Revision 9531
Added by Chris Jones almost 9 years ago
src/perl/register-dataset.cgi | ||
---|---|---|
5578 | 5578 |
isValid => 0 |
5579 | 5579 |
}; |
5580 | 5580 |
|
5581 |
my $token = ""; |
|
5582 |
|
|
5583 |
if ( $ENV{'HTTP_AUTHORIZATION'} ) { |
|
5584 |
@token_parts = split(/ /, $ENV{'HTTP_AUTHORIZATION'}); |
|
5585 |
$token = @token_parts[1]; |
|
5586 |
|
|
5587 |
} |
|
5588 |
|
|
5581 | 5589 |
my $der_cert_file; |
5582 | 5590 |
my $signing_cert; |
5583 | 5591 |
|
... | ... | |
5607 | 5615 |
|
5608 | 5616 |
} |
5609 | 5617 |
|
5618 |
################################################################################ |
|
5619 |
# |
|
5620 |
# Validate the session, and return true if the session is not expired. Support |
|
5621 |
# both CGI::Session and JWT authentication token sessions, where auth tokens |
|
5622 |
# take precendence. |
|
5623 |
# |
|
5624 |
################################################################################ |
|
5625 |
sub validateSession() { |
|
5626 |
|
|
5627 |
if ( $debug_enabled ) { |
|
5628 |
debug('validateSession() called.'); |
|
5629 |
} |
|
5630 |
|
|
5631 |
my $token_info = getTokenInfo(); |
|
5632 |
my $session = CGI::Session->load(); |
|
5633 |
my $valid = 0; |
|
5634 |
|
|
5635 |
if ( $token_info{'isValid'} ) { |
|
5636 |
$valid = 1; |
|
5637 |
if ( $debug_enabled ) { |
|
5638 |
debug('The auth token session is valid.'); |
|
5639 |
|
|
5640 |
} |
|
5641 |
|
|
5642 |
} else if ( ! $session->is_empty && ! $session->is_expired ) { |
|
5643 |
$valid = 1; |
|
5644 |
if ( $debug_enabled ) { |
|
5645 |
debug('The CGI session is valid.'); |
|
5646 |
|
|
5647 |
} |
|
5648 |
} |
|
5649 |
|
|
5650 |
if ( $debug_enabled ) { |
|
5651 |
if ( ! $valid ) { |
|
5652 |
debug('The session is not valid.'); |
|
5653 |
|
|
5654 |
} |
|
5655 |
} |
|
5656 |
|
|
5657 |
return $valid; |
|
5658 |
} |
Also available in: Unified diff
Don't forget to set the token variable from the HTTP_AUTHORIZATION environment variable.
refs https://github.nceas.ucsb.edu/KNB/arctic-data/issues/42