Mercurial > pub > Impl

view Lib/IMPL/Web/QueryHandler/SecureCookie.pm @ 74:84aa8c395fce

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc minor fixes
author wizard
date Mon, 29 Mar 2010 17:40:06 +0400
parents 2f31ecabe9ea
children 915df8fcd16f
line wrap: on
line source

package IMPL::Web::QueryHandler::SecureCookie;

use base qw(IMPL::Web::QueryHandler);
use Digest::MD5 qw(md5_hex);

use IMPL::Class::Property;
use IMPL::Security::Auth qw(:Const);

BEGIN {
	public property salt => prop_all;
}

sub CTOR {
	my ($this) = @_;
	
	
}

sub Process {
	my ($this,$action,$nextHandler) = @_;
	
	my $method = $action->query->cookie('method') || 'simple';
	
	if ($method eq 'simple') {
		
		my $sid = $action->query->cookie('sid'); 
		my $cookie = $action->query->cookie('cookie');
		
		if ($action->query->cookie('sign') eq md5_hex(
			$this->salt,
			$sid,
			$cookie,
			$this->salt
		) ) {
			
			my $context = $action->application->security->Session(
				id => $sid				
			);
			
			my ($result,$challenge) = $context->auth->ValidateSession($cookie);
			
			if ($result == AUTH_SUCCESS) {
				return $context->Impersonate($nextHandler);				
			} else {
				return $nextHandler->();
			}
		}
	} else {
		die new IMPL::Exception("Unknown auth method",$method);
	}
}


1;