Apache-AuthCookie
view release on metacpan or search on metacpan
* HTTP::Body
* WWW::Form::UrlEncoded
* Hash::MultiValue
Also recommended (but not required) is WWW::Form::UrlEncoded::XS
- Add optional support for charset encoding. If you have something like
PerlSetVar MyAuthNameEncoding UTF-8
Then AuthCookie with now automatically decode parameters using the given
encoding now. AuthCookie params() data will be decoded automatically if
this is on. See details in AuthCookie module documentation. In addition
r->user will be encoded (using byte semantics) using this encoding.
***** IMPORTANT *****
If you turn this on, this could break your code. r->user() will now be
byte encoded using the given encoding. If you use usernames that contain
non-ascii characters you either need to use decoded_user(), or decode
r->user() yourself in your subclasses.
See the AuthCookie docs for more details.
- add optional support for decoding httpd.conf requires directives. This is
enabled with a RequiresEncoding setting:
PerlSetVar MyAuthNameRequiresEncoding UTF-8
Then decoded_requires($r) will return the decoded value of $r->requires
You only need this if you have non-ascii characters in your requires
directives such as:
Requires user programmør
- add decoded_user($r) method to get the value of r->user decoded using
character semantics instead of bytes. Due to the fact that r->user is a C
API method we cannot get character semantics on r->user directly. If no
Encoding directive is in effect, then this is the same as r->user.
- add encoding($r): string which returns the value of the Encoding directive
that is in effect for the current request.
3.25 2016-08-30
- 2.4: fix POD typo and add missing ABSTRACT
- reorganize real.t tests into subtests
- make sure signature test ignores generated files
lib/Apache/AuthCookie.pm view on Meta::CPAN
sub requires_encoding {
my ($self, $r) = @_;
my $auth_name = $r->auth_name;
return $r->dir_config("${auth_name}RequiresEncoding");
}
sub decoded_user {
my ($self, $r) = @_;
my $user = $r->connection->user;
if (is_blank($user)) {
return $user;
}
my $encoding = $self->encoding($r);
if (!is_blank($encoding)) {
$user = Encode::decode($encoding, $user);
}
return $user;
}
sub decoded_requires {
my ($self, $r) = @_;
my $reqs = $r->requires or return;
my $encoding = $self->requires_encoding($r);
unless (is_blank($encoding)) {
for my $req (@$reqs) {
$$req{requirement} = Encode::decode($encoding, $$req{requirement});
}
}
lib/Apache/AuthCookie.pm view on Meta::CPAN
$r->log_error('authorize() for ' . $r->uri()) if ($debug >= 3);
return OK unless $r->is_initial_req; #only the first internal request
if ($r->auth_type ne $auth_type) {
$r->log_error($auth_type . " auth type is " . $r->auth_type)
if ($debug >= 3);
return DECLINED;
}
my $reqs_arr = $auth_type->decoded_requires($r) or return DECLINED;
my $user = $auth_type->decoded_user($r);
if (is_blank($user)) {
# authentication failed
$r->log_reason("No user authenticated", $r->uri);
return FORBIDDEN;
}
my $satisfy = $auth_type->get_satisfy($r);
return SERVER_ERROR unless $auth_type->satisfy_is_valid($r, $satisfy);
my $satisfy_all = $satisfy eq 'all';
lib/Apache/AuthCookie.pm view on Meta::CPAN
anyway. Use it as a PerlFixupHandler, unless you have a better idea.
=head2 encoding($r): string
Return the ${auth_name}Encoding setting that is in effect for this request.
=head2 requires_encoding($r): string
Return the ${auth_name}RequiresEncoding setting that is in effect for this request.
=head2 decoded_user($r): string
If you have set ${auth_name}Encoding, then this will return the decoded value of
C<< $r->connection->user >>.
=head2 decoded_requires($r): arrayref
This method returns the C<< $r->requires >> array, with the C<requirement>
values decoded if C<${auth_name}RequiresEncoding> is in effect for this
request.
=head2 handle_cache(): void
If C<${auth_name}Cache> is defined, this sets up the response so that the
client will not cache the result. This sents C<no_cache> in the apache request
object and sends the appropriate headers so that the client will not cache the
response.
