Revision 6c21fd13
Von Moritz Bunkus vor fast 12 Jahren hinzugefügt
| SL/Auth.pm | ||
|---|---|---|
| 592 | 592 |
$cookie = $sth->fetchrow_hashref; |
| 593 | 593 |
$sth->finish; |
| 594 | 594 |
|
| 595 |
if (!$cookie || $cookie->{is_expired} || ($cookie->{ip_address} ne $ENV{REMOTE_ADDR})) {
|
|
| 595 |
# The session ID provided is valid in the following cases: |
|
| 596 |
# 1. session ID exists in the database |
|
| 597 |
# 2. hasn't expired yet |
|
| 598 |
# 3. if form field '{AUTH}api_token' is given: form field must equal database column 'auth.session.api_token' for the session ID
|
|
| 599 |
# 4. if form field '{AUTH}api_token' is NOT given then: the requestee's IP address must match the stored IP address
|
|
| 600 |
$self->{api_token} = $cookie->{api_token} if $cookie;
|
|
| 601 |
my $api_token_cookie = $self->get_api_token_cookie; |
|
| 602 |
my $cookie_is_bad = !$cookie || $cookie->{is_expired};
|
|
| 603 |
$cookie_is_bad ||= $api_token_cookie && ($api_token_cookie ne $cookie->{api_token}) if $api_token_cookie;
|
|
| 604 |
$cookie_is_bad ||= $cookie->{ip_address} ne $ENV{REMOTE_ADDR} if !$api_token_cookie;
|
|
| 605 |
if ($cookie_is_bad) {
|
|
| 596 | 606 |
$self->destroy_session(); |
| 597 | 607 |
$main::lxdebug->leave_sub(); |
| 598 | 608 |
return $cookie ? SESSION_EXPIRED : SESSION_NONE; |
| ... | ... | |
| 791 | 801 |
do_query($::form, $dbh, qq|INSERT INTO auth.session (id, ip_address, mtime) VALUES (?, ?, now())|, $session_id, $ENV{REMOTE_ADDR});
|
| 792 | 802 |
} |
| 793 | 803 |
|
| 804 |
if ($self->{column_information}->has('api_token', 'session')) {
|
|
| 805 |
my ($stored_api_token) = $dbh->selectrow_array(qq|SELECT api_token FROM auth.session WHERE id = ?|, undef, $session_id); |
|
| 806 |
do_query($::form, $dbh, qq|UPDATE auth.session SET api_token = ? WHERE id = ?|, $self->_create_session_id, $session_id) unless $stored_api_token; |
|
| 807 |
} |
|
| 808 |
|
|
| 794 | 809 |
my @values_to_save = grep { $_->{fetched} }
|
| 795 | 810 |
values %{ $self->{SESSION} };
|
| 796 | 811 |
if (@values_to_save) {
|
| ... | ... | |
| 927 | 942 |
} |
| 928 | 943 |
|
| 929 | 944 |
sub get_session_cookie_name {
|
| 930 |
my $self = shift;
|
|
| 945 |
my ($self, %params) = @_;
|
|
| 931 | 946 |
|
| 932 |
return $self->{cookie_name} || 'lx_office_erp_session_id';
|
|
| 947 |
$params{type} ||= 'id';
|
|
| 948 |
my $name = $self->{cookie_name} || 'lx_office_erp_session_id';
|
|
| 949 |
$name .= '_api_token' if $params{type} eq 'api_token';
|
|
| 950 |
|
|
| 951 |
return $name; |
|
| 933 | 952 |
} |
| 934 | 953 |
|
| 935 | 954 |
sub get_session_id {
|
| 936 | 955 |
return $session_id; |
| 937 | 956 |
} |
| 938 | 957 |
|
| 958 |
sub get_api_token_cookie {
|
|
| 959 |
my ($self) = @_; |
|
| 960 |
|
|
| 961 |
$::request->{cgi}->cookie($self->get_session_cookie_name(type => 'api_token'));
|
|
| 962 |
} |
|
| 963 |
|
|
| 939 | 964 |
sub session_tables_present {
|
| 940 | 965 |
$main::lxdebug->enter_sub(); |
| 941 | 966 |
|
| SL/Auth/ColumnInformation.pm | ||
|---|---|---|
| 23 | 23 |
|
| 24 | 24 |
return $self if $self->{info};
|
| 25 | 25 |
|
| 26 |
my $query = <<SQL; |
|
| 27 |
SELECT a.attname, format_type(a.atttypid, a.atttypmod) AS format_type, d.adsrc, a.attnotnull |
|
| 28 |
FROM pg_attribute a |
|
| 29 |
LEFT JOIN pg_attrdef d ON (a.attrelid = d.adrelid) AND (a.attnum = d.adnum) |
|
| 30 |
WHERE (a.attrelid = 'auth.session_content'::regclass) |
|
| 31 |
AND (a.attnum > 0) |
|
| 32 |
