Apache-AuthCookie
6 results

 view release on metacpan or  search on metacpan

README  view on Meta::CPAN 

OVERVIEW

Apache::AuthCookie allows you to intercept a user's first unauthenticated
access to a protected document. The user will be presented with a custom
form where they can enter authentication credentials. The credentials are
posted to the server where AuthCookie verifies them and returns a session
key.

The session key is returned to the user's browser as a cookie. As a cookie,
the browser will pass the session key on every subsequent accesses.
AuthCookie will verify the session key and re-authenticate the user.

All you have to do is write a custom module that inherits from AuthCookie.
See the POD documentation for more details.

INSTALLATION

This module uses the Apache::Test framework for testing.  As a result, any
other Apache::Test parameters can be used when generating the Makefile.

    perl Makefile.PL -apxs /usr/sbin/apxs

SIGNATURE  view on Meta::CPAN 

This file contains message digests of all files listed in MANIFEST,
signed via the Module::Signature module, version 0.88.

To verify the content in this distribution, first make sure you have
Module::Signature installed, then type:

    % cpansign -v

It will check each file's integrity, as well as the signature's
validity.  If "==> Signature verified OK! <==" is not displayed,
the distribution may already have been compromised, and you should
not run its Makefile.PL or Build.PL.

-----BEGIN PGP SIGNED MESSAGE-----

lib/Apache/AuthCookie.pm  view on Meta::CPAN 

=head1 DESCRIPTION

B<Apache::AuthCookie> allows you to intercept a user's first
unauthenticated access to a protected document. The user will be
presented with a custom form where they can enter authentication
credentials. The credentials are posted to the server where AuthCookie
verifies them and returns a session key.

The session key is returned to the user's browser as a cookie. As a
cookie, the browser will pass the session key on every subsequent
accesses. AuthCookie will verify the session key and re-authenticate
the user.

All you have to do is write a custom module that inherits from
AuthCookie.  Your module is a class which implements two methods:

=over 4

=item C<authen_cred()>

Verify the user-supplied credentials and return a session key.  The

lib/Apache/AuthCookie.pm  view on Meta::CPAN 


This will make it so that AuthCookie will decode your C<requires> directives
using the configured character set.  You really only need to do this if you
have used non-ascii characters in any of your C<requires> directives in
httpd.conf.  e.g.:

 requires user programmør

=head1 ABOUT SESSION KEYS

Unlike the sample AuthCookieHandler, you have you verify the user's
login and password in C<authen_cred()>, then you do something
like:

    my $date = localtime;
    my $ses_key = MD5->hexhash(join(';', $date, $PID, $PAC));

save C<$ses_key> along with the user's login, and return C<$ses_key>.

Now C<authen_ses_key()> looks up the C<$ses_key> passed to it and
returns the saved login.  I use Oracle to store the session key and

lib/Apache2/AuthCookie.pm  view on Meta::CPAN 

you should be using B<Apache::AuthCookie> instead.

B<Apache2::AuthCookie> allows you to intercept a user's first
unauthenticated access to a protected document. The user will be
presented with a custom form where they can enter authentication
credentials. The credentials are posted to the server where AuthCookie
verifies them and returns a session key.

The session key is returned to the user's browser as a cookie. As a
cookie, the browser will pass the session key on every subsequent
accesses. AuthCookie will verify the session key and re-authenticate
the user.

All you have to do is write a custom module that inherits from
AuthCookie.  Your module is a class which implements two methods:

=over 4

=item C<authen_cred()>

Verify the user-supplied credentials and return a session key.  The

lib/Apache2/AuthCookie.pm  view on Meta::CPAN 

order to clear the user's cookie.  This usually looks like
C<$r-E<gt>auth_type-E<gt>logout($r);>.

Note that if you don't necessarily trust your users, you can't count
on cookie deletion for logging out.  You'll have to expire some
server-side login information too.  AuthCookie doesn't do this for
you, you have to handle it yourself.

=head1 ABOUT SESSION KEYS

Unlike the sample AuthCookieHandler, you have you verify the user's
login and password in C<authen_cred()>, then you do something
like:

    my $date = localtime;
    my $ses_key = MD5->hexhash(join(';', $date, $PID, $PAC));

save C<$ses_key> along with the user's login, and return C<$ses_key>.

Now C<authen_ses_key()> looks up the C<$ses_key> passed to it and
returns the saved login.  I use Oracle to store the session key and

lib/Apache2_4/AuthCookie.pm  view on Meta::CPAN 

are running mod_perl version 1, you need B<Apache::AuthCookie> instead.  If you
are running C<Apache> 2.0.0-2.2.x, you need B<Apache2::AuthCookie> instead.

B<Apache2_4::AuthCookie> allows you to intercept a user's first unauthenticated
access to a protected document. The user will be presented with a custom form
where they can enter authentication credentials. The credentials are posted to
the server where AuthCookie verifies them and returns a session key.

The session key is returned to the user's browser as a cookie. As a cookie, the
browser will pass the session key on every subsequent accesses. AuthCookie will
verify the session key and re-authenticate the user.

All you have to do is write a custom module that inherits from AuthCookie.
Your module is a class which implements two methods:

=over 4

=item C<authen_cred()>

Verify the user-supplied credentials and return a session key.  The session key
can be any string - often you'll use some string containing username, timeout

lib/Apache2_4/AuthCookie.pm  view on Meta::CPAN 

order to clear the user's cookie.  This usually looks like
C<$r-E<gt>auth_type-E<gt>logout($r);>.

Note that if you don't necessarily trust your users, you can't count on cookie
deletion for logging out.  You'll have to expire some server-side login
information too.  AuthCookie doesn't do this for you, you have to handle it
yourself.

=head1 ABOUT SESSION KEYS

Unlike the sample AuthCookieHandler, you have you verify the user's login and
password in C<authen_cred()>, then you do something like:

    my $date = localtime;
    my $ses_key = Digest::SHA::sha256_hex(join(';', $date, $PID, $PAC));

save C<$ses_key> along with the user's login, and return C<$ses_key>.

Now C<authen_ses_key()> looks up the C<$ses_key> passed to it and returns the
saved login.  I use a database to store the session key and retrieve it later.

t/signature.t  view on Meta::CPAN 


use Test::More;
use strict;

if (!$ENV{TEST_SIGNATURE}) {
    plan skip_all =>
        "Set the environment variable TEST_SIGNATURE to enable this test.";
}
elsif (!eval { require Module::Signature; 1 }) {
    plan skip_all =>
        "Please install Module::Signature so that you can verify ".
        "the integrity of this and other distributions.";
}
elsif (!-e 'SIGNATURE') {
    plan skip_all => "SIGNATURE file was not found";
}
elsif (-s 'SIGNATURE' == 0) {
    plan skip_all => "SIGNATURE file was empty";
}
elsif (!eval { require Socket; Socket::inet_aton('pgp.mit.edu') }) {
    plan skip_all =>
        "Cannot connect to the keyserver to check module signature";
}
else {
    plan tests => 1;
}

my $ret = Module::Signature::verify(skip => 1);
SKIP: {
        skip "Module::Signature cannot verify", 1
                if $ret eq Module::Signature::CANNOT_VERIFY();
        cmp_ok $ret, '==', Module::Signature::SIGNATURE_OK(), "Valid signature";
}



( run in 0.928 second using v1.01-cache-2.11-cpan-5467b0d2c73 )