Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 77fda875

Von Moritz Bunkus vor mehr als 11 Jahren hinzugefügt

Überprüfung vom API-Token gefixt

Unterschiede anzeigen:

SL/Auth.pm
607 607 
  # The session ID provided is valid in the following cases:
608 608 
  #  1. session ID exists in the database
609 609 
  #  2. hasn't expired yet
610 
  #  3. if form field '{AUTH}api_token' is given: form field must equal database column 'auth.session.api_token' for the session ID
611 
  #  4. if form field '{AUTH}api_token' is NOT given then: the requestee's IP address must match the stored IP address
610 
  #  3. if cookie for the API token is given: the cookie's value equal database column 'auth.session.api_token' for the session ID
611 
  #  4. if cookie for the API token is NOT given then: the requestee's IP address must match the stored IP address
612 612 
  $self->{api_token}   = $cookie->{api_token} if $cookie;
613 613 
  my $api_token_cookie = $self->get_api_token_cookie;
614 614 
  my $cookie_is_bad    = !$cookie || $cookie->{is_expired};
......
992 992 
  $::request->{cgi}->cookie($self->get_session_cookie_name(type => 'api_token'));
993 993 
}
994 994 

  		




  
  995
  
    
sub is_api_token_cookie_valid {


  		




  
  996
  
    
  my ($self)             = @_;


  		




  
  997
  
    
  my $provided_api_token = $self->get_api_token_cookie;


  		




  
  998
  
    
  return $self->{api_token} && $provided_api_token && ($self->{api_token} eq $provided_api_token);


  		




  
  999
  
    
}


  		




  
  1000
  
    

  		




  995
  1001
  
    
sub session_tables_present {


  		




  996
  1002
  
    
  $main::lxdebug->enter_sub();


  		




  997
  1003
  
    

  		












  

    
      SL/Dispatcher/AuthHandler/Admin.pm
    
  





  10
  10
  
    

  		




  11
  11
  
    
  %::myconfig = ();


  		




  12
  12
  
    

  		




  13
  
  
    
  my $ok =  $::auth->get_api_token_cookie ? 1 : 0;


  		




  
  13
  
    
  my $ok =  $::auth->is_api_token_cookie_valid;


  		




  14
  14
  
    
  $ok  ||=  $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'})            == $::auth->OK());


  		




  15
  15
  
    
  $ok  ||= !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());


  		




  16
  16
  
    
  $ok  ||=  $params{action} eq 'login';


  		












  

    
      SL/Dispatcher/AuthHandler/User.pm
    
  





  21
  21
  
    
  $::locale = Locale->new($::myconfig{countrycode});


  		




  22
  22
  
    
  $::request->{layout} = SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});


  		




  23
  23
  
    

  		




  24
  
  
    
  my $ok   =  $::auth->get_api_token_cookie ? 1 : 0;


  		




  
  24
  
    
  my $ok   =  $::auth->is_api_token_cookie_valid;


  		




  25
  25
  
    
  $ok    ||=  $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));


  		




  26
  26
  
    
  $ok    ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));


  		




  27
  27
  
    

  		












Auch abrufbar als:  Unified diff