/usr/include/pion/http/cookie_auth.hpp is in libpion-dev 5.0.4+dfsg-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 | // ---------------------------------------------------------------------
// pion: a Boost C++ framework for building lightweight HTTP interfaces
// ---------------------------------------------------------------------
// Copyright (C) 2007-2012 Cloudmeter, Inc. (http://www.cloudmeter.com)
//
// Distributed under the Boost Software License, Version 1.0.
// See http://www.boost.org/LICENSE_1_0.txt
//
#ifndef __PION_HTTP_COOKIE_AUTH_HEADER__
#define __PION_HTTP_COOKIE_AUTH_HEADER__
#include <map>
#include <string>
#include <boost/random.hpp>
#include <pion/config.hpp>
#include <pion/http/auth.hpp>
namespace pion { // begin namespace pion
namespace http { // begin namespace http
///
/// cookie_auth: handles HTTP authentication and session management in
/// accordance with RFC 2617 (http://tools.ietf.org/html/rfc2617 ) using cookies.
///
class PION_API cookie_auth :
public http::auth
{
public:
/**
* default constructor
*
* @param userManager
* @param login - URL resource for login request. Typical login request has format:
* http://website/login?user="username"&pass="password"&url="redirection_url"
* @param logout - URL resource for logout request. Typical logout request has format:
* http://website/logout?url="redirection_url"
* @param redirect - if not empty, URL for redirection in case of authentication failure
* if empty - send code 401 on authentication failure
*/
cookie_auth(user_manager_ptr userManager,
const std::string& login="/login",
const std::string& logout="/logout",
const std::string& redirect="");
/// virtual destructor
virtual ~cookie_auth() {}
/**
* attempts to validate authentication of a new HTTP request.
* If request valid, pointer to user identity object (if any) will be preserved in
* the request and return "true".
* If request not authenticated, appropriate response is sent over tcp_conn
* and return "false";
*
* Note: if request matches "login" resource, then login sequences attempted.
* If "name" and "pass" attributes match user definition, a random cookie is created
* and associated with given user session. If request contains "url" attribute,
* then page redirection response returned. Otherwise - empty 204 response.
*
* @param http_request_ptr the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*
* @return true if request valid and user identity inserted into request
*/
virtual bool handle_request(http::request_ptr& http_request_ptr, tcp::connection_ptr& tcp_conn);
/**
* sets a configuration option
* Valid options:
* - "login" - URL resource for login request. Typical login request has format:
* http://website/login?user="username"&pass="password"&url="redirection_url"
* - "logout" - URL resource for logout request. Typical logout request has format:
* http://website/logout?url="redirection_url"
* - "redirect" - if not empty, URL for redirection in case of authentication failure
* if empty - send code 401 on authentication failure
*
* @param name the name of the option to change
* @param value the value of the option
*/
virtual void set_option(const std::string& name, const std::string& value);
protected:
/**
* check if given request is a login/logout and process it
*
* @param http_request_ptr the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*
* @return true if it was a login/logout request and no future processing required.
*/
bool process_login(http::request_ptr& http_request_ptr, tcp::connection_ptr& tcp_conn);
/**
* used to send responses when access to resource is not authorized
*
* @param http_request_ptr the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*/
void handle_unauthorized(http::request_ptr& http_request_ptr, tcp::connection_ptr& tcp_conn);
/**
* used to send redirection responses
*
* @param http_request_ptr the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*/
void handle_redirection(http::request_ptr& http_request_ptr, tcp::connection_ptr& tcp_conn,
const std::string &redirection_url, const std::string &new_cookie="", bool delete_cookie=false);
/**
* used to send OK responses with new cookie
*
* @param http_request_ptr the new HTTP request to handle
* @param tcp_conn the TCP connection that has the new request
*/
void handle_ok(http::request_ptr& http_request_ptr, tcp::connection_ptr& tcp_conn,
const std::string &new_cookie="", bool delete_cookie=false);
/**
* Cache expiration cleanup. (Call it periodically)
*/
void expire_cache(const boost::posix_time::ptime &time_now);
private:
/// number of seconds after which entries in the user cache will be expired
static const unsigned int CACHE_EXPIRATION;
/// number of random bytes to use for cookie generation
static const unsigned int RANDOM_COOKIE_BYTES;
/// name of cookie used for authentication
static const std::string AUTH_COOKIE_NAME;
/// value of "login" resource
std::string m_login;
/// value of "logout" resource
std::string m_logout;
/// value of "redirection" resource
std::string m_redirect;
/// random number generator used for cookie generation
boost::mt19937 m_random_gen;
/// random number range used for cookie generation
boost::uniform_int<> m_random_range;
/// random dice that uses m_random_gen to produce ints within m_random_range
boost::variate_generator<boost::mt19937&, boost::uniform_int<> > m_random_die;
/// time of the last cache clean up
boost::posix_time::ptime m_cache_cleanup_time;
/// cache of users that are currently active
user_cache_type m_user_cache;
/// mutex used to protect access to the user cache
mutable boost::mutex m_cache_mutex;
};
} // end namespace http
} // end namespace pion
#endif
|