Apache-AuthTicket
view release on metacpan or search on metacpan
subclasses Apache::AuthCookie and relies on AuthCookie for all of the
cookie login logic. This was basically a complete rewrite.
o Split up query to fetch the server secret so that the LIMIT clause is
not needed (for Sybase ASE backends, thanks to Eivind Trondsen)
o Made DBI commit() only be called if AutoCommit is off.
(silences a warn() for MySQL)
o Added support for md5 style passwords.
o Added support for crypt() style passwords.
o Added way to retrieve reason for login using
$r->subprocess_env("AuthTicketReason").
o Added support for Idle Timeout logouts via TicketIdleTimeout
configuration.
o Added "sample" directory with sql examples for setting up pgsql and mysql
backends, as well as httpd.conf samples.
o Removed libapreq dependency (AuthCookie does this stuff now)
Relaese 0.10
o Initial public release: Apache::TicketAccess 0.10
lib/Apache/AuthTicket.pm view on Meta::CPAN
PerlSetVar FooTicketDB DBI:mysql:database=mschout;host=testbed
PerlSetVar FooTicketDBUser test
PerlSetVar FooTicketDBPassword secret
PerlSetVar FooTicketTable tickets:ticket_hash:ts
PerlSetVar FooTicketUserTable myusers:usename:passwd
PerlSetVar FooTicketPasswordStyle cleartext
PerlSetVar FooTicketSecretTable ticket_secrets:sec_data:sec_version
PerlSetVar FooTicketExpires 15
PerlSetVar FooTicketLogoutURI /foo/index.html
PerlSetVar FooTicketLoginHandler /foologin
PerlSetVar FooTicketIdleTimeout 1
PerlSetVar FooPath /
PerlSetVar FooDomain .foo.com
PerlSetVar FooSecure 1
PerlSetVar FooLoginScript /foologinform
<Location /foo>
AuthType Apache::AuthTicket
AuthName Foo
PerlAuthenHandler Apache::AuthTicket->authenticate
PerlAuthzHandler Apache::AuthTicket->authorize
lib/Apache/AuthTicket.pm view on Meta::CPAN
TicketDB => 'DBI:mysql:database=test;host=foo',
TicketDBUser => 'mschout',
TicketDBPassword => 'secret',
TicketTable => 'tickets:ticket_hash:ts',
TicketUserTable => 'myusers:usename:passwd',
TicketPasswordStyle => 'cleartext',
TicketSecretTable => 'ticket_secrets:sec_data:sec_version',
TicketExpires => '15',
TicketLogoutURI => '/foo/index.html',
TicketLoginHandler => '/foologin',
TicketIdleTimeout => 5
});
Valid configuration items are:
=over 3
=item B<TicketDB>
This directive specifys the DBI URL string to use when connecting to the
database. Also, you might consider overloading the B<dbi_connect> method to
lib/Apache/AuthTicket.pm view on Meta::CPAN
=item B<TicketExpires>
This directive specifys the number of minutes that tickets should remain
valid for. If a user exceeds this limit, they will be forced to log in
again.
This should not be confused with the inherited AuthCookie setting C<Expire>,
which is the I<cookie> expiration time. C<TicketExpires> controls the
expiration of the ticket, not the cookie.
=item B<TicketIdleTimeout>
This directive specifys the number of minutes of inactivity before a ticket
is considered invalid. Setting this value to 5 for example would force a
re-login if no requests are recieved from the user in a 5 minute period.
The default for this value is 0, which disables this feature. If this number
is larger than I<TicketExpires>, then this setting will have no effect.
=item B<TicketLogoutURI>
lib/Apache/AuthTicket.pm view on Meta::CPAN
This value means that the ticket has expired and the user must re-login to be
issued a new ticket.
=item missing_secret
This value means that the server secret could not be loaded.
=item idle_timeout
This value means that the user has exceeded the I<TicketIdleTimeout> minutes of
inactivity, and the user must re-login.
=item tampered_hash
This value indicates that the ticket data does not match its cryptographic
signature, and the ticket has most likely been tampered with. The user is
forced to re-login at this point.
