[Bps-public-commit] r17777 - in RT-Authen-ExternalAuth/trunk/lib/RT/Authen: . ExternalAuth

zordrak at bestpractical.com zordrak at bestpractical.com
Fri Jan 16 07:57:44 EST 2009


Author: zordrak
Date: Fri Jan 16 07:57:44 2009
New Revision: 17777

Modified:
   RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm
   RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm
   RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm

Log:
RT::Authen::ExternalAuth // 2009-01-16 Zordrak <zordrak at cpan.org> // CookieAuth module refactoring predominantly complete, work required on the Auth callback to properly integrate it

Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm	(original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm	Fri Jan 16 07:57:44 2009
@@ -351,7 +351,7 @@
 
 sub CheckCookies {
 
-    return RT::Authen::ExternalAuth::Cookie::CheckCookies();    
+    return RT::Authen::ExternalAuth::DBI::CheckCookies();    
 
 }
 1;

Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm	(original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm	Fri Jan 16 07:57:44 2009
@@ -308,11 +308,110 @@
     return 0;
 }
 
+sub GetCookieAuth {
+
+    $RT::Logger->debug( (caller(0))[3],
+	                "Checking Browser Cookies for an Authenticated User");
+			     
+    my $username = undef;
+
+    # Get our cookie and database info...
+    my $config = $RT::CookieSettings;
+
+    unless ($RT::UseExternalCookieAuthService){
+        $RT::Logger->debug( "External Cookie Auth is not enabled.",
+                            "Please check your config for \$UseExternalCookieAuthService");
+        return $username;
+    }
+
+    my $cookie_value = RT::Authen::ExternalAuth::DBI::Cookie::GetCookieVal($config->{'name'});
+    unless($cookie_value){
+        return $username;
+    }
+
+    # The table mapping usernames to the Username Match Key
+    my $u_table     = $config->{'u_table'};
+    # The username field in that table
+    my $u_field     = $config->{'u_field'};
+    # The field that contains the Username Match Key
+    my $u_match_key = $config->{'u_match_key'};
+
+    # The table mapping cookie values to the Cookie Match Key
+    my $c_table     = $config->{'c_table'};
+    # The cookie field in that table - The same as the cookie name if unspecified
+    my $c_field     = $config->{'c_field'};
+    # The field that connects the Cookie Match Key
+    my $c_match_key = $config->{'c_match_key'};
+
+    # These are random characters to assign as table aliases in SQL
+    # It saves a lot of garbled code later on
+    my $u_table_alias = "u";
+    my $c_table_alias = "c";
+
+    # $tables will be passed straight into the SQL query
+    # I don't see this as a security issue as only the admin may modify the config file anyway
+    my $tables;
+
+    # If the tables are the same, then the aliases should be the same
+    # and the match key becomes irrelevant. Ensure this all works out
+    # fine by setting both sides the same. In either case, set an
+    # appropriate value for $tables.
+    if ($u_table eq $c_table) {
+            $u_table_alias  = $c_table_alias;
+            $u_match_key    = $c_match_key;
+            $tables         = "$c_table $c_table_alias";
+    } else {
+            $tables = "$c_table $c_table_alias, $u_table $u_table_alias";
+    }
+
+    my $select_fields = "$u_table_alias.$u_field";
+    my $where_statement = "$c_table_alias.$c_field = ? AND $c_table_alias.$c_match_key = $u_table_alias.$u_match_key";
+
+    my $query = "SELECT $select_fields FROM $tables WHERE $where_statement";
+    my @params = ($cookie_value);
+    my $service = 'Auth';
+
+    # Use this if you need to debug the DBI SQL process
+    # DBI->trace(1,'/tmp/dbi.log');
+
+    my $dbh = _GetBoundDBIObj($RT::ExternalSettings->{$config->{'db_service_name'}});
+    my $query_result_arrayref = $dbh->selectall_arrayref($query,{}, at params);
+    $dbh->disconnect();
+
+    # The log messages say it all here...
+    my $num_rows = scalar @$query_result_arrayref;
+    if ($num_rows < 1) {
+        $RT::Logger->info(  "AUTH FAILED",
+                            $cookie_name,
+                            "Cookie value not found in database.",
+                            "User passed an authentication token they were not given by us!",
+                            "Is this nefarious activity?");
+    } elsif ($num_rows > 1) {
+        $RT::Logger->error( "AUTH FAILED",
+                            $cookie_name,
+                            "Cookie's value is duplicated in the database! This should not happen!!");
+    } else {
+        $username = $query_result_arrayref->[0][0];
+    }
+
+    if ($username) {
+        $RT::Logger->debug( "User (",
+                            $username,
+                            ") was authenticated by a browser cookie");
+    } else {
+        $RT::Logger->debug( "No user was authenticated by browser cookie");
+    }
+
+    return $username;
+
+}
+
+
 # {{{ sub _GetBoundDBIObj
 
 sub _GetBoundDBIObj {
     
-    # Config as hashref.   #### Or is this a hash?
+    # Config as hashref. 
     my $config = shift;
 
     # Extract the relevant information from the config.

Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm	(original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm	Fri Jan 16 07:57:44 2009
@@ -1,125 +1,29 @@
 package RT::Authen::ExternalAuth::DBI::Cookie;
 
 use strict;
-use RT::Authen::ExternalAuth::DBI;
 use CGI::Cookie;
 
