view release on metacpan or search on metacpan
docsrc/reference.xml view on Meta::CPAN
</refentry>
<refentry id="model.api.pkit_auth_credential">
<refnamediv>
<refname>pkit_auth_credential</refname>
<refpurpose>
Verifies login credentials and returns session key
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<synopsis>
sub pkit_auth_credential {
docsrc/reference.xml view on Meta::CPAN
</synopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>
Verifies the user-supplied credentials and return a session key. The
session key is a string that is stored on the user's computer using cookies.
Often you'll use the user ID and a MD5 hash of a a secret key, user ID, password.
</para>
<para>
Note that the string returned should not contain any commas, spaces, or semi-colons.
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/SiteControl.pm view on Meta::CPAN
my $ok;
# Load the user authentication module
eval "require $checker" or $r->log_error("Could not load $checker: $@");
eval "require $factory" or $r->log_error("Could not load $factory: $@");
eval '$ok = ' . ${checker} . '::check_credentials($r, @cred)' or $r->log_error("authentication error code: $@");
if($ok) {
eval('$user = ' . "$factory" . '->makeUser($r, @cred)');
if($@) {
$r->log_error("Error reported during call to ${factory}->makeUser: $@");
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apache2/reCaptcha.pm view on Meta::CPAN
$r->print($header_template . $bdy . $footer_template);
return OK;
}
# check credentials and return a session key if valid
# return undef if invalid
sub authen_cred {
my ($class, $r, @cred) = @_;
my $this = $class->new($r);
view all matches for this distribution
view release on metacpan or search on metacpan
lib/Apigee/Edge/Helper.pm view on Meta::CPAN
if ($my_app->{message}) {
$errstr = $my_app->{message};
return;
}
$my_app->{display_name} = $name;
$errstr = "$name has been registered. New OAuth credentials are available";
}
return $my_app;
}
lib/Apigee/Edge/Helper.pm view on Meta::CPAN
) or croak "Apigee::Edge failure: " . $self->errstr;
my $CLIENTS = {};
for my $app (@{$apps->{app}}) {
next unless $app->{status} eq 'approved';
my $consumerKey = eval {
my $credentials = $app->{credentials};
$credentials->[0]->{consumerKey};
} || next;
if (my $attrs = $app->{attributes}) {
my %attrs = map { $_->{name} => $_->{value} } @$attrs;
$app->{name} = $attrs{DisplayName} if $attrs{DisplayName};
}
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/Acmeman.pm view on Meta::CPAN
unless ($acme->key_id()) {
# Create new account
debug(3, "creating account");
my $terms_url = $acme->get_terms_of_service();
$acme->create_account(termsOfServiceAgreed => 1);
debug(3, "saving account credentials");
$self->account_key_id($acme->key_id());
my $keyfile = $self->cf->get('account', 'key');
if (open(my $fh, '>', $keyfile)) {
print $fh $self->account_key->get_private_key_string();
close $fh;
view all matches for this distribution
view release on metacpan or search on metacpan
script/ap-fetch view on Meta::CPAN
if ($#ARGV != 0) {
print "usage: ap-fetch.pl [-r|-j|-u user:pass] <url>\n";
print " -j Pipe into jq(1)\n";
print " -r Raw output\n";
print " -u user:pass HTTP Basic Auth credentials\n";
print
"By default, when -j and -r are absent it pipes the data into ap-represent.pl.\n";
exit 1;
}
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/AutoCRUD/DataSource.pm view on Meta::CPAN
$datasource->prepare_for_request($req);
Called from L<App::AutoCRUD/call> before serving
a request. This is a hook for subclasses to provide application-specific
behaviour if needed (like for example resetting the database connection
or supplying user credentials from the HTTP request).
The argument C<$req> is an instance of L<Plack::Request>.
=head2 primary_key
Proxy method to L<DBIx::DataModel::Meta::Source/primary_key>.
