Apache-AuthDigest
5 results

 view release on metacpan or  search on metacpan

API/API.pm  view on Meta::CPAN 

sets the proper authentication headers which prompt a client to 
send a proper Digest request in order to access the requested
resource.

  $r->note_digest_auth_failure;
  return AUTH_REQUIRED;

=item compare_digest_response()

this method represents a shortcut for comparing a client Digest
request with whatever credentials are stored on the server.  the
first argument is the hash reference returned by 
get_digest_auth_response().  the second argument is a MD5 digest
of the user credentials.  the credentials should be in the form

  user:realm:password 

before they are hashed.  the following Perl one-liner will generate
a suitable digest:

  $ perl -MDigest::MD5 -e'print Digest::MD5::md5_hex("user:realm:password"),"\n"'

=back

API/API.pm  view on Meta::CPAN 

  use Apache::AuthDigest::API;

  sub handler {

    my $r = Apache::AuthDigest::API->new(shift);

    my ($status, $response) = $r->get_digest_auth_response;

    return $status unless $status == OK;

    my $digest = my_get_user_credentials_routine($r->user, $r->auth_name);

    return OK if $r->compare_digest_response($response, $digest);

    $r->note_digest_auth_failure;
    return AUTH_REQUIRED;
  }

=head1 NOTES

this module essentially mimics the Digest implementation provided

AuthDigest.pm  view on Meta::CPAN 


  my $fh = Apache::File->new($password_file);

  unless ($fh) {
    $log->error("Apache::AuthDigest - could not open ",
                 "password file '$password_file'");

    return DECLINED;
  }

  my $digest = get_user_credentials($r->user, $r->auth_name, $fh);

  unless ($digest) {
    $log->error("Apache::AuthDigest - user '", $r->user,
                "' not found in password file '$password_file'");

    $r->note_digest_auth_failure;
    return AUTH_REQUIRED;
  }

  return OK if $r->compare_digest_response($response, $digest);

  $log->error("Apache::AuthDigest - user '", $r->user,
              "' password mismatch");

  $r->note_digest_auth_failure;
  return AUTH_REQUIRED;
}

sub get_user_credentials {

  my ($user, $realm, $fh) = @_;

  my ($username, $userrealm, $digest) = ();

  while (my $line = <$fh>) {
    ($username, $userrealm, $digest) = split /:/, $line;

    last if ($user eq $username && $realm eq $userrealm);

Session/Session.pm  view on Meta::CPAN 

we can use $r->notes('SESSION') to store the session id of the
authenticated user.  this session can then be used by a PerlAuthzHandler
(or other similar mechansim) to determine the validity of the session.

So, this means that the developer needs to do a few things.  First,
each request (via a PerlInitHandler or whatever) needs to populate
$r->notes('SESSION') with a session to be used _if the user cannot
authenticate_.  If you think through how HTTP authentication and the
Apache API works, you'll see why this needs to happen on every 
request (or correct me if you think I'm wrong). compare_digest_response()
will then, if the user credentials check out, populate $r->notes('SESSION') 
with the session identifier that the user passed back via the headers.

So, when the PerlAuthzHandler, PerlFixupHandler and
PerlHandler are run, $r->notes('SESSION') is the real session id, 
as gleaned from the headers, and _not_ what was placed into it by
the user via a PerlInitHandler or whatever other mechanism one uses
to generate a session.

an alternative interface is to have any handler that wants
the current session identifier instantiate a new

t/lib/perl/My/DigestAuthenticator.pm  view on Meta::CPAN 

sub handler {

  my $r = Apache::AuthDigest::API->new(shift);

  return DECLINED unless $r->is_initial_req;

  my ($status, $response) = $r->get_digest_auth_response;

  return $status unless $status == OK;

  my $digest = get_credentials($r->user, $r->auth_name);

  # for other testing purposes...
  $r->pnotes(URI => $response->{uri});

  return OK if $r->compare_digest_response($response, $digest);

  $r->note_digest_auth_failure;
  return AUTH_REQUIRED;
}

sub get_credentials {

  my ($user, $realm) = @_;

  # this represents a routine that fetches the Digest::MD5 hash of
  # the credentials for user $r->user at realm $r->auth_name
  
  # to generate your own credentials, use the htdigest utility
  # program that ships with Apache, or the Perl one-liner
  # $ perl -MDigest::MD5 -e'print Digest::MD5::md5_hex("user:realm:password"),"\n"'

  return '966b699e9ada71dbefb7276e0fc1aaf1';
}
1;

t/lib/perl/My/SessionAuthenticator.pm  view on Meta::CPAN 

sub handler {

  my $r = Apache::AuthDigest::API::Session->new(shift);

  return DECLINED unless $r->is_initial_req;

  my ($status, $response) = $r->get_digest_auth_response;

  return $status unless $status == OK;

  my $digest = get_credentials($r->user, $r->auth_name);

  return OK if $r->compare_digest_response($response, $digest);

  $r->note_digest_auth_failure;
  return AUTH_REQUIRED;
}

sub get_credentials {

  my ($user, $realm) = @_;

  # this represents a routine that fetches the Digest::MD5 hash of
  # the credentials for user $r->user at realm $r->auth_name
  
  # to generate your own credentials, use the htdigest utility
  # program that ships with Apache, or the Perl one-liner
  # $ perl -MDigest::MD5 -e'print Digest::MD5::md5_hex("user:realm:password"),"\n"'

  return '966b699e9ada71dbefb7276e0fc1aaf1';
}
1;



( run in 0.285 second using v1.01-cache-2.11-cpan-4d50c553e7e )