[Bps-public-commit] r17777 - in RT-Authen-ExternalAuth/trunk/lib/RT/Authen: . ExternalAuth
zordrak at bestpractical.com
zordrak at bestpractical.com
Fri Jan 16 07:57:44 EST 2009
Author: zordrak
Date: Fri Jan 16 07:57:44 2009
New Revision: 17777
Modified:
RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm
RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm
RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
Log:
RT::Authen::ExternalAuth // 2009-01-16 Zordrak <zordrak at cpan.org> // CookieAuth module refactoring predominantly complete, work required on the Auth callback to properly integrate it
Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm (original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm Fri Jan 16 07:57:44 2009
@@ -351,7 +351,7 @@
sub CheckCookies {
- return RT::Authen::ExternalAuth::Cookie::CheckCookies();
+ return RT::Authen::ExternalAuth::DBI::CheckCookies();
}
1;
Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm (original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm Fri Jan 16 07:57:44 2009
@@ -308,11 +308,110 @@
return 0;
}
+sub GetCookieAuth {
+
+ $RT::Logger->debug( (caller(0))[3],
+ "Checking Browser Cookies for an Authenticated User");
+
+ my $username = undef;
+
+ # Get our cookie and database info...
+ my $config = $RT::CookieSettings;
+
+ unless ($RT::UseExternalCookieAuthService){
+ $RT::Logger->debug( "External Cookie Auth is not enabled.",
+ "Please check your config for \$UseExternalCookieAuthService");
+ return $username;
+ }
+
+ my $cookie_value = RT::Authen::ExternalAuth::DBI::Cookie::GetCookieVal($config->{'name'});
+ unless($cookie_value){
+ return $username;
+ }
+
+ # The table mapping usernames to the Username Match Key
+ my $u_table = $config->{'u_table'};
+ # The username field in that table
+ my $u_field = $config->{'u_field'};
+ # The field that contains the Username Match Key
+ my $u_match_key = $config->{'u_match_key'};
+
+ # The table mapping cookie values to the Cookie Match Key
+ my $c_table = $config->{'c_table'};
+ # The cookie field in that table - The same as the cookie name if unspecified
+ my $c_field = $config->{'c_field'};
+ # The field that connects the Cookie Match Key
+ my $c_match_key = $config->{'c_match_key'};
+
+ # These are random characters to assign as table aliases in SQL
+ # It saves a lot of garbled code later on
+ my $u_table_alias = "u";
+ my $c_table_alias = "c";
+
+ # $tables will be passed straight into the SQL query
+ # I don't see this as a security issue as only the admin may modify the config file anyway
+ my $tables;
+
+ # If the tables are the same, then the aliases should be the same
+ # and the match key becomes irrelevant. Ensure this all works out
+ # fine by setting both sides the same. In either case, set an
+ # appropriate value for $tables.
+ if ($u_table eq $c_table) {
+ $u_table_alias = $c_table_alias;
+ $u_match_key = $c_match_key;
+ $tables = "$c_table $c_table_alias";
+ } else {
+ $tables = "$c_table $c_table_alias, $u_table $u_table_alias";
+ }
+
+ my $select_fields = "$u_table_alias.$u_field";
+ my $where_statement = "$c_table_alias.$c_field = ? AND $c_table_alias.$c_match_key = $u_table_alias.$u_match_key";
+
+ my $query = "SELECT $select_fields FROM $tables WHERE $where_statement";
+ my @params = ($cookie_value);
+ my $service = 'Auth';
+
+ # Use this if you need to debug the DBI SQL process
+ # DBI->trace(1,'/tmp/dbi.log');
+
+ my $dbh = _GetBoundDBIObj($RT::ExternalSettings->{$config->{'db_service_name'}});
+ my $query_result_arrayref = $dbh->selectall_arrayref($query,{}, at params);
+ $dbh->disconnect();
+
+ # The log messages say it all here...
+ my $num_rows = scalar @$query_result_arrayref;
+ if ($num_rows < 1) {
+ $RT::Logger->info( "AUTH FAILED",
+ $cookie_name,
+ "Cookie value not found in database.",
+ "User passed an authentication token they were not given by us!",
+ "Is this nefarious activity?");
+ } elsif ($num_rows > 1) {
+ $RT::Logger->error( "AUTH FAILED",
+ $cookie_name,
+ "Cookie's value is duplicated in the database! This should not happen!!");
+ } else {
+ $username = $query_result_arrayref->[0][0];
+ }
+
+ if ($username) {
+ $RT::Logger->debug( "User (",
+ $username,
+ ") was authenticated by a browser cookie");
+ } else {
+ $RT::Logger->debug( "No user was authenticated by browser cookie");
+ }
+
+ return $username;
+
+}
+
+
# {{{ sub _GetBoundDBIObj
sub _GetBoundDBIObj {
- # Config as hashref. #### Or is this a hash?
