Apache-Wyrd
3 results

 view release on metacpan or  search on metacpan

Wyrd/Services/Auth.pm  view on Meta::CPAN 

      PerlSetVar  TieAddr        1
    </Directory>

=head1 DESCRIPTION

Auth provides a secure cookies-based login system for a Wyrd-enabled server
that might not itself be equipped with SSL.  It can do so if provided a
connection to an SSL-enabled Apache server with an
C<Apache::Wyrd::Services::LoginServer> available on a secure port.  It uses
a standard SSL channel to circumvent an unauthorized party from obtaining
login credentials (username/password) by packet-sniffing.

To do so, it maintains a cookie-based authorization scheme which is
implemented using stacked handlers.  It handles authorization by login
and/or cookie, and passes the user information to handlers down the
stack via mod_perl's C<notes> table.  The Auth module should be the
first handler in a chain of handlers.

The Auth Module first checks for a "challenge" variable under CGI which
it expects to contain a username/password pair encrypted via it's own
private encryption key (see the use of the

Wyrd/Services/Auth.pm  view on Meta::CPAN 

				$debug && warn ("Remote ip $remote_ip does not match cookie IP $ip, failing authentication");
				$ip_ok = 0;
			} else {
				$debug && warn ("Remote ip $remote_ip matches cookie IP $ip");
			}
		}
		$debug && warn("Cookie value before decrypt: " . $auth_cookie);
		$user_info = ${$cr->decrypt(\$auth_cookie)};
		$debug && warn("Cookie value: " . $user_info);
		$user=$self->revive($user_info);
		if (($user_info and not($user->check_credentials)) or ($auth_cookie and not($user_info)) or ($auth_cookie and not($ip_ok))) {
			my $cookie = Apache::Wyrd::Cookie->new(
				$req,
				-name=>'auth_cookie',
				-value=> '',
				-domain=>$req->hostname,
				-path=> ($auth_path || '/')
			);
			$cookie->bake;
			#TO DO: Make this error message configurable
			$challenge_failed = "Your session has expired due to system maintenance.  Please log in again.";

Wyrd/Services/Auth.pm  view on Meta::CPAN 


=item LSDownURL

URL to redirect to when Login Server is down. (optional, but
recommended)

=item Debug

Dump debugging information to the Error Log (0 for default no, 1 for yes). 
Note that if the log is not secure, this may compromise the users'
credentials.

=item TieAddr

Require a fixed client address for the session (less compatible with some
ISPs) (0 for default no, 1 for yes)

=item UserObject

The (text) name of the perl object which represents the user for this
authentication (see C<Apache::Wyrd::User>).

Wyrd/Site/Login.pm  view on Meta::CPAN 


=head2 PERL METHODS

I<(format: (returns) name (arguments after self))>

=over

=item (void) C<_form_template> (scalar)

_form_template provides the hidden data that is needed to supply the
Apache::Wyrd::Services::Auth handler with the necessary security credentials
and return values.  It does not need to be overridden when using the Auth or
PreAuth Services.   It is provided as a method in order to handle any other
parameters the webmaster has added to the login process.

=cut

sub _form_template {
	my ($self) = @_;
	#provide a ultra-rudimentary login form template, or use the one provided by the form attribute.
	return $self->{'form'} || q(

Wyrd/User.pm  view on Meta::CPAN 

	my ($class, $init) = @_;
	if (ref($init) ne 'HASH') {
		#probably not logged in.  Use a blank.
		$init = {};
	}
	$init->{'username'} ||= '';
	$init->{'password'} ||= '';
	$init->{'auth'} ||= {};
	$init->{'auth_error'} ||= '';
	bless $init, $class;
	my $credential_name = $init->name_credentials;
	$init->{$credential_name} = $init->make_credentials;
	$init->get_authorization;
	return $init;
}

=pod

=item (scalar) C<store> (void)

produce a value that when passed to C<revive>, will re-make the user object.
Meant to store the user object in the Apache notes table, but could just as well

Wyrd/User.pm  view on Meta::CPAN 


sub is {
	my ($self, $username) = @_;
	return 1 if ($self->{'username'} eq $username);
	return;
}

#Credentials methods are for doing checksums on the user data to ensure the user is
#revived properly from storage.

sub make_credentials {
	my ($self) = @_;
	return sha1_hex($self->{'username'} . ':' . $self->{'password'});
}

sub check_credentials {
	my ($self) = @_;
	my $credential_name = $self->name_credentials;
	my $value = $self->make_credentials;
	return 1 if ($value eq $self->{$credential_name});
}

sub name_credentials {
	#Allow overloading of credential name in case the user object
	#needs a very specific name space.
	return '_credentials';
}

=pod

=back

=head1 BUGS/CAVEATS/RESERVED METHODS

UNKNOWN



( run in 0.259 second using v1.01-cache-2.11-cpan-a5abf4f5562 )