Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 7c5c23fb

Von Moritz Bunkus vor 7 Tagen hinzugefügt

  • ID 7c5c23fbf6f55a5b428f7d58bddc08938881a31f
  • Vorgänger 222efaf4
  • Nachfolger 82648acc

[LINET] Auth: automatisches SSO mittels gewisser HTTP-Header

Unterschiede anzeigen:

SL/Dispatcher/AuthHandler/User.pm
1 1
package SL::Dispatcher::AuthHandler::User;
2 2

  
3 3
use strict;
4
use parent qw(Rose::Object);
5

  
6
use Encode ();
7
use MIME::Base64 ();
4
use parent qw(SL::Dispatcher::AuthHandler::Base);
8 5

  
9 6
use SL::Helper::UserPreferences::DisplayPreferences;
10 7
use SL::Layout::Dispatcher;
......
12 9
sub handle {
13 10
  my ($self, %param) = @_;
14 11

  
15
  my ($http_auth_login, $http_auth_password) = $self->_parse_http_basic_auth;
12
  my ($http_auth_login,     $http_auth_password) = $self->_parse_http_basic_auth;
13
  my ($http_headers_client, $http_headers_login) = $self->_parse_http_headers_auth;
16 14

  
17
  my $login = $::form->{'{AUTH}login'} // $http_auth_login // $::auth->get_session_value('login');
15
  my $login = $::form->{'{AUTH}login'} // $http_auth_login // $http_headers_login // $::auth->get_session_value('login');
18 16

  
19 17
  return $self->_error(%param) if !defined $login;
20 18

  
21
  my $client_id = $::form->{'{AUTH}client_id'} // $::auth->get_session_value('client_id') // $::auth->get_default_client_id;
19
  my $client_id = $::form->{'{AUTH}client_id'} // $http_headers_client // $::auth->get_session_value('client_id') // $::auth->get_default_client_id;
22 20

  
23 21
  return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id);
24 22

  
......
37 35
    : SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});
38 36

  
39 37
  my $ok   =  $::auth->is_api_token_cookie_valid;
38
  $ok    ||=                            $http_headers_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, \'dummy!'));
40 39
  $ok    ||=  $::form->{'{AUTH}login'}                      && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
41 40
  $ok    ||= !$::form->{'{AUTH}login'} &&  $http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $http_auth_password));
42 41
  $ok    ||= !$::form->{'{AUTH}login'} && !$http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
......
59 58
  return 0;
60 59
}
61 60

  
62
sub _parse_http_basic_auth {
63
  my ($self) = @_;
64

  
65
  # See RFC 7617.
66

  
67
  # Requires that the server passes the 'Authorization' header as the
68
  # environment variable 'HTTP_AUTHORIZATION'. Example code for
69
  # Apache:
70

  
71
  # SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
72

  
73
  my $data = $ENV{HTTP_AUTHORIZATION};
74

  
75
  return unless ($data // '') =~ m{^basic +(.+)}i;
76

  
77
  $data = Encode::decode('utf-8', MIME::Base64::decode($1));
78

  
79
  return unless $data =~ m{(.+?):(.+)};
80

  
81
  return ($1, $2);
82
}
83

  
84 61
1;

Auch abrufbar als: Unified diff