AND NOT a.attisdropped |
|
| 33 |
ORDER BY a.attnum |
|
| 26 |
$self->{info} = {};
|
|
| 27 |
|
|
| 28 |
foreach my $table (qw(session session_content)) {
|
|
| 29 |
my $query = <<SQL; |
|
| 30 |
SELECT a.attname, format_type(a.atttypid, a.atttypmod) AS format_type, d.adsrc, a.attnotnull |
|
| 31 |
FROM pg_attribute a |
|
| 32 |
LEFT JOIN pg_attrdef d ON (a.attrelid = d.adrelid) AND (a.attnum = d.adnum) |
|
| 33 |
WHERE (a.attrelid = 'auth.${table}'::regclass)
|
|
| 34 |
AND (a.attnum > 0) |
|
| 35 |
AND NOT a.attisdropped |
|
| 36 |
ORDER BY a.attnum |
|
| 34 | 37 |
SQL |
| 35 | 38 |
|
| 36 |
$self->{info} = { selectall_as_map($::form, $self->{auth}->dbconnect, $query, 'attname', [ qw(format_type adsrc attnotnull) ]) };
|
|
| 39 |
$self->{info}->{$table} = { selectall_as_map($::form, $self->{auth}->dbconnect, $query, 'attname', [ qw(format_type adsrc attnotnull) ]) };
|
|
| 40 |
} |
|
| 37 | 41 |
|
| 38 | 42 |
return $self; |
| 39 | 43 |
} |
| ... | ... | |
| 44 | 48 |
} |
| 45 | 49 |
|
| 46 | 50 |
sub has {
|
| 47 |
my ($self, $column) = @_; |
|
| 48 |
return $self->info->{$column};
|
|
| 51 |
my ($self, $column, $table) = @_;
|
|
| 52 |
return $self->info->{$table || 'session_content'}->{$column};
|
|
| 49 | 53 |
} |
| 50 | 54 |
|
| 51 | 55 |
1; |
| SL/Controller/LoginScreen.pm | ||
|---|---|---|
| 34 | 34 |
sub action_login {
|
| 35 | 35 |
my ($self) = @_; |
| 36 | 36 |
|
| 37 |
%::myconfig = $::form->{'{AUTH}login'} ? $::auth->read_user(login => $::form->{'{AUTH}login'}) : ();
|
|
| 38 |
%::myconfig = SL::Dispatcher::AuthHandler::User->new->handle(countrycode => $::myconfig{countrycode});
|
|
| 37 |
my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login');
|
|
| 38 |
%::myconfig = $login ? $::auth->read_user(login => $login) : (); |
|
| 39 |
SL::Dispatcher::AuthHandler::User->new->handle(countrycode => $::myconfig{countrycode});
|
|
| 39 | 40 |
$::form->{login} = $::myconfig{login};
|
| 40 | 41 |
$::locale = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode};
|
| 41 | 42 |
my $user = User->new(login => $::myconfig{login});
|
| SL/Dispatcher/AuthHandler/Admin.pm | ||
|---|---|---|
| 8 | 8 |
sub handle {
|
| 9 | 9 |
%::myconfig = (); |
| 10 | 10 |
|
| 11 |
return 1 if $::auth->get_api_token_cookie; |
|
| 11 | 12 |
return 1 if $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'}) == $::auth->OK());
|
| 12 | 13 |
return 1 if !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
|
| 13 | 14 |
|
| SL/Dispatcher/AuthHandler/User.pm | ||
|---|---|---|
| 18 | 18 |
$::locale = Locale->new($::myconfig{countrycode});
|
| 19 | 19 |
$::request->{layout} = SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});
|
| 20 | 20 |
|
| 21 |
my $ok = $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
|
|
| 21 |
my $ok = $::auth->get_api_token_cookie ? 1 : 0; |
|
| 22 |
$ok ||= $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
|
|
| 22 | 23 |
$ok ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
|
| 23 | 24 |
|
| 24 | 25 |
return $self->_error(%param) if !$ok; |
| sql/Pg-upgrade2-auth/add_api_token.sql | ||
|---|---|---|
| 1 |
-- @tag: add_api_token |
|
| 2 |
-- @description: Feld 'api_token' in 'session' ergänzen |
|
| 3 |
-- @depends: |
|
| 4 |
-- @charset: utf-8 |
|
| 5 |
ALTER TABLE auth.session ADD COLUMN api_token text; |
|
Auch abrufbar als: Unified diff
Automatische Authentifizierung bestehender Sessions über Session-ID + API-Token
Wird für CRM-Menü benötigt.