Apache2-AuthCookieDBI
view release on metacpan or search on metacpan
Revision history for Perl extension Apache2::AuthCookieDBI.
2.19 - Sun Dec 8 15:06:12 PST 2019
- Added support for group authorizations on Apache 2.4.x. This addresses
https://github.com/matisse/Apache-AuthCookieDBI/issues/2 and
https://rt.cpan.org/Public/Bug/Display.html?id=106663.
- Refactored group authorization code.
- Eliminated duplicate calls of _dbi_config_vars() to improve efficiency.
- Added docker directory that contains Dockerfiles for Apache 2.2 and 2.4
Changes by Ed Sabol https://github.com/esabol
2.18 - Sat Aug 17 12:35:38 PDT 2019
- Fix https://github.com/matisse/Apache-AuthCookieDBI/issues/3
"DBI_CryptType crypt does not appear to work"
Changes by Ed Sabol https://github.com/esabol
2.17 - Thu Dec 6 03:41:41 GMT 2012
- Added support for Digest::SHA::sha256/384/512_hex digests for passwords.
This is a response to https://rt.cpan.org/Ticket/Display.html?id=79333
which requested sha256_base64 but because base64 digests are not
properly padded. I chose to go with sha256/384/512_hex instead.
- Quote all database column and field names in SQL queries.
Changes
docker/httpd-2.2/Dockerfile
docker/httpd-2.4/Dockerfile
docker/README
eg/bin/login.pl
eg/html/login-failed.html
eg/html/login.html
generic_reg_auth_scheme.txt
lib/Apache2/AuthCookieDBI.pm
lib/Apache2_4/AuthCookieDBI.pm
LICENSE
MANIFEST
MANIFEST.SKIP
META.yml Module meta-data (added by MakeMaker)
README
README-docker
schema.sql
t/basic.t
t/mock_libs/Apache/DBI.pm
t/mock_libs/Apache2/AuthCookie.pm
t/mock_libs/Apache2/Const.pm
t/mock_libs/Apache2/Log/Request.pm
t/mock_libs/Apache2/RequestRec.pm
t/mock_libs/Apache2/ServerUtil.pm
t/mock_libs/Crypt/CBC.pm
t/mock_libs/DBI.pm
t/mock_libs/Digest/MD5.pm
t/mock_libs/Mock/Tieable.pm
t/utils.t
t/utils24.t
MANIFEST.SKIP view on Meta::CPAN
.*.bak
.*.tar.gz$
.cvsignore
.git/*
.project
Apache2-AuthCookieDBI-*
Build
CVS/*
META.json
MYMETA.*
Makefile
_build
blib*
{
"abstract" : "An AuthCookie module backed by a DBI database.",
"author" : [
"unknown"
],
"dynamic_config" : 1,
"generated_by" : "Module::Build version 0.4229",
"license" : [
"lgpl_2_1"
],
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
"version" : 2
},
"name" : "Apache2-AuthCookieDBI",
"prereqs" : {
"build" : {
"requires" : {
"Digest::SHA" : "5.47",
"Test::More" : "0.4"
}
},
"configure" : {
"requires" : {
"Module::Build" : "0.42"
}
},
"runtime" : {
"recommends" : {
"Digest::SHA" : "5.47"
},
"requires" : {
"Apache2::AuthCookie" : "3.08",
"Apache2::Const" : "0",
"Apache2::RequestRec" : "0",
"Apache2::ServerUtil" : "0",
"Carp" : "0",
"Crypt::CBC" : "2.13",
"DBI" : "1.4",
"Date::Calc" : "0",
"Digest::MD5" : "0",
"FindBin" : "0",
"mod_perl2" : "1.999022"
}
}
},
"provides" : {
"Apache2::AuthCookieDBI" : {
"file" : "lib/Apache2/AuthCookieDBI.pm",
"version" : "2.19"
},
"Apache2_4::AuthCookieDBI" : {
"file" : "lib/Apache2_4/AuthCookieDBI.pm",
"version" : "2.19"
}
},
"release_status" : "stable",
"resources" : {
"license" : [
"http://opensource.org/licenses/lgpl-license.php"
],
"repository" : {
"url" : "https://github.com/matisse/Apache-AuthCookieDBI"
}
},
"version" : "2.19",
"x_serialization_backend" : "JSON::PP version 4.04"
}
---
abstract: 'An AuthCookie module backed by a DBI database.'
