Possibility to use an alternate Generate module for sessions (#695)
This commit is contained in:
parent
f5e3019ff1
commit
4d4689b806
|
@ -2,6 +2,7 @@ Changes
|
|||
lemonldap-ng.ini
|
||||
lib/Lemonldap/NG/Common.pm
|
||||
lib/Lemonldap/NG/Common/Apache/Session.pm
|
||||
lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm
|
||||
lib/Lemonldap/NG/Common/Apache/Session/SOAP.pm
|
||||
lib/Lemonldap/NG/Common/Apache/Session/Store.pm
|
||||
lib/Lemonldap/NG/Common/CGI.pm
|
||||
|
@ -47,6 +48,7 @@ t/20-Common-CGI.t
|
|||
t/30-Common-Safelib.t
|
||||
t/35-Common-Crypto.t
|
||||
t/36-Common-Regexp.t
|
||||
t/40-Common-Session.t
|
||||
t/99-pod.t
|
||||
tools/apache-session-mysql.sql
|
||||
tools/lmConfig.CDBI.mysql
|
||||
|
|
|
@ -32,6 +32,13 @@ sub populate {
|
|||
no strict 'refs';
|
||||
$self = $self->$backend(@_);
|
||||
}
|
||||
if ( $self->{args}->{generateModule} ) {
|
||||
my $generate = $self->{args}->{generateModule};
|
||||
eval "require $generate";
|
||||
die $@ if ($@);
|
||||
$self->{generate} = \&{$generate."::generate"};
|
||||
$self->{validate} = \&{$generate."::validate"};
|
||||
}
|
||||
if ( $self->{args}->{setId} ) {
|
||||
$self->{generate} = \&setId;
|
||||
$self->{validate} = sub { 1 };
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
#############################################################################
|
||||
#
|
||||
# Lemonldap::NG::Common::Apache::Session::Generate::SHA256
|
||||
# Generates session identifier tokens using SHA-256
|
||||
# Distribute under the Perl License
|
||||
#
|
||||
############################################################################
|
||||
|
||||
package Lemonldap::NG::Common::Apache::Session::Generate::SHA256;
|
||||
|
||||
use strict;
|
||||
use vars qw($VERSION);
|
||||
use Digest::SHA qw(sha256 sha256_hex sha256_base64);
|
||||
|
||||
$VERSION = '1.4.0';
|
||||
|
||||
sub generate {
|
||||
my $session = shift;
|
||||
my $length = 64;
|
||||
|
||||
if (exists $session->{args}->{IDLength}) {
|
||||
$length = $session->{args}->{IDLength};
|
||||
}
|
||||
|
||||
$session->{data}->{_session_id} =
|
||||
substr(Digest::SHA::sha256_hex(Digest::SHA::sha256_hex(time(). {}. rand(). $$)), 0, $length);
|
||||
|
||||
}
|
||||
|
||||
sub validate {
|
||||
#This routine checks to ensure that the session ID is in the form
|
||||
#we expect. This must be called before we start diddling around
|
||||
#in the database or the disk.
|
||||
|
||||
my $session = shift;
|
||||
|
||||
if ($session->{data}->{_session_id} =~ /^([a-fA-F0-9]+)$/) {
|
||||
$session->{data}->{_session_id} = $1;
|
||||
} else {
|
||||
die "Invalid session ID: ".$session->{data}->{_session_id};
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
52
lemonldap-ng-common/t/40-Common-Session.t
Normal file
52
lemonldap-ng-common/t/40-Common-Session.t
Normal file
|
@ -0,0 +1,52 @@
|
|||
# Before `make install' is performed this script should be runnable with
|
||||
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Manager.t'
|
||||
|
||||
#########################
|
||||
|
||||
# change 'tests => 1' to 'tests => last_test_to_print';
|
||||
|
||||
use Test::More tests => 5;
|
||||
BEGIN { use_ok('Lemonldap::NG::Common::Session') }
|
||||
|
||||
#########################
|
||||
|
||||
# Insert your test code below, the Test::More module is use()ed here so read
|
||||
# its man page ( perldoc Test::More ) for help writing this test script.
|
||||
|
||||
use File::Temp;
|
||||
my $dir = File::Temp::tempdir();
|
||||
|
||||
my $sessionModule = "Apache::Session::File";
|
||||
my $sessionOptions = {
|
||||
Directory => $dir,
|
||||
LockDirectory => $dir,
|
||||
};
|
||||
|
||||
my $session = Lemonldap::NG::Common::Session->new(
|
||||
{
|
||||
storageModule => $sessionModule,
|
||||
storageModuleOptions => $sessionOptions,
|
||||
kind => "TEST",
|
||||
}
|
||||
|
||||
);
|
||||
|
||||
ok( defined $session->id, "Creation of session" );
|
||||
|
||||
ok( $session->kind eq "TEST", "Store session kind" );
|
||||
|
||||
use_ok('Lemonldap::NG::Common::Apache::Session::Generate::SHA256');
|
||||
|
||||
$sessionOptions->{generateModule} =
|
||||
"Lemonldap::NG::Common::Apache::Session::Generate::SHA256";
|
||||
|
||||
my $session2 = Lemonldap::NG::Common::Session->new(
|
||||
{
|
||||
storageModule => $sessionModule,
|
||||
storageModuleOptions => $sessionOptions,
|
||||
kind => "TEST",
|
||||
}
|
||||
);
|
||||
|
||||
ok( length $session2->id == 64, "Use SHA256 generate module" );
|
||||
|
Loading…
Reference in New Issue
Block a user