Rearrange cookie management (#595)
This commit is contained in:
parent
1b88459c31
commit
880be4f6bd
|
@ -843,15 +843,15 @@ sub extractFormInfo {
|
||||||
$req->datas->{confirmRemember} = 1;
|
$req->datas->{confirmRemember} = 1;
|
||||||
|
|
||||||
# Delete existing IDP resolution cookie
|
# Delete existing IDP resolution cookie
|
||||||
push @{ $req->respHeaders },
|
$req->addCookie(
|
||||||
'Set-Cookie' => $self->p->cookie(
|
$self->p->cookie(
|
||||||
name => $self->conf->{samlIdPResolveCookie},
|
name => $self->conf->{samlIdPResolveCookie},
|
||||||
value => 0,
|
value => 0,
|
||||||
domain => $self->conf->{domain},
|
domain => $self->conf->{domain},
|
||||||
path => "/",
|
secure => 0,
|
||||||
secure => 0,
|
expires => '-1d',
|
||||||
expires => '-1d',
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
#TODO: check this
|
#TODO: check this
|
||||||
$req->datas->{login} = 1;
|
$req->datas->{login} = 1;
|
||||||
|
@ -898,16 +898,15 @@ sub extractFormInfo {
|
||||||
# User can choose temporary (0) or persistent cookie (1)
|
# User can choose temporary (0) or persistent cookie (1)
|
||||||
my $cookie_type = $req->param("cookie_type") || "0";
|
my $cookie_type = $req->param("cookie_type") || "0";
|
||||||
|
|
||||||
push @{ $req->{respHeaders} },
|
$req->addCookie(
|
||||||
'Set-Cookie' => $self->p->cookie(
|
$self->p->cookie(
|
||||||
name => $self->conf->{samlIdPResolveCookie},
|
name => $self->conf->{samlIdPResolveCookie},
|
||||||
value => $idp,
|
value => $idp,
|
||||||
domain => $self->conf->{domain},
|
domain => $self->conf->{domain},
|
||||||
path => "/",
|
secure => $self->conf->{securedCookie},
|
||||||
secure => $self->conf->{securedCookie},
|
expires => $cookie_type ? "+365d" : "",
|
||||||
HttpOnly => $self->conf->{httpOnly},
|
)
|
||||||
expires => $cookie_type ? "+365d" : "",
|
);
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# 3. Build authentication request
|
# 3. Build authentication request
|
||||||
|
|
|
@ -114,12 +114,14 @@ sub handler {
|
||||||
'debug' );
|
'debug' );
|
||||||
|
|
||||||
# Build cookie
|
# Build cookie
|
||||||
push @{ $req->respHeaders },
|
$req->addCookie(
|
||||||
'Set-Cookie' => $self->cdc_name
|
$self->p->cookie(
|
||||||
. "=$cdc_cookie; domain=$cdc_domain; path=/; secure=1; HttpOnly="
|
name => $self->cdc_name,
|
||||||
. $self->httpOnly
|
value => $cdc_cookie,
|
||||||
. "; expires="
|
domain => $cdc_domain,
|
||||||
. $self->cookieExpiration;
|
secure => 1
|
||||||
|
)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
# Read request
|
# Read request
|
||||||
|
|
|
@ -255,15 +255,15 @@ sub extractFormInfo {
|
||||||
elsif ( $ret == PE_FIRSTACCESS
|
elsif ( $ret == PE_FIRSTACCESS
|
||||||
and $req->cookies->{ $self->conf->{cookieName} } )
|
and $req->cookies->{ $self->conf->{cookieName} } )
|
||||||
{
|
{
|
||||||
push @{ $req->respHeaders },
|
$req->addCookie(
|
||||||
'Set-Cookie' => $self->cookie(
|
$self->cookie(
|
||||||
name => $self->conf->{cookieName},
|
name => $self->conf->{cookieName},
|
||||||
value => 0,
|
value => 0,
|
||||||
domain => $self->conf->{domain},
|
domain => $self->conf->{domain},
|
||||||
path => "/",
|
secure => 0,
|
||||||
secure => 0,
|
expires => '-1d',
|
||||||
expires => '-1d',
|
)
|
||||||
);
|
);
|
||||||
return PE_SESSIONEXPIRED;
|
return PE_SESSIONEXPIRED;
|
||||||
}
|
}
|
||||||
return $ret;
|
return $ret;
|
||||||
|
@ -449,50 +449,25 @@ sub store {
|
||||||
|
|
||||||
sub buildCookie {
|
sub buildCookie {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
push @{ $req->respHeaders },
|
$req->addCookie(
|
||||||
'Set-Cookie' => $self->cookie(
|
$self->cookie(
|
||||||
name => $self->conf->{cookieName},
|
name => $self->conf->{cookieName},
|
||||||
value => $req->{id},
|
value => $req->{id},
|
||||||
domain => $self->conf->{domain},
|
domain => $self->conf->{domain},
|
||||||
path => "/",
|
secure => $self->conf->{securedCookie},
|
||||||
secure => $self->conf->{securedCookie},
|
)
|
||||||
HttpOnly => $self->conf->{httpOnly},
|
);
|
||||||
expires => $self->conf->{cookieExpiration},
|
|
||||||
);
|
|
||||||
if ( $self->conf->{securedCookie} >= 2 ) {
|
if ( $self->conf->{securedCookie} >= 2 ) {
|
||||||
push @{ $req->respHeaders },
