File Coverage

blib/lib/OpenPlugin/Session.pm

Criterion	Covered	Total	%
statement	6	96	6.2
branch	0	38	0.0
condition	0	17	0.0
subroutine	2	13	15.3
pod	0	8	0.0
total	8	172	4.6

line	stmt	bran	cond	sub	pod	time	code
1							package OpenPlugin::Session;
2
3							# $Id: Session.pm,v 1.46 2003/04/28 17:43:49 andreychek Exp $
4
5	2			2		12	use strict;
	2					4
	2					75
6	2			2		13	use base qw( OpenPlugin::Plugin );
	2					3
	2					3529
7
8							$OpenPlugin::Session::VERSION = sprintf("%d.%02d", q$Revision: 1.46 $ =~ /(\d+)\.(\d+)/);
9
10	0			0	0		sub OP { return $_[0]->{_m}{OP} }
11	0			0	0		sub type { return 'session' }
12
13							# API
14
15							# Returns the session id
16							sub session_id {
17	0			0	0		my ( $self ) = @_;
18	0						return $self->state->{ session_id };
19							}
20
21							# This sub is defined in the individial drivers
22	0			0	0		sub get_session_data { return undef };
23
24							# Initiate a session and return a session_id
25							sub create {
26	0			0	0		my ( $self ) = @_;
27	0						my $session_id;
28
29	0						my $session = $self->get_session_data();
30
31	0						$session = $self->_init_session_data( $session, {} );
32
33	0	0					if ( $self->_validate_session( $session ) ) {
34	0						$session_id = $session->{_session_id};
35							}
36							else {
37	0						$session_id = undef;
38							}
39
40	0						untie %{ $session };
	0
41
42	0						return $session_id;
43							}
44
45							# Retrieve all the values stored within a particular session
46							sub fetch {
47	0			0	0		my ( $self, $session_id ) = @_;
48	0						my $session_vals;
49
50	0						$session_id = $self->_validate_session_id( $session_id );
51
52							# Don't do anything if we weren't passed a valid session_id
53	0	0					unless ( $session_id ) {
54	0						$self->OP->log->info( "Invalid session_id given, can't fetch session.");
55	0						return undef;
56							}
57
58	0						my $session = $self->get_session_data( $session_id );
59
60	0	0					return undef unless defined $session;
61
62	0						$session = $self->_init_session_data( $session, {} );
63
64							# Verify that this session is legitimate
65	0	0					if( $self->_validate_session( $session ) ) {
66
67	0						$session->{_accessed} = time();
68
69							# Set the session values, then untie the session
70	0						foreach my $key ( keys %{ $session } ) {
	0
71	0						$session_vals->{ $key } = $session->{ $key };
72							}
73	0						untie %{ $session };
	0
74							}
75							else {
76	0						$session_vals = undef;
77							}
78
79	0						return $session_vals;
80
81							}
82
83							# Save data to a session
84							sub save {
85	0			0	0		my ( $self, $data, $params ) = @_;
86
87							# Make sure we were actually sent some values to save..
88	0	0					unless ( scalar keys %{ $data } ) {
	0
89	0						$self->OP->log->info( "No session information to be saved." );
90	0						return undef;
91							}
92
93	0	0					unless ( $params->{'id'}) {
94	0		0				$params->{'id'} = $self->session_id() \|\| $self->create();
95							}
96
97							# Validate the session ID if we were passed one (the ID itself, not the
98							# data)
99	0	0					$params->{'id'} = $self->_validate_session_id( $params->{'id'} ) if
100							$params->{'id'};
101
102							# Initiate the session
103	0						my $session = $self->get_session_data( $params->{'id'} );
104	0						$session = $self->_init_session_data( $session, $params );
105
106							# Make sure our session is good
107	0	0					if ( $self->_validate_session( $session ) ) {
108
109							# Set the session values. Values starting with _ are readonly for
110							# everything but this module
111	0						foreach my $key ( keys %{ $data } ) {
	0
112	0	0					next if $data->{ $key } =~ m/^_/;
113
114	0						$session->{ $key } = $data->{ $key };
115							}
116	0						$session->{_accessed} = time();
117
118	0						$self->OP->log->debug( "Saving session ($session->{_session_id}).");