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/BarnesNoble/WishListMinder.pm view on Meta::CPAN
unless ($config_file->is_file) {
die "$config_file is a directory!\n" if $config_file->is_dir;
$config_file->spew_utf8(<<'END CONFIG');
; -*-conf-windows-*-
; Your credentials for logging in to the Barnes & Noble website go here:
email = YOUR EMAIL HERE
password = YOUR PASSWORD HERE
; If you want the Price Drop Alert emails to go to a different address,
; uncomment the next line and set the email address.
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/CamelPKI/Model/CA.pm view on Meta::CPAN
=head2 do_ceremony($privdir, $webserver)
Runs the B<Key Ceremony> for the Camel-PKI Certificate Authority. The
Operational CA and Root CA certificates are recorded in the private
directory configured with the I<db_dir> key (see L</CONFIGURATION>).
The Root CA certificate and key, and the administrator credentials are
written into $privdir, under the respective names C<ca0.key>,
C<ca0.crt>, C<admin.key> and C<admin.pem>. Last but not least, the Web
server certificate and key are installed in $webserver, an
L<App::CamelPKI::SysV::Apache> instance.
lib/App/CamelPKI/Model/CA.pm view on Meta::CPAN
$webserver->set_keys
(-certificate => $webservercert,
-key => $webserverkey,
-certification_chain => [ $CA1, $CA0 ]);
my ($admincert, $adminkey) = $self->make_admin_credentials;
write_file(catfile($privdir, "admin.pem"), $admincert->serialize);
write_file(catfile($privdir, "admin.key"), $adminkey->serialize);
return $self;
}
=head2 make_admin_credentials
Regenerate an initial administrator certificate and private key, and
returns a pair ($cert, $key) which are respectively
L<App::CamelPKI::Certificate> and L<App::CamelPKI::PrivateKey> instances. Old
administrator certificates are revoked.
=cut
sub make_admin_credentials {
my ($self) = @_;
my $ca = $self->instance;
my $adminkey = App::CamelPKI::PrivateKey->genrsa($self->{keysize});
my $admintemplate = "App::CamelPKI::CertTemplate::PKI2";
lib/App/CamelPKI/Model/CA.pm view on Meta::CPAN
certificate_chain_ok($admincert->serialize, \@certchain);
certificate_chain_ok($webserver->certificate->serialize, \@certchain);
};
test "->make_admin_credentials" => sub {
mkdir(my $dir = catdir(My::Tests::Below->tempdir, "ceremony1"));
my $model_ca = bless { db_dir => $dir, keysize => 512 },
"App::CamelPKI::Model::CA";
$model_ca->do_ceremony($dir, App::CamelPKI::SysV::Apache->load($dir));
my $admincert = App::CamelPKI::Certificate->load
(catfile($dir, "admin.pem"));
ok(! $model_ca->instance->issue_crl->is_member($admincert));
my ($anotheradmincert, $anotheradminkey) =
$model_ca->make_admin_credentials();
ok($anotheradminkey->get_public_key
->equals($anotheradmincert->get_public_key));
ok(! $anotheradmincert->get_public_key
->equals($admincert->get_public_key));
ok(! $model_ca->instance->issue_crl->is_member($anotheradmincert));
view all matches for this distribution
view release on metacpan or search on metacpan
bin/catalyst-fatstart.pl view on Meta::CPAN
=item -[-]dsn [=] <dsn>
A DSN to set up a db connection for one model in your catalyst app.
If user and pass are not specified it will try the dsn without
credentials. Expects connection to succeed.
B<Important>: Will set --model and --schema with default names unless
they are also specified. Default names currently are CatNameDB and
CatName::Schema.
bin/catalyst-fatstart.pl view on Meta::CPAN
Db for the db connection.
=item -[-]pgpass
Causes it to look through $HOME/.pgpass for credentials for postgresql
connections.
=item -[-][no]test
Run all tests when done
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/installguide/hosted.pod view on Meta::CPAN
permissions to "username_dbview".
I was then able to use the web-based database administration tool, "phpMyAdmin".
However, I prefer to do things from the command line.
The next thing I did was put my MySQL login credentials into the $HOME/.my.cnf file.
