Mercurial > pub > Impl

diff Lib/IMPL/Web/QueryHandler/SecureCookie.pm @ 73:2f31ecabe9ea

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc security
author wizard
date Mon, 29 Mar 2010 06:56:05 +0400
parents Lib/IMPL/Web/QueryHandler/AuthCookie.pm@8c7b88bdb663
children 84aa8c395fce
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Lib/IMPL/Web/QueryHandler/SecureCookie.pm	Mon Mar 29 06:56:05 2010 +0400
@@ -0,0 +1,52 @@
+package IMPL::Web::QueryHandler::SecureCookie;
+
+use base qw(IMPL::Web::QueryHandler);
+use Digest::MD5 qw(md5_hex);
+
+use IMPL::Class::Property;
+use IMPL::Security::Auth qw(:Const);
+
+BEGIN {
+	public property salt => prop_all;
+}
+
+sub CTOR {
+	my ($this) = @_;
+	
+	
+}
+
+sub Process {
+	my ($this,$action,$nextHandler) = @_;
+	
+	my $method = $action->query->cookie('method') || 'simple';
+	
+	if ($method eq 'simple') {
+		
+		my $sid = $action->query->cookie('sid'); 
+		
+		if ($action->query->cookie('sign') eq md5_hex(
+			$this->salt,
+			$sid,
+			$this->salt
+		) ) {
+			
+			my $context = $action->application->security->Session(
+				id => $sid				
+			);
+			
+			my ($result,$challenge) = $context->auth->ValidateSession($sid);
+			
+			if ($result == AUTH_SUCCESS) {
+				return $context->Impersonate($nextHandler);				
+			} else {
+				return $nextHandler->();
+			}
+		}
+	} else {
+		die new IMPL::Exception("Unknown auth method",$method);
+	}
+}
+
+
+1;
\ No newline at end of file