[pve-devel] [PATCH 1/9] HTTPServer.pm: add cookie handling methods

Dietmar Maurer dietmar at proxmox.com
Tue Jan 10 11:55:18 CET 2017


Copied from PVE::REST (I want to get rid of this PVE::REST class).

Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
 PVE/HTTPServer.pm | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index afc152c..168020c 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -145,6 +145,32 @@ sub log_aborted_request {
     $self->log_request($reqstate);
 }
 
+sub extract_auth_cookie {
+    my ($self, $cookie) = @_;
+
+    return undef if !$cookie;
+
+    my $cookie_name = $self->{cookie_name};
+
+    my $ticket = ($cookie =~ /(?:^|\s)$cookie_name=([^;]*)/)[0];
+
+    if ($ticket && $ticket =~ m/^PVE%3A/) {
+	$ticket = uri_unescape($ticket);
+    }
+
+    return $ticket;
+}
+
+sub create_auth_cookie {
+    my ($self, $ticket) = @_;
+
+    my $cookie_name = $self->{cookie_name};
+
+    my $encticket = uri_escape($ticket);
+
+    return "${cookie_name}=$encticket; path=/; secure;";
+}
+
 sub cleanup_reqstate {
     my ($reqstate) = @_;
 
@@ -586,7 +612,7 @@ sub proxy_request {
 	    PVEClientIP => $clientip,
 	};
 
-	$headers->{'cookie'} = PVE::REST::create_auth_cookie($ticket) if $ticket;
+	$headers->{'cookie'} = $self->create_auth_cookie($ticket) if $ticket;
 	$headers->{'CSRFPreventionToken'} = $token if $token;
 	$headers->{'Accept-Encoding'} = 'gzip' if $reqstate->{accept_gzip};
 
@@ -1234,7 +1260,7 @@ sub unshift_read_header {
 		} elsif ($path =~ m!$baseuri!) {
 		    my $token = $r->header('CSRFPreventionToken');
 		    my $cookie = $r->header('Cookie');
-		    my $ticket = PVE::REST::extract_auth_cookie($cookie);
+		    my $ticket = $self->extract_auth_cookie($cookie);
 
 		    my ($rel_uri, $format) = split_abs_uri($path);
 		    if (!$format) {
@@ -1620,6 +1646,8 @@ sub new {
 
     my $self = bless { %args }, $class;
 
+    $self->{cookie_name} //= 'PVEAuthCookie';
+
     PVE::REST::set_base_handler_class($self->{base_handler_class});
 
     # init inotify
-- 
2.1.4



More information about the pve-devel mailing list