[client]
user = username_dbadmin
password = my_password_here
host = localhost
view all matches for this distribution
view release on metacpan or search on metacpan
script/ddflare view on Meta::CPAN
Loads in the configuration file, which is YAML, the structure
is an array of hashrefs.
The first element being { user => ..., key => ... } which are
CloudFlare credentials.
Subsequent elements are { zone => ..., domains => [ ... ] } which are
cloudflare zones, and the subdomains within them to update. An
undefined value in domains represents the zone itself.
view all matches for this distribution
view release on metacpan or search on metacpan
4. Install [s3cmd](http://s3tools.org/s3cmd). On Mac OSX, using
[Homebrew](http://brew.sh/), install like this:
$ pip install s3cmd
5. Configure `s3cmd` with your Amazon credentials (AWS access key, secret
key):
$ s3cmd --configure
6. Now any time you want to rebuild your content and push it to s3, it's a
view all matches for this distribution
view release on metacpan or search on metacpan
t/data/generate/pam-krb5/docknot.yaml view on Meta::CPAN
A similar configuration could be used for other services, such as ssh.
See the pam.conf(5) man page for more information. When using this
module with Solaris login (at least on Solaris 8 and 9), you will
probably also need to add `retain_after_close` to the PAM configuration
to avoid having the user's credentials deleted before they are logged
in.
The Solaris Kerberos library reportedly does not support prompting for a
password change of an expired account during authentication. Supporting
password change for expired accounts on Solaris with native Kerberos may
t/data/generate/pam-krb5/docknot.yaml view on Meta::CPAN
on the same system. That will test your basic Kerberos configuration.
If the system has a keytab file installed that's readable by the process
doing authentication via PAM, make sure that the keytab is current and
contains a key for `host/<system>` where <system> is the fully-qualified
hostname. pam-krb5 prevents KDC spoofing by checking the user's
credentials when possible, but this means that if a keytab is present it
must be correct or authentication will fail. You can check the keytab
with `klist -k` and `kinit -k`.
Be sure that all libraries and modules, including PAM modules, loaded by
a program use the same Kerberos libraries. Sometimes programs that use
t/data/generate/pam-krb5/docknot.yaml view on Meta::CPAN
When `pam_authenticate` is called, pam-krb5 creates a temporary ticket
cache in `/tmp` and sets the PAM environment variable `PAM_KRB5CCNAME`
to point to it. This ticket cache will be automatically destroyed when
the PAM session is closed and is there only to pass the initial
credentials to the call to `pam_setcred`. The module would use a memory
cache, but memory caches will only work if the application preserves the
PAM environment between the calls to `pam_authenticate` and
`pam_setcred`. Most do, but OpenSSH notoriously does not and calls
`pam_authenticate` in a subprocess, so this method is used to pass the
tickets to the `pam_setcred` call in a different process.
`pam_authenticate` does a complete authentication, including checking
the resulting TGT by obtaining a service ticket for the local host if
possible, but this requires read access to the system keytab. If the
keytab doesn't exist, can't be read, or doesn't include the appropriate
credentials, the default is to accept the authentication. This can be
controlled by setting `verify_ap_req_nofail` to true in `[libdefaults]`
in `/etc/krb5.conf`. `pam_authenticate` also does a basic authorization
check, by default calling `krb5_kuserok` (which uses `~/.k5login` if
available and falls back to checking that the principal corresponds to
the account name). This can be customized with several options
documented in the pam_krb5(5) man page.
pam-krb5 treats `pam_open_session` and `pam_setcred(PAM_ESTABLISH_CRED)`
as synonymous, as some applications call one and some call the other.
Both copy the initial credentials from the temporary cache into a
permanent cache for this session and set `KRB5CCNAME` in the
environment. It will remember when the credential cache has been
established and then avoid doing any duplicate work afterwards, since
some applications call `pam_setcred` or `pam_open_session` multiple
times (most notably X.Org 7 and earlier xdm, which also throws away the
t/data/generate/pam-krb5/docknot.yaml view on Meta::CPAN
(`PAM_REFRESH_CRED` may be used instead.) Authentication proceeds as
above. At the `pam_setcred` stage, rather than creating a new ticket
cache, the module instead finds the current ticket cache (from the
`KRB5CCNAME` environment variable or the default ticket cache location
from the Kerberos library) and then reinitializes it with the
credentials from the temporary `pam_authenticate` ticket cache. When
refreshing a ticket cache, the application should not open a session.