+ # Config as hashref.
my $config = shift;
# Extract the relevant information from the config.
Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm (original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm Fri Jan 16 07:57:44 2009
@@ -1,125 +1,29 @@
package RT::Authen::ExternalAuth::DBI::Cookie;
use strict;
-use RT::Authen::ExternalAuth::DBI;
use CGI::Cookie;
-# {{{ sub CheckCookies
-sub CheckCookies {
+# {{{ sub GetCookieVal
+sub GetCookieVal {
-# We are not a User object any more!
-# my $self = RT::User->new($RT::SystemUser);
-
- $RT::Logger->debug( (caller(0))[3],
- "Checking Browser Cookies for an Authenticated User");
-
- my $confirmed_by_cookie = 0;
- my $username; # $user changed to $username as not object but string
+ # The name of the cookie
+ my $cookie_name = shift;
+ my $cookie_value;
# Pull in all cookies from browser within our cookie domain
my %cookies = CGI::Cookie->fetch();
- # Get our cookie and database info...
- my $config = $RT::CookieSettings;
-
- unless ($RT::UseExternalCookieAuthService){
- $RT::Logger->debug( "External Cookie Auth is not enabled.",
- "Please check your config for \$UseExternalCookieAuthService");
- return (undef,0);
- }
-
- # The name of the cookie
- my $cookie_name = $config->{'name'};
-
# If the cookie is set, get the value, if it's not set, get out now!
- my $cookie_value;
if (defined $cookies{$cookie_name}) {
$cookie_value = $cookies{$cookie_name}->value;
- $RT::Logger->debug( "Cookie Found!",
- ":: $cookie_name ::",
- "Attempting to use for authentication");
+ $RT::Logger->debug( "Cookie Found",
+ ":: $cookie_name");
} else {
- $RT::Logger->debug( "Cookie Auth Failed:",
- "Cookie Not Assigned");
- return ($user,$confirmed_by_cookie);
+ $RT::Logger->debug( "Cookie Not Found");
}
- # The table mapping usernames to the Username Match Key
- my $u_table = $config->{'u_table'};
- # The username field in that table
- my $u_field = $config->{'u_field'};
- # The field that contains the Username Match Key
- my $u_match_key = $config->{'u_match_key'};
-
- # The table mapping cookie values to the Cookie Match Key
- my $c_table = $config->{'c_table'};
- # The cookie field in that table - The same as the cookie name if unspecified
- my $c_field = $config->{'c_field'};
- # The field that connects the Cookie Match Key
- my $c_match_key = $config->{'c_match_key'};
-
- # These are random characters to assign as table aliases in SQL
- # It saves a lot of garbled code later on
- my $u_table_alias = "u";
- my $c_table_alias = "c";
-
- # $tables will be passed straight into the SQL query
- # I don't see this as a security issue as only the admin may modify the config file anyway
- my $tables;
-
- # If the tables are the same, then the aliases should be the same
- # and the match key becomes irrelevant. Ensure this all works out
- # fine by setting both sides the same. In either case, set an
- # appropriate value for $tables.
- if ($u_table eq $c_table) {
- $u_table_alias = $c_table_alias;
- $u_match_key = $c_match_key;
- $tables = "$c_table $c_table_alias";
- } else {
- $tables = "$c_table $c_table_alias, $u_table $u_table_alias";
- }
-
- my $select_fields = "$u_table_alias.$u_field";
- my $where_statement = "$c_table_alias.$c_field = ? AND $c_table_alias.$c_match_key = $u_table_alias.$u_match_key";
-
- my $query = "SELECT $select_fields FROM $tables WHERE $where_statement";
- my @params = ($cookie_value);
- my $service = 'Auth';
-
- # Use this if you need to debug the DBI SQL process
- # DBI->trace(1,'/tmp/dbi.log');
-
- my $dbh = RT::Authen::ExternalAuth::DBI::_GetBoundDBIObj($RT::ExternalSettings->{$config->{'db_service_name'}});
- my $query_result_arrayref = $dbh->selectall_arrayref($query,{}, at params);
- $dbh->disconnect();
-
- # The log messages say it all here...
- my $num_rows = scalar @$query_result_arrayref;
- my $confirmed_user;
- if ($num_rows < 1) {
- $RT::Logger->info( "AUTH FAILED",
- $cookie_name,
- "Cookie value not found in database.",
- "User passed an authentication token they were not given by us!",
- "Is this nefarious activity?");
- } elsif ($num_rows > 1) {
- $RT::Logger->error( "AUTH FAILED",
- $cookie_name,
- "Cookie's value is duplicated in the database! This should not happen!!");
- } else {
- $user = $query_result_arrayref->[0][0];
- $confirmed_by_cookie = 1;
- }
-
- if ($confirmed_by_cookie == 1) {
- $RT::Logger->debug( "User (",
- $user,
- ") was authenticated by a browser cookie");
- } else {
- $RT::Logger->debug( "No user was authenticated by browser cookie");
- }
+ return $cookie_value;
- return ($user,$confirmed_by_cookie);
}
# }}}
More information about the Bps-public-commit
mailing list