Mercurial > pub > Impl

diff Lib/IMPL/Web/Handler/SecureCookie.pm @ 239:23daf2fae33a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
*security subsytem bugfixes *HttpResponse: cookies which values are set to undefined will be deleted from browser
author sergey
date Tue, 16 Oct 2012 20:14:11 +0400
parents b8c724f6de36
children fb52014f6931
line wrap: on
line diff
--- a/Lib/IMPL/Web/Handler/SecureCookie.pm	Tue Oct 16 01:33:06 2012 +0400
+++ b/Lib/IMPL/Web/Handler/SecureCookie.pm	Tue Oct 16 20:14:11 2012 +0400
@@ -43,7 +43,7 @@
         
     my $sid = $action->cookie('sid',qr/(\w+)/); 
     my $cookie = $action->cookie('sdata',qr/(\w+)/);
-    my $sign = $action->cookie('sign',qw/(\w+)/); 
+    my $sign = $action->cookie('sign',qw/(\w+)/);
     
     if (
         $sid and
@@ -58,15 +58,16 @@
     ) {
         # TODO: add a DefferedProxy to deffer a request to a data source
         if ( $context = $this->_manager->GetSession($sid) ) {
-        
             if ( eval { $context->auth->isa(AuthSimple) } ) {
                 my ($result,$challenge) = $context->auth->DoAuth($cookie);
-                
-                $action->_manager->SaveSession($context);
-                
+ 
+                $context->authority($this);
+
                 if ($result == AUTH_FAIL) {
                     $context = undef;
                 }
+            } else {
+            	undef $context;
             }
         }
         
@@ -83,27 +84,46 @@
 }
 
 sub InitSession {
-    my ($this,$user,$auth,$roles) = @_;
+    my ($this,$user,$roles,$auth,$challenge) = @_;
     
-    my $sid = GenSSID();
-    my $cookie = GenSSID();
+    my ($status,$answer) = $auth->DoAuth($challenge);
+    
+    die OperationException->new("This provider doesn't support multiround auth")
+        if ($status == AUTH_INCOMPLETE || $answer);
     
-    $this->_cookies({
-        sid => $sid,
-        sdata => $cookie
-    });
+    if ($status == AUTH_SUCCESS) {
+	    my $sid = GenSSID();
+	    my $cookie = GenSSID();
+	    
+	    $this->_cookies({
+	        sid => $sid,
+	        sdata => $cookie
+	    });
+	    
+	    my $context = $this->_manager->CreateSession(
+	        sessionId => $sid,
+	        principal => $user,
+	        auth => AuthSimple->Create(password => $cookie),
+	        authority => $this,
+	        rolesAssigned => $roles
+	    );
+	    
+	    $context->Apply();
+	    
+	    $this->_manager->SaveSession($context);
+    }
+    
+    return $status;
+}
 
-    my $context = $this->_manager->CreateSession(
-        sessionId => $sid,
-        principal => $user,
-        auth => AuthSimple->Create(password => $cookie),
-        authority => $this,
-        assignedRoles => $roles
-    );
-    
-    $context->Apply();
-    
-    return $context;
+sub CloseSession {
+	my ($this) = @_;
+	if(my $session = SecurityContext->current) {
+        $this->_cookies({
+	        sid => undef,
+	        sdata => undef
+        })	
+	}
 }
 
 sub WriteResponse {
@@ -111,7 +131,7 @@
     
     if (my $data = $this->_cookies) {
 
-        my $sign = md5_hex(
+        my $sign = $data->{sid} && md5_hex(
             $this->salt,
             $data->{sid},
             $data->{sdata},