author:
- unknown
build_requires:
Digest::SHA: '5.47'
Test::More: '0.4'
configure_requires:
Module::Build: '0.42'
dynamic_config: 1
generated_by: 'Module::Build version 0.4229, CPAN::Meta::Converter version 2.150010'
license: lgpl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
version: '1.4'
name: Apache2-AuthCookieDBI
provides:
Apache2::AuthCookieDBI:
file: lib/Apache2/AuthCookieDBI.pm
version: '2.19'
Apache2_4::AuthCookieDBI:
file: lib/Apache2_4/AuthCookieDBI.pm
version: '2.19'
recommends:
Digest::SHA: '5.47'
requires:
Apache2::AuthCookie: '3.08'
Apache2::Const: '0'
Apache2::RequestRec: '0'
Apache2::ServerUtil: '0'
Carp: '0'
Crypt::CBC: '2.13'
DBI: '1.4'
Date::Calc: '0'
Digest::MD5: '0'
FindBin: '0'
mod_perl2: '1.999022'
resources:
license: http://opensource.org/licenses/lgpl-license.php
repository: https://github.com/matisse/Apache-AuthCookieDBI
version: '2.19'
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
Makefile.PL view on Meta::CPAN
# Note: this file was auto-generated by Module::Build::Compat version 0.4229
use ExtUtils::MakeMaker;
WriteMakefile
(
'INSTALLDIRS' => 'site',
'NAME' => 'Apache2::AuthCookieDBI',
'PL_FILES' => {},
'PREREQ_PM' => {
'DBI' => '1.4',
'Digest::SHA' => '5.47',
'Test::More' => '0.4',
'Apache2::AuthCookie' => '3.08',
'Apache2::RequestRec' => 0,
'Digest::MD5' => 0,
'FindBin' => 0,
'Crypt::CBC' => '2.13',
'mod_perl2' => '1.999022',
'Apache2::ServerUtil' => 0,
'Carp' => 0,
'Date::Calc' => 0,
'Apache2::Const' => 0
},
'VERSION_FROM' => 'lib/Apache2/AuthCookieDBI.pm',
'EXE_FILES' => []
)
;
Apache2::AuthCookieDBI is a module that subclasses Apache2::AuthCookie and is
designed to be directly used for authentication in a mod_perl server.
It is a ticket-issuing system that looks up username/passwords in a DBI
database using generic SQL and issues MD5-checksummed tickets valid for
a configurable time period. Incoming requests with tickets are
checksummed and expire-time checked.
Version 2.03 and later: mod_perl 1.999_22 and later. Apache::*
replaced by Apache2::
Latest distribution at: https://metacpan.org/pod/Apache2::AuthCookieDBI
Source code at: https://github.com/matisse/Apache-AuthCookieDBI/
Apache::AuthCookieDBI versions:
Version 2.0 and later: mod_perl 1.99_XX
Version 1.22 was the last version that works with mod_perl 1.x
See the README-docker file in this distribution for instructions
on how to use the `docker` directory to test this distribution
without needing to install Apache or mod_perl on your local machine.