Calling `pam_acct_mgmt` is optional; pam-krb5 doesn't do anything
different when it's called in this case.
If `pam_authenticate` apparently didn't succeed, or if an account was
t/data/generate/pam-krb5/docknot.yaml view on Meta::CPAN
pam_chauthtok
pam_setcred
pam_open_session
```
During the first `pam_authenticate`, we can't obtain credentials and
therefore a ticket cache since the password is expired. But
`pam_authenticate` isn't called again after `pam_chauthtok`, so
`pam_chauthtok` has to create a ticket cache. We however don't want it
to do this for the normal password change (`passwd`) case.
t/data/generate/pam-krb5/docknot.yaml view on Meta::CPAN
Joel Kociolek <joko@logidee.com> to be usable with Debian GNU/Linux.
It was packaged by Sam Hartman as the Kerberos v5 PAM module for Debian
and improved and modified by him and later by Russ Allbery to fix bugs
and add additional features. It was then adopted by Andres Salomon, who
added support for refreshing credentials.
The current distribution is maintained by Russ Allbery, who also added
support for reading configuration from `krb5.conf`, added many features
for compatibility with the Sourceforge module, commented and
standardized the formatting of the code, and overhauled the
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/Dochazka/CLI/Testers.pm view on Meta::CPAN
New password : <type george>
New password again: <type george again>
Password changed
Now you can log in with credentials C<george/george>:
$ dochazka-cli -u george -p george
...
Authenticating to server at http://localhost:5000 as user george
Server is alive
view all matches for this distribution
view release on metacpan or search on metacpan
config/REST_Config.pm view on Meta::CPAN
{ code => 'SICK_DAY', long_desc => 'Discretionary sick leave' },
{ code => 'MEDICAL_LEAVE', long_desc => 'Statutory medical leave' },
] );
# DOCHAZKA_BASIC_AUTH_REALM
# message displayed to user when she is asked to enter her credentials
set( 'DOCHAZKA_BASIC_AUTH_REALM',
'ENTER YOUR DOCHAZKA CREDENTIALS (e.g., demo/demo)' );
# DOCHAZKA_LDAP
# Enable/disable LDAP authentication
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/Dochazka/WWW/Dispatch.pm view on Meta::CPAN
# two possibilities: login/logout attempt or normal AJAX call
if ( $method =~ m/^LOGIN/i ) {
$log->debug( "Incoming login/logout attempt" );
if ( $path =~ m/^login/i ) {
return $self->validate_user_credentials( $body );
} else {
return $self->_logout( $body );
}
}
lib/App/Dochazka/WWW/Dispatch.pm view on Meta::CPAN
my $hr = $rr->{'hr'};
return $self->_prep_ajax_response( $hr, $rr->{'body'} );
}
=head2 validate_user_credentials
Called either from C<process_post> on login AJAX requests originating from the
JavaScript side (i.e. the login screen in login-dialog.js, via login.js), or
directly from C<is_authorized> if the MFILE_WWW_BYPASS_LOGIN_DIALOG mechanism
is activated.
lib/App/Dochazka/WWW/Dispatch.pm view on Meta::CPAN
Returns a status object - OK means the login was successful; all other statuses
mean unsuccessful.
