diff options
author | Ivan Kohler <ivan@freeside.biz> | 2013-05-06 21:31:04 -0700 |
---|---|---|
committer | Ivan Kohler <ivan@freeside.biz> | 2013-05-06 21:31:04 -0700 |
commit | e62544064299324ab04abae64cc33afef12a24aa (patch) | |
tree | 35e6be98cfd814c64d10f148b2e6a8e8b6fb1ae3 /FS/FS/CurrentUser.pm | |
parent | 3ff1fb4e10fdaef86527c10bd416e988d2a62a49 (diff) |
NG auth: use database session keys, RT#21563
Diffstat (limited to 'FS/FS/CurrentUser.pm')
-rw-r--r-- | FS/FS/CurrentUser.pm | 70 |
1 files changed, 67 insertions, 3 deletions
diff --git a/FS/FS/CurrentUser.pm b/FS/FS/CurrentUser.pm index bcd337d..7b0fe28 100644 --- a/FS/FS/CurrentUser.pm +++ b/FS/FS/CurrentUser.pm @@ -1,6 +1,6 @@ package FS::CurrentUser; -use vars qw($CurrentUser $upgrade_hack); +use vars qw($CurrentUser $CurrentSession $upgrade_hack); #not at compile-time, circular dependancey causes trouble #use FS::Record qw(qsearchs); @@ -10,12 +10,20 @@ $upgrade_hack = 0; =head1 NAME -FS::CurrentUser - Package representing the current user +FS::CurrentUser - Package representing the current user (and session) =head1 SYNOPSIS =head1 DESCRIPTION +=head1 CLASS METHODS + +=over 4 + +=item load_user USERNAME + +Sets the current user to the provided username + =cut sub load_user { @@ -44,9 +52,65 @@ sub load_user { $CurrentUser; } +=item new_session + +Creates a new session for the current user and returns the session key + +=cut + +use vars qw( @saltset ); +@saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '+' , '/' ); + +sub new_session { + my( $class ) = @_; + + #not the best thing in the world... + eval "use FS::access_user_session;"; + die $@ if $@; + + my $sessionkey = join('', map $saltset[int(rand(scalar @saltset))], 0..39); + + my $access_user_session = new FS::access_user_session { + 'sessionkey' => $sessionkey, + 'usernum' => $CurrentUser->usernum, + 'start_date' => time, + }; + my $error = $access_user_session->insert; + die $error if $error; + + return $sessionkey; + +} + +=item load_user_session SESSION_KEY + +Sets the current user via the provided session key + +=cut + +sub load_user_session { + my( $class, $sessionkey ) = @_; + + #not the best thing in the world... + eval "use FS::Record qw(qsearchs);"; + die $@ if $@; + eval "use FS::access_user_session;"; + die $@ if $@; + + $CurrentSession = qsearchs('access_user_session', { + 'sessionkey' => $sessionkey, + #XXX check for timed out but not-yet deleted sessions here + }) or return ''; + + $CurrentSession->touch_last_date; + + $CurrentUser = $CurrentSession->access_user; + +} + =head1 BUGS -Creepy crawlies +Minimal docs =head1 SEE ALSO |