Maintainer: matisse@cpan.org
docker/httpd-2.2/Dockerfile view on Meta::CPAN
cd mod_perl-$MOD_PERL_VERSION && \
/opt/perl-$PERL_VERSION/bin/perl Makefile.PL MP_NO_THREADS=1 && \
make -j "$(nproc)" && \
make install && \
cd .. && \
rm -rf mod_perl-$MOD_PERL_VERSION mod_perl-$MOD_PERL_VERSION.tar.gz && \
apt-get autoremove -yq && \
rm -rf /var/lib/apt/lists/*
RUN cpan App::cpanminus && \
cpanm Apache2::AuthCookie && \
cpanm Apache2::AuthCookieDBI && \
rm -rf /tmp/* /root/.cpan /root/.cpanm && \
mkdir /var/tmp/Apache-AuthCookieDBI
COPY ./ /var/tmp/Apache-AuthCookieDBI
RUN cd /var/tmp/Apache-AuthCookieDBI/ && \
perl Build.PL && \
./Build test
WORKDIR /var/tmp/Apache-AuthCookieDBI
CMD [ "./Build", "test", "--verbose" ]
docker/httpd-2.4/Dockerfile view on Meta::CPAN
apt-get upgrade -y && \
apt-get install -y \
apache2 \
libapache2-mod-perl2 \
libmodule-build-perl \
libapache2-authcookie-perl \
libdbi-perl \
libdate-calc-perl \
libcrypt-cbc-perl
COPY ./ /var/tmp/Apache-AuthCookieDBI
RUN cd /var/tmp/Apache-AuthCookieDBI/ && \
perl Build.PL && \
./Build test
WORKDIR /var/tmp/Apache-AuthCookieDBI
CMD [ "./Build", "test", "--verbose" ]
eg/bin/login.pl view on Meta::CPAN
my $t = new Text::TagTemplate;
my $r = Apache->request();
my $destination;
my $authcookiereason;
if ( $r->prev() ) { # we are called as a subrequest.
$destination = $r->prev()->args()
? $r->prev()->uri() . '?' . $r->prev->args()
: $r->prev()->uri();
$authcookiereason = $r->prev()->subprocess_env( 'AuthCookieReason' );
} else {
my %args = $r->args;
$destination = $args{ 'destination' };
$authcookiereason = $args{ 'AuthCookieReason' };
$t->add_tag( CREDENTIAL_0 => $r->prev->args('credential_0') );
}
$t->add_tag( DESTINATION => $destination );
unless ( $authcookiereason eq 'bad_cookie' ) {
$t->template_file( "../html/login.html" );
} else {
$t->template_file( "../html/login-failed.html" );
}
generic_reg_auth_scheme.txt view on Meta::CPAN
Must be installable and configurable by someone with only basic Perl and
Apache skills. E.g. only slightly more involved than setting up BasicAuth
and writing a simple CGI program.
Jacob> This could be accomplished by making a little script to install
the necessary CGI scripts and stuff.
Configuration features:
In global section of virtualhost:
PerlModule Apache::AuthCookieDBI
PerlSetVar AuthNamePath /
# this login script must use another cookie to set the destination
# and we probably need to hack authcookie to look at the cookie
# too. the action should be /LOGIN. the alternative is to always
# make the login scripts look at the cookie if they don't get it in
# the hidden field, which is probably right.
PerlSetVar AuthNameLoginScript /cgi-bin/ACD/login
# don't know if this is worth implementing, need to re-authenticate
# and regenerate the token with every hit (or maybe we can just trust
# the previous one and just update the expire time and rebuild
# the MD5 checksum; probably requires hacks to AuthCookie either way).
PerlSetVar AuthNameCookieExpirePolicy [ renew | time-to-live ]
# or we could do it on the server side by updating a last-visit
# table with every hit (ouch). if we don't have this we use the time
# in the cookie'd info, if we do have this we use that ticket as a key
# into this database to see when their last hit was.
PerlSetVar AuthNameDBI_SessionTable tablename
# do we need more stuff on the field names and blah blah?
# this determines how long the cookie is good for (ie how long
# after the MD5'd date in the cookie (or the last entry in the session
# database if we use one) we still take it)
PerlSetVar AuthNameDBI_SessionLifetime [ forever | time-to-live ]