=head2 remove_cookie(): void
lib/Apache/AuthCookie.pm view on Meta::CPAN
=over 4
=item *
The internal pure-perl params processing subclass will be used, even if
libapreq is installed. libapreq does not handle encoding.
=item *
POST/GET data intercepted by AuthCookie will be decoded to perl's internal
format using L<Encode/decode>.
=item *
The value stored in C<< $r-E<gt>connection-E<gt>user >> will be encoded as
B<bytes>, not characters using the configured encoding name. This is because
the value stored by mod_perl is a C API string, and not a perl string. You can
use L</decoded_user()> to get user string encoded using B<character> semantics.
=back
This does has some caveats:
=over 4
=item *
your L</authen_cred()> and L</authen_ses_key()> function is expected to return
a decoded username, either by passing it through L<Encode/decode()>, or, by
turning on the UTF8 flag if appropriate.
=item *
Due to the way HTTP works, cookies cannot contain non-ASCII characters.
Because of this, if you are including the username in your generated session
key, you will need to escape any non-ascii characters in the session key
returned by L</authen_cred()>.
=item *
Similarly, you must reverse this escaping process in L</authen_ses_key()> and
return a L<Encode/decode()> decoded username. If your L</authen_cred()>
function already only generates ASCII-only session keys then you do not need to
worry about any of this.
=item *
The value stored in C<< $r-E<gt>connection-E<gt>user >> will be encoded using
bytes semantics using the configured B<Encoding>. If you want the decoded user
value, use L</decoded_user()> instead.
=back
=head2 Requires
You can also specify what the charset is of the Apache C<< $r-E<gt>requires >>
data is by setting C<< ${auth_name}RequiresEncoding >> in httpd.conf.
E.g.:
lib/Apache/AuthCookie/Params/CGI.pm view on Meta::CPAN
return $r->pnotes($key);
}
sub _decode {
my ($self, $hash) = @_;
my $r = $self->request;
my $auth_name = $r->auth_name;
if (my $encoding = $r->dir_config("${auth_name}Encoding")) {
my $decoded = Hash::MultiValue->new;
$hash->each(sub {
my @dec = map { Encode::decode($encoding, $_) } @_;
$decoded->add(@dec);
});
return $decoded;
}
else {
return $hash;
}
}
1;
__END__
lib/Apache2/AuthCookie.pm view on Meta::CPAN
$r->server->log_error('authorize() for '.$r->uri()) if $debug >= 3;
return OK unless $r->is_initial_req; #only the first internal request
if ($r->auth_type ne $auth_type) {
$r->server->log_error("auth type mismatch $auth_type != ".$r->auth_type)
if $debug >= 3;
return DECLINED;
}
my $reqs_arr = $auth_type->decoded_requires($r) or return DECLINED;
my $user = $auth_type->decoded_user($r);
$r->server->log_error("authorize user=$user type=$auth_type") if $debug >=3;
if (is_blank($user)) {
# the authentication failed
$r->server->log_error("No user authenticated", $r->uri);
return HTTP_FORBIDDEN;
}
my $satisfy = $auth_type->get_satisfy($r);
lib/Apache2/AuthCookie.pm view on Meta::CPAN
=over 4
=item *
The internal pure-perl params processing subclass will be used, even if
libapreq2 is installed. libapreq2 does not have any support for encoding or
unicode.
=item *
POST/GET data intercepted by AuthCookie will be decoded to perl's internal
format using L<Encode/decode>.
=item *
The value stored in C<< $r-E<gt>user >> will be encoded as B<bytes>, not
characters using the configured encoding name. This is because the value
stored by mod_perl is a C API string, and not a perl string. You can use
L<decoded_user()> to get user string encoded using B<character> semantics.
=back
This does has some caveats:
=over 4
=item *
your L<authen_cred()> and L<authen_ses_key()> function is expected to return
a decoded username, either by passing it through L<Encode/decode()>, or, by
turning on the UTF8 flag if appropriate.
=item *
Due to the way HTTP works, cookies cannot contain non-ASCII characters.
