credentials results from the CPAN

Apache2-Authen-OdinAuth

view release on metacpan or search on metacpan

lib/Apache2/Authen/OdinAuth.pm view on Meta::CPAN

          $log .= "(invalid cookie: $cookie_is_invalid)";
      } else {
          $cookie_is_invalid = undef;
          $cookie_user = $user;
          $cookie_roles = $roles;

          $r->headers_in->set('OdinAuth-User', $cookie_user);
          $r->headers_in->set('OdinAuth-Roles', $cookie_roles);

          $ENV{OdinAuth_User} = $cookie_user;
          $ENV{OdinAuth_Roles} = $cookie_roles;

          $r->notes->add("OdinAuth_User" => $cookie_user);
          $r->notes->add("OdinAuth_Roles" => $cookie_roles);

          $log .= " (valid cookie: $cookie_user $cookie_roles)";
      }
  } else {
      $log .= " (no cookie)";
  }

  $r->log->debug($log);

  if ( $cookie_is_invalid ) {
      $r->log->warn("Invalid cookie for $cookie_user($cookie_roles): $cookie_is_invalid");
  }

  #########################################################
  #
  # 3) exit now if we got an 'all'
  #

  if (ref $allow ne 'ARRAY') {
    if ($allow eq 'all') {
      return Apache2::Const::OK;
    }
  }


  #########################################################
  #
  # 4) if we don't have a valid cookie, redirect to the auther
  #

  if (!$cookie) {
    return &redir($r, config->{need_auth_url});
  }

  if ($cookie_is_invalid) {
    return &redir($r, config->{invalid_cookie_url}, $cookie_is_invalid);
  }


  #########################################################
  #
  # 5) set user; exit now for authed
  #

  $r->user($cookie_user);
  $r->subprocess_env('REMOTE_USER' => $cookie_user);
  $r->set_basic_credentials($cookie_user, '*****');

  if (ref $allow ne 'ARRAY') {
    if ($allow eq 'authed') {
      return Apache2::Const::OK;
    }
  }


  #########################################################
  #
  # 5) now we need to match usernames and/or roles
  #

  # get arrayref of allowed roles
  unless (ref $allow eq 'ARRAY'){
    $allow = [$allow];
  }

  # get arrayref of our roles
  my $matches = [$cookie_user];
  for my $role (split /,/, $cookie_roles) {
    if ($role ne '_') {
      push @{$matches}, 'role:'.$role;
    }
  }


  for my $a (@{$allow}) {
    for my $b (@{$matches}) {

      if ($a eq $b) {
        return Apache2::Const::OK;
      }
    }
  }


  #
  # send the user to the not-on-list page
  #

  return &redir($r, config->{not_on_list_url});
}

=head2 redir(request, target, reason)

Redirect to Authorizer App

=cut
sub redir {
  my ($r, $target, $reason) = @_;
  my $ref = &urlencode($r->construct_url($r->unparsed_uri));
  $target .= ($target =~ /\?/) ? "&ref=$ref" : "?ref=$ref";
  $target .= '&reason='.urlencode($reason) if $reason;

  $r->headers_out->set('Location', $target);
  return Apache2::Const::REDIRECT;
}

=head2 parse_cookie_jar(jar)

view all matches for this distribution
view release on metacpan - search on metacpan

( run in 0.544 second using v1.00-cache-2.02-grep-82fe00e-cpan-2c419f77a38b )