# time-to-live is formatted as a time delta:
# 01-00-00-00-00 - 1 day.
# 00-01-00-00-00 - 1 hour.
# 00-00-15-00-00 - 15 minute
# this is probably set by AuthCookie somewhere.
PerlSetVar AuthNameCookieName name-of-cookie
# this is the key we use in the MD5'd checksum.
PerlSetVar AuthNameDBI_SecretKey "long and random string contaning much entropy"
# In AuthCookieDBI before version 2.0 you could or had to put the key in
# a seperate file via AuthNameDBI_SecretKeyFile, but this is no longer available.
In <Directory> or <Location> sections (server config or .htaccess):
AuthType Apache::AuthCookieDBI
# set this to whatever, but the PerlSetVar's must match it.
AuthName AuthName
PerlAuthenHandler Apache::AuthCookieDBI->authenticate
PerlAuthzHandler Apache::AuthCookieDBI->authorize
Require [ valid-user, user username, group groupname ]
# you must set this.
PerlSetVar AuthNameDBI_DSN databasename
# all these are optional.
PerlSetVar AuthNameDBI_User username # default undef
PerlSetVar AuthNameDBI_Password password # default undef
PerlSetVar AuthNameDBI_UsersTable tablename # default 'users'
PerlSetVar AuthNameDBI_UserField fieldname # default 'user'
generic_reg_auth_scheme.txt view on Meta::CPAN
# dunno what this is.
DefaultTarget partial or full URL
You also need this to get people to log in (although I'm not exactly sure
why; I guess it's so that login() gets called, but why can't we check for
credentials and log them in at the same point that we redirect them off to
the login form?):
<Location /LOGIN>
AuthType Apache::AuthCookieDBI
AuthName AuthName
SetHandler perl-script
PerlHandler Apache::AuthCookieDBI->login
</Location>
Save TARGET Check requirements Send page that is appropriate.
Possibly clear TARGET.
Group Table
+---------------------+
| group | username |
+---------------------+
| group_1 | matisse |
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
#===============================================================================
#
# Apache2::AuthCookieDBI
#
# An AuthCookie module backed by a DBI database.
#
# See end of this file for Copyright notices.
#
# Author: Jacob Davies <jacob@well.com>
# Maintainer: Matisse Enzer <matisse@cpan.org> (as of version 2.0)
#
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#===============================================================================
package Apache2::AuthCookieDBI;
use strict;
use warnings;
use 5.010_000;
our $VERSION = '2.19';
use Apache2::AuthCookie;
use base qw( Apache2::AuthCookie );
use Apache2::RequestRec;
use DBI;
use Apache2::Log;
use Apache2::Const -compile => qw( OK HTTP_FORBIDDEN SERVER_ERROR :log );
use Apache2::ServerUtil;
use Carp qw();
use Digest::MD5 qw( md5_hex );
use Date::Calc qw( Today_and_Now Add_Delta_DHMS );
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
use constant LOG_TYPE_AUTHZ => 'authorization';
use constant LOG_TYPE_SYSTEM => 'system';
use constant LOG_TYPE_TIMEOUT => 'timeout';
#===============================================================================
# P E R L D O C
#===============================================================================
=head1 NAME
Apache2::AuthCookieDBI - An AuthCookie module backed by a DBI database.
=head1 COMPATIBILITY
Starting with version 2.03, this module is in the Apache2::* namespace,
L<Apache2::AuthCookieDBI>. For F<mod_perl 1.x> versions,
there is still L<Apache::AuthCookieDBI>.
