[fix] Do not declare cookies as global variables

This commit is contained in:
kload 2015-05-16 21:03:06 +02:00
parent 0ebddc079a
commit f895e02986

View file

@ -11,7 +11,6 @@ local cache = ngx.shared.cache
local conf = config.get_config() local conf = config.get_config()
local cookies = {} local cookies = {}
-- Read a FS stored file -- Read a FS stored file
function read_file(file) function read_file(file)
local f = io.open(file, "rb") local f = io.open(file, "rb")
@ -88,7 +87,7 @@ end
-- Set the Cross-Domain-Authentication key for a specific user -- Set the Cross-Domain-Authentication key for a specific user
function set_cda_key () function set_cda_key ()
local cda_key = random_string() local cda_key = random_string()
cache:set(cda_key, ngx.var.cookie_SSOwAuthUser, 10) cache:set(cda_key, authUser, 10)
return cda_key return cda_key
end end
@ -155,23 +154,28 @@ end
-- to match the session hash. -- to match the session hash.
-- --
function is_logged_in () function is_logged_in ()
if ngx.var.cookie_SSOwAuthExpire and ngx.var.cookie_SSOwAuthExpire ~= "" local expireTime = ngx.var.cookie_SSOwAuthExpire
and ngx.var.cookie_SSOwAuthHash and ngx.var.cookie_SSOwAuthHash ~= "" local user = ngx.var.cookie_SSOwAuthUser
and ngx.var.cookie_SSOwAuthUser and ngx.var.cookie_SSOwAuthUser ~= "" local authHash = ngx.var.cookie_SSOwAuthHash
if expireTime and expireTime ~= ""
and authHash and authHash ~= ""
and user and user ~= ""
then then
-- Check expire time -- Check expire time
if (ngx.req.start_time() <= tonumber(ngx.var.cookie_SSOwAuthExpire)) then if (ngx.req.start_time() <= tonumber(expireTime)) then
-- Check hash -- Check hash
local session_key = cache:get("session_"..ngx.var.cookie_SSOwAuthUser) local session_key = cache:get("session_"..user)
if session_key and session_key ~= "" then if session_key and session_key ~= "" then
-- Check cache -- Check cache
if cache:get(ngx.var.cookie_SSOwAuthUser.."-password") then if cache:get(user.."-password") then
authUser = user
local hash = ngx.md5(srvkey.. local hash = ngx.md5(srvkey..
"|"..ngx.var.remote_addr.. "|"..ngx.var.remote_addr..
"|"..ngx.var.cookie_SSOwAuthUser.. "|"..authUser..
"|"..ngx.var.cookie_SSOwAuthExpire.. "|"..expireTime..
"|"..session_key) "|"..session_key)
return hash == ngx.var.cookie_SSOwAuthHash return hash == authHash
end end
end end
end end
@ -184,7 +188,7 @@ end
-- Check whether a user is allowed to access a URL using the `users` directive -- Check whether a user is allowed to access a URL using the `users` directive
-- of the configuration file -- of the configuration file
function has_access (user, url) function has_access (user, url)
user = user or ngx.var.cookie_SSOwAuthUser user = user or authUser
url = url or ngx.var.host..ngx.var.uri url = url or ngx.var.host..ngx.var.uri
-- If there are no `users` directive, or if the user has no ACL set, he can -- If there are no `users` directive, or if the user has no ACL set, he can
@ -270,7 +274,7 @@ function set_headers (user)
return redirect("https://"..ngx.var.host..ngx.var.uri..uri_args_string()) return redirect("https://"..ngx.var.host..ngx.var.uri..uri_args_string())
end end
user = user or ngx.var.cookie_SSOwAuthUser local user = user or authUser
-- If the password is not in cache of if the cache has expired, ask for -- If the password is not in cache of if the cache has expired, ask for
-- logging. -- logging.
@ -437,7 +441,7 @@ end
-- The resulting data table typically contains the user information, the page -- The resulting data table typically contains the user information, the page
-- title, the flash notifications' content and the translated strings. -- title, the flash notifications' content and the translated strings.
function get_data_for(view) function get_data_for(view)
local user = ngx.var.cookie_SSOwAuthUser local user = authUser
-- For the login page we only need the page title -- For the login page we only need the page title
if view == "login.html" then if view == "login.html" then
@ -513,7 +517,7 @@ function edit_user ()
-- Set HTTP status to 201 -- Set HTTP status to 201
ngx.status = ngx.HTTP_CREATED ngx.status = ngx.HTTP_CREATED
local user = ngx.var.cookie_SSOwAuthUser local user = authUser
-- In case of a password modification -- In case of a password modification
-- TODO: split this into a new function -- TODO: split this into a new function
@ -739,7 +743,7 @@ function login ()
local args = ngx.req.get_post_args() local args = ngx.req.get_post_args()
local uri_args = ngx.req.get_uri_args() local uri_args = ngx.req.get_uri_args()
user = authenticate(args.user, args.password) local user = authenticate(args.user, args.password)
if user then if user then
ngx.status = ngx.HTTP_CREATED ngx.status = ngx.HTTP_CREATED
set_auth_cookie(user, ngx.var.host) set_auth_cookie(user, ngx.var.host)
@ -767,8 +771,8 @@ function logout()
local args = ngx.req.get_uri_args() local args = ngx.req.get_uri_args()
if is_logged_in() then if is_logged_in() then
cache:delete("session_"..ngx.var.cookie_SSOwAuthUser) cache:delete("session_"..authUser)
cache:delete(ngx.var.cookie_SSOwAuthUser.."-"..conf["ldap_identifier"]) -- Ugly trick to reload cache cache:delete(authUser.."-"..conf["ldap_identifier"]) -- Ugly trick to reload cache
flash("info", t("logged_out")) flash("info", t("logged_out"))
return redirect(conf.portal_url) return redirect(conf.portal_url)
end end
@ -778,7 +782,7 @@ end
-- Set cookie and redirect (needed to properly set cookie) -- Set cookie and redirect (needed to properly set cookie)
function redirect (url) function redirect (url)
ngx.header["Set-Cookie"] = cookies ngx.header["Set-Cookie"] = cookies
ngx.log(ngx.INFO, "Redirect to: "..url) ngx.log(ngx.NOTICE, "Redirect to: "..url)
return ngx.redirect(url) return ngx.redirect(url)
end end