Apache2-SiteControl
view release on metacpan or search on metacpan
lib/Apache2/SiteControl/UserFactory.pm view on Meta::CPAN
package Apache2::SiteControl::UserFactory;
use 5.008;
use strict;
use warnings;
use Carp;
use Data::Dumper;
use Apache2::SiteControl::User;
use Crypt::CBC;
our $engine;
our $encryption_key;
sub init_engine
{
my $cipher = shift;
my $key = shift;
if(!defined($engine)) {
$engine = Crypt::CBC->new({ key => $key, cipher => $cipher });
}
}
# Params: Apache request, username, password, other credentials...
sub makeUser
{
my $this = shift;
my $r = shift;
my $username = shift;
my $password = shift;
my @other_cred = @_;
my $sessiondir = $r->dir_config("SiteControlSessions") || "/tmp";
my $lockdir = $r->dir_config("SiteControlLocks") || "/tmp";
my $mapdir = $r->dir_config("SiteControlUsermap") || "";
my $debug = $r->dir_config("SiteControlDebug") || 0;
my $savePassword = $r->dir_config("UserObjectSavePassword") || 0;
my $cipher = $r->dir_config("UserObjectPasswordCipher") || "CAST5";
my $key = $r->dir_config("UserObjectPasswordKey") || $encryption_key || "A not very secure key because the admin forgot to set it.";
my $saveOther = $r->dir_config("UserObjectSaveOtherCredentials") || 0;
my $factory = $r->dir_config("SiteControlUserFactory") || "Apache2::SiteControl::UserFactory";
my $user = undef;
my %session;
my $usermap;
my $session_removed = 0;
$r->log_error("encryption engine using key: $key") if $debug;
init_engine($cipher, $key) if($savePassword);
# Proper steps:
# 1. Check to see if session already exists for user. If so, delete it.
# 2. Create new session for user and populate it.
# 3. Return the new user object.
$r->log_error("Making user object for $username.") if $debug;
eval {
if($mapdir && -l "$mapdir/$username") {
$r->log_error("$username is logging in, and already had a session. Removing old session.");
$session_removed = 1;
my $sid = readlink "$mapdir/$username";
unlink "$mapdir/$username"; # Remove the link
unlink "$sid"; # Remove the session file
}
tie %session, 'Apache::Session::File', undef,
{
Directory => $sessiondir,
LockDirectory => $lockdir
};
# Remember the username to session mapping.
$r->log_error("Making symlink from $sessiondir/$session{_session_id} to $mapdir/$username") if($mapdir);
symlink "$sessiondir/" . $session{_session_id}, "$mapdir/$username" if($mapdir);
$user = new Apache2::SiteControl::User($username, $session{_session_id}, $factory);
$session{username} = $username;
$session{manager} = $factory;
$session{attr_password} = $engine->encrypt($password) if($savePassword);
$session{attr_session_removed} = $session_removed;
if(@other_cred && $saveOther) {
my $i = 2;
for my $c (@other_cred) {
$r->log_error("Saving extra credential_$i with value $c") if $debug;
$session{"attr_credential_$i"} = $c;
$i++;
lib/Apache2/SiteControl/UserFactory.pm view on Meta::CPAN
$user->{sessionid}.
=item saveAttribute($$$)
This method is automatically called whenever a user has a new attribute value.
The incoming arguments are the apache request, the user object, and the name of
the attribute to save (you can read it with $user->getAttribute($name)). This
method must save the attribute in a such a way that later calls to findUser
will be able to restore the attribute to the user object that is created. The
session id you created for this user (in makeUser) is available in
$user->{sessionid}.
=back
=head1 Apache Config Directives
The following is a list of configuration variables that can be set with
apache's PerlSetVar to configure the behavior of this class:
=over 3
=item SiteControlDebug (default 0):
Debug mode
=item SiteControlLocks (default /tmp):
Where the locks are stored
=item SiteControlSessions (default /tmp):
Where the session data is stored
=item SiteControlUsermap (default none):
Where the usernames are mapped to session files. Required if you want multiple
session detection. If unset a single userid can be used to log in multiple
times simultaneously.
=item SiteControlUserFactory (default: Apache2::SiteControl::UserFactory)
An implementation like this module.
=item UserObjectSaveOtherCredentials (default: 0)
Indicates that other form data from the login screen (credential_2,
credential_3, etc.) should be saved in the session data. The keys will be
credential_2, etc. name of the user factory to use when making user objects.
These are useful if your web application has other login choices (i.e. service,
database, etc.) that you need to know about at login.
=item UserObjectSavePassword (default 0)
Indicates that the password should be saved in the local session data, so that
it is available to other parts of the web app (and not just the auth system).
This might be necessary if you are logging the user in and out of services on
the back end (like in webmail and database apps).
=item UserObjectPasswordCipher (default CAST5)
The CBC cipher used for encrypting the user passwords in the session files (See
Crypt::CBC for info on allowed ciphers...this value is passed directly to
Crypt::CBC->new). If you are saving user passwords, they will be encrypted when
stored in the apache session files. This gives a little bit of added security,
and makes the apache config the only sensitive file (since that is where you
configure the key itself) instead of every random session file that is laying
around on disk.
There is a global variable in this package called $encryption_key, which will
be used if this variable is not set. The suggested method is to set the
encryption key during server startup using a random value (i.e. from
/dev/random), so that all server forks will inherit the value.
=item UserObjectPasswordKey
The key to use for encryption of the passwords in the session files. See
UserObjectPasswordCipher above.
=back
=head1 SEE ALSO
Apache2::SiteControl::User, Apache::SiteControl::PermissionManager,
Apache2::SiteControl::Rule, Apache::SiteControl
=head1 AUTHOR
This module was written by Tony Kay, E<lt>tkay@uoregon.eduE<gt>.
=head1 COPYRIGHT AND LICENSE
Apache2::SiteControl is covered by the GPL.
=cut
( run in 1.351 second using v1.01-cache-2.11-cpan-df04353d9ac )