=head1 SYNOPSIS
# In httpd.conf or .htaccess
# Optional: Initiate a persistent database connection using Apache::DBI.
# See: http://search.cpan.org/dist/Apache-DBI/
# If you choose to use Apache::DBI then the following directive must come
# before all other modules using DBI - just uncomment the next line:
#PerlModule Apache::DBI
PerlModule Apache2::AuthCookieDBI
PerlSetVar WhatEverPath /
PerlSetVar WhatEverLoginScript /login.pl
# Optional, to share tickets between servers.
PerlSetVar WhatEverDomain .domain.com
# These must be set
PerlSetVar WhatEverDBI_DSN "DBI:mysql:database=test"
PerlSetVar WhatEverDBI_SecretKey "489e5eaad8b3208f9ad8792ef4afca73598ae666b0206a9c92ac877e73ce835c"
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
PerlSetVar WhatEverDBI_UserField "user"
PerlSetVar WhatEverDBI_PasswordField "password"
PerlSetVar WhatEverDBI_UserActiveField "" # Default is skip this feature
PerlSetVar WhatEverDBI_CryptType "none"
PerlSetVar WhatEverDBI_GroupsTable "groups"
PerlSetVar WhatEverDBI_GroupField "grp"
PerlSetVar WhatEverDBI_GroupUserField "user"
PerlSetVar WhatEverDBI_EncryptionType "none"
PerlSetVar WhatEverDBI_SessionLifetime 00-24-00-00
# Protected by AuthCookieDBI.
<Directory /www/domain.com/authcookiedbi>
AuthType Apache2::AuthCookieDBI
AuthName WhatEver
PerlAuthenHandler Apache2::AuthCookieDBI->authenticate
PerlAuthzHandler Apache2::AuthCookieDBI->authorize
require valid-user
# or you can require users:
require user jacob
# You can optionally require groups.
require group system
</Directory>
# Login location.
<Files LOGIN>
AuthType Apache2::AuthCookieDBI
AuthName WhatEver
SetHandler perl-script
PerlHandler Apache2::AuthCookieDBI->login
# If the directopry you are protecting is the DocumentRoot directory
# then uncomment the following directive:
#Satisfy any
</Files>
=head1 DESCRIPTION
This module is an authentication handler that uses the basic mechanism provided
by Apache2::AuthCookie with a DBI database for ticket-based protection. It
is based on two tokens being provided, a username and password, which can
be any strings (there are no illegal characters for either). The username is
used to set the remote user as if Basic Authentication was used.
On an attempt to access a protected location without a valid cookie being
provided, the module prints an HTML login form (produced by a CGI or any
other handler; this can be a static file if you want to always send people
to the same entry page when they log in). This login form has fields for
username and password. On submitting it, the username and password are looked
up in the DBI database. The supplied password is checked against the password
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
=head1 APACHE CONFIGURATION DIRECTIVES
All configuration directives for this module are passed in PerlSetVars. These
PerlSetVars must begin with the AuthName that you are describing, so if your
AuthName is PrivateBankingSystem they will look like:
PerlSetVar PrivateBankingSystemDBI_DSN "DBI:mysql:database=banking"
See also L<Apache2::Authcookie> for the directives required for any kind
of Apache2::AuthCookie-based authentication system.
In the following descriptions, replace "WhatEver" with your particular
AuthName. The available configuration directives are as follows:
=over 4
=item C<WhatEverDBI_DSN>
Specifies the DSN for DBI for the database you wish to connect to retrieve
user information. This is required and has no default value.
=item C<WhateverDBI_SecretKey>
Specifies the secret key for this auth scheme. This should be a long
random string. This should be secret; either make the httpd.conf file
only readable by root, or put the PerlSetVar in a file only readable by
root and include it.
This is required and has no default value. (NOTE: In AuthCookieDBI versions
1.22 and earlier the secret key either could be set in the configuration file
itself or it could be placed in a separate file with the path configured with
C<PerlSetVar WhateverDBI_SecretKeyFile>.
As of version 2.0, you must use C<WhateverDBI_SecretKey> and not
C<PerlSetVar WhateverDBI_SecretKeyFile>.
