Página inicial Explorar Ajuda
Entrar
RONCC
/
Big-Data-HPC-Platform
Observar 1
Favorito 0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

HPCC-20557 Return special error for wrong esp session request

If a session enabled ESP was used and some web page is still open,
the session timer may trig a session lock request to ESP even if
the ESP has been switched to a session disabled ESP. In this fix,
ESP will detect the problem and return an 'Action not supported:...'
error to the session timer. Also clear session cookies from ESP
side.

Signed-off-by: wangkx <kevin.wang@lexisnexis.com>
wangkx 6 anos atrás
pai
7a4dbdb37b
commit
8644f5ea9c
3 arquivos alterados com 54 adições e 1 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 3 1
      esp/bindings/http/platform/httpbinding.cpp
  2. 50 0
      esp/bindings/http/platform/httpservice.cpp
  3. 1 0
      esp/bindings/http/platform/httpservice.hpp

+ 3 - 1
esp/bindings/http/platform/httpbinding.cpp
Ver arquivo 

@@ -266,6 +266,9 @@ EspHttpBinding::EspHttpBinding(IPropertyTree* tree, const char *bindname, const
 
     if(m_challenge_realm.length() == 0)
 
         m_challenge_realm.append("ESP");
 
 
+    //Even for non-session based environment, the sessionIDCookieName may be used to
 
+    //remove session related cookies cached in some browser page.
 
+    sessionIDCookieName.setf("%s%d", SESSION_ID_COOKIE, m_port);
 
     if (!m_secmgr.get() || !daliClientActive())
 
     {
 
         if (!daliClientActive())
 
@@ -336,7 +339,6 @@ void EspHttpBinding::setSDSSession()
 
         newAppSessionTree->setPropInt("@port", m_port);
 
     }
 
     sessionSDSPath.setf("%s/%s/", espSessionSDSPath.str(), appStr.str());
 
-    sessionIDCookieName.setf("%s%d", SESSION_ID_COOKIE, m_port);
 
 }
 
 
 static int compareLength(char const * const *l, char const * const *r) { return strlen(*l) - strlen(*r); }

+ 50 - 0
esp/bindings/http/platform/httpservice.cpp
Ver arquivo 

@@ -1033,6 +1033,46 @@ EspAuthState CEspHttpServer::preCheckAuth(EspAuthRequest& authReq)
 
             return authTaskDone;
 
         }
 
 
+        unsigned sessionID = readCookie(authReq.authBinding->querySessionIDCookieName());
 
+        if (sessionID > 0)
 
+        {
 
+            if (authReq.authBinding->getDomainAuthType() == AuthUserNameOnly)
 
+            {
 
+                clearCookie(authReq.authBinding->querySessionIDCookieName());
 
+                clearCookie(SESSION_ID_TEMP_COOKIE);
 
+                clearCookie(SESSION_TIMEOUT_COOKIE);
 
+            }
 
+            else
 
+                clearSessionCookies(authReq);
 
+
 
+            if (!authReq.serviceName.isEmpty() && strieq(authReq.serviceName.str(), "esp"))
 
+            {
 
+                const char* method = authReq.methodName.str();
 
+                if (!isEmptyString(method))
 
+                {
 
+                    if (strieq(method, "lock") || strieq(method, "unlock"))
 
+                    {
 
+                        VStringBuffer errMsg("Action not supported: %s", method);
 
+                        sendLockResponse(strieq(method, "lock"), true, errMsg.str());
 
+                        return authTaskDone;
 
+                    }
 
+                    else if (strieq(method, "login") || strieq(method, "logout") || (strnicmp(method, "updatepassword", 14) == 0))
 
+                    {
 
+                        VStringBuffer errMsg("Action not supported: %s", method);
 
+                        sendMessage(errMsg.str(), "text/html; charset=UTF-8");
 
+                        return authTaskDone;
 
+                    }
 
+                    else if (strieq(method, "get_session_timeout") || strieq(method, "reset_session_timeout"))
 
+                    {
 
+                        VStringBuffer errMsg("Action not supported: %s", method);
 
+                        ESPSerializationFormat respFormat = m_request->queryContext()->getResponseFormat();
 
+                        sendMessage(errMsg.str(), (respFormat == ESPSerializationJSON) ? "application/json" : "text/xml");
 
+                        return authTaskDone;
 
+                    }
 
+                }
 
+            }
 
+        }
 
+
 
         if (authReq.authBinding->getDomainAuthType() == AuthUserNameOnly)
 
             return handleUserNameOnlyMode(authReq);
 
         return authSucceeded;
 
@@ -1790,6 +1830,16 @@ void CEspHttpServer::addCookie(const char* cookieName, const char *cookieValue,
 
     m_response->addCookie(cookie);
 
 }
 
 
+void CEspHttpServer::clearSessionCookies(EspAuthRequest& authReq)
 
+{
 
+    clearCookie(authReq.authBinding->querySessionIDCookieName());
 
+    clearCookie(SESSION_ID_TEMP_COOKIE);
 
+    clearCookie(SESSION_START_URL_COOKIE);
 
+    clearCookie(SESSION_AUTH_OK_COOKIE);
 
+    clearCookie(SESSION_AUTH_MSG_COOKIE);
 
+    clearCookie(SESSION_TIMEOUT_COOKIE);
 
+}
 
+
 
 void CEspHttpServer::clearCookie(const char* cookieName)
 
 {
 
     CEspCookie* cookie = new CEspCookie(cookieName, "");

+ 1 - 0
esp/bindings/http/platform/httpservice.hpp
Ver arquivo 

@@ -91,6 +91,7 @@ protected:
 
     void timeoutESPSessions(EspHttpBinding* authBinding, IPropertyTree* espSessions);
 
     void addCookie(const char* cookieName, const char *cookieValue, int maxAgeSec, bool httpOnly);
 
     void clearCookie(const char* cookieName);
 
+    void clearSessionCookies(EspAuthRequest& authReq);
 
     unsigned readCookie(const char* cookieName);
 
     const char* readCookie(const char* cookieName, StringBuffer& cookieValue);
 
     void sendLockResponse(bool lock, bool error, const char* msg);