=back
lib/Apache/AuthTicket/Base.pm view on Meta::CPAN
# PerlSetVar FooTicketDB dbi:Pg:dbname=template1
# PerlSetVar FooDBUser test
# PerlSetVar FooDBPassword test
# PerlSetVar FooTicketTable tickets:ticket_hash
# PerlSetVar FooUserTable users:usrname:passwd
# PerlSetVar FooPasswordStyle cleartext
# PerlSetVar FooSecretTable ticketsecrets:sec_data:sec_version
our %DEFAULTS = (
TicketExpires => 15,
TicketIdleTimeout => 0,
TicketLogoutURI => '/',
TicketDB => 'dbi:Pg:dbname=template1',
TicketDBUser => 'test',
TicketDBPassword => 'test',
TicketTable => 'tickets:ticket_hash',
TicketUserTable => 'users:usrname:passwd',
TicketPasswordStyle => 'cleartext',
TicketSecretTable => 'ticketsecrets:sec_data:sec_version',
TicketLoginHandler => '/login',
TicketCheckIP => 1,
lib/Apache/AuthTicket/Base.pm view on Meta::CPAN
$dbh->commit unless $dbh->{AutoCommit};
};
if ($@) {
$dbh->rollback;
die $@;
}
}
# boolean _ticket_idle_timeout(String hash, Hashref ticket)
#
# return true if the ticket table timestamp is older than the IdleTimeout
# value.
sub _ticket_idle_timeout {
my ($self, $hash, $ticket) = @_;
my $idle = $self->get_config('TicketIdleTimeout') * 60;
return 0 unless $idle; # if not timeout set, its still valid.
my $db_time = $self->{DBTicketTimeStamp};
my $time = $self->request->request_time;
if (DEBUGGING) {
warn "Last activity: ", ($time - $db_time), " secs ago\n";
warn "Fail if thats > ", ($idle), "\n";
}
if ( ($time - $db_time) > $idle ) {
lib/Apache2/AuthTicket.pm view on Meta::CPAN
PerlSetVar FooTicketDB DBI:mysql:database=mschout;host=testbed
PerlSetVar FooTicketDBUser test
PerlSetVar FooTicketDBPassword secret
PerlSetVar FooTicketTable tickets:ticket_hash:ts
PerlSetVar FooTicketUserTable myusers:usename:passwd
PerlSetVar FooTicketPasswordStyle cleartext
PerlSetVar FooTicketSecretTable ticket_secrets:sec_data:sec_version
PerlSetVar FooTicketExpires 15
PerlSetVar FooTicketLogoutURI /foo/index.html
PerlSetVar FooTicketLoginHandler /foologin
PerlSetVar FooTicketIdleTimeout 1
PerlSetVar FooPath /
PerlSetVar FooDomain .foo.com
PerlSetVar FooSecure 1
PerlSetVar FooLoginScript /foologinform
<Location /foo>
AuthType Apache2::AuthTicket
AuthName Foo
PerlAuthenHandler Apache2::AuthTicket->authenticate
PerlAuthzHandler Apache2::AuthTicket->authorize
lib/Apache2/AuthTicket.pm view on Meta::CPAN
TicketDB => 'DBI:mysql:database=test;host=foo',
TicketDBUser => 'mschout',
TicketDBPassword => 'secret',
TicketTable => 'tickets:ticket_hash:ts',
TicketUserTablei => 'myusers:usename:passwd',
TicketPasswordStyle => 'cleartext',
TicketSecretTable => 'ticket_secrets:sec_data:sec_version',
TicketExpires => '15',
TicketLogoutURI => '/foo/index.html',
TicketLoginHandler => '/foologin',
TicketIdleTimeout => 5
});
Valid configuration items are:
=over 3
=item B<TicketDB>
This directive specifys the DBI URL string to use when connecting to the
database. Also, you might consider overloading the B<dbi_connect> method to
lib/Apache2/AuthTicket.pm view on Meta::CPAN
=item B<TicketExpires>
This directive specifys the number of minutes that tickets should remain
valid for. If a user exceeds this limit, they will be forced to log in
again.
This should not be confused with the inherited AuthCookie setting C<Expire>,
which is the I<cookie> expiration time. C<TicketExpires> controls the
expiration of the ticket, not the cookie.
=item B<TicketIdleTimeout>
This directive specifys the number of minutes of inactivity before a ticket
is considered invalid. Setting this value to 5 for example would force a
re-login if no requests are recieved from the user in a 5 minute period.
The default for this value is 0, which disables this feature. If this number
is larger than I<TicketExpires>, then this setting will have no effect.
=item B<TicketLogoutURI>
lib/Apache2/AuthTicket.pm view on Meta::CPAN
This value means that the ticket has expired and the user must re-login to be
issued a new ticket.
=item missing_secret
This value means that the server secret could not be loaded.
=item idle_timeout
This value means that the user has exceeded the I<TicketIdleTimeout> minutes of
inactivity, and the user must re-login.
