Apache-AppSamurai
view release on metacpan or search on metacpan
lib/Apache/AppSamurai/AuthBase.pm view on Meta::CPAN
bypass.
See L</EXAMPLES> for a simple example of a C<Authenticator()> method.
=head2 Authenticate()
This is called by Apache::AppSamurai to perform the authentication check.
It is called with an object reference and takes the username and password
as scalar arguments.
The username is validated using L</CheckInputUser()>, and then the password
is validated using L</CheckInputPass()>. (If either of those fail,
an error is added and 0 is returned.)
After validation, L</Initialize()> is called if the C<< $self->{init} >>
flag has not been set. (Note - Apache::AppSamurai calls C<Initialize()>
separately. This functionality is added as a fail safe, or for testing.)
Finally, the object's L</Authenticator()> method is called to perform the
actual work of checking the credentials. It's result is returned by
C<Authenticate()> to the caller.
C<Authenticate()> should not generally need to be overridden.
=head2 CheckInputUser()
Is called with an object ref and expects a scalar username as its only
argument. If successful, the validated username is returned. In case of
a failure or violation, C<undef> is returned.
C<CheckInputUser()> uses settings out of C<< $self->{conf} >> as follows:
=over 4
=item *
If I<UserStripWhite> is 1, surrounding whitespace is removed.
lib/Apache/AppSamurai/AuthBase.pm view on Meta::CPAN
If I<UserUc> is 1, the username is converted to all caps.
=item *
If I<UserLc> is 1, the username is converted to all lower case. (Note -
I<UserUc> takes precedence if both are set.)
=back
If all conditions are met, the validated and cleaned username is returned.
C<CheckInputUser()> should not generally need to be overridden unless an
authentication module needs more extensive filtering.
=head2 CheckInputPass()
Is called with an object ref and expects a scalar password as its only
argument. If successful, the validated password is returned. In case of
a failure or violation, C<undef> is returned.
Note - "password" is used in the descriptions below. This equates the
whatever data, (password, passphrase, PIN, whatever), will be passed as
an authentication credential to the authentication module.
C<CheckInputPass()> uses settings out of C<< $self->{conf} >> as follows:
=over 4
lib/Apache/AppSamurai/AuthBase.pm view on Meta::CPAN
it may be loosened or restricted more in future versions.)
=item *
The length of the password is checked against I<PassMin> and then I<PassMax>.
Once again, avoid limiting the maximum password length as much as safely
possible.
=back
If all conditions are met, the validated and cleaned password is returned.
C<CheckInputPass()> should not generally need to be overridden unless an
authentication module needs more extensive filtering.
=head2 AddError()
Adds a new log message to the C<< @{$self->{errors}} >> array, which is
returned to a then processed by Apache::AppSamurai.
C<AddError()> is called using an object reference and expects one of
lib/Apache/AppSamurai/Session.pm view on Meta::CPAN
}
if (!exists $incl->{$lock}) {
eval "require $lock" || die $@;
$incl->{$lock} = 1;
}
if (!exists $incl->{$gen}) {
eval "require $gen" || die $@;
eval '$incl->{$gen}->[0] = \&' . $gen . '::generate' || die $@;
eval '$incl->{$gen}->[1] = \&' . $gen . '::validate' || die $@;
}
if (!exists $incl->{$ser}) {
eval "require $ser" || die $@;
eval '$incl->{$ser}->[0] = \&' . $ser . '::serialize' || die $@;
eval '$incl->{$ser}->[1] = \&' . $ser . '::unserialize' || die $@;
}
$self->{object_store} = new $store $self;
$self->{lock_manager} = new $lock $self;
$self->{generate} = $incl->{$gen}->[0];
$self->{validate} = $incl->{$gen}->[1];
$self->{serialize} = $incl->{$ser}->[0];
$self->{unserialize} = $incl->{$ser}->[1];
return $self;
}
1; # End of Apache::AppSamurai::Session
__END__
lib/Apache/AppSamurai/Session/Generate/HMAC_SHA.pm view on Meta::CPAN
# ServerKey should already be hashed for us
(&checkhash($session->{args}->{ServerKey})) or die "Invalid ServerKey";
(exists $session->{args}->{key}) or die "HMAC session support requires a per-session Authentication Key (key)";
(&checkhash($session->{args}->{key})) or die "Invalid Session Authentication Key";
$session->{data}->{_session_id} = hmac_sha256_hex($session->{args}->{key},$session->{args}->{ServerKey});
return $session->{data}->{_session_id};
}
sub validate {
#This routine checks to ensure that the session ID is in the form
#we expect. This must be called before we start diddling around
#in the database or the disk.
