X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=blobdiff_plain;f=cgi-auth-hybrid.pm;h=953db1518c38a3dd3d97a7af0408178cce19afb7;hp=f7b48aa1ef4ccbd96ff156a66036202196349221;hb=edba190acf5982ec65b3775c27e4a8048abd4b3a;hpb=e1f49099d0f659ece466813a04a3c0afdcbf299c diff --git a/cgi-auth-hybrid.pm b/cgi-auth-hybrid.pm index f7b48aa..953db15 100644 --- a/cgi-auth-hybrid.pm +++ b/cgi-auth-hybrid.pm @@ -169,72 +169,93 @@ sub _check_core ($) { # i login # o logout + +# in cook and par, +# a, aN anything including - +# t, tN temporary value (in our db, no logged in user yet) +# y, yN value corresponds to logged-in user +# n, nN value not in our db +# x, xN t or y +# - no value supplied +# if N differs the case applies only when the two values differ +# (eg, a1 y2 does not apply when the logged-in value is supplied twice) + +# "stale session" means request originates from a page from a login +# session which has been revoked (eg by logout); "cleared session" +# means request originates from a browser which has a different (or +# no) cookie. + # Case analysis, cookie mode, app promises re mutate: # cook par meth form # - # y y GET nr fine, show page or send data + # any - POST nrmuoi bug or attack, fail + # any - GET rmuoi bug or attack, fail + # any any GET muoi bug or attack, fail + # any t any nrmuo bug or attack, fail # - # y - GET n cross-site link - # show data - # y1 y2 GET n intra-site link - # from session no longer known to browser - # do not revoke y2 as not a POST so not RESTful - # treat as cross-site link, show data - # y n GET n intra-site link from stale session, - # treat as cross-site link, show data + # a1 a2 POST o logout + # if a1 is valid, revoke it + # if a2 is valid, revoke it + # delete cookie + # redirect to "just logged out" page + # (which contains link to login form) # - # y - GET r bug or attack, fail - # y1 y2 GET r intra-site data request - # from session no longer known to browser - # do not revoke y2 as not a POST so not RESTful - # fail - # y n GET r intra-site data request from stale session - # fail + # - t POST i complain about cookies being disabled # - # - y GET n CLEAR COOKIES TO LOGOUT OPTION + # - n POST i complain about stale login form + # show new login form # - # -/n any GET n cross-site link but user not logged in - # show login form + # x1 x2 POST i login (or switch user) + # revoke x1 if it was valid and !=x2 + # upgrade x2 to y2 in our db (setting username) + # set cookie to x2 + # redirect to GET of remaining params # - # -/n any GET r data request from stale session - # fail + # t1 a2 ANY nrmu treat as - a2 ANY # - # any any GET muoi bug or attack, fail + # y - GET n cross-site link + # show data # + # y y GET nr fine, show page or send data # y y POST nrmu mutation is OK, do operation - # y y POST o logout - # y y POST i login, redirect to GET of remaining params # - # any - POST bug or xsrf attack, fail + # y1 y2 GET nr request from stale page + # do not revoke y2 as not RESTful + # treat as y1 n GET # - # n/y1 y2 POST r intra-site form submission - # from session no longer known to browser + # y1 y2 POST nrmu request from stale page # revoke y2 + # treat as y1 n POST + # + # y n GET n intra-site link from stale page, + # treat as cross-site link, show data + # + # y n POST n m intra-site form submission from stale page # show "session interrupted" - # n/y1 y2 POST m intra-site js operation - # from session no longer known to browser - # revoke y2 + # with link to main data page + # + # y n GET r intra-site request from stale page # fail - # y n POST r intra-site form submission from stale session - # show "session interrupted" - # y n POST m intra-site form submission from stale session + # + # y n POST r u intra-site request from stale page # fail # - # - y2 GET intra-site link or data request - # from session no longer known to browser + # -/n y2 GET nr intra-site link from cleared session + # do not revoke y2 as not RESTful + # treat as -/n n GET + # + # -/n y2 POST nrmu request from cleared session + # revoke y2 + # treat as -/n n POST + # + # -/n n GET n cross-site link but user not logged in + # show login form with redirect to orig params + # + # -/n n GET rmu user not logged in # fail - - # - y2 any req from old session y2, del y2, show login - # y1 y2 any req from old session y2, del y2, show y1 main - - # y1 any GET non-mut cross-site link - # y1 any GET non-mut no mutation, show page providing new par # - # A B any page from old session or cross-site request - # any y2 POST logout do logout y2 - - - # any any GET mutate bug or attack, forbidden, call die + # -/n n POST nrmu user not logged in + # fail my $dbh = $r->{Dbh}; my ($nusername, $nlast) = @@ -332,41 +353,21 @@ CGI::Auth::Hybrid - web authentication optionally using cookies =head1 USAGE PATTERN FOR SIMPLE APPLICATIONS - if ( form submission is login request ) { - check login details, if wrong print error and quit - $authreq->record_login(...username...); - } - if ( form submission is logout request ) { - my $logged_out_user = $authreq->logout(); - if (!defined $logged_out_user) { - print "you are not logged in" error and quit - } else { - print "goodbye $username you are now logged out" and quit - } - } - if ( !$authreq->check() ) { - display login form, quit + $authreq->check_ok() or return; + blah blah blah + $authreq->mutating(); + blah blah blah =head1 USAGE PATTERN FOR FANCY APPLICATIONS - if ( form submission is login request ) { - check login details, if wrong print error and quit - $authreq->record_login(...username...); - } - if ( !$authreq->check() ) { - display login form, quit - if ( form submission is logout request ) { - die unless $authreq->mutate(); - my $logged_out_user = $authreq->logout(); - if (!defined $logged_out_user) { - print "you are not logged in" error and quit - } else { - print "goodbye $username you are now logged out" and quit + my $divert_kind = $authreq->check_divert(); + if ($divert_kind) { + if ($divert_kind eq 'LOGGEDOUT') { + print "goodbye you are now logged out" and quit + } elsif ($divert_kind eq 'NOCOOKIES') { + print "you need cookies" and quit + ... etc. } } - -advantages of cookie - - user can sort of log out by clearing cookies - - sophisticated applications can have get-requests