#include <cookie_auth.hpp>
Inherits pion::http::auth.
Public Member Functions | |
cookie_auth (user_manager_ptr userManager, const std::string &login="/login", const std::string &logout="/logout", const std::string &redirect="") | |
virtual | ~cookie_auth () |
virtual destructor | |
virtual bool | handle_request (http::request_ptr &http_request_ptr, tcp::connection_ptr &tcp_conn) |
virtual void | set_option (const std::string &name, const std::string &value) |
Protected Member Functions | |
bool | process_login (http::request_ptr &http_request_ptr, tcp::connection_ptr &tcp_conn) |
void | handle_unauthorized (http::request_ptr &http_request_ptr, tcp::connection_ptr &tcp_conn) |
void | handle_redirection (http::request_ptr &http_request_ptr, tcp::connection_ptr &tcp_conn, const std::string &redirection_url, const std::string &new_cookie="", bool delete_cookie=false) |
void | handle_ok (http::request_ptr &http_request_ptr, tcp::connection_ptr &tcp_conn, const std::string &new_cookie="", bool delete_cookie=false) |
void | expire_cache (const boost::posix_time::ptime &time_now) |
cookie_auth: handles HTTP authentication and session management in accordance with RFC 2617 (http://tools.ietf.org/html/rfc2617 ) using cookies.
Definition at line 28 of file cookie_auth.hpp.
pion::http::cookie_auth::cookie_auth | ( | user_manager_ptr | userManager, | |
const std::string & | login = "/login" , |
|||
const std::string & | logout = "/logout" , |
|||
const std::string & | redirect = "" | |||
) |
default constructor
userManager | ||
login | - URL resource for login request. Typical login request has format: http://website/login?user="username"&pass="password"&url="redirection_url" | |
logout | - URL resource for logout request. Typical logout request has format: http://website/logout?url="redirection_url" | |
redirect | - if not empty, URL for redirection in case of authentication failure if empty - send code 401 on authentication failure |
Definition at line 31 of file http_cookie_auth.cpp.
References pion::http::auth::set_logger().
void pion::http::cookie_auth::expire_cache | ( | const boost::posix_time::ptime & | time_now | ) | [protected] |
Cache expiration cleanup. (Call it periodically)
Definition at line 261 of file http_cookie_auth.cpp.
Referenced by handle_request().
void pion::http::cookie_auth::handle_ok | ( | http::request_ptr & | http_request_ptr, | |
tcp::connection_ptr & | tcp_conn, | |||
const std::string & | new_cookie = "" , |
|||
bool | delete_cookie = false | |||
) | [protected] |
used to send OK responses with new cookie
http_request_ptr | the new HTTP request to handle | |
tcp_conn | the TCP connection that has the new request |
Definition at line 237 of file http_cookie_auth.cpp.
References pion::http::response_writer::create(), and pion::tcp::connection::finish().
Referenced by process_login().
void pion::http::cookie_auth::handle_redirection | ( | http::request_ptr & | http_request_ptr, | |
tcp::connection_ptr & | tcp_conn, | |||
const std::string & | redirection_url, | |||
const std::string & | new_cookie = "" , |
|||
bool | delete_cookie = false | |||
) | [protected] |
used to send redirection responses
http_request_ptr | the new HTTP request to handle | |
tcp_conn | the TCP connection that has the new request |
Definition at line 199 of file http_cookie_auth.cpp.
References pion::http::response_writer::create(), and pion::tcp::connection::finish().
Referenced by handle_unauthorized(), and process_login().
bool pion::http::cookie_auth::handle_request | ( | http::request_ptr & | http_request_ptr, | |
tcp::connection_ptr & | tcp_conn | |||
) | [virtual] |
attempts to validate authentication of a new HTTP request. If request valid, pointer to user identity object (if any) will be preserved in the request and return "true". If request not authenticated, appropriate response is sent over tcp_conn and return "false";
Note: if request matches "login" resource, then login sequences attempted. If "name" and "pass" attributes match user definition, a random cookie is created and associated with given user session. If request contains "url" attribute, then page redirection response returned. Otherwise - empty 204 response.
http_request_ptr | the new HTTP request to handle | |
tcp_conn | the TCP connection that has the new request |
Implements pion::http::auth.
Definition at line 53 of file http_cookie_auth.cpp.
References expire_cache(), handle_unauthorized(), pion::http::auth::need_authentication(), and process_login().
void pion::http::cookie_auth::handle_unauthorized | ( | http::request_ptr & | http_request_ptr, | |
tcp::connection_ptr & | tcp_conn | |||
) | [protected] |
used to send responses when access to resource is not authorized
http_request_ptr | the new HTTP request to handle | |
tcp_conn | the TCP connection that has the new request |
Definition at line 171 of file http_cookie_auth.cpp.
References pion::http::response_writer::create(), pion::tcp::connection::finish(), and handle_redirection().
Referenced by handle_request(), and process_login().
bool pion::http::cookie_auth::process_login | ( | http::request_ptr & | http_request_ptr, | |
tcp::connection_ptr & | tcp_conn | |||
) | [protected] |
check if given request is a login/logout and process it
http_request_ptr | the new HTTP request to handle | |
tcp_conn | the TCP connection that has the new request |
Definition at line 105 of file http_cookie_auth.cpp.
References pion::algorithm::base64_encode(), handle_ok(), handle_redirection(), handle_unauthorized(), pion::http::auth::m_user_manager, and pion::http::server::strip_trailing_slash().
Referenced by handle_request().
void pion::http::cookie_auth::set_option | ( | const std::string & | name, | |
const std::string & | value | |||
) | [virtual] |
sets a configuration option Valid options:
name | the name of the option to change | |
value | the value of the option |
Reimplemented from pion::http::auth.
Definition at line 93 of file http_cookie_auth.cpp.