dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rearrange cookie management (#595)

Browse Source
This commit is contained in:
Xavier Guimard 2017-01-13 14:35:02 +00:00
parent 1b88459c31
commit 880be4f6bd
5 changed files with 99 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm
View File

@ -843,15 +843,15 @@ sub extractFormInfo {
$req->datas->{confirmRemember} = 1; $req->datas->{confirmRemember} = 1;
# Delete existing IDP resolution cookie # Delete existing IDP resolution cookie
push @{ $req->respHeaders }, $req->addCookie(
'Set-Cookie' => $self->p->cookie( $self->p->cookie(
name => $self->conf->{samlIdPResolveCookie}, name => $self->conf->{samlIdPResolveCookie},
value => 0, value => 0,
domain => $self->conf->{domain}, domain => $self->conf->{domain},
path => "/", secure => 0,
secure => 0, expires => '-1d',
expires => '-1d', )
); );
#TODO: check this #TODO: check this
$req->datas->{login} = 1; $req->datas->{login} = 1;
@ -898,16 +898,15 @@ sub extractFormInfo {
# User can choose temporary (0) or persistent cookie (1) # User can choose temporary (0) or persistent cookie (1)
my $cookie_type = $req->param("cookie_type") || "0"; my $cookie_type = $req->param("cookie_type") || "0";
push @{ $req->{respHeaders} }, $req->addCookie(
'Set-Cookie' => $self->p->cookie( $self->p->cookie(
name => $self->conf->{samlIdPResolveCookie}, name => $self->conf->{samlIdPResolveCookie},
value => $idp, value => $idp,
domain => $self->conf->{domain}, domain => $self->conf->{domain},
path => "/", secure => $self->conf->{securedCookie},
secure => $self->conf->{securedCookie}, expires => $cookie_type ? "+365d" : "",
HttpOnly => $self->conf->{httpOnly}, )
expires => $cookie_type ? "+365d" : "", );
);
} }
# 3. Build authentication request # 3. Build authentication request

14
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm
View File

@ -114,12 +114,14 @@ sub handler {
'debug' ); 'debug' );
# Build cookie # Build cookie
push @{ $req->respHeaders }, $req->addCookie(
'Set-Cookie' => $self->cdc_name $self->p->cookie(
. "=$cdc_cookie; domain=$cdc_domain; path=/; secure=1; HttpOnly=" name => $self->cdc_name,
. $self->httpOnly value => $cdc_cookie,
. "; expires=" domain => $cdc_domain,
. $self->cookieExpiration; secure => 1
)
);
} }
# Read request # Read request

75
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
View File

@ -255,15 +255,15 @@ sub extractFormInfo {
elsif ( $ret == PE_FIRSTACCESS elsif ( $ret == PE_FIRSTACCESS
and $req->cookies->{ $self->conf->{cookieName} } ) and $req->cookies->{ $self->conf->{cookieName} } )
{ {
push @{ $req->respHeaders }, $req->addCookie(
'Set-Cookie' => $self->cookie( $self->cookie(
name => $self->conf->{cookieName}, name => $self->conf->{cookieName},
value => 0, value => 0,
domain => $self->conf->{domain}, domain => $self->conf->{domain},
path => "/", secure => 0,
secure => 0, expires => '-1d',
expires => '-1d', )
); );
return PE_SESSIONEXPIRED; return PE_SESSIONEXPIRED;
} }
return $ret; return $ret;
@ -449,50 +449,25 @@ sub store {
sub buildCookie { sub buildCookie {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
push @{ $req->respHeaders }, $req->addCookie(
'Set-Cookie' => $self->cookie( $self->cookie(
name => $self->conf->{cookieName}, name => $self->conf->{cookieName},
value => $req->{id}, value => $req->{id},
domain => $self->conf->{domain}, domain => $self->conf->{domain},
path => "/", secure => $self->conf->{securedCookie},
secure => $self->conf->{securedCookie}, )
HttpOnly => $self->conf->{httpOnly}, );
expires => $self->conf->{cookieExpiration},
);
if ( $self->conf->{securedCookie} >= 2 ) { if ( $self->conf->{securedCookie} >= 2 ) {
push @{ $req->respHeaders }, $req->addCookie(
'Set-Cookie' => $self->cookie( $self->cookie(
name => $self->conf->{cookieName} . "http", name => $self->conf->{cookieName} . "http",
value => $req->{sessionInfo}->{_httpSession}, value => $req->{sessionInfo}->{_httpSession},
domain => $self->conf->{domain}, domain => $self->conf->{domain},
path => "/", secure => 0,
secure => 0, )
HttpOnly => $self->conf->{httpOnly}, );
expires => $self->conf->{cookieExpiration},
);
} }
PE_OK; PE_OK;
} }
sub cookie {
my ( $self, %h ) = @_;
my @res;
$res[0] = "$h{name}" or die("name required");
$res[0] .= "=$h{value}";
foreach (qw(domain path expires max_age HttpOnly)) {
my $f = $_;
$f =~ s/_/-/g;
push @res, "$f=$h{$_}" if ( $h{$_} );
}
return join( '; ', @res );
}
sub _dump {
my ( $self, $variable ) = @_;
require Data::Dumper;
$Data::Dumper::Indent = 0;
$self->lmLog( "Dump: " . Data::Dumper::Dumper($variable), 'debug' );
return;
}
1; 1;