|
$req->addCookie(
|
||||||
'Set-Cookie' => $self->cookie(
|
$self->cookie(
|
||||||
name => $self->conf->{cookieName} . "http",
|
name => $self->conf->{cookieName} . "http",
|
||||||
value => $req->{sessionInfo}->{_httpSession},
|
value => $req->{sessionInfo}->{_httpSession},
|
||||||
domain => $self->conf->{domain},
|
domain => $self->conf->{domain},
|
||||||
path => "/",
|
secure => 0,
|
||||||
secure => 0,
|
)
|
||||||
HttpOnly => $self->conf->{httpOnly},
|
);
|
||||||
expires => $self->conf->{cookieExpiration},
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub cookie {
|
|
||||||
my ( $self, %h ) = @_;
|
|
||||||
my @res;
|
|
||||||
$res[0] = "$h{name}" or die("name required");
|
|
||||||
$res[0] .= "=$h{value}";
|
|
||||||
foreach (qw(domain path expires max_age HttpOnly)) {
|
|
||||||
my $f = $_;
|
|
||||||
$f =~ s/_/-/g;
|
|
||||||
push @res, "$f=$h{$_}" if ( $h{$_} );
|
|
||||||
}
|
|
||||||
return join( '; ', @res );
|
|
||||||
}
|
|
||||||
|
|
||||||
sub _dump {
|
|
||||||
my ( $self, $variable ) = @_;
|
|
||||||
require Data::Dumper;
|
|
||||||
$Data::Dumper::Indent = 0;
|
|
||||||
$self->lmLog( "Dump: " . Data::Dumper::Dumper($variable), 'debug' );
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -114,6 +114,11 @@ sub info {
|
||||||
return $self->datas->{_info};
|
return $self->datas->{_info};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub addCookie {
|
||||||
|
my ( $self, $cookie ) = @_;
|
||||||
|
push @{ $self->respHeaders }, 'Set-Cookie' => $cookie;
|
||||||
|
}
|
||||||
|
|
||||||
# TODO: oldpassword
|
# TODO: oldpassword
|
||||||
1;
|
1;
|
||||||
__END__
|
__END__
|
||||||
|
|
|
@ -437,30 +437,30 @@ sub _deleteSession {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create an obsolete cookie to remove it
|
# Create an obsolete cookie to remove it
|
||||||
push @{ $req->respHeaders },
|
$req->addCookie(
|
||||||
'Set-Cookie' => $self->cookie(
|
$self->cookie(
|
||||||
name => $self->conf->{cookieName} . 'http',
|
name => $self->conf->{cookieName} . 'http',
|
||||||
value => 0,
|
value => 0,
|
||||||
domain => $self->conf->{domain},
|
domain => $self->conf->{domain},
|
||||||
path => "/",
|
secure => 0,
|
||||||
secure => 0,
|
expires => '-1d',
|
||||||
expires => '-1d',
|
)
|
||||||
) unless ($preserveCookie);
|
) unless ($preserveCookie);
|
||||||
}
|
}
|
||||||
|
|
||||||
HANDLER->localUnlog( $session->id );
|
HANDLER->localUnlog( $session->id );
|
||||||
$session->remove;
|
$session->remove;
|
||||||
|
|
||||||
# Create an obsolete cookie to remove it
|
# Create an obsolete cookie to remove it
|
||||||
push @{ $req->respHeaders },
|
$req->addCookie(
|
||||||
'Set-Cookie' => $self->cookie(
|
$self->cookie(
|
||||||
name => $self->conf->{cookieName},
|
name => $self->conf->{cookieName},
|
||||||
value => 0,
|
value => 0,
|
||||||
domain => $self->conf->{domain},
|
domain => $self->conf->{domain},
|
||||||
path => "/",
|
secure => 0,
|
||||||
secure => 0,
|
expires => '-1d',
|
||||||
expires => '-1d',
|
)
|
||||||
) unless ($preserveCookie);
|
) unless ($preserveCookie);
|
||||||
|
|
||||||
# Log
|
# Log
|
||||||
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
|
||||||
|
@ -606,4 +606,29 @@ sub fullUrl {
|
||||||
return $pHost . $req->uri;
|
return $pHost . $req->uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub cookie {
|
||||||
|
my ( $self, %h ) = @_;
|
||||||
|
my @res;
|
||||||
|
$res[0] = "$h{name}" or die("name required");
|
||||||
|
$res[0] .= "=$h{value}";
|
||||||
|
$h{path} ||= '/';
|
||||||
|
$h{HttpOnly} //= $self->conf->{httpOnly};
|
||||||
|
$h{expires} //= $self->conf->{cookieExpiration};
|
||||||
|
foreach (qw(domain path expires max_age HttpOnly)) {
|
||||||
|
my $f = $_;
|
||||||
|
$f =~ s/_/-/g;
|
||||||
|
push @res, "$f=$h{$_}" if ( $h{$_} );
|
||||||
|
}
|
||||||
|
push @res, 'secure' if($h{secure});
|
||||||
|
return join( '; ', @res );
|
||||||
|
}
|
||||||
|
|
||||||
|
sub _dump {
|
||||||
|
my ( $self, $variable ) = @_;
|
||||||
|
require Data::Dumper;
|
||||||
|
$Data::Dumper::Indent = 0;
|
||||||
|
$self->lmLog( "Dump: " . Data::Dumper::Dumper($variable), 'debug' );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user