Mercurial > pub > Impl

package IMPL::Web::Handler::SecureCookie;
use strict;


use Digest::MD5 qw(md5_hex);
use IMPL::Const qw(:prop);
use IMPL::Security::Auth qw(:Const GenSSID);
use IMPL::declare {
    require => {
        SecurityContext => 'IMPL::Security::Context',
        User => 'IMPL::Security::Principal',
        AuthSimple => 'IMPL::Security::Auth::Simple',
        Exception => 'IMPL::Exception',
        OperationException => '-IMPL::InvalidOperationException',
        HttpResponse => '-IMPL::Web::HttpResponse'
    },
    base => {
        'IMPL::Object' => undef,
        'IMPL::Object::Autofill' => '@_',
        'IMPL::Object::Serializable' => undef
    },
    props => [
        salt => PROP_RO,
        _manager => PROP_RO,
        _cookies => PROP_RW
    ]
};

sub CTOR {
    my ($this) = @_;

    $this->salt('DeadBeef') unless $this->salt;
}

sub Invoke {
    my ($this,$action,$nextHandler) = @_;

    return unless $nextHandler;

    my $context;
    $this->_manager($action->application->security);


    my $sid = $action->cookie('sid',qr/(\w+)/);
    my $cookie = $action->cookie('sdata',qr/(\w+)/);
    my $sign = $action->cookie('sign',qw/(\w+)/);

    if (
        $sid and
        $cookie and
        $sign and
        $sign eq md5_hex(
            $this->salt,
            $sid,
            $cookie,
            $this->salt
        )
    ) {
        # TODO: add a DefferedProxy to deffer a request to a data source
        if ( $context = $this->_manager->GetSession($sid) ) {

            if ( eval { $context->auth->isa(AuthSimple) } ) {
                my ($result,$challenge) = $context->auth->DoAuth($cookie);

                $action->_manager->SaveSession($context);

                if ($result == AUTH_FAIL) {
                    $context = undef;
                }
            }
        }

    }

    $context ||= SecurityContext->new(principal => User->nobody, authority => $this);

    my $httpResponse = $context->Impersonate($nextHandler,$action);

    die OperationException->new("A HttpResponse instance is expected")
        unless ref $httpResponse && eval { $httpResponse->isa(HttpResponse) };

    return $this->WriteResponse($httpResponse);
}

sub InitSession {
    my ($this,$user,$auth,$roles) = @_;

    my $sid = GenSSID();
    my $cookie = GenSSID();

    $this->_cookies({
        sid => $sid,
        sdata => $cookie
    });

    my $context = $this->_manager->CreateSession(
        sessionId => $sid,
        principal => $user,
        auth => AuthSimple->Create(password => $cookie),
        authority => $this,
        assignedRoles => $roles
    );

    $context->Apply();

    return $context;
}

sub WriteResponse {
    my ($this,$response) = @_;

    if (my $data = $this->_cookies) {

        my $sign = md5_hex(
            $this->salt,
            $data->{sid},
            $data->{sdata},
            $this->salt
        );

        $response->cookies->{sid} = $data->{sid};
        $response->cookies->{sdata} = $data->{sdata};
        $response->cookies->{sign} = $sign;
    }

    return $response;
}

1;

__END__

=pod

=head1 NAME

C<IMPL::Web::Handler::SecureCookie>

=head1 DESCRIPTION

Возобновляет сессию пользователя на основе информации переданной через Cookie.

Использует механизм подписи информации для проверки верности входных данных перед
началом каких-либо действий.

Данный обработчик возвращает результат выполнения следдующего обработчика.


=head1 MEMBERS

=head2 C<[get,set] salt>

Скаляр, использующийся для подписи данных.


=head2 C<InitSession($user,$auth,$roles)>

=cut
author	sergey
date	Tue, 16 Oct 2012 01:33:06 +0400
parents	3cebcf6fdb9b
children	23daf2fae33a