Because of this, if you are including the username in your generated session
key, you will need to escape any non-ascii characters in the session key
returned by L<authen_cred()>.
=item *
Similarly, you must reverse this escaping process in L<authen_ses_key()> and
return a L<Encode/decode()> decoded username. If your L<authen_cred()>
function already only generates ASCII-only session keys then you do not need to
worry about any of this.
=item *
The value stored in C<< $r-E<gt>user >> will be encoded using bytes semantics
using the configured B<Encoding>. If you want the decoded user value, use
L<decoded_user()> instead.
=back
=head2 Requires
You can also specify what the charset is of the Apache C<< $r-E<gt>requires >>
data is by setting C<< ${auth_name}RequiresEncoding >> in httpd.conf.
E.g.:
lib/Apache2/AuthCookie/Base.pm view on Meta::CPAN
if ($samesite =~ /\A(strict|lax)\z/i) {
$samesite = lc($1);
$string .= "; SameSite=$samesite";
}
}
return $string;
}
sub decoded_requires {
my ($self, $r) = @_;
my $reqs = $r->requires or return;
my $encoding = $self->requires_encoding($r);
unless (is_blank($encoding)) {
for my $req (@$reqs) {
$$req{requirement} = Encode::decode($encoding, $$req{requirement});
}
}
return $reqs;
}
sub decoded_user {
my ($self, $r) = @_;
my $user = $r->user;
if (is_blank($user)) {
return $user;
}
my $encoding = $self->encoding($r);
lib/Apache2/AuthCookie/Base.pm view on Meta::CPAN
=item *
expires (optional)
When the cookie expires. See L<Apache::AuthCookie::Util/expires()>. Uses C<${auth_name}Expires> if not giv
=back
All other cookie settings come from C<PerlSetVar> settings.
=head2 decoded_requires($r): arrayref
This method returns the C<< $r->requires >> array, with the C<requirement>
values decoded if C<${auth_name}RequiresEncoding> is in effect for this
request.
=head2 decoded_user($r): string
If you have set ${auth_name}Encoding, then this will return the decoded value of
C<< $r-E<gt>user >>.
=head2 encoding($r): string
Return the ${auth_name}Encoding setting that is in effect for this request.
=head2 escape_uri($r, $value): string
Escape the given string so it is suitable to be used in a URL.
lib/Apache2_4/AuthCookie.pm view on Meta::CPAN
=over 4
=item *
The internal pure-perl params processing subclass will be used, even if
libapreq2 is installed. libapreq2 does not have any support for encoding or
unicode.
=item *
POST/GET data intercepted by AuthCookie will be decoded to perl's internal
format using L<Encode/decode>.
=item *
The value stored in C<< $r-E<gt>user >> will be encoded as B<bytes>, not
characters using the configured encoding name. This is because the value
stored by mod_perl is a C API string, and not a perl string. You can use
L<decoded_user()> to get user string encoded using B<character> semantics.
=back
This does has some caveats:
=over 4
=item *
your L<authen_cred()> and L<authen_ses_key()> function is expected to return
a decoded username, either by passing it through L<Encode/decode()>, or, by
turning on the UTF8 flag if appropriate.
=item *
Due to the way HTTP works, cookies cannot contain non-ASCII characters.
Because of this, if you are including the username in your generated session
key, you will need to escape any non-ascii characters in the session key
returned by L<authen_cred()>.
=item *
Similarly, you must reverse this escaping process in L<authen_ses_key()> and
return a L<Encode/decode()> decoded username. If your L<authen_cred()>
function already only generates ASCII-only session keys then you do not need to
worry about any of this.
=item *
The value stored in C<< $r-E<gt>user >> will be encoded using bytes semantics
using the configured B<Encoding>. If you want the decoded user value, use
L<decoded_user()> instead.
=back
=head2 Requires
You can also specify what the charset is of the Apache C<< $r-E<gt>requires >>
data is by setting C<< ${auth_name}RequiresEncoding >> in httpd.conf.
E.g.:
( run in 0.287 second using v1.01-cache-2.11-cpan-26ccb49234f )