Commit 880be4f6 authored by Xavier Guimard's avatar Xavier Guimard

Rearrange cookie management (#595)

parent 1b88459c
......@@ -843,15 +843,15 @@ sub extractFormInfo {
$req->datas->{confirmRemember} = 1;
# Delete existing IDP resolution cookie
push @{ $req->respHeaders },
'Set-Cookie' => $self->p->cookie(
name => $self->conf->{samlIdPResolveCookie},
value => 0,
domain => $self->conf->{domain},
path => "/",
secure => 0,
expires => '-1d',
);
$req->addCookie(
$self->p->cookie(
name => $self->conf->{samlIdPResolveCookie},
value => 0,
domain => $self->conf->{domain},
secure => 0,
expires => '-1d',
)
);
#TODO: check this
$req->datas->{login} = 1;
......@@ -898,16 +898,15 @@ sub extractFormInfo {
# User can choose temporary (0) or persistent cookie (1)
my $cookie_type = $req->param("cookie_type") || "0";
push @{ $req->{respHeaders} },
'Set-Cookie' => $self->p->cookie(
name => $self->conf->{samlIdPResolveCookie},
value => $idp,
domain => $self->conf->{domain},
path => "/",
secure => $self->conf->{securedCookie},
HttpOnly => $self->conf->{httpOnly},
expires => $cookie_type ? "+365d" : "",
);
$req->addCookie(
$self->p->cookie(
name => $self->conf->{samlIdPResolveCookie},
value => $idp,
domain => $self->conf->{domain},
secure => $self->conf->{securedCookie},
expires => $cookie_type ? "+365d" : "",
)
);
}
# 3. Build authentication request
......
......@@ -114,12 +114,14 @@ sub handler {
'debug' );
# Build cookie
push @{ $req->respHeaders },
'Set-Cookie' => $self->cdc_name
. "=$cdc_cookie; domain=$cdc_domain; path=/; secure=1; HttpOnly="
. $self->httpOnly
. "; expires="
. $self->cookieExpiration;
$req->addCookie(
$self->p->cookie(
name => $self->cdc_name,
value => $cdc_cookie,
domain => $cdc_domain,
secure => 1
)
);
}
# Read request
......
......@@ -255,15 +255,15 @@ sub extractFormInfo {
elsif ( $ret == PE_FIRSTACCESS
and $req->cookies->{ $self->conf->{cookieName} } )
{
push @{ $req->respHeaders },
'Set-Cookie' => $self->cookie(
name => $self->conf->{cookieName},
value => 0,
domain => $self->conf->{domain},
path => "/",
secure => 0,
expires => '-1d',
);
$req->addCookie(
$self->cookie(
name => $self->conf->{cookieName},
value => 0,
domain => $self->conf->{domain},
secure => 0,
expires => '-1d',
)
);
return PE_SESSIONEXPIRED;
}
return $ret;
......@@ -449,50 +449,25 @@ sub store {
sub buildCookie {
my ( $self, $req ) = @_;
push @{ $req->respHeaders },
'Set-Cookie' => $self->cookie(
name => $self->conf->{cookieName},
value => $req->{id},
domain => $self->conf->{domain},
path => "/",
secure => $self->conf->{securedCookie},
HttpOnly => $self->conf->{httpOnly},
expires => $self->conf->{cookieExpiration},
);
$req->addCookie(
$self->cookie(
name => $self->conf->{cookieName},
value => $req->{id},
domain => $self->conf->{domain},
secure => $self->conf->{securedCookie},
)
);
if ( $self->conf->{securedCookie} >= 2 ) {
push @{ $req->respHeaders },
'Set-Cookie' => $self->cookie(
name => $self->conf->{cookieName} . "http",
value => $req->{sessionInfo}->{_httpSession},
domain => $self->conf->{domain},
path => "/",
secure => 0,
HttpOnly => $self->conf->{httpOnly},
expires => $self->conf->{cookieExpiration},
);
$req->addCookie(
$self->cookie(
name => $self->conf->{cookieName} . "http",
value => $req->{sessionInfo}->{_httpSession},
domain => $self->conf->{domain},
secure => 0,
)
);
}
PE_OK;
}
sub cookie {
my ( $self, %h ) = @_;
my @res;
$res[0] = "$h{name}" or die("name required");
$res[0] .= "=$h{value}";
foreach (qw(domain path expires max_age HttpOnly)) {
my $f = $_;
$f =~ s/_/-/g;
push @res, "$f=$h{$_}" if ( $h{$_} );
}
return join( '; ', @res );
}
sub _dump {
my ( $self, $variable ) = @_;
require Data::Dumper;
$Data::Dumper::Indent = 0;
$self->lmLog( "Dump: " . Data::Dumper::Dumper($variable), 'debug' );
return;
}
1;
......@@ -114,6 +114,11 @@ sub info {
return $self->datas->{_info};
}
sub addCookie {
my ( $self, $cookie ) = @_;
push @{ $self->respHeaders }, 'Set-Cookie' => $cookie;
}
# TODO: oldpassword
1;
__END__
......
......@@ -437,30 +437,30 @@ sub _deleteSession {
}
# Create an obsolete cookie to remove it
push @{ $req->respHeaders },
'Set-Cookie' => $self->cookie(
name => $self->conf->{cookieName} . 'http',
value => 0,
domain => $self->conf->{domain},
path => "/",
secure => 0,
expires => '-1d',
) unless ($preserveCookie);
$req->addCookie(
$self->cookie(
name => $self->conf->{cookieName} . 'http',
value => 0,
domain => $self->conf->{domain},
secure => 0,
expires => '-1d',
)
) unless ($preserveCookie);
}
HANDLER->localUnlog( $session->id );
$session->remove;
# Create an obsolete cookie to remove it
push @{ $req->respHeaders },
'Set-Cookie' => $self->cookie(
name => $self->conf->{cookieName},
value => 0,
domain => $self->conf->{domain},
path => "/",
secure => 0,
expires => '-1d',
) unless ($preserveCookie);
$req->addCookie(
$self->cookie(
name => $self->conf->{cookieName},
value => 0,
domain => $self->conf->{domain},
secure => 0,
expires => '-1d',
)
) unless ($preserveCookie);
# Log
my $user = $req->{sessionInfo}->{ $self->conf->{whatToTrace} };
......@@ -606,4 +606,29 @@ sub fullUrl {
return $pHost . $req->uri;
}
sub cookie {
my ( $self, %h ) = @_;
my @res;
$res[0] = "$h{name}" or die("name required");
$res[0] .= "=$h{value}";
$h{path} ||= '/';
$h{HttpOnly} //= $self->conf->{httpOnly};
$h{expires} //= $self->conf->{cookieExpiration};
foreach (qw(domain path expires max_age HttpOnly)) {
my $f = $_;
$f =~ s/_/-/g;
push @res, "$f=$h{$_}" if ( $h{$_} );
}
push @res, 'secure' if($h{secure});
return join( '; ', @res );
}
sub _dump {
my ( $self, $variable ) = @_;
require Data::Dumper;
$Data::Dumper::Indent = 0;
$self->lmLog( "Dump: " . Data::Dumper::Dumper($variable), 'debug' );
return;
}
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment