Apache2-AuthCookieDBI
view release on metacpan or search on metacpan
- Fixed User authenticated if not in MySQL database <https://rt.cpan.org/Ticket/Display.html?id=62470>
Thanks to Keith Lawson
- Fixed Login.pl example - syntax error <https://rt.cpan.org/Public/Bug/Display.html?id=62487>
(also moved from eg/public-pl/login.pl to eg/bin/login.pl)
Thanks to William McKee http://search.cpan.org/~wmckee/
- Updated documentation to cover protecting the DocumentRoot <https://rt.cpan.org/Ticket/Display.html?id=51593>
- Now depends on DBI 1.40 instead of Apache::DBI - <https://rt.cpan.org/Ticket/Display.html?id=43083>
2.05 - Thu May 14 18:37:07 PDT 2009
- Fixed bug in _get_cipher_type() where it was not memoizing the
Crypt::CBC objects.
- Fixed https://rt.cpan.org/Ticket/Display.html?id=45207
Hash keys for configuration values were wrong in several places.
- Improved test coverage a little.
2.04 - Fri Nov 28 15:41:33 PST 2008
Incorporated bug fix for authen_ses_key() provided by
Carl Gustafsson. authen_ses_key() was not properly handling
any extra_session_info - the fix is to get $hashed_string with
my $hashed_string = pop @rest;
README
README-docker
schema.sql
t/basic.t
t/mock_libs/Apache/DBI.pm
t/mock_libs/Apache2/AuthCookie.pm
t/mock_libs/Apache2/Const.pm
t/mock_libs/Apache2/Log/Request.pm
t/mock_libs/Apache2/RequestRec.pm
t/mock_libs/Apache2/ServerUtil.pm
t/mock_libs/Crypt/CBC.pm
t/mock_libs/DBI.pm
t/mock_libs/Digest/MD5.pm
t/mock_libs/Mock/Tieable.pm
t/utils.t
t/utils24.t
techspec.txt
Makefile.PL
META.json
"runtime" : {
"recommends" : {
"Digest::SHA" : "5.47"
},
"requires" : {
"Apache2::AuthCookie" : "3.08",
"Apache2::Const" : "0",
"Apache2::RequestRec" : "0",
"Apache2::ServerUtil" : "0",
"Carp" : "0",
"Crypt::CBC" : "2.13",
"DBI" : "1.4",
"Date::Calc" : "0",
"Digest::MD5" : "0",
"FindBin" : "0",
"mod_perl2" : "1.999022"
}
}
},
"provides" : {
"Apache2::AuthCookieDBI" : {
file: lib/Apache2_4/AuthCookieDBI.pm
version: '2.19'
recommends:
Digest::SHA: '5.47'
requires:
Apache2::AuthCookie: '3.08'
Apache2::Const: '0'
Apache2::RequestRec: '0'
Apache2::ServerUtil: '0'
Carp: '0'
Crypt::CBC: '2.13'
DBI: '1.4'
Date::Calc: '0'
Digest::MD5: '0'
FindBin: '0'
mod_perl2: '1.999022'
resources:
license: http://opensource.org/licenses/lgpl-license.php
repository: https://github.com/matisse/Apache-AuthCookieDBI
version: '2.19'
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
Makefile.PL view on Meta::CPAN
'NAME' => 'Apache2::AuthCookieDBI',
'PL_FILES' => {},
'PREREQ_PM' => {
'DBI' => '1.4',
'Digest::SHA' => '5.47',
'Test::More' => '0.4',
'Apache2::AuthCookie' => '3.08',
'Apache2::RequestRec' => 0,
'Digest::MD5' => 0,
'FindBin' => 0,
'Crypt::CBC' => '2.13',
'mod_perl2' => '1.999022',
'Apache2::ServerUtil' => 0,
'Carp' => 0,
'Date::Calc' => 0,
'Apache2::Const' => 0
},
'VERSION_FROM' => 'lib/Apache2/AuthCookieDBI.pm',
'EXE_FILES' => []
)
;
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
use Apache2::RequestRec;
use DBI;
use Apache2::Log;
use Apache2::Const -compile => qw( OK HTTP_FORBIDDEN SERVER_ERROR :log );
use Apache2::ServerUtil;
use Carp qw();
use Digest::MD5 qw( md5_hex );
use Date::Calc qw( Today_and_Now Add_Delta_DHMS );
# Also uses Crypt::CBC if you're using encrypted cookies.
# Also uses Apache2::Session if you're using sessions.
use English qw(-no_match_vars);
#===============================================================================
# FILE (LEXICAL) G L O B A L S
#===============================================================================
my %CIPHERS = ();
# Stores Cipher::CBC objects in $CIPHERS{ idea:AuthName },
# $CIPHERS{ des:AuthName } etc.
use constant COLON_REGEX => qr/ : /mx;
use constant DATE_TIME_STRING_REGEX =>
qr/ \A \d{4}-\d{2}-\d{2}-\d{2}-\d{2}-\d{2} \z /mx;
use constant EMPTY_STRING => q{};
use constant HEX_STRING_REGEX => qr/ \A [0-9a-fA-F]+ \z /mx;
use constant HYPHEN_REGEX => qr/ - /mx;
use constant PERCENT_ENCODED_STRING_REGEX => qr/ \A [a-zA-Z0-9_\%]+ \z /mx;
use constant THIRTY_TWO_CHARACTER_HEX_STRING_REGEX =>
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
my $lc_encryption_type = lc $dbi_encryption_type;
my $message;
if ( exists $CIPHERS{"$lc_encryption_type:$auth_name"} ) {
return $CIPHERS{"$lc_encryption_type:$auth_name"};
}
my %cipher_for_type = (
des => sub {
return $CIPHERS{"des:$auth_name"}
|| Crypt::CBC->new( -key => $secret_key, -cipher => 'DES' );
},
idea => sub {
return $CIPHERS{"idea:$auth_name"}
|| Crypt::CBC->new( -key => $secret_key, -cipher => 'IDEA' );
},
blowfish => sub {
return $CIPHERS{"blowfish:$auth_name"}
|| Crypt::CBC->new(
-key => $secret_key,
-cipher => 'Blowfish'
);
},
blowfish_pp => sub {
return $CIPHERS{"blowfish_pp:$auth_name"}
|| Crypt::CBC->new(
-key => $secret_key,
-cipher => 'Blowfish_PP'
);
},
);
my $code_ref = $cipher_for_type{$lc_encryption_type}
|| Carp::confess("Unsupported encryption type: '$dbi_encryption_type'");
my $cbc_object = $code_ref->();
# Cache the object. Caught bug where we were not, thanks to unit tests.
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
my $value_from_config = $class->_dir_config_var( $r, $variable );
$c{$variable}
= defined $value_from_config
? $value_from_config
: $CONFIG_DEFAULT{$variable};
if ( !defined $c{$variable} ) {
$class->_log_not_set( $r, $variable );
}
}
# If we used encryption we need to pull in Crypt::CBC.
if ( $c{'DBI_EncryptionType'} ne 'none' ) {
require Crypt::CBC;
}
# Compile module for password encryption, if needed.
if ( $c{'DBI_CryptType'} =~ /^sha/ ) {
require Digest::SHA;
}
return %c;
}
t/mock_libs/Crypt/CBC.pm view on Meta::CPAN
package Crypt::CBC;
use strict;
use warnings;
sub new {
my ( $class, %args ) = @_;
my $self = \%args;
bless $self, $class;
return $self;
}
use strict;
use warnings;
use English qw(-no_match_vars);
use FindBin qw($Bin);
use lib "$Bin/mock_libs";
use Apache2::RequestRec; # from mocks
use Apache2::Const -compile => qw( OK HTTP_FORBIDDEN );
use Crypt::CBC; # from mocks
use Digest::MD5 qw( md5_hex ); # from mocks
use Digest::SHA;
use Data::Dumper;
use Mock::Tieable;
use Test::More tests => 71;
use constant CLASS_UNDER_TEST => 'Apache2::AuthCookieDBI';
use constant EMPTY_STRING => q{};
use constant TRUE => 1;
my $secret_key = 'mock secret key';
my $auth_name = 'test_encrypt_session_key';
my $expected = {
none => $session_key,
des => "DES:$secret_key:$session_key",
idea => "IDEA:$secret_key:$session_key",
blowfish => "Blowfish:$secret_key:$session_key",
blowfish_pp => "Blowfish_PP:$secret_key:$session_key",
};
# These tests will use a fake version of Crypt::CBC -- see set_up()
# We are just testing that the expecyed methods got called with the
# expected parameters. Basically we arre using the mock CBC object as
# a "sensor" object. Look in t/mock_libs/ to see the mock object code.
#
foreach my $encryption_type ( sort keys %{$expected} ) {
my @args = ( $session_key, $secret_key, $auth_name, $encryption_type );
my $mock_crypt_text = CLASS_UNDER_TEST->_encrypt_session_key(@args);
my $un_hexified = $mock_crypt_text;
if ( $encryption_type ne 'none' ) {
$un_hexified = pack 'H*', $mock_crypt_text;
}
my $expected_cipher_type = $case->{'expected_cipher_type'};
Test::More::is( $mock_cbc->{'-cipher'},
$expected_cipher_type,
"_get_cipher_for_type() for $dbi_encryption_type - cipher_type" );
my $second_mock_from_same_args
= CLASS_UNDER_TEST->_get_cipher_for_type( $dbi_encryption_type,
$auth_name, $secret_key, );
Test::More::is( $second_mock_from_same_args, $mock_cbc,
"_get_cipher_for_type($dbi_encryption_type,$auth_name, $secret_key) cached CBC object"
);
}
my $unsupported_type = 'BunnyRabbits';
eval {
CLASS_UNDER_TEST->_get_cipher_for_type( $unsupported_type, $auth_name,
$secret_key, );
};
Test::More::like(
$EVAL_ERROR,
t/utils24.t view on Meta::CPAN
use strict;
use warnings;
use English qw(-no_match_vars);
use FindBin qw($Bin);
use lib "$Bin/mock_libs";
use Apache2::RequestRec; # from mocks
use Apache2::Const -compile => qw( AUTHZ_GRANTED AUTHZ_DENIED AUTHZ_DENIED_NO_USER AUTHZ_GENERAL_ERROR);
use Crypt::CBC; # from mocks
use Digest::MD5 qw( md5_hex ); # from mocks
use Digest::SHA;
use Data::Dumper;
use Mock::Tieable;
use Test::More tests => 72;
use constant CLASS_UNDER_TEST => 'Apache2_4::AuthCookieDBI';
use constant EMPTY_STRING => q{};
use constant TRUE => 1;
t/utils24.t view on Meta::CPAN
my $secret_key = 'mock secret key';
my $auth_name = 'test_encrypt_session_key';
my $expected = {
none => $session_key,
des => "DES:$secret_key:$session_key",
idea => "IDEA:$secret_key:$session_key",
blowfish => "Blowfish:$secret_key:$session_key",
blowfish_pp => "Blowfish_PP:$secret_key:$session_key",
};
# These tests will use a fake version of Crypt::CBC -- see set_up()
# We are just testing that the expecyed methods got called with the
# expected parameters. Basically we arre using the mock CBC object as
# a "sensor" object. Look in t/mock_libs/ to see the mock object code.
#
foreach my $encryption_type ( sort keys %{$expected} ) {
my @args = ( $session_key, $secret_key, $auth_name, $encryption_type );
my $mock_crypt_text = CLASS_UNDER_TEST->_encrypt_session_key(@args);
my $un_hexified = $mock_crypt_text;
if ( $encryption_type ne 'none' ) {
$un_hexified = pack 'H*', $mock_crypt_text;
}
t/utils24.t view on Meta::CPAN
my $expected_cipher_type = $case->{'expected_cipher_type'};
Test::More::is( $mock_cbc->{'-cipher'},
$expected_cipher_type,
"_get_cipher_for_type() for $dbi_encryption_type - cipher_type" );
my $second_mock_from_same_args
= CLASS_UNDER_TEST->_get_cipher_for_type( $dbi_encryption_type,
$auth_name, $secret_key, );
Test::More::is( $second_mock_from_same_args, $mock_cbc,
"_get_cipher_for_type($dbi_encryption_type,$auth_name, $secret_key) cached CBC object"
);
}
my $unsupported_type = 'BunnyRabbits';
eval {
CLASS_UNDER_TEST->_get_cipher_for_type( $unsupported_type, $auth_name,
$secret_key, );
};
Test::More::like(
$EVAL_ERROR,
( run in 1.033 second using v1.01-cache-2.11-cpan-df04353d9ac )