=item tampered_hash
This value indicates that the ticket data does not match its cryptographic
signature, and the ticket has most likely been tampered with. The user is
forced to re-login at this point.
=back
sample/apache.conf view on Meta::CPAN
PerlSetVar FooTicketDB DBI:mysql:database=test;host=test
PerlSetVar FooTicketDBUser test
PerlSetVar FooTicketDBPassword secret
PerlSetVar FooTicketTable tickets:ticket_hash:ts
PerlSetVar FooTicketUserTable myusers:usename:passwd
PerlSetVar FooTicketPasswordStyle cleartext
PerlSetVar FooTicketSecretTable ticket_secrets:sec_data:sec_version
PerlSetVar FooTicketExpires 15
PerlSetVar FooTicketLogoutURI /foo/index.html
PerlSetVar FooTicketLoginHandler /foologin
PerlSetVar FooTicketIdleTimeout 1
PerlSetVar FooPath /
PerlSetVar FooDomain .foo.com
PerlSetVar FooSecure 1
PerlSetVar FooLoginScript /foologinform
<Location /foo>
AuthType Apache::AuthTicket
AuthName Foo
PerlAuthenHandler Apache::AuthTicket->authenticate
PerlAuthzHandler Apache::AuthTicket->authorize
sample/apache2.conf view on Meta::CPAN
PerlSetVar FooTicketDB DBI:mysql:database=test;host=test
PerlSetVar FooTicketDBUser test
PerlSetVar FooTicketDBPassword secret
PerlSetVar FooTicketTable tickets:ticket_hash:ts
PerlSetVar FooTicketUserTable myusers:usename:passwd
PerlSetVar FooTicketPasswordStyle cleartext
PerlSetVar FooTicketSecretTable ticket_secrets:sec_data:sec_version
PerlSetVar FooTicketExpires 15
PerlSetVar FooTicketLogoutURI /foo/index.html
PerlSetVar FooTicketLoginHandler /foologin
PerlSetVar FooTicketIdleTimeout 1
PerlSetVar FooPath /
PerlSetVar FooDomain .foo.com
PerlSetVar FooSecure 1
PerlSetVar FooLoginScript /foologinform
<Location /foo>
AuthType Apache2::AuthTicket
AuthName Foo
PerlAuthenHandler Apache2::AuthTicket->authenticate
PerlAuthzHandler Apache2::AuthTicket->authorize
t/conf/extra.conf.in view on Meta::CPAN
</IfDefine>
PerlSetVar ProtectedTicketDb dbi:SQLite:@ServerRoot@/db/test.db
PerlSetVar ProtectedTicketTable tickets:t_hash:update_ts
PerlSetVar ProtectedTicketUserTable t_users:usrname:passwd
PerlSetVar ProtectedTicketPasswordStyle cleartext
PerlSetVar ProtectedTicketSecretTable t_secret:s_data:s_version
PerlSetVar ProtectedTicketExpires 15
PerlSetVar ProtectedTicketLogoutURI /protected/index.html
PerlSetVar ProtectedTicketLoginHandler /login
PerlSetVar ProtectedTicketIdleTimeout 1
PerlSetVar ProtectedLoginScript /login-screen
<Location /protected>
<IfDefine APACHE1>
AuthType Apache::AuthTicket
PerlAuthenHandler Apache::AuthTicket->authenticate
PerlAuthzHandler Apache::AuthTicket->authorize
</IfDefine>
<IfDefine APACHE2>
AuthType Apache2::AuthTicket
t/conf/extra.conf.in view on Meta::CPAN
<Location /secure>
PerlSetVar SecTicketDb dbi:SQLite:@ServerRoot@/db/test.db
PerlSetVar SecTicketTable tickets:t_hash:update_ts
PerlSetVar SecTicketUserTable t_users:usrname:passwd
PerlSetVar SecTicketPasswordStyle cleartext
PerlSetVar SecTicketSecretTable t_secret:s_data:s_version
PerlSetVar SecTicketExpires 15
PerlSetVar SecTicketLogoutURI /index.html
PerlSetVar SecTicketLoginHandler /secure/login
PerlSetVar SecTicketIdleTimeout 1
PerlSetVar SecTicketCheckIP Off
PerlSetVar SecTicketCheckBrowser On
PerlSetVar SecPath /secure
PerlSetVar SecDomain .local
PerlSetVar SecSecure 1
PerlSetVar SecLoginScript /secure/login-screen
</Location>
<Location /secure/protected>
<IfDefine APACHE1>
( run in 0.628 second using v1.01-cache-2.11-cpan-a5abf4f5562 )