# HG changeset patch # User wizard # Date 1269441701 -10800 # Node ID 8c7b88bdb663c4bd2609bab192043b9c729676c3 # Parent 739f1288ca842a4611a0ca17efbf266b4a6e9823 Cookie Simple auth support diff -r 739f1288ca84 -r 8c7b88bdb663 Lib/IMPL/Security/Auth.pm --- a/Lib/IMPL/Security/Auth.pm Tue Mar 23 16:55:25 2010 +0300 +++ b/Lib/IMPL/Security/Auth.pm Wed Mar 24 17:41:41 2010 +0300 @@ -20,6 +20,14 @@ } } +sub DoAuth { + die new IMPL::NotImplementedException; +} + +sub ValidateSession { + die new IMPL::NotImplementedException; +} + 1; __END__ @@ -32,7 +40,7 @@ В процессе авторизации клиент и сервер обмениеваются данными безопасности C<$challenge>. -При этом +При этом =over diff -r 739f1288ca84 -r 8c7b88bdb663 Lib/IMPL/Web/QueryHandler/AuthCookie.pm --- a/Lib/IMPL/Web/QueryHandler/AuthCookie.pm Tue Mar 23 16:55:25 2010 +0300 +++ b/Lib/IMPL/Web/QueryHandler/AuthCookie.pm Wed Mar 24 17:41:41 2010 +0300 @@ -4,11 +4,18 @@ use Digest::MD5 qw(md5_hex); use IMPL::Class::Property; +use IMPL::Security::Auth qw(:Const); BEGIN { public property salt => prop_all; } +sub CTOR { + my ($this) = @_; + + +} + sub Process { my ($this,$action,$nextHandler) = @_; @@ -16,18 +23,27 @@ if ($method eq 'simple') { + my $sid = $action->query->cookie('sid'); + if ($action->query->cookie('sign') eq md5_hex( $this->salt, - $action->query->cookie('sid'), + $sid, $this->salt ) ) { - my $context = $action->application->security->Session($action->query->cookie('sid')); + my $context = $action->application->security->Session( + id => $sid, + method => 'simple' + ); + + my ($result,$challenge) = $context->auth->ValidateSession($sid); - $context->auth-> - + if ($result == AUTH_SUCCESS) { + return $context->Impersonate($nextHandler); + } else { + return $nextHandler->(); + } } - } else { die new IMPL::Exception("Unknown auth method",$method); } diff -r 739f1288ca84 -r 8c7b88bdb663 Lib/IMPL/Web/Security/Embed.pm --- a/Lib/IMPL/Web/Security/Embed.pm Tue Mar 23 16:55:25 2010 +0300 +++ b/Lib/IMPL/Web/Security/Embed.pm Wed Mar 24 17:41:41 2010 +0300 @@ -1,3 +1,5 @@ package IMPL::Web::Security::Embed; -use base qw(IMPL::Object); \ No newline at end of file +use base qw(IMPL::Object); + +1; \ No newline at end of file