If you want to put the secret key in a separate file then you can create a
separate file that uses C<PerlSetVar WhateverDBI_SecretKey> and include that
file in your main Apache configuration using Apaches' C<Include>
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
in the ticket we give them. This is almost completely useless, so don't
switch it on unless you really know you need it. It does not provide any
protection of the password in transport; use SSL for that. It can be 'none',
'des', 'idea', 'blowfish', or 'blowfish_pp'.
This is not required and defaults to 'none'.
=item C<WhatEverDBI_SessionLifetime>
How long tickets are good for after being issued. Note that presently
Apache2::AuthCookie does not set a client-side expire time, which means that
most clients will only keep the cookie until the user quits the browser.
However, if you wish to force people to log in again sooner than that, set
this value. This can be 'forever' or a life time specified as:
DD-hh-mm-ss -- Days, hours, minute and seconds to live.
This is not required and defaults to '00-24-00-00' or 24 hours.
=item C<WhatEverDBI_SessionModule>
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
}
#-------------------------------------------------------------------------------
# _check_group_membership -- Query the database to see if the authenticated
# user is a member of the specified group(s).
sub _check_group_membership {
my ( $class, $r, $sth, $groups_ref, $debug ) = @_;
if ( !defined $debug ) {
$debug = $r->dir_config('AuthCookieDebug') || 0;
}
my $user = $r->user;
# Loop through all the groups to see if we are a member of any:
foreach my $group (@$groups_ref) {
$r->server->log_error("${class}\tchecking if user $user is a member of group $group") if ($debug >= 4);
$sth->execute( $group, $user );
if ( $sth->fetchrow_array ) { # query successful; user is in group
$sth->finish();
$r->server->log_error("${class}\tauthorized -- user $user is a member of group $group") if ($debug >= 4);
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
William McKee
=head1 MAINTAINER
Matisse Enzer
<matisse@cpan.org>
=head1 SEE ALSO
Latest version: http://search.cpan.org/dist/Apache2-AuthCookieDBI
Apache2::AuthCookie - http://search.cpan.org/dist/Apache2-AuthCookie
Apache2::Session - http://search.cpan.org/dist/Apache2-Session
Apache::AuthDBI - http://search.cpan.org/dist/Apache-DBI
=head1 TODO
=over 2
=item Improve test coverage.
=item Refactor authen_cred() and authen_ses_key() into several smaller private methods.
lib/Apache2_4/AuthCookieDBI.pm view on Meta::CPAN
#===============================================================================
#
# Apache2_4::AuthCookieDBI
#
# A module implementing Apache 2.4.x compatibility for Apache2::AuthCookieDBI
# group-based authorizations.
#
# See end of this file for Copyright notices.
#
# Maintainer: Matisse Enzer <matisse@cpan.org> (as of version 2.0)
#
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
lib/Apache2_4/AuthCookieDBI.pm view on Meta::CPAN
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#===============================================================================
package Apache2_4::AuthCookieDBI;
# ABSTRACT: Perl group authorization for Apache 2.4.x
use strict;
use warnings;
use base 'Apache2::AuthCookieDBI';
use Apache2::Log;
use Apache2::Const -compile => qw(AUTHZ_GRANTED AUTHZ_DENIED AUTHZ_DENIED_NO_USER AUTHZ_GENERAL_ERROR);
use Apache::AuthCookie::Util qw(is_blank);
#===============================================================================
# FILE (LEXICAL) G L O B A L S
#===============================================================================
our $VERSION = '2.19';
#===============================================================================
# M E T H O D ( S )
#===============================================================================
sub group {
my ($class, $r, $groups) = @_;
my $debug = $r->dir_config('AuthCookieDebug') || 0;
my $user = $r->user;
$r->server->log_error("authz:start user=@{[ defined($user) ? $user : '(undef)' ]} type=$class groups=@{[ defined($groups) ? $groups : '(undef)' ]} uri=@{[ $r->uri ]}") if ($debug >= 5);
if ( is_blank($user) ) {
# User is not yet authenticated.
return Apache2::Const::AUTHZ_DENIED_NO_USER;
}
if ( is_blank($groups) ) {
lib/Apache2_4/AuthCookieDBI.pm view on Meta::CPAN
1;
__END__
#===============================================================================
# P E R L D O C
#===============================================================================
=head1 NAME
Apache2_4::AuthCookieDBI - A subclass of L<Apache2::AuthCookieDBI>
that implements a "group" authorization provider for Apache 2.4.x.
