Apache-AuthCookie
view release on metacpan or search on metacpan
3.25 2016-08-30
- 2.4: fix POD typo and add missing ABSTRACT
- reorganize real.t tests into subtests
- make sure signature test ignores generated files
- remove autobox dependency
- fix authenticate so that r->user is copied from r->main on subrequests.
Previously this was only done for internal redirects (r->prev is defined).
This fixes DirectoryIndexes on AuthCookie enabled directories under apache
2.4.
3.24 2016-01-13
- Update Apache 2.4 README, flesh out guts of Authz Provider notes.
- Improve Apache 2.4 README's AuthzProvider documentation
- Add POD to Apache2_4::AuthCookie
- Add FAQ to Apache2_4::AuthCookie documenation
- 2.4: document that PerlAddAuthzProvider is only needed for *custom* Requires directives.
- 2.4: make authz_handler recognize multiple usernames in the directive like
mod_authz_user does.
- add test case for internal authz_handler
- explicitly require Apache::Test 1.39 so that APACHE2_4 defines are set
3.23 2015-09-10
- Improve CGI mode param() handling to avoi CGI.pm's "param() called in list context" warning.
- add support for Apache 2.4 via mod_perl 1.09.
***** IMPORTANT *****
Apache 2.4 has a *VERY* different API for authentication. You will need
to port your subclass and configuration over to the Apache 2.4 API in
order to use Apache 2.4! Please be sure to read README.apache-2.4.pod for
porting instructions!
3.22 2014-05-07
3.21 2014-05-07
- Bad release - deleted
3.20 2013-12-09
- login_form: return OK for mobile IE 10, which also ignores content for
FORBIDDEN response.
- test .pl registry scripts: do not try to load mod_perl.pm
- escape html tags in destination.
- fix abstract in FAQ pod.
3.19 2012-12-28
- split out CGI data handling into ::AuthCookie::Params modules
- use Apache::Request/Apache2::Request from libapreq if available. Otherwise,
fall back to CGI.pm for handling CGI data.
- improve "removed cookie" debug log message
- add dependencies: autobox, Class::Load
- allow username to be '0'
- login_form: return OK for SymbianOS, which ignores content for FORBIDDEN responses.
- add login_form_status() to override HTTP status returned by login form
- recognize_user: return DECLINED if user is not recognized
3.18 2011-01-24
- remove 3.17's test skip hacks, and bump Apache::Test prerequisite to v1.35
which fixes this issue.
- fix MANIFEST.SKIP to ignore generated t/conf/mime.types
- remove dist.ini, weaver.ini from dists
- fixed t/real.t to use correct -withtestmore import syntax
- rename sample authcookie handlers to Sample::Apache and Sample::Apache2
namespaces
3.17 2011-01-19
- skip the test suite if running as root. Apache::Test 1.34 fails the test
suite if running as root instead of skipping it. By skipping, AuthCookie
can be installed via CPAN.pm as root.
3.16 2011-01-19
- require Apache::Test 1.32 - fixes ubuntu build issue
- remove mod_perl/mod_perl2 related prereq's from META.yml. The correct mod
perl version is not known until Makefile.PL is run. CPAN.pm should not
try to install either one until it is known which one is appropriate.
(RT 64926)
3.15 2010-08-27
- enable Dist::Zilla Manifest plugin
- add FAQ
- add FAQ entry on how to protect an entire site/document root
- recognize_user: return DECLINED if user is already set
- refactor P3P header generation into send_p3p($r) so subclasses can overload it
3.14 2010-04-12
- MP2: doc updates: remove beta warnings, change Apache::AuthCookie to
Apache2::Authcookie where appopriate.
- docs: change my email to my cpan address
- docs: remove POST limitations reference (handled by POST to GET conversion)
- sign dist with Module::Signature
- add signature test
- MP1: perltidy Apache::AuthCookie sources.
- update mod_perl2 prereq version (still 2.0.0 RC5, but version number was
incorrect in Makefile.PL)
- use Dist::Zilla for building the dist
3.13 2010-04-12
- removed: bad dist
Version: 3.12
- Makefile.PL If no mod_perl version is found, just require mod_perl2.
This makes sure that CPAN testers will get the right dependencies.
way. Also set up PREREQ_PM properly for mod_perl version 1.
Version: 3.11
- Fix tiny pod doc error.
- Escape CR and LF in 'destination' field to prevent possible XSS attack
[Steffen Schwigon]
Version: 3.10
- Bug Fix: when copying user from prev request, check that $r->prev
is defined, not just that $r->is_initial_request is true.
