Committer: amyshkin
LJSUP-9334: New auth system for external domains (livejournal.sg)U trunk/cgi-bin/LJ/Session.pm
Modified: trunk/cgi-bin/LJ/Session.pm
===================================================================
--- trunk/cgi-bin/LJ/Session.pm 2011-08-08 01:46:19 UTC (rev 19616)
+++ trunk/cgi-bin/LJ/Session.pm 2011-08-08 02:18:07 UTC (rev 19617)
@@ -8,7 +8,7 @@
);
use LJ::TimeUtil;
use Digest::MD5;
-
+use Data::Dumper;
use constant VERSION => 1;
# NOTES
@@ -378,7 +378,10 @@
sub valid {
my $sess = shift;
my $now = time();
- my $err = sub { 0; };
+ my $err = sub {
+ warn "Demiurg: valid: " . Dumper(\@_);
+ 0;
+ };
return $err->("Invalid auth") if $sess->{'timeexpire'} < $now;
@@ -479,10 +482,11 @@
return $url . "__setdomsess?dest=" . LJ::eurl($dest) .
"&k=" . LJ::eurl($domcook) . "&v=" . LJ::eurl($cookie);
}
- elsif ( $dest =~ m!^https?://(.+?)(/.*)$! ) {
+ elsif ( $dest =~ m!^(https?://)(.+?)(/.*)$! ) {
+ my $setdomsess = $1 . $2;
$dest =~ m!^https?://(?:www\.)?(.+?)(/.*)$!;
- return "${dest}__setdomsess?dest="
+ return "${setdomsess}/__setdomsess?dest="
. LJ::eurl($dest)
. "&k=" . LJ::eurl($domcook)
. "&v=" . LJ::eurl($cookie)
@@ -575,7 +579,7 @@
sub session_from_cookies {
my $class = shift;
my %getopts = @_;
-
+warn "Demiurg: session_from_cookies: " . __LINE__;
# must be in web context
return undef unless LJ::Request->is_inited;
@@ -585,14 +589,17 @@
# foreign domain case
unless ( $host =~ /\.$LJ::DOMAIN(:\d+)?$/ ) {
+warn "Demiurg: session_from_cookies: " . __LINE__;
return LJ::Session->session_from_external_cookie(\%getopts, @{ $BML::COOKIE{"$domain_cookie\[\]"} || [] });
}
-
+warn "Demiurg: session_from_cookies: " . __LINE__;
if ($domain_cookie) {
+warn "Demiurg: session_from_cookies: " . __LINE__;
# journal domain
$sessobj = LJ::Session->session_from_domain_cookie(\%getopts, @{ $BML::COOKIE{"$domain_cookie\[\]"} || [] });
}
else {
+warn "Demiurg: session_from_cookies: " . __LINE__;
# this is the master cookie at "www.livejournal.com" or "livejournal.com";
my @cookies = @{ $BML::COOKIE{'ljmastersession[]'} || [] };
@@ -615,6 +622,7 @@
my $no_session = sub {
my $reason = shift;
+warn "Demiurg: session_from_external_cookie: $reason: ";
my $rr = $opts->{redirect_ref};
if ($rr) {
@@ -636,7 +644,7 @@
return $no_session->("no cookies") unless @cookies;
my $domcook = LJ::Session->domain_cookie;
-
+warn "Demiurg: session_from_external_cookie: \$domcook = $domcook";
foreach my $cookie (@cookies) {
my $sess = valid_domain_cookie($domcook, $cookie, undef, {ignore_li_cook=>1,});
@@ -1036,7 +1044,7 @@
# session's uid/sessid
sub valid_domain_cookie {
my ($domcook, $val, $li_cook, $opts) = @_;
-
+warn "Demiurg: valid_domain_cookie: " . __LINE__ . ": " . Dumper(\@_);
$opts ||= {};
my ($cookie, $gen) = split m!//!, $val;
@@ -1052,28 +1060,33 @@
};
my $bogus = 0;
+ my @bogus;
+
foreach my $var (split /:/, $cookie) {
if ($var =~ /^(\w)(.+)$/ && $dest->{$1}) {
${$dest->{$1}} = $2;
- } else {
+ }
+ else {
$bogus = 1;
+ push @bogus, $var;
}
}
my $not_valid = sub {
my $reason = shift;
+warn "Demiurg: valid_domain_cookie: $reason: " . Dumper(\@_);
return undef;
};
- return $not_valid->("bogus params") if $bogus;
+ return $not_valid->("bogus params", @bogus) if $bogus;
return $not_valid->("wrong gen") unless valid_cookie_generation($gen);
- return $not_valid->("wrong ver") if $version != VERSION;
+ return $not_valid->("wrong version", $version, VERSION) if $version != VERSION;
# have to be relatively new. these shouldn't last longer than a day
# or so anyway.
unless ($opts->{ignore_age}) {
my $now = time();
- return $not_valid->("old cookie") unless $time > $now - 86400*7;
+ return $not_valid->("old cookie", $time, $now) unless $time > $now - 86400*7;
}
my $u = LJ::load_userid($uid)
@@ -1083,7 +1096,7 @@
or return $not_valid->("no session $sessid");
# the master session can't be expired or ip-bound to wrong IP
- return $not_valid->("not valid") unless $sess->valid;
+ return $not_valid->("not valid session") unless $sess->valid;
# the per-domain cookie has to match the session of the master cookie
unless ($opts->{ignore_li_cook}) {
@@ -1095,7 +1108,7 @@
}
my $correct_sig = domsess_signature($time, $sess, $domcook);
- return $not_valid->("signature wrong") unless $correct_sig eq $sig;
+ return $not_valid->("signature wrong", $sig, $correct_sig) unless $correct_sig eq $sig;
return $sess;
}
