Mercurial > pub > Impl

diff Lib/IMPL/Web/Security.pm @ 239:23daf2fae33a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
*security subsytem bugfixes *HttpResponse: cookies which values are set to undefined will be deleted from browser
author sergey
date Tue, 16 Oct 2012 20:14:11 +0400
parents 3cebcf6fdb9b
children 63709a4e6da0
line wrap: on
line diff
--- a/Lib/IMPL/Web/Security.pm	Tue Oct 16 01:33:06 2012 +0400
+++ b/Lib/IMPL/Web/Security.pm	Tue Oct 16 20:14:11 2012 +0400
@@ -13,7 +13,9 @@
 use constant {
     ERR_NO_SUCH_USER => -1,
     ERR_NO_SEC_DATA => -2,
-    ERR_AUTH_FAIL => -3
+    ERR_NO_AUTHORITY => -3,
+    ERR_NO_SEC_CONTEXT => -4,
+    ERR_AUTH_FAIL => -5
 };
 
 sub AuthUser {
@@ -24,7 +26,7 @@
             status => AUTH_FAIL,
             code => ERR_NO_SUCH_USER
         };
-    
+
     my $auth;
     if ( my $secData = $user->GetSecData($package) ) {
         $auth = $package->new($secData);
@@ -36,10 +38,21 @@
         };
     }
     
+    return {
+    	status => AUTH_FAIL,
+    	code => ERR_NO_SEC_CONTEXT
+    } unless SecurityContext->current;
+    
+    return {
+    	status => AUTH_FAIL,
+    	code => ERR_NO_AUTHORITY
+    } unless SecurityContext->current->authority;
+
     my $status = SecurityContext->current->authority->InitSession(
         $user,
+        [$user->roles],
         $auth,
-        [$user->roles]
+        $challenge
     );
     
     return {
@@ -49,6 +62,17 @@
     };
 }
 
+sub Logout {
+	my ($this) = @_;
+	
+	my $session = SecurityContext->current;
+	if($session && $session->authority) {
+		$session->authority->CloseSession($session);
+		
+		$this->CloseSession($session);
+	}
+}
+
 sub FindUserByName {
     die NotImplementedException->new();
 }
@@ -65,6 +89,10 @@
     die NotImplementedException->new();
 }
 
+sub CloseSession {
+	die NotImplementedException->new();
+}
+
 1;
 
 __END__