/usr/include/pion/net/HTTPCookieAuth.hpp is in libpion-net-dev 4.0.7+dfsg-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 | // ------------------------------------------------------------------
// pion-net: a C++ framework for building lightweight HTTP interfaces
// ------------------------------------------------------------------
// Copyright (C) 2007-2008 Atomic Labs, Inc. (http://www.atomiclabs.com)
//
// Distributed under the Boost Software License, Version 1.0.
// See http://www.boost.org/LICENSE_1_0.txt
//
#ifndef __PION_HTTPCOOKIEAUTH_HEADER__
#define __PION_HTTPCOOKIEAUTH_HEADER__
#include <map>
#include <string>
#include <boost/random.hpp>
#include <pion/PionConfig.hpp>
#include <pion/net/HTTPAuth.hpp>
#include <pion/PionDateTime.hpp> // order important, otherwise compiling error under win32
namespace pion { // begin namespace pion
namespace net { // begin namespace net (Pion Network Library)
///
/// HTTPCookieAuth: handles HTTP authentication and session management in
/// accordance with RFC 2617 (http://tools.ietf.org/html/rfc2617 ) using cookies.
///
class PION_NET_API HTTPCookieAuth :
public HTTPAuth
{
public:
/**
* default constructor
*
* @param userManager
* @param login - URL resource for login request. Typical login request has format:
* http://website/login?user="username"&pass="password"&url="redirection_url"
* @param logout - URL resource for logout request. Typical logout request has format:
* http://website/logout?url="redirection_url"
* @param redirect - if not empty, URL for redirection in case of authentication failure
* if empty - send code 401 on authentication failure
*/
HTTPCookieAuth(PionUserManagerPtr userManager,
const std::string& login="/login",
const std::string& logout="/logout",
const std::string& redirect="");
/// virtual destructor
virtual ~HTTPCookieAuth() {}
/**
* attempts to validate authentication of a new HTTP request.
* If request valid, pointer to user identity object (if any) will be preserved in
* the request and return "true".
* If request not authenticated, appropriate response is sent over tcp_conn
* and return "false";
*
* Note: if request matches "login" resource, then login sequences attempted.
* If "name" and "pass" attributes match user definition, a random cookie is created
* and associated with given user session. If request contains "url" attribute,
* then page redirection response returned. Otherwise - empty 204 response.
*
* @param request the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*
* @return true if request valid and user identity inserted into request
*/
virtual bool handleRequest(HTTPRequestPtr& request, TCPConnectionPtr& tcp_conn);
/**
* sets a configuration option
* Valid options:
* - "login" - URL resource for login request. Typical login request has format:
* http://website/login?user="username"&pass="password"&url="redirection_url"
* - "logout" - URL resource for logout request. Typical logout request has format:
* http://website/logout?url="redirection_url"
* - "redirect" - if not empty, URL for redirection in case of authentication failure
* if empty - send code 401 on authentication failure
*
* @param name the name of the option to change
* @param value the value of the option
*/
virtual void setOption(const std::string& name, const std::string& value);
protected:
/**
* check if given request is a login/logout and process it
*
* @param http_request the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*
* @return true if it was a login/logout request and no future processing required.
*/
bool processLogin(HTTPRequestPtr& http_request, TCPConnectionPtr& tcp_conn);
/**
* used to send responses when access to resource is not authorized
*
* @param http_request the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*/
void handleUnauthorized(HTTPRequestPtr& http_request, TCPConnectionPtr& tcp_conn);
/**
* used to send redirection responses
*
* @param http_request the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*/
void handleRedirection(HTTPRequestPtr& http_request, TCPConnectionPtr& tcp_conn,
const std::string &redirection_url, const std::string &new_cookie="", bool delete_cookie=false);
/**
* used to send OK responses with new cookie
*
* @param http_request the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*/
void handleOk(HTTPRequestPtr& http_request, TCPConnectionPtr& tcp_conn,
const std::string &new_cookie="", bool delete_cookie=false);
/**
* Cache expiration cleanup. (Call it periodically)
*/
void expireCache(const PionDateTime &time_now);
private:
/// data type used to map authentication credentials to PionUser objects
typedef std::map<std::string, std::pair<PionDateTime, PionUserPtr> > PionUserCache;
/// number of seconds after which entries in the user cache will be expired
static const unsigned int CACHE_EXPIRATION;
/// number of random bytes to use for cookie generation
static const unsigned int RANDOM_COOKIE_BYTES;
/// name of cookie used for authentication
static const std::string AUTH_COOKIE_NAME;
/// value of "login" resource
std::string m_login;
/// value of "logout" resource
std::string m_logout;
/// value of "redirection" resource
std::string m_redirect;
/// random number generator used for cookie generation
boost::mt19937 m_random_gen;
/// random number range used for cookie generation
boost::uniform_int<> m_random_range;
/// random dice that uses m_random_gen to produce ints within m_random_range
boost::variate_generator<boost::mt19937&, boost::uniform_int<> > m_random_die;
/// time of the last cache clean up
PionDateTime m_cache_cleanup_time;
/// cache of users that are currently active
PionUserCache m_user_cache;
/// mutex used to protect access to the user cache
mutable boost::mutex m_cache_mutex;
};
} // end namespace net
} // end namespace pion
#endif
|