{sign} = $sign;
81 $response->setCookie(method => $method) if $method; 118 }
82 } 119 }
83 120
84 1; 121 1;
85 122
86 __END__ 123 __END__
87 124
88 =pod 125 =pod
89 126
90 =head1 NAME 127 =head1 NAME
91 128
92 C<IMPL::Web::QueryHandler::SecureCookie> 129 C<IMPL::Web::Handler::SecureCookie>
93 130
94 =head1 DESCRIPTION 131 =head1 DESCRIPTION
95
96 C<use parent qw(IMPL::Web::QueryHandler)>
97 132
98 Возобновляет сессию пользователя на основе информации переданной через Cookie. 133 Возобновляет сессию пользователя на основе информации переданной через Cookie.
99 134
100 Использует механизм подписи информации для проверки верности входных данных перед 135 Использует механизм подписи информации для проверки верности входных данных перед
101 началом каких-либо действий. 136 началом каких-либо действий.
102 137
103 Данный обработчик возвращает результат выполнения следдующего обработчика. 138 Данный обработчик возвращает результат выполнения следдующего обработчика.
139
140
104 141
105 =head1 MEMBERS 142 =head1 MEMBERS
106 143
107 =over 144 =over
108 145