Apache2-Authen-OdinAuth

 view release on metacpan or  search on metacpan

lib/Apache2/Authen/OdinAuth.pm  view on Meta::CPAN

185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
#########################################################
#
# 2) we might need auth - see if we have a valid cookie
#
 
my $cookie_is_invalid = 'by default';
my $cookie_user = '?';
my $cookie_roles = '_';
 
my $cookies = &parse_cookie_jar($r->headers_in->{'Cookie'});
my $cookie = $cookies->{config->{cookie}};
 
if ($cookie) {
    my ( $user, $roles );
    eval {
        ( $user, $roles ) =
            Crypt::OdinAuth::check_cookie(
                config->{secret},
                $cookie,
                $r->headers_in->{'User-Agent'});

lib/Crypt/OdinAuth.pm  view on Meta::CPAN

89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
    my $hmac_received   = Digest::HMAC->new($secret, Digest->new("SHA-256"));
    my $hmac_calculated = Digest::HMAC->new($secret, Digest->new("SHA-256"));
 
    $hmac_received->add($hmac);
    $hmac_calculated->add(hmac_for($secret, $user, $roles, $ts, $ua));
 
    die "Invalid signature\n"
      if ( $hmac_received->digest ne $hmac_calculated->digest );
 
    die "Cookie is old\n"
        if ( $ts < time() - OLD_COOKIE );
 
    die "Cookie is in future\n"
        if ( $ts > time() + 5*60 );
 
    return $user, $roles;
}
 
=head1 AUTHOR
 
Maciej Pasternacki, C<< <maciej at pasternacki.net> >>
 
=head1 BUGS

t/crypto.t  view on Meta::CPAN

49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
    'netcat')
  } qr/^Invalid signature$/;
 
throws_ok {
  Crypt::OdinAuth::check_cookie(
    'secret',
    Crypt::OdinAuth::cookie_for(
      'secret', 'login_name', 'role1,role2,role3', 'netcat',
      time()-2*Crypt::OdinAuth::OLD_COOKIE),
    'netcat')
  } qr/^Cookie is old$/;
 
throws_ok {
  Crypt::OdinAuth::check_cookie(
    'secret',
    Crypt::OdinAuth::cookie_for(
      'secret', 'login_name', 'role1,role2,role3', 'netcat', time()+10*60),
    'netcat')
  } qr/^Cookie is in future$/;
 
sub try_to_authorize {
  my ( $user, $roles );
  eval {
    ( $user, $roles ) = Crypt::OdinAuth::check_cookie(
      'secret'.(shift||''),
      Crypt::OdinAuth::cookie_for(
        'secret', 'login_name', 'role1,role2,role3', 'netcat'),
      'netcat');
  } or return $@;



( run in 0.328 second using v1.01-cache-2.11-cpan-0d8aa00de5b )