Projekt

Allgemein

Profil

Herunterladen (3,75 KB) Statistiken
| Zweig: | Markierung: | Revision:

kivitendo/SL/Dispatcher/AuthHandler/Base.pm @ 5a00c5be

package SL::Dispatcher::AuthHandler::Base;

use strict;
use parent qw(Rose::Object);

use Encode ();
use MIME::Base64 ();

use SL::Layout::Dispatcher;

sub _env_var_for_header {
my ($header) = @_;

$header =~ s{-}{_}g;
return $ENV{'HTTP_' . uc($header)};
}

sub _parse_http_basic_auth {
my ($self) = @_;

my $cfg = $::lx_office_conf{'authentication/http_basic'};

return unless $cfg && $cfg->{enabled};

# See RFC 7617.

# Requires that the server passes the 'Authorization' header as the
# environment variable 'HTTP_AUTHORIZATION'. Example code for
# Apache:

# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

my $data = _env_var_for_header('Authorization');

return unless ($data // '') =~ m{^basic +(.+)}i;

$data = Encode::decode('utf-8', MIME::Base64::decode($1));

return unless $data =~ m{(.+?):(.+)};

return ($1, $2);
}

sub _parse_http_headers_auth {
my ($self) = @_;

my $cfg = $::lx_office_conf{'authentication/http_headers'};

return unless $cfg && ($::lx_office_conf{'authentication'}->{module} =~ m{HTTPHeaders});

foreach (qw(secret_header secret user_header client_id_header)) {
next if $cfg->{$_};
die 'config/kivitendo.conf: Missing parameter in "authentication/http_headers": ' . $_;
}

my $secret = _env_var_for_header($cfg->{secret_header}) // '';
if ($secret ne $cfg->{secret}) {
$::lxdebug->message(LXDebug->DEBUG2(), "_parse_http_headers_auth: bad secret sent by upstream server: $secret");
return;
}

my $client_id = _env_var_for_header($cfg->{client_id_header});
if (!$client_id) {
$::lxdebug->message(LXDebug->DEBUG2(), "_parse_http_headers_auth: no client ID header found");
return;
}

# $::auth->set_client();

my $user = _env_var_for_header($cfg->{user_header});
if (!$user) {
$::lxdebug->message(LXDebug->DEBUG2(), "_parse_http_headers_auth: no user name header found");
return;
}

$::lxdebug->message(LXDebug->DEBUG2(), "_parse_http_headers_auth: OK client $client_id user $user");

return ($client_id, $user);
}

1;
__END__

=pod

=encoding utf8

=head1 NAME

SL::Dispatcher::AuthHandler::Base - Base class for different modules
handling user authentication

=head1 OVERVIEW

This module acts as a base class for the modules in the
C<SL::Dispatcher::AuthHandler> namespace. It contains a couple of
shared helper functions.

=head1 FUNCTIONS

=over 4

=item C<_env_var_for_header $header_name>

Static method returning the name of an environment variable that holds
the value of the HTTP request header named C<$header_name> according
to the CGI specifications.

=item C<_parse_http_headers_auth>

When HTTP headers authentication is enabled in the configuration file,
this function parses the content of the configured HTTP request
headers. First, it ensures that the configuration is complete; if not,
an exception is thrown.

Next, it ensures that the shared secret was sent and equals the
expected value.

Lastly it fetches the name of the logged in user & the client ID sent
by the upstream servers & returns both as a two-element list.

This function returns an empty list if either the authentication
module is not C<HTTPHeaders> or if the configuration option
C<authentication/http_headers.enabled> is not true.

=item C<_parse_http_basic_auth>

When HTTP Basic Authentication is enabled in the configuration file,
this function parses the content of the C<Authorization> HTTP request
header via the corresponding environment variable according to the CGI
spec. It extracts the user name & password from the header & returns
both as a two-element list.

This function returns an empty list if either the authentication
module is not C<HTTPHeaders> or if the configuration option
C<authentication/http_basic.enabled> is not true.

=back

=head1 AUTHOR

Moritz Bunkus E<lt>m.bunkus@linet.deE<gt>

=cut
(2-2/4)