=head1 SYNOPSIS
# In httpd.conf or .htaccess:
# Configure as you would with Apache2::AuthCookieDBI, but leave out
# the PerlAuthzHandler directive and add the following when using
# "require group":
PerlModule Apache2_4::AuthCookieDBI
PerlAddAuthzProvider group Apache2_4::AuthCookieDBI->group
<Location /www/domain.com/authcookiedbi/admin>
require group admin
</Location>
=head1 DESCRIPTION
B<Apache2_4::AuthCookieDBI> provides an Apache 2.4.x-compatible
authorization provider for handling "group" authorization
requirements.
This module is a subclass of L<Apache2::AuthCookieDBI>. All the
methods for Apache2::AuthCookieDBI still work for this module as well.
The only method that this class overrides is C<group>.
This module is for F<mod_perl> version 2 and Apache version 2.4.x. If
you are running Apache 2.0.0-2.2.x, refer to L<Apache2::AuthCookieDBI>.
Make sure your F<mod_perl> is at least 2.0.9, with StackedHandlers,
MethodHandlers, Authen, and Authz compiled in.
=head1 HISTORY
The implementation herein is based on L<Apache2::AuthCookieDBI>'s C<group>
method with heavy inspiration from the sample C<authz_handler> in
L<Apache2_4::AuthCookie> by Michael Schout. Huge thanks to Michael Schout
for his documentation on the changes to authorization under Apache 2.4.x.
=head1 COPYRIGHT
Copyright (C) 2002 SF Interactive
Copyright (C) 2003-2004 Jacob Davies
Copyright (C) 2004-2019 Matisse Enzer
=head1 LICENSE
lib/Apache2_4/AuthCookieDBI.pm view on Meta::CPAN
William McKee
=head1 MAINTAINER
Matisse Enzer
<matisse@cpan.org>
=head1 SEE ALSO
Latest version: http://search.cpan.org/dist/Apache2-AuthCookieDBI
Apache2::AuthCookie - http://search.cpan.org/dist/Apache2-AuthCookie
Apache2::Session - http://search.cpan.org/dist/Apache2-Session
Apache::AuthDBI - http://search.cpan.org/dist/Apache-DBI
=cut
use strict;
use warnings;
use FindBin qw($Bin);
use lib "$Bin/mock_libs";
use Test::More tests => 2;
BEGIN { use_ok('Apache2::AuthCookieDBI'); }
BEGIN { use_ok('Apache2_4::AuthCookieDBI'); }
t/mock_libs/Apache2/AuthCookie.pm view on Meta::CPAN
package Apache2::AuthCookie;
1;
t/mock_libs/DBI.pm view on Meta::CPAN
# $Header: /Users/matisse/Desktop/CVS2GIT/matisse.net.cvs/Apache-AuthCookieDBI/t/mock_libs/DBI.pm,v 1.4 2010/11/27 19:15:37 matisse Exp $
# $Revision: 1.4 $
# $Author: matisse $
# $Source: /Users/matisse/Desktop/CVS2GIT/matisse.net.cvs/Apache-AuthCookieDBI/t/mock_libs/DBI.pm,v $
# $Date: 2010/11/27 19:15:37 $
###############################################################################
# Mock class - for testing only
package DBI;
use strict;
use warnings;
#warn 'Loading mock library ' . __FILE__;
use Apache2::RequestRec; # from mocks
use Apache2::Const -compile => qw( OK HTTP_FORBIDDEN );
use Crypt::CBC; # from mocks
use Digest::MD5 qw( md5_hex ); # from mocks
use Digest::SHA;
use Data::Dumper;
use Mock::Tieable;
use Test::More tests => 71;
use constant CLASS_UNDER_TEST => 'Apache2::AuthCookieDBI';
use constant EMPTY_STRING => q{};
use constant TRUE => 1;
use_ok(CLASS_UNDER_TEST);
test_authen_cred();
test_check_password();
