Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 4543999a

Von Moritz Bunkus vor etwa 5 Jahren hinzugefügt

  • ID 4543999aeca36e07555a0fa508cf9d0580e34c70
  • Vorgänger 0c227fb2
  • Nachfolger ffda56c8

Authentifizierung: Unterstützung für HTTP Basic Authentication RFC 7617

Unterschiede anzeigen:

SL/Auth.pm
94 94 
  return $self->client;
95 95 
}
96 96 

  		




  
  97
  
    
sub get_default_client_id {


  		




  
  98
  
    
  my ($self) = @_;


  		




  
  99
  
    

  		




  
  100
  
    
  my $dbh    = $self->dbconnect;


  		




  
  101
  
    

  		




  
  102
  
    
  return unless $dbh;


  		




  
  103
  
    

  		




  
  104
  
    
  my $row = $dbh->selectrow_hashref(qq|SELECT id FROM auth.clients WHERE is_default = TRUE LIMIT 1|);


  		




  
  105
  
    

  		




  
  106
  
    
  return $row->{id} if $row;


  		




  
  107
  
    
}


  		




  
  108
  
    

  		




  97
  109
  
    
sub DESTROY {


  		




  98
  110
  
    
  my $self = shift;


  		




  99
  111
  
    

  		












  

    
      SL/Dispatcher/AuthHandler/User.pm
    
  





  3
  3
  
    
use strict;


  		




  4
  4
  
    
use parent qw(Rose::Object);


  		




  5
  5
  
    

  		




  
  6
  
    
use Encode ();


  		




  
  7
  
    
use MIME::Base64 ();


  		




  
  8
  
    

  		




  6
  9
  
    
use SL::Layout::Dispatcher;


  		




  7
  10
  
    

  		




  8
  11
  
    
sub handle {


  		




  9
  12
  
    
  my ($self, %param) = @_;


  		




  10
  13
  
    

  		




  11
  
  
    
  my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login');


  		




  
  14
  
    
  my ($http_auth_login, $http_auth_password) = $self->_parse_http_basic_auth;


  		




  
  15
  
    

  		




  
  16
  
    
  my $login = $::form->{'{AUTH}login'} // $http_auth_login // $::auth->get_session_value('login');


  		




  
  17
  
    

  		




  12
  18
  
    
  return $self->_error(%param) if !defined $login;


  		




  13
  19
  
    

  		




  14
  
  
    
  my $client_id = $::form->{'{AUTH}client_id'} || $::auth->get_session_value('client_id');


  		




  
  20
  
    
  my $client_id = $::form->{'{AUTH}client_id'} // $::auth->get_session_value('client_id') // $::auth->get_default_client_id;


  		




  
  21
  
    

  		




  15
  22
  
    
  return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id);


  		




  16
  23
  
    

  		




  17
  24
  
    
  %::myconfig = User->get_default_myconfig($::auth->read_user(login => $login));


  		




  ......




  22
  29
  
    
  $::request->{layout} = SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});


  		




  23
  30
  
    

  		




  24
  31
  
    
  my $ok   =  $::auth->is_api_token_cookie_valid;


  		




  25
  
  
    
  $ok    ||=  $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));


  		




  26
  
  
    
  $ok    ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));


  		




  
  32
  
    
  $ok    ||=  $::form->{'{AUTH}login'}                      && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));


  		




  
  33
  
    
  $ok    ||= !$::form->{'{AUTH}login'} &&  $http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $http_auth_password));


  		




  
  34
  
    
  $ok    ||= !$::form->{'{AUTH}login'} && !$http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));


  		




  27
  35
  
    

  		




  28
  36
  
    
  return $self->_error(%param) if !$ok;


  		




  29
  37
  
    

  		




  ......




  44
  52
  
    
  return 0;


  		




  45
  53
  
    
}


  		




  46
  54
  
    

  		




  
  55
  
    
sub _parse_http_basic_auth {


  		




  
  56
  
    
  my ($self) = @_;


  		




  
  57
  
    

  		




  
  58
  
    
  # See RFC 7617.


  		




  
  59
  
    

  		




  
  60
  
    
  # Requires that the server passes the 'Authorization' header as the


  		




  
  61
  
    
  # environment variable 'HTTP_AUTHORIZATION'. Example code for


  		




  
  62
  
    
  # Apache:


  		




  
  63
  
    

  		




  
  64
  
    
  # SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1


  		




  
  65
  
    

  		




  
  66
  
    
  my $data = $ENV{HTTP_AUTHORIZATION};


  		




  
  67
  
    

  		




  
  68
  
    
  return unless ($data // '') =~ m{^basic +(.+)}i;


  		




  
  69
  
    

  		




  
  70
  
    
  $data = Encode::decode('utf-8', MIME::Base64::decode($1));


  		




  
  71
  
    

  		




  
  72
  
    
  return unless $data =~ m{(.+?):(.+)};


  		




  
  73
  
    

  		




  
  74
  
    
  return ($1, $2);


  		




  
  75
  
    
}


  		




  
  76
  
    

  		




  47
  77
  
    
1;


  		












Auch abrufbar als:  Unified diff