Version: 3.09
- POD doc fixes.
- MP2: remove _check_request_req() - this was only necessary when
running under both MP1 and MP2. Package name change eliminates the
need for this.
- test suite converted to Test::More style test suites.
- descriptive test descriptions added
- make login() stash credentials in $r->pnotes("${AuthName}Creds") so
that the login form can access the user-supplied credentials if the
login fails.
- bug fix: use of Apache2::URI::unescape_url() does not handle
'+' to ' ' conversion. This caused problems for credentials
that contain spaces.
- MP2: remove mod_perl features from "use mod_perl2" line. This is
no longer supported by mod_perl2.
- MP2: _get_form_data() - switch to CGI.pm to handle form data (fixes
several form data handling bugs)
- In a subrequest, copy $r->prev->user to $r->user (or r->connection->user
for MP1).
- remove Apache2::AuthCookie::Util - no longer necessary
- multi-valued form fields are now handled properly in POST -> GET conversion
- MP2: require CGI.pm 3.12 or later
Version: 3.08
- fix "authorize user" error log that was missing a debug level check
(thanks Barry)
- fix test cases 3, 6, 18 for Win32
- clean up t/real.t
Version: 3.07
*** mod_perl2 users: THIS RELEASE IS INCOMPATIBLE WITH PAST RELEASES ***
*** If you are running mod_perl2, you must update to at least ***
*** mod_perl 2.0.0 RC5. The mod_perl2 version of AuthCookie has been ***
*** renamed to Apache2::AuthCookie ***
** MP2: RENAME AuthCookie.pm.mp2 to Apache2::AuthCookie.
- MP2: Update module, and tests for mod_perl 2.0.0 RC5. mod_perl2 users
MUST use Apache2::AuthCookie now.
- Require Apache::Test 1.22
- Add support for ${auth_name}SessionTimeout configuration paramter
which will re-issue the ticket with the expires parameter set to the
value of this configuration setting for each request. This is useful for
idle-timeout.
- POD fixes.
- MP2: fix uninitialized warnings if no POST/GET data (RT 11371)
- make sure recognize_user() returns an Apache constant in all cases.
Returns DECLINED in cases where we were returning undef before.
(Thanks Vivek)
- Add support for MS HttpOnly cookie property.
Version: 3.06
** BUG FIX: AuthNameSatisfy (Any|All) directives were broken. AuthCookie
was using AuthCookieSatisfy rather than ${auth_name}Satisfy. If you
used this feature and had an "AuthCookieSatisfy" directive in your
config file, you MUST change this to ${auth_name}Satisfy.
E.g.: "WhateverSatisfy All"
- created better test cases for AuthNameSatisfy directives.
- when redirecting, set Location with headers_out() not err_headers_out().
apache prefers Location in headers_out, even if the status code is not
200.
- MP2: Apache::unescape_url() -> Apache::URI::unescape_url()
- check for mod_perl 1.9913 or later for Apache::URI (Frederick Moyer)
- Remove set status in login.pl which caused malformed custom error
document (Frederick Moyer)
- Add support for ${auth_name}CookieName to change the name of the cookie
used for each auth name. Default remains ${auth_name}_${auth_type} if
not set.
- make some debug log_error() calls conditional on $debug
Version: 3.05
- Fix POD documentation bug (thanks Steve van der Burg)
- login(): set Location header with err_headers_out rather than headers_out
(Casey West)
- put cookie removal code in remove_cookie() method, put cache handling
code in handle_cache() (Mark A. Hershberger)
- reorganized tree to support multiple mod_perl versions.
- rewrote tests to use Apache::Test framework from CPAN.
- fix POD errors in authorize() documentation.
- initial support for mod_perl version 2
- mp2: check for Apache::RequestRec arg so that unported subclasses
throw exceptions.
Version: 3.04
- add _convert_to_get() to login_form(), and make POST -> GET conversion
skip credentials and destination data so only extra data is copied. This
ensures that "destination" wont contain the login data.
Version: 3.03
- various POD typos fixed (Eric Cholet)
- Add support for ${AuthName}P3P which will set up a P3P header that will
be sent with the cookie.
- fix undefined warning in _convert_to_get (David K Trudgett)
- fix potential cookie clobbering if cookie was set in earlier handler
phase in send_cookie() (Carlyn Hicks).
- various undefined value warnings eliminated
( run in 1.941 second using v1.01-cache-2.11-cpan-75ffa21a3d4 )