test_defined_or_empty();
test_decrypt_session_key();
test_encrypt_session_key();
test_dir_config_var();
$got_session_key
= CLASS_UNDER_TEST->authen_cred( $r, $test_user, $empty_password,
@extra_data );
Test::More::is( $got_session_key, undef,
'authen_cred returns undef when password is an empty string.' );
$r = set_up( $auth_name, $mock_config );
{
my $stub_get_crypted_password = sub { return $test_password };
no warnings qw(redefine);
local *Apache2::AuthCookieDBI::_get_crypted_password
= $stub_get_crypted_password;
$got_session_key
= CLASS_UNDER_TEST->authen_cred( $r, $test_user, $test_password,
@extra_data );
}
Test::More::like(
$got_session_key,
qr/\A ${test_user}:/x,
'authen_cred returns session key starting with username when all OK.'
)
t/utils24.t view on Meta::CPAN
use Apache2::RequestRec; # from mocks
use Apache2::Const -compile => qw( AUTHZ_GRANTED AUTHZ_DENIED AUTHZ_DENIED_NO_USER AUTHZ_GENERAL_ERROR);
use Crypt::CBC; # from mocks
use Digest::MD5 qw( md5_hex ); # from mocks
use Digest::SHA;
use Data::Dumper;
use Mock::Tieable;
use Test::More tests => 72;
use constant CLASS_UNDER_TEST => 'Apache2_4::AuthCookieDBI';
use constant EMPTY_STRING => q{};
use constant TRUE => 1;
use_ok(CLASS_UNDER_TEST);
test_authen_cred();
test_check_password();
test_defined_or_empty();
test_decrypt_session_key();
test_encrypt_session_key();
test_dir_config_var();
t/utils24.t view on Meta::CPAN
$got_session_key
= CLASS_UNDER_TEST->authen_cred( $r, $test_user, $empty_password,
@extra_data );
Test::More::is( $got_session_key, undef,
'authen_cred returns undef when password is an empty string.' );
$r = set_up( $auth_name, $mock_config );
{
my $stub_get_crypted_password = sub { return $test_password };
no warnings qw(redefine);
local *Apache2::AuthCookieDBI::_get_crypted_password
= $stub_get_crypted_password;
$got_session_key
= CLASS_UNDER_TEST->authen_cred( $r, $test_user, $test_password,
@extra_data );
}
Test::More::like(
$got_session_key,
qr/\A ${test_user}:/x,
'authen_cred returns session key starting with username when all OK.'
)
techspec.txt view on Meta::CPAN
$Id: techspec.txt,v 1.1 2003/10/10 20:13:33 jacob Exp $
Apache::AuthCookieDBI Technical Specification
* Description.
This module will allow cookie-based authentication backed by a DBI database,
using usernames and passwords for authentication.
* Authentication.
Authentication is based on a username and password. These are supplied in
plaintext by the user in a form submission through Apache::AuthCookie. These
are compared against values in a users table in a DBI database. The password
field in the database may be plaintext, or hashed with crypt() or md5_hex().
* Tickets.
When a user successfully authenticates, they are issued a cookie with a
session value. This value consists of a serialized version of
the userid, an issue time, an expiration date, and a two-round MD5 checksum
of the userid and times and a server secret key. This checksum
ensures that when the ticket is returned we can see that it has not been
( run in 0.644 second using v1.01-cache-2.11-cpan-e9199f4ba4c )