my $session = shift;
unless (&checkhash($session->{data}->{_session_id})) {
die "Invalid Session ID Value";
}
}
lib/Apache/AppSamurai/Session/Generate/HMAC_SHA.pm view on Meta::CPAN
# session authentication keys are shown for the sake of the example.
$session->{args}->{ServerKey} = "628b49d96dcde97a430dd4f597705899e09a968f793491e4b704cae33a40dc02";
$session->{args}->{key} = "c44474038d459e40e4714afefa7bf8dae9f9834b22f5e8ec1dd434ecb62b512e";
$id = Apache::AppSamurai::Session::Generate::HMAC_SHA::generate($session);
# Note - this is not how you will see this module generally called.
# Instead, you will see it called by reference from Apache::Session or
# Apache::AppSamurai::Session.
# Validate the session ID format
(Apache::AppSamurai::Session::Generate::HMAC_SHA::validate($id)) or die "Bad!";
=head1 DESCRIPTION
This module fulfills the ID generation interface of
L<Apache::Session|Apache::Session> and
L<Apache::AppSamurai::Session|Apache::AppSamurai::Session>.
Unlike the normal Apache::Session generators like MD5, this requires two
input values: A server key and a session authentication key. Both must
be hex string encoded 256 bit values. The values are passed in a hash
lib/Apache/AppSamurai/Tracker.pm view on Meta::CPAN
}
$self->{object_store} = new $store $self;
$self->{lock_manager} = new $lock $self;
$self->{serialize} = $incl->{$ser}->[0];
$self->{unserialize} = $incl->{$ser}->[1];
# Generate is not used! A fixed ID needs to be passed in at all times
$self->{generate} = \&generate;
# Basic sanity check on passed in ID
$self->{validate} = \&validate;
return $self;
}
# Just plug the static "Name" value from the config in
sub generate {
my $session = shift;
if ($session->{args}->{Name}) {
$session->{data}->{_session_id} = $session->{args}->{Name};
} else {
die "$session - Must pass in Name value! (No generator functionality supported)";
}
}
# Just make sure it looks non-threatening
sub validate {
my $session = shift;
unless ($session->{data}->{_session_id} =~ /^([\w\d\_\-\.]+)$/) {
die "Invalid ID value";
}
return $1;
}
1; # End of Apache::AppSamurai::Tracker
__END__
t/11-session-gen-hmac_sha.t view on Meta::CPAN
$sess = { args => {
ServerKey => '21fccb94da476b7c2a8e4ebfc88526590f14ba37410c5106a9df672fc42626f5',
key => '94ee059335e587e501cc4bf90613e0814f00a7b08bc7c648fd865a2af6a22cc2'
}
};
ok(Apache::AppSamurai::Session::Generate::HMAC_SHA::generate($sess) eq '2aeb1d06bec029aa54cb2b678897c5eac3051acb6d2de89b56383c872ef710c6', "generate() - Correct session local ID computed");
$sess->{data}->{_session_id} = '2aeb1d06bec029aa54cb2b678897c5eac3051acb6d2de89b56383c872ef710c6';
ok(Apache::AppSamurai::Session::Generate::HMAC_SHA::validate($sess) eq 1, "validate() - Checked good value correctly");
isnt(eval {Apache::AppSamurai::Session::Generate::HMAC_SHA::validate('Goll Dang Is this wrong!')}, 1, "validate() - Checked bad value correctly (died as expected)");
( run in 0.247 second using v1.01-cache-2.11-cpan-a5abf4f5562 )