• Your recent searches
Apache-AuthCookie
2 results

 view release on metacpan or  search on metacpan

lib/Apache/AuthCookie.pm  view on Meta::CPAN 

    }

    # save creds in pnotes in case login form script wants to use them.
    $r->pnotes("${auth_name}Creds", \@credentials);

    # Exchange the credentials for a session key.
    my $ses_key = $self->authen_cred($r, @credentials);
    unless ($ses_key) {
        $r->log_error("Bad credentials") if $debug >= 2;
        $r->subprocess_env('AuthCookieReason', 'bad_credentials');
        $r->uri($self->untaint_destination($destination));
        return $auth_type->login_form;
    }

    if ($debug >= 2) {
        if (defined $ses_key) {
            $r->log_error("ses_key $ses_key");
        }
        else {
            $r->log_error("ses_key undefined");
        }
    }

    $self->send_cookie($ses_key);

    $self->handle_cache;

    $r->header_out(Location => $self->untaint_destination($destination));

    return REDIRECT;
}


sub untaint_destination {
    my ($self, $dest) = @_;

    return Apache::AuthCookie::Util::escape_destination($dest);
}


sub logout($$) {
    my ($self, $r) = @_;
    my $debug = $r->dir_config("AuthCookieDebug") || 0;

lib/Apache/AuthCookie.pm  view on Meta::CPAN 

=head2 login($r)

This method handles the submission of the login form.  It will call
the C<authen_cred()> method, passing it C<$r> and all the submitted
data with names like C<"credential_#">, where # is a number.  These will
be passed in a simple array, so the prototype is
C<$self-E<gt>authen_cred($r, @credentials)>.  After calling
C<authen_cred()>, we set the user's cookie and redirect to the
URL contained in the C<"destination"> submitted form field.

=head2 untaint_destination($uri)

This method returns a modified version of the destination parameter
before embedding it into the response header. Per default it escapes
CR, LF and TAB characters of the uri to avoid certain types of
security attacks. You can override it to more limit the allowed
destinations, e.g., only allow relative uris, only special hosts or
only limited set of characters.

=head2 logout($r)

lib/Apache2/AuthCookie/Base.pm  view on Meta::CPAN 

    }

    # save creds in pnotes so login form script can use them if it wants to
    $r->pnotes("${auth_name}Creds", \@credentials);

    # Exchange the credentials for a session key.
    my $ses_key = $self->authen_cred($r, @credentials);
    unless ($ses_key) {
        $r->server->log_error("Bad credentials") if $debug >= 2;
        $r->subprocess_env('AuthCookieReason', 'bad_credentials');
        $r->uri($self->untaint_destination($destination));
        return $auth_type->login_form($r);
    }

    if ($debug >= 2) {
        defined $ses_key ? $r->server->log_error("ses_key $ses_key")
                         : $r->server->log_error("ses_key undefined");
    }

    $self->send_cookie($r, $ses_key);

    $self->handle_cache($r);

    if ($debug >= 2) {
        $r->server->log_error("redirect to $destination");
    }

    $r->headers_out->set(
        "Location" => $self->untaint_destination($destination));

    return HTTP_MOVED_TEMPORARILY;
}


sub login_form {
    my ($self, $r) = @_;

    my $auth_name = $r->auth_name;

lib/Apache2/AuthCookie/Base.pm  view on Meta::CPAN 

    my ($self, $r) = @_;

    my $auth_name = $r->auth_name;

    if (my $p3p = $r->dir_config("${auth_name}P3P")) {
        $r->err_headers_out->set(P3P => $p3p);
    }
}


sub untaint_destination {
    my ($self, $dest) = @_;

    return Apache::AuthCookie::Util::escape_destination($dest);
}

# convert current request to GET
sub _convert_to_get {
    my ($self, $r) = @_;

    return unless $r->method eq 'POST';

lib/Apache2/AuthCookie/Base.pm  view on Meta::CPAN 


By default this method simply sends out the session key you give it.  If you
need to change the default behavior (perhaps to update a timestamp in the key)
you can override this method.

=head2 send_p3p($r): void

Set a P3P response header if C<${auth_name}P3P> is configured.  The value of
the header is whatever is in the C<${auth_name}P3P> setting.

=head2 untaint_destination($destination): string

This method returns a modified version of the destination parameter before
embedding it into the response header. Per default it escapes CR, LF and TAB
characters of the uri to avoid certain types of security attacks. You can
override it to more limit the allowed destinations, e.g., only allow relative
uris, only special hosts or only limited set of characters.

=for Pod::Coverage  OK
 DECLINED
 SERVER_ERROR



( run in 0.350 second using v1.01-cache-2.11-cpan-4e96b696675 )