Apache-AuthCookie
view release on metacpan or search on metacpan
lib/Apache2/AuthCookie/Base.pm view on Meta::CPAN
sub authenticate {
my ($auth_type, $r) = @_;
my $debug = $r->dir_config("AuthCookieDebug") || 0;
$r->server->log_error("authenticate() entry") if ($debug >= 3);
$r->server->log_error("auth_type " . $auth_type) if ($debug >= 3);
if (my $prev = ($r->prev || $r->main)) {
# we are in a subrequest or internal redirect. Just copy user from the
# previous or main request if its is present
if (defined $prev->user) {
$r->server->log_error('authenticate() is in a subrequest or internal redirect.') if $debug >= 3;
# encoding would have been handled in prev req, so do not encode here.
$r->user( $prev->user );
return OK;
}
}
if ($debug >= 3) {
$r->server->log_error("r=$r authtype=". $r->auth_type);
}
if ($r->auth_type ne $auth_type) {
# This location requires authentication because we are being called,
# but we don't handle this AuthType.
$r->server->log_error("AuthType mismatch: $auth_type =/= ".$r->auth_type) if $debug >= 3;
return DECLINED;
}
# Ok, the AuthType is $auth_type which we handle, what's the authentication
# realm's name?
my $auth_name = $r->auth_name;
$r->server->log_error("auth_name $auth_name") if $debug >= 2;
unless ($auth_name) {
$r->server->log_error("AuthName not set, AuthType=$auth_type", $r->uri);
return SERVER_ERROR;
}
# Get the Cookie header. If there is a session key for this realm, strip
# off everything but the value of the cookie.
my $ses_key_cookie = $auth_type->key($r) || '';
$r->server->log_error("ses_key_cookie " . $ses_key_cookie) if $debug >= 1;
$r->server->log_error("uri " . $r->uri) if $debug >= 2;
if ($ses_key_cookie) {
my ($auth_user, @args) = $auth_type->authen_ses_key($r, $ses_key_cookie);
if (!is_blank($auth_user) and scalar @args == 0) {
# We have a valid session key, so we return with an OK value.
# Tell the rest of Apache what the authentication method and
# user is.
$r->ap_auth_type($auth_type);
$r->user( $auth_type->_encode($r, $auth_user) );
$r->server->log_error("user authenticated as $auth_user")
if $debug >= 1;
# send new cookie if SessionTimeout is on
if (my $expires = $r->dir_config("${auth_name}SessionTimeout")) {
$auth_type->send_cookie($r, $ses_key_cookie,
{expires => $expires});
}
return OK;
}
elsif (scalar @args > 0 and $auth_type->can('custom_errors')) {
return $auth_type->custom_errors($r, $auth_user, @args);
}
else {
# There was a session key set, but it's invalid for some reason. So,
# remove it from the client now so when the credential data is posted
# we act just like it's a new session starting.
$auth_type->remove_cookie($r);
$r->subprocess_env('AuthCookieReason', 'bad_cookie');
}
}
else {
$r->subprocess_env('AuthCookieReason', 'no_cookie');
}
# This request is not authenticated, but tried to get a protected
# document. Send client the authen form.
return $auth_type->login_form($r);
}
sub cookie_name {
my ($self, $r) = @_;
my $auth_type = $r->auth_type;
my $auth_name = $r->auth_name;
my $cookie_name = $r->dir_config("${auth_name}CookieName") ||
"${auth_type}_${auth_name}";
return $cookie_name;
}
sub cookie_string {
my $self = shift;
my %p = @_;
for (qw/request key/) {
croak "missing required parameter $_" unless defined $p{$_};
}
# its okay if value is undef here.
my $r = $p{request};
$p{value} = '' unless defined $p{value};
my $string = sprintf '%s=%s', @p{'key','value'};
my $auth_name = $r->auth_name;
if (my $expires = $p{expires} || $r->dir_config("${auth_name}Expires")) {
$expires = Apache::AuthCookie::Util::expires($expires);
$string .= "; expires=$expires";
}
lib/Apache2/AuthCookie/Base.pm view on Meta::CPAN
my $ua = $r->headers_in->get('User-Agent')
or return HTTP_FORBIDDEN;
if (Apache::AuthCookie::Util::understands_forbidden_response($ua)) {
return HTTP_FORBIDDEN;
}
else {
return HTTP_OK;
}
}
sub logout {
my ($self,$r) = @_;
my $debug = $r->dir_config("AuthCookieDebug") || 0;
$self->remove_cookie($r);
$self->handle_cache($r);
}
sub params {
my ($self, $r) = @_;
return Apache2::AuthCookie::Params->new($r);
}
sub recognize_user {
my ($self, $r) = @_;
# only check if user is not already set
return DECLINED unless is_blank($r->user);
my $debug = $r->dir_config("AuthCookieDebug") || 0;
my $auth_type = $r->auth_type;
my $auth_name = $r->auth_name;
return DECLINED if is_blank($auth_type) or is_blank($auth_name);
return DECLINED if is_blank($r->headers_in->get('Cookie'));
my $cookie = $self->key($r);
my $cookie_name = $self->cookie_name($r);
$r->server->log_error("cookie $cookie_name is $cookie")
if $debug >= 2;
return DECLINED if is_blank($cookie);
my ($user,@args) = $auth_type->authen_ses_key($r, $cookie);
if (!is_blank($user) and scalar @args == 0) {
$r->server->log_error("user is $user") if $debug >= 2;
# send cookie with update expires timestamp if session timeout is on
if (my $expires = $r->dir_config("${auth_name}SessionTimeout")) {
$self->send_cookie($r, $cookie, {expires => $expires});
}
$r->user( $self->_encode($r, $user) );
}
elsif (scalar @args > 0 and $auth_type->can('custom_errors')) {
return $auth_type->custom_errors($r, $user, @args);
}
return is_blank($user) ? DECLINED : OK;
}
sub remove_cookie {
my ($self, $r) = @_;
my $cookie_name = $self->cookie_name($r);
my $debug = $r->dir_config("AuthCookieDebug") || 0;
my $str = $self->cookie_string(
request => $r,
key => $cookie_name,
value => '',
expires => 'Mon, 21-May-1971 00:00:00 GMT'
);
$r->err_headers_out->add("Set-Cookie" => "$str");
$r->server->log_error("removed cookie $cookie_name") if $debug >= 2;
}
sub requires_encoding {
my ($self, $r) = @_;
my $auth_name = $r->auth_name;
return $r->dir_config("${auth_name}RequiresEncoding");
}
sub send_cookie {
my ($self, $r, $ses_key, $cookie_args) = @_;
$cookie_args = {} unless defined $cookie_args;
my $cookie_name = $self->cookie_name($r);
my $cookie = $self->cookie_string(
request => $r,
key => $cookie_name,
value => $ses_key,
%$cookie_args
);
$self->send_p3p($r);
$r->err_headers_out->add("Set-Cookie" => $cookie);
}
( run in 1.229 second using v1.01-cache-2.11-cpan-5837b0d9d2c )