Apache-AuthCookie
7 results

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN 


Version: 3.07
 *** mod_perl2 users: THIS RELEASE IS INCOMPATIBLE WITH PAST RELEASES    ***
 *** If you are running mod_perl2, you must update to at least           ***
 *** mod_perl 2.0.0 RC5.  The mod_perl2 version of AuthCookie has been   ***
 *** renamed to Apache2::AuthCookie                                      ***
  ** MP2: RENAME AuthCookie.pm.mp2 to Apache2::AuthCookie.
   - MP2: Update module, and tests for mod_perl 2.0.0 RC5.  mod_perl2 users
     MUST use Apache2::AuthCookie now.
   - Require Apache::Test 1.22
   - Add support for ${auth_name}SessionTimeout configuration paramter
     which will re-issue the ticket with the expires parameter set to the
     value of this configuration setting for each request.  This is useful for
     idle-timeout.
   - POD fixes.
   - MP2: fix uninitialized warnings if no POST/GET data (RT 11371)
   - make sure recognize_user() returns an Apache constant in all cases.
     Returns DECLINED in cases where we were returning undef before.
     (Thanks Vivek)
   - Add support for MS HttpOnly cookie property.

lib/Apache/AuthCookie.pm  view on Meta::CPAN 

    my $cookie_name = $self->cookie_name($r);

    my ($cookie) = $r->header_in('Cookie') =~ /$cookie_name=([^;]+)/;
    $r->log_error("cookie $cookie_name is $cookie") if $debug >= 2;
    return DECLINED unless $cookie;

    my ($user, @args) = $auth_type->authen_ses_key($r, $cookie);
    if (!is_blank($user) and scalar @args == 0) {
        $r->log_error("user is $user") if $debug >= 2;

        # if SessionTimeout is on, send new cookie with new Expires.
        if (my $expires = $r->dir_config("${auth_name}SessionTimeout")) {
            $self->send_cookie($cookie, { expires => $expires });
        }

        $r->connection->user( $self->_encode($r, $user) );
    }
    elsif (scalar @args > 0 and $auth_type->can('custom_errors')) {
        return $auth_type->custom_errors($r, $user, @args);
    }

    return is_blank($user) ? DECLINED : OK;

lib/Apache2/AuthCookie.pm  view on Meta::CPAN 

 # scope of your cookie.  Default is the current domain.
 PerlSetVar WhatEverDomain .yourdomain.com

 # Use this to only send over a secure connection
 PerlSetVar WhatEverSecure 1

 # Use this if you want user session cookies to expire if the user
 # doesn't request a auth-required or recognize_user page for some
 # time period.  If set, a new cookie (with updated expire time)
 # is set on every request.
 PerlSetVar WhatEverSessionTimeout +30m

 # to enable the HttpOnly cookie property, use HttpOnly.
 # This is an MS extension.  See:
 # http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp
 PerlSetVar WhatEverHttpOnly 1

 # to enable the SameSite cookie property, set SameSite to "lax" or "strict".
 # See: https://www.owasp.org/index.php/SameSite
 PerlSetVar WhatEverSameSite strict

lib/Apache2/AuthCookie/Base.pm  view on Meta::CPAN 

        if (!is_blank($auth_user) and scalar @args == 0) {
            # We have a valid session key, so we return with an OK value.
            # Tell the rest of Apache what the authentication method and
            # user is.

            $r->ap_auth_type($auth_type);
            $r->user( $auth_type->_encode($r, $auth_user) );
            $r->server->log_error("user authenticated as $auth_user")
                if $debug >= 1;

            # send new cookie if SessionTimeout is on
            if (my $expires = $r->dir_config("${auth_name}SessionTimeout")) {
                $auth_type->send_cookie($r, $ses_key_cookie,
                                        {expires => $expires});
            }

            return OK;
        }
        elsif (scalar @args > 0 and $auth_type->can('custom_errors')) {
            return $auth_type->custom_errors($r, $auth_user, @args);
        }
        else {

t/conf/extra.conf.in  view on Meta::CPAN 

  </IfDefine>
  <IfDefine APACHE2_4>
    # apache 2.4
    <RequireAll>
      Require myuser dopey programmer
    </RequireAll>
  </IfDefine>
</Location>

<Location /docs/stimeout>
  PerlSetVar WhatEverSessionTimeout +10m
  AuthName WhatEver

  <IfDefine APACHE1>
    AuthType Sample::Apache::AuthCookieHandler
    PerlAuthenHandler Sample::Apache::AuthCookieHandler->authenticate
    PerlAuthzHandler Sample::Apache::AuthCookieHandler->authorize
  </IfDefine>
  <IfDefine APACHE2>
    <IfDefine !APACHE2_4>
      AuthType Sample::Apache2::AuthCookieHandler

t/real.t  view on Meta::CPAN 

    is($r->header('Location'), '/docs/protected/get_me.html',
       'SameSite location header');

    is($r->header('Set-Cookie'),
       'Sample::AuthCookieHandler_WhatEver=programmer:Heroo; path=/; SameSite=strict',
       'cookie contains SameSite attribute');

    is($r->code, 302, 'check redirect response code');
};

# test SessionTimeout
subtest 'session timeout' => sub {
    plan tests => 1;

    my $r = GET(
        '/docs/stimeout/get_me.html',
        Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero'
    );

    like($r->header('Set-Cookie'),
         qr/^Sample::AuthCookieHandler_WhatEver=.*expires=.+/,

 view all matches for this distribution
 view release on metacpan -  search on metacpan

( run in 1.766 second using v1.00-cache-2.02-grep-82fe00e-cpan-d29e8ade9f55 )