=cut
sub validate_user_credentials {
my ( $self, $body ) = @_;
$log->debug( "Entering " . __PACKAGE__ . "::validate_user_credentials()" );
my $r = $self->request;
my $session = $self->session;
my $nick = $body->{'nam'};
my $password = $body->{'pwd'};
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/DoubleUp.pm view on Meta::CPAN
my $source = $self->source;
if ($source->{type} eq 'config') {
return @{ $source->{databases} };
}
elsif ($source->{type} eq 'database') {
my $db = $self->connect_to_db('dbi:mysql:information_schema', $self->credentials);
return db_flatarray($db, $source->{schemata_sql});
}
}
sub credentials {
my $self = shift;
return @{$self->{config}{credentials}};
}
sub connect_to_db {
my ($self, $dsn, $user, $password) = @_;
return DBI->connect($dsn, $user, $password, { RaiseError => 1, PrintError => 0 }) || croak "Error while connecting to '$dsn'";
lib/App/DoubleUp.pm view on Meta::CPAN
my @querys = $self->process_files($self->files);
for my $schema (@{ $self->database_names }) {
my $dsn = 'dbi:mysql:'.$schema;
say "DB: $schema";
my $db = $self->connect_to_db($dsn, $self->credentials);
$self->process_querys_for_one_db($db, \@querys);
say '';
}
}
when (undef) {
view all matches for this distribution
view release on metacpan or search on metacpan
Change: b2b99d5b579e5491352fae0a42211a730aaa3675
Author: Zach Thompson <zach@duckduckgo.com>
Date : 2016-06-02 15:37:00 +0000
Remove all admin functionality requiring duck.co credentials:
* release * setup * poupload
Most of these were just wrappers around dzil.
view all matches for this distribution
view release on metacpan or search on metacpan
See [http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-DescribeInstances.html](http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-DescribeInstances.html) for all available
ways of filtering instances.
## SPLIT CONFIGURATION
Having a config file is fine, but what if you want to keep your credentials secret, and have
your EC2 sets of machine in a .ec2cssh.conf file per projects?
With ec2-cssh, this is possible by splitting the configuration in severl files.
For instance, you can have:
}
- $HOME/.ec2cssh.conf:
{
'ec2_config' => { .. Your credentials },
'ec2_sets' => { 'asetilike' => ... }
}
- /etc/ec2cssh.conf:
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
delete $try{tls};
$conn->proto('https');
warn "Attempting promotion to HTTPS, try setting 'proto: https' in ~/.es-utils.yaml";
}
elsif( $resp->code == 401 ) {
# Retry with credentials
last unless $try{auth};
delete $try{auth};
warn "Authorization required, try setting 'password-exec: /home/user/bin/get-password.sh` in ~/.es-utils.yaml'"
unless $DEF{PASSEXEC};
$req->authorization_basic( es_basic_auth($conn->host) );
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
=back
=head1 HTTP Basic Authentication
HTTP Basic Authorization is only supported when the C<proto> is set to B<https>
as not to leak credentials all over.
The username is selected by going through these mechanisms until one is found:
--http-username
'http-username' in /etc/es-utils.yml or ~/.es-utils.yml
view all matches for this distribution
view release on metacpan or search on metacpan
share/status/app/lib/angular/angular-resource.js view on Meta::CPAN
* caching.
* - **`timeout`** â `{number|Promise}` â timeout in milliseconds, or {@link ng.$q promise} that
* should abort the request when resolved.
* - **`withCredentials`** - `{boolean}` - whether to set the `withCredentials` flag on the
* XHR object. See {@link https://developer.mozilla.org/en/http_access_control#section_5
* requests with credentials} for more information.
* - **`responseType`** - `{string}` - see {@link
* https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#responseType requestType}.
* - **`interceptor`** - `{Object=}` - The interceptor object has two optional methods -
* `response` and `responseError`. Both `response` and `responseError` interceptors get called
* with `http response` object. See {@link ng.$http $http interceptors}.
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/Fetchware.pm view on Meta::CPAN
#CPAN API. And if it exists ask user if they wanna use that one instead of
#autogening one.
#
#Perhaps create a 'fetchwarefile' command to download and look at
#fetchwarefiles from CPAN, and then install them, and/or perhaps upload
#them pausing to ask for the user's PAUSE credentials!!!!!!!!!
extension_name(__PACKAGE__);
lib/App/Fetchware.pm view on Meta::CPAN
Discusses how FSF's gnu.org ftp download site was hacked.
