Apache2-Authen-OdinAuth
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
lib/Apache2/Authen/OdinAuth.pm view on Meta::CPAN
$log .= "(invalid cookie: $cookie_is_invalid)";
} else {
$cookie_is_invalid = undef;
$cookie_user = $user;
$cookie_roles = $roles;
$r->headers_in->set('OdinAuth-User', $cookie_user);
$r->headers_in->set('OdinAuth-Roles', $cookie_roles);
$ENV{OdinAuth_User} = $cookie_user;
$ENV{OdinAuth_Roles} = $cookie_roles;
$r->notes->add("OdinAuth_User" => $cookie_user);
$r->notes->add("OdinAuth_Roles" => $cookie_roles);
$log .= " (valid cookie: $cookie_user $cookie_roles)";
}
} else {
$log .= " (no cookie)";
}
$r->log->debug($log);
if ( $cookie_is_invalid ) {
$r->log->warn("Invalid cookie for $cookie_user($cookie_roles): $cookie_is_invalid");
}
#########################################################
#
# 3) exit now if we got an 'all'
#
if (ref $allow ne 'ARRAY') {
if ($allow eq 'all') {
return Apache2::Const::OK;
}
}
#########################################################
#
# 4) if we don't have a valid cookie, redirect to the auther
#
if (!$cookie) {
return &redir($r, config->{need_auth_url});
}
if ($cookie_is_invalid) {
return &redir($r, config->{invalid_cookie_url}, $cookie_is_invalid);
}
#########################################################
#
# 5) set user; exit now for authed
#
$r->user($cookie_user);
$r->subprocess_env('REMOTE_USER' => $cookie_user);
$r->set_basic_credentials($cookie_user, '*****');
if (ref $allow ne 'ARRAY') {
if ($allow eq 'authed') {
return Apache2::Const::OK;
}
}
#########################################################
#
# 5) now we need to match usernames and/or roles
#
# get arrayref of allowed roles
unless (ref $allow eq 'ARRAY'){
$allow = [$allow];
}
# get arrayref of our roles
my $matches = [$cookie_user];
for my $role (split /,/, $cookie_roles) {
if ($role ne '_') {
push @{$matches}, 'role:'.$role;
}
}
for my $a (@{$allow}) {
for my $b (@{$matches}) {
if ($a eq $b) {
return Apache2::Const::OK;
}
}
}
#
# send the user to the not-on-list page
#
return &redir($r, config->{not_on_list_url});
}
=head2 redir(request, target, reason)
Redirect to Authorizer App
=cut
sub redir {
my ($r, $target, $reason) = @_;
my $ref = &urlencode($r->construct_url($r->unparsed_uri));
$target .= ($target =~ /\?/) ? "&ref=$ref" : "?ref=$ref";
$target .= '&reason='.urlencode($reason) if $reason;
$r->headers_out->set('Location', $target);
return Apache2::Const::REDIRECT;
}
=head2 parse_cookie_jar(jar)
view all matches for this distributionview release on metacpan - search on metacpan
( run in 0.544 second using v1.00-cache-2.02-grep-82fe00e-cpan-2c419f77a38b )