119	0						untie %{ $session };
	0
120							}
121
122	0						return $params->{ id };
123							}
124
125							sub delete {
126	0			0	0		my ( $self, $session_id ) = @_;
127
128	0	0					unless ( $session_id ) {
129	0						$session_id = $self->session_id();
130							}
131	0						my $session = $self->get_session_data( $session_id );
132
133							# Untaint the session_id so it can be properly deleted
134	0						$session_id = $session->{_session_id};
135	0						$session->{_session_id} = $self->_validate_session_id( $session_id );
136
137	0	0					tied( %{ $session } )->delete if $session->{_session_id};
	0
138
139	0						return $session_id;
140							}
141
142							# Set up some values for our session
143							sub _init_session_data {
144	0			0			my ( $self, $session, $params ) = @_;
145
146							# When, if at all, the session will expire
147							$session->{'_expires'} =
148							$params->{ expires } \|\|
149	0		0				$self->OP->config->{'plugin'}{'session'}{'expires'};
150
151							# If _start exists, we've done this already
152	0	0					return $session if exists $session->{'_start'};
153
154	0						$self->OP->log->info( "Initiating session data.");
155
156							# Time the session was created
157	0						$session->{'_start'} = time();
158
159							# Time the session was last accessed
160	0						$session->{'_accessed'} = time();
161
162	0						return $session;
163							}
164
165							# Validate and untaint the session ID given to us
166							sub _validate_session_id {
167	0			0			my ( $self, $session_id ) = @_;
168
169	0		0				$session_id \|\|= "";
170
171							# Does our session ID look legitimate?
172							# TODO -- this will only work for MD5 session ID's
173							# Apache::Session only supports MD5. But should something that validates
174							# the session ID string be part of the individual driver instead of here?
175							#if( $self->OP->config->{plugin}{session}{parameters}{Generate} eq "MD5" ) {
176	0	0					if ( $session_id =~ m/^([a-fA-F0-9]{32}$)/ ) {
177	0						return $1;
178							}
179							else {
180	0						$self->OP->log->info( "The session ID ($session_id) is an " .
181							"invalid MD5 string.");
182	0						return undef;
183							}
184							#}
185							#else {
186							# $self->OP->log->log(1, "Not using MD5 sessions, unable to validate " .
187							# "session id ($session_id). Continuing " .
188							# "anyway...");
189							# return $session_id;
190							#}
191							}
192
193							# Validate the properties and expiration of our session
194							sub _validate_session {
195	0			0			my ( $self, $session ) = @_;
196
197	0						my $invalid = 0;
198
199	0	0					return undef unless $session;
200
201							# Make sure we have these already..
202	0	0	0				$invalid = 1 unless (( exists $session->{_start} ) &&
			0
			0
203							( exists $session->{_accessed} ) &&
204							( exists $session->{_session_id} ) &&
205							( exists $session->{_expires} ));
206
207							# An expiration of -1 means it doesn't expire
208	0	0					unless ( $session->{_expires} =~ /^-1$/ ) {
209
210	0	0					$invalid = 1 if (time >
211							OpenPlugin::Utility->expire_calc( $session->{_expires},
212							$session->{_accessed} ));
213
214							}
215
216	0	0					if ( $invalid ) {
217	0						$self->OP->log->info( "Session ($session->{_session_id}) is invalid." );
218
219							# Untaint the session_id before we expire it
220	0						$session->{_session_id} = $self->_validate_session_id( $session->{_session_id} );
221
222	0	0					tied( %{ $session } )->delete if $session->{_session_id};
	0
223	0						return undef;
224							}
225							else {
226	0						$self->OP->log->debug( "Session ($session->{_session_id}) is valid." );
227	0						$self->state( 'session_id', $session->{_session_id} );
228	0						return 1;
229							}
230							}
231
232
233							1;
234
235							__END__