3. http://arstechnica.com/security/2012/11/malicious-code-added-to-open-source-piwik-following-website-compromise/
Discusses how Piwiki's wordpress software was hacked, and downloads of
Piwiki had malicious code inserted into them.
4. http://www.theregister.co.uk/2011/03/21/php_server_hacked/
Discusses how php's wiki.php.org server was hacked yielding credentials to
php's source code repository.
Download mirrors *do* get hacked. Do not make the mistake, and think that it is
not possible. It is possible, and it does happen, so please properly configure
your Fetchwarefile to enable fetchware to verify that the downloaded software is
the same what the author uploaded.
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/Followme/UploadSite.pm view on Meta::CPAN
return (
verbose => 0,
max_errors => 5,
remote_url => '',
hash_file => 'upload.hash',
credentials => 'upload.cred',
state_directory => '_state',
data_pkg => 'App::Followme::UploadData',
upload_pkg => 'App::Followme::UploadFtp',
);
}
lib/App/Followme/UploadSite.pm view on Meta::CPAN
my ($self) = @_;
my $filename = catfile(
$self->{top_directory},
$self->{state_directory},
$self->{credentials}
);
my ($user, $pass);
if (-e $filename) {
($user, $pass) = $self->read_word($filename);
lib/App/Followme/UploadSite.pm view on Meta::CPAN
The following fields in the configuration file are used:
=over 4
=item credentials
The name of the file which holds the user name and password for the remote site
in obfuscated form. Te default name is 'upload.cred'.
=item hash_file
lib/App/Followme/UploadSite.pm view on Meta::CPAN
The url of the remote website, e.g. http://www.cloudhost.com.
=item state_directory
The name of the directory containing the credentials and hash file. This
directory name is relative to the top directory of the site. The default
name is '_state'.
=item upload_pkg
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/FonBot/Plugin/Email.pm view on Meta::CPAN
$log->debug("Processing email from $user");
eval { pwcheck $user, $password };
if ($@) {
$log->debug("Incorrect credentials in email subject from user $user. Exception: $@");
POE::Kernel->yield(send_message => $replyto, "Incorrect credentials");
return
}
$ok_user_addresses{"$user EMAIL $replyto"}=1;
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/GitGerrit.pm view on Meta::CPAN
}
}
}
# The credential_* routines below use the git-credential command to
# get and set credentials for git commands and also for Gerrit REST
# interactions.
sub url_userinfo {
my ($url) = @_;
if (my $userinfo = $url->userinfo) {
lib/App/GitGerrit.pm view on Meta::CPAN
return ($fh, $fh->filename);
}
my $git_credential_supported = 1;
sub get_credentials {
my $baseurl = URI->new(config('baseurl'));
my ($fh, $credfile) = credential_description_file($baseurl);
my %credentials;
debug "Get credentials from git-credential";
open my $pipe, '-|', "git credential fill <$credfile"
or error "Can't open pipe to git-credential: $!";
while (<$pipe>) {
chomp;
$credentials{$1} = $2 if /^([^=]+)=(.*)/;
}
unless (close $pipe) {
error "Can't close pipe to git-credential: $!" if $!;