-# {{{ sub CheckCookies
-sub CheckCookies {
+# {{{ sub GetCookieVal
+sub GetCookieVal {
 
-# We are not a User object any more!
-#    my $self = RT::User->new($RT::SystemUser);
-
-    $RT::Logger->debug( (caller(0))[3],
-                        "Checking Browser Cookies for an Authenticated User");
-
-    my $confirmed_by_cookie = 0;
-    my $username; # $user changed to $username as not object but string
+    # The name of the cookie
+    my $cookie_name = shift;
+    my $cookie_value;
 
     # Pull in all cookies from browser within our cookie domain
     my %cookies = CGI::Cookie->fetch();
 
-    # Get our cookie and database info...
-    my $config = $RT::CookieSettings;
-
-    unless ($RT::UseExternalCookieAuthService){
-        $RT::Logger->debug( "External Cookie Auth is not enabled.",
-                            "Please check your config for \$UseExternalCookieAuthService");
-        return (undef,0);
-    }
-    
-    # The name of the cookie
-    my $cookie_name = $config->{'name'};
-
     # If the cookie is set, get the value, if it's not set, get out now!
-    my $cookie_value;
     if (defined $cookies{$cookie_name}) {
       $cookie_value = $cookies{$cookie_name}->value;
-      $RT::Logger->debug(  "Cookie Found!",
-                           ":: $cookie_name ::",
-                           "Attempting to use for authentication");
+      $RT::Logger->debug(  "Cookie Found",
+                           ":: $cookie_name");
     } else {
-        $RT::Logger->debug( "Cookie Auth Failed:",
-                            "Cookie Not Assigned");
-        return ($user,$confirmed_by_cookie);
+        $RT::Logger->debug( "Cookie Not Found");
     }
 
-    # The table mapping usernames to the Username Match Key
-    my $u_table     = $config->{'u_table'};
-    # The username field in that table
-    my $u_field     = $config->{'u_field'};
-    # The field that contains the Username Match Key
-    my $u_match_key = $config->{'u_match_key'};
-    
-    # The table mapping cookie values to the Cookie Match Key
-    my $c_table     = $config->{'c_table'};
-    # The cookie field in that table - The same as the cookie name if unspecified
-    my $c_field     = $config->{'c_field'};
-    # The field that connects the Cookie Match Key
-    my $c_match_key = $config->{'c_match_key'};
-
-    # These are random characters to assign as table aliases in SQL
-    # It saves a lot of garbled code later on
-    my $u_table_alias = "u";
-    my $c_table_alias = "c";
-
-    # $tables will be passed straight into the SQL query
-    # I don't see this as a security issue as only the admin may modify the config file anyway
-    my $tables;
-    
-    # If the tables are the same, then the aliases should be the same
-    # and the match key becomes irrelevant. Ensure this all works out 
-    # fine by setting both sides the same. In either case, set an
-    # appropriate value for $tables.
-    if ($u_table eq $c_table) {
-	    $u_table_alias  = $c_table_alias;
-	    $u_match_key    = $c_match_key;
-	    $tables         = "$c_table $c_table_alias";	
-    } else {
-   	    $tables = "$c_table $c_table_alias, $u_table $u_table_alias";
-    }
-
-    my $select_fields = "$u_table_alias.$u_field";
-    my $where_statement = "$c_table_alias.$c_field = ? AND $c_table_alias.$c_match_key = $u_table_alias.$u_match_key";
-
-    my $query = "SELECT $select_fields FROM $tables WHERE $where_statement";
-    my @params = ($cookie_value);
-    my $service = 'Auth';
-
-    # Use this if you need to debug the DBI SQL process
-    # DBI->trace(1,'/tmp/dbi.log');        
-
-    my $dbh = RT::Authen::ExternalAuth::DBI::_GetBoundDBIObj($RT::ExternalSettings->{$config->{'db_service_name'}});
-    my $query_result_arrayref = $dbh->selectall_arrayref($query,{}, at params);
-    $dbh->disconnect();
-    
-    # The log messages say it all here...
-    my $num_rows = scalar @$query_result_arrayref;
-    my $confirmed_user;
-    if ($num_rows < 1) {
-        $RT::Logger->info(  "AUTH FAILED", 
-                            $cookie_name,
-                            "Cookie value not found in database.",
-                            "User passed an authentication token they were not given by us!",
-                            "Is this nefarious activity?");
-    } elsif ($num_rows > 1) {
-        $RT::Logger->error( "AUTH FAILED", 
-                            $cookie_name,
-                            "Cookie's value is duplicated in the database! This should not happen!!");
-    } else {
-        $user = $query_result_arrayref->[0][0];
-        $confirmed_by_cookie = 1;
-    }
-
-    if ($confirmed_by_cookie == 1) {
-        $RT::Logger->debug( "User (",
-                            $user,
-                            ") was authenticated by a browser cookie");
-    } else {
-        $RT::Logger->debug( "No user was authenticated by browser cookie");
-    }
+    return $cookie_value;
 
-    return ($user,$confirmed_by_cookie);
 }
 
 # }}}



More information about the Bps-public-commit mailing list