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Request.pm
View File

@ -114,6 +114,11 @@ sub info {
return $self->datas->{_info}; return $self->datas->{_info};
} }
sub addCookie {
my ( $self, $cookie ) = @_;
push @{ $self->respHeaders }, 'Set-Cookie' => $cookie;
}
# TODO: oldpassword # TODO: oldpassword
1; 1;
__END__ __END__

61
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -437,30 +437,30 @@ sub _deleteSession {
} }
# Create an obsolete cookie to remove it # Create an obsolete cookie to remove it
push @{ $req->respHeaders }, $req->addCookie(
'Set-Cookie' => $self->cookie( $self->cookie(
name => $self->conf->{cookieName} . 'http', name => $self->conf->{cookieName} . 'http',
value => 0, value => 0,
domain => $self->conf->{domain}, domain => $self->conf->{domain},
path => "/", secure => 0,
secure => 0, expires => '-1d',
expires => '-1d', )
) unless ($preserveCookie); ) unless ($preserveCookie);
} }
HANDLER->localUnlog( $session->id ); HANDLER->localUnlog( $session->id );
$session->remove; $session->remove;
# Create an obsolete cookie to remove it # Create an obsolete cookie to remove it
push @{ $req->respHeaders }, $req->addCookie(
'Set-Cookie' => $self->cookie( $self->cookie(
name => $self->conf->{cookieName}, name => $self->conf->{cookieName},
value => 0, value => 0,
domain => $self->conf->{domain}, domain => $self->conf->{domain},
path => "/", secure => 0,
secure => 0, expires => '-1d',
expires => '-1d', )
) unless ($preserveCookie); ) unless ($preserveCookie);
# Log # Log
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} }; my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
@ -606,4 +606,29 @@ sub fullUrl {
return $pHost . $req->uri; return $pHost . $req->uri;
} }
sub cookie {
my ( $self, %h ) = @_;
my @res;
$res[0] = "$h{name}" or die("name required");
$res[0] .= "=$h{value}";
$h{path} ||= '/';
$h{HttpOnly} //= $self->conf->{httpOnly};
$h{expires} //= $self->conf->{cookieExpiration};
foreach (qw(domain path expires max_age HttpOnly)) {
my $f = $_;
$f =~ s/_/-/g;
push @res, "$f=$h{$_}" if ( $h{$_} );
}
push @res, 'secure' if($h{secure});
return join( '; ', @res );
}
sub _dump {
my ( $self, $variable ) = @_;
require Data::Dumper;
$Data::Dumper::Indent = 0;
$self->lmLog( "Dump: " . Data::Dumper::Dumper($variable), 'debug' );
return;
}
1; 1;