# If we get here it is because the shell invoked by open
lib/App/GitGerrit.pm view on Meta::CPAN
# means that we're using a pre-1.8 Git, which doesn't
# support git-credential yet.
$git_credential_supported = 0;
}
my ($username, $password) = @credentials{qw/username password/};
unless (defined $username && defined $password) {
debug "Get credentials from git-gerrit.baseurl";
($username, $password) = url_userinfo(config('baseurl'));
}
unless (defined $username && defined $password) {
debug "Get credentials from a .netrc file";
if (eval {require Net::Netrc}) {
if (my $mach = Net::Netrc->lookup(URI->new(config('baseurl'))->host, $username)) {
($username, $password) = ($mach->login, $mach->password);
}
} else {
debug "Failed to require Net::Netrc";
}
}
unless (defined $username && defined $password) {
debug "Prompt the user for the credentials";
if (eval {require Term::Prompt}) {
$username = Term::Prompt::prompt('x', 'Gerrit username: ', '', $ENV{USER});
$password = Term::Prompt::prompt('p', 'Gerrit password: ', '');
print "\n";
} else {
lib/App/GitGerrit.pm view on Meta::CPAN
defined $password or error "Couldn't get credential's password";
return ($username, $password);
}
sub set_credentials {
my ($username, $password, $what) = @_;
return 1 unless $git_credential_supported;
$what =~ /^(?:approve|reject)$/
or error "set_credentials \$what argument ($what) must be either 'approve' or 'reject'";
my $baseurl = URI->new(config('baseurl'));
my ($fh, $credfile) = credential_description_file($baseurl, $password);
return system("git credential $what <$credfile") == 0;
lib/App/GitGerrit.pm view on Meta::CPAN
sub gerrit {
my $method = shift;
state $gerrit;
unless ($gerrit) {
my ($username, $password) = get_credentials;
require Gerrit::REST;
$gerrit = Gerrit::REST->new(config('baseurl'), $username, $password);
eval { $gerrit->GET("/projects/" . uri_escape_utf8(config('project'))) };
if (my $error = $@) {
set_credentials($username, $password, 'reject') if $error->{code} == 401;
die $error;
} else {
set_credentials($username, $password, 'approve');
}
}
if ($Options{debug}) {
my ($endpoint, @args) = @_;
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/GitHubPullRequest.pm view on Meta::CPAN
# Perform HTTP GET
sub _get_url {
my ($url, $return_on_error) = @_;
croak("Please specify a URL") unless $url;
# See if we should use credentials
my @credentials;
if ( _is_api_url($url) ) {
my $token = _qx('git', 'config github.pr-token');
@credentials = ( '-H', "Authorization: token $token" ) if $token;
}
# Send request
my ($content, $rc) = _run_ext(
'curl',
'-L', # follow redirects
'-s', # be silent
'-w', '%{http_code}', # include HTTP status code at end of stdout
@credentials, # Logon credentials, if any
$url, # The URL we're GETing
);
die("curl failed to fetch $url with code $rc.\n") if $rc != 0;
my $code = substr($content, -3, 3, '');
lib/App/GitHubPullRequest.pm view on Meta::CPAN
my ($url, $mimetype, $data) = @_;
croak("Please specify a URL") unless $url;
croak("Please specify a mimetype") unless $mimetype;
croak("Please specify some data") unless $data;
# See if we should use credentials
my @credentials;
if ( _is_api_url($url) ) {
my $token = _qx('git', 'config github.pr-token');
die("You must login before you can modify information.\n")
unless $token;
@credentials = ( '-H', "Authorization: token $token" );
}
# Send request
my ($content, $rc) = _run_ext(
'curl',
'-s', # be silent
'-w', '%{http_code}', # include HTTP status code at end of stdout
'-X', 'PATCH', # perform an HTTP PATCH
'-H', "Content-Type: $mimetype", # What kind of data we're sending
'-d', $data, # Our data
@credentials, # Logon credentials, if any
$url, # The URL we're PATCHing
);
die("curl failed to patch $url with code $rc.\n") if $rc != 0;
my $code = substr($content, -3, 3, '');
lib/App/GitHubPullRequest.pm view on Meta::CPAN
my ($url, $mimetype, $data, $user, $password, $two_factor_token) = @_;
croak("Please specify a URL") unless $url;
croak("Please specify a mimetype") unless $mimetype;
croak("Please specify some data") unless $data;
# See if we should use credentials
my @credentials;
if ( _is_api_url($url) ) {
my $token = _qx('git', 'config github.pr-token');
die("You must login before you can modify information.\n")
unless $token or ( $user and $password );
if ( $user and $password ) {
@credentials = ( '-u', "$user:$password" );
push @credentials, '-H', "X-GitHub-OTP: $two_factor_token"
if $two_factor_token;
}
else {
@credentials = ( '-H', "Authorization: token $token" ) if $token;
}
}
# Send request
my ($content, $rc) = _run_ext(
lib/App/GitHubPullRequest.pm view on Meta::CPAN
'-s', # be silent
'-w', '%{http_code}', # include HTTP status code at end of stdout
'-X', 'POST', # perform an HTTP POST
'-H', "Content-Type: $mimetype", # What kind of data we're sending
'-d', $data, # Our data
@credentials, # Logon credentials, if any
$url, # The URL we're POSTing to
);
die("curl failed to post to $url with code $rc.\n") if $rc != 0;
my $code = substr($content, -3, 3, '');
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/Glacier.pm view on Meta::CPAN
Configures access to the Glacier service. The following keywords are defined:
=over 8
=item B<credentials => I<FILE>
Sets the name of the credentials file. See below for a detailed discussion.
