Apache2-Authen-OdinAuth
view release on metacpan or search on metacpan
lib/Apache2/Authen/OdinAuth.pm view on Meta::CPAN
#########################################################
#
# 2) we might need auth - see if we have a valid cookie
#
my $cookie_is_invalid = 'by default';
my $cookie_user = '?';
my $cookie_roles = '_';
my $cookies = &parse_cookie_jar($r->headers_in->{'Cookie'});
my $cookie = $cookies->{config->{cookie}};
if ($cookie) {
my ( $user, $roles );
eval {
( $user, $roles ) =
Crypt::OdinAuth::check_cookie(
config->{secret},
$cookie,
$r->headers_in->{'User-Agent'});
lib/Crypt/OdinAuth.pm view on Meta::CPAN
# http://www.isecpartners.com/blog/2011/2/18/double-hmac-verification.html
my $hmac_received = Digest::HMAC->new($secret, Digest->new("SHA-256"));
my $hmac_calculated = Digest::HMAC->new($secret, Digest->new("SHA-256"));
$hmac_received->add($hmac);
$hmac_calculated->add(hmac_for($secret, $user, $roles, $ts, $ua));
die "Invalid signature\n"
if ( $hmac_received->digest ne $hmac_calculated->digest );
die "Cookie is old\n"
if ( $ts < time() - OLD_COOKIE );
die "Cookie is in future\n"
if ( $ts > time() + 5*60 );
return $user, $roles;
}
=head1 AUTHOR
Maciej Pasternacki, C<< <maciej at pasternacki.net> >>
=head1 BUGS
'netcat')
} qr/^Invalid signature$/;
throws_ok {
Crypt::OdinAuth::check_cookie(
'secret',
Crypt::OdinAuth::cookie_for(
'secret', 'login_name', 'role1,role2,role3', 'netcat',
time()-2*Crypt::OdinAuth::OLD_COOKIE),
'netcat')
} qr/^Cookie is old$/;
throws_ok {
Crypt::OdinAuth::check_cookie(
'secret',
Crypt::OdinAuth::cookie_for(
'secret', 'login_name', 'role1,role2,role3', 'netcat', time()+10*60),
'netcat')
} qr/^Cookie is in future$/;
sub try_to_authorize {
my ( $user, $roles );
eval {
( $user, $roles ) = Crypt::OdinAuth::check_cookie(
'secret'.(shift||''),
Crypt::OdinAuth::cookie_for(
'secret', 'login_name', 'role1,role2,role3', 'netcat'),
'netcat');
} or return $@;
( run in 0.275 second using v1.01-cache-2.11-cpan-0d8aa00de5b )