Apache2-Authen-OdinAuth

 view release on metacpan or  search on metacpan

lib/Apache2/Authen/OdinAuth.pm  view on Meta::CPAN

$| = 1;

=head2 handler(request)

Main Apache mod_perl handler

=cut
sub handler {
  #
  # get URL
  #

  my $r = shift;

  my $domain = $r->headers_in->{'Host'} || 'UNKNOWN-HOST';
  my $path = $r->unparsed_uri;

  my $host = hostname;

  $ENV{OdinAuth_User} = '';

  my $url = $domain . $path;
  my $log = "OdinAuth :: $url";

  init_config($r);


  #########################################################
  #
  # 1) check we have a cookie secret
  #
  config->{'secret'} ||=  'nottherightsecret';


  #########################################################
  #
  # 1) determine if we need to perform access control for this url
  #

  my $allow = 'none';

  for my $obj (@{config->{'permissions'}}) {
    if ($url =~ $obj->{url}) {
      $allow = $obj->{who};
      last;
    }
  }

  $log .= " allow:$allow";


  #########################################################
  #
  # 2) we might need auth - see if we have a valid cookie
  #

  my $cookie_is_invalid = 'by default';
  my $cookie_user = '?';
  my $cookie_roles = '_';

  my $cookies = &parse_cookie_jar($r->headers_in->{'Cookie'});
  my $cookie = $cookies->{config->{cookie}};

  if ($cookie) {
      my ( $user, $roles );
      eval {
          ( $user, $roles ) =
              Crypt::OdinAuth::check_cookie(
                  config->{secret},
                  $cookie,
                  $r->headers_in->{'User-Agent'});
      };

      if ( $@ ) {
          $cookie_user = $user;
          $cookie_roles = $roles;
          chomp ( $cookie_is_invalid = $@ );
          $log .= "(invalid cookie: $cookie_is_invalid)";
      } else {
          $cookie_is_invalid = undef;
          $cookie_user = $user;
          $cookie_roles = $roles;

          $r->headers_in->set('OdinAuth-User', $cookie_user);
          $r->headers_in->set('OdinAuth-Roles', $cookie_roles);

          $ENV{OdinAuth_User} = $cookie_user;
          $ENV{OdinAuth_Roles} = $cookie_roles;

          $r->notes->add("OdinAuth_User" => $cookie_user);
          $r->notes->add("OdinAuth_Roles" => $cookie_roles);

          $log .= " (valid cookie: $cookie_user $cookie_roles)";
      }
  } else {
      $log .= " (no cookie)";
  }

  $r->log->debug($log);

  if ( $cookie_is_invalid ) {
      $r->log->warn("Invalid cookie for $cookie_user($cookie_roles): $cookie_is_invalid");
  }

  #########################################################
  #
  # 3) exit now if we got an 'all'
  #

  if (ref $allow ne 'ARRAY') {
    if ($allow eq 'all') {
      return Apache2::Const::OK;
    }
  }


  #########################################################
  #
  # 4) if we don't have a valid cookie, redirect to the auther
  #



( run in 1.888 second using v1.01-cache-2.11-cpan-6aa56a78535 )