=item B<access => I<KEYNAME>
Defines Amazon access key or access ID for look up in the credentials file.
=item B<secret => I<SECRET>
Sets the secret key. The use of this statement is discouraged for
security reason.
lib/App/Glacier.pm view on Meta::CPAN
AWS instance).
=back
If either of B<access> or B<secret> is not supplied, B<glacier> attemtps to
obtain access and secret keys from the file named in the B<credentials>
setting (if it is defined). If unable to find credentials, B<glacier> attempts
to get credentials from the instance store, assuming it is run on an EC2
instance. It will exit if this attempt fails.
The credentials file allows you to store all security sensitive data in a
single place and to tighten permissions accordingly. In the simplest case,
this file contains a single line with your access and secret keys separated
by a semicolon, e.g.:
AEBRGYTEBRET:RTFERYABNERTYR4HDDHEYRTWW
Additionally, the default region can be specified after a second semicolon:
AEBRGYTEBRET:RTFERYABNERTYR4HDDHEYRTWW:us-west-1
If you have several accounts, you can list their credentials on separate lines.
In that case, B<glacier> will select the account with the access key supplied
by the B<access> configuration statement, or the B<--account> command line
option. If neither of these are supplied, the first account in the file will
be used.
To further facilitate selection of the credential pair, each line can be tagged
with the line B<#:I<NAME>> immediately preceding it. In that case, the I<NAME>
can be used to select it using the B<--account> option or B<access> configuration statement.
Apart from these constructs, the credentials file can contain empty lines and
comments (lines beginning with B<#> followed by any character, except B<:> ),
which are ignored.
=item B<[transfer]>
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/HTTP_Proxy_IMP/IMP/CSRFprotect.pm view on Meta::CPAN
my @del;
push @del,$1 while ( $hdr =~s{^(Cookie|Cookie2):[ \t]*(.*(?:\n[ \t].*)*)\n}{}im );
if (@del) {
$self->run_callback([
IMP_LOG,0,0,0,IMP_LOG_INFO,
"removed cross-origin session credentials (@del) for request @origin -> @target"
]);
# return changed header
return $hdr;
}
lib/App/HTTP_Proxy_IMP/IMP/CSRFprotect.pm view on Meta::CPAN
App::HTTP_Proxy_IMP::IMP::CSRFprotect - IMP plugin against CSRF attacks
=head1 DESCRIPTION
This plugin attempts to block malicious cross-site requests (CSRF), by removing
session credentials (Cookie, Cookie2 and Authorization header) from the request,
if the origin of the request is not known or not trusted.
The origin is determined by checking the Origin or the Referer HTTP-header of
the request.
An origin O is considered trusted to issue a cross-site request to target T, if
view all matches for this distribution
view release on metacpan or search on metacpan
lib/App/LXC/Container/Run.pm view on Meta::CPAN
debug(3, 'starting LXC application container ', $self->{name});
my $rc = system(
'lxc-execute', '--rcfile', $self->{rc},
'--name', $self->{name}, '--', '/lxc-run.sh');
my $err = $!;
# remove all .Xauthority files in container (the credentials may
# change before the next run):
local $_;
foreach (glob($self->{root} . '/.xauth-*/.Xauthority'))
{
unlink $_ or error 'can_t_remove__1__2', $_, $!;
view all matches for this distribution