Revision 7c5c23fb
Von Moritz Bunkus vor 7 Tagen hinzugefügt
SL/Dispatcher/AuthHandler/User.pm | ||
---|---|---|
1 | 1 |
package SL::Dispatcher::AuthHandler::User; |
2 | 2 |
|
3 | 3 |
use strict; |
4 |
use parent qw(Rose::Object); |
|
5 |
|
|
6 |
use Encode (); |
|
7 |
use MIME::Base64 (); |
|
4 |
use parent qw(SL::Dispatcher::AuthHandler::Base); |
|
8 | 5 |
|
9 | 6 |
use SL::Helper::UserPreferences::DisplayPreferences; |
10 | 7 |
use SL::Layout::Dispatcher; |
... | ... | |
12 | 9 |
sub handle { |
13 | 10 |
my ($self, %param) = @_; |
14 | 11 |
|
15 |
my ($http_auth_login, $http_auth_password) = $self->_parse_http_basic_auth; |
|
12 |
my ($http_auth_login, $http_auth_password) = $self->_parse_http_basic_auth; |
|
13 |
my ($http_headers_client, $http_headers_login) = $self->_parse_http_headers_auth; |
|
16 | 14 |
|
17 |
my $login = $::form->{'{AUTH}login'} // $http_auth_login // $::auth->get_session_value('login'); |
|
15 |
my $login = $::form->{'{AUTH}login'} // $http_auth_login // $http_headers_login // $::auth->get_session_value('login');
|
|
18 | 16 |
|
19 | 17 |
return $self->_error(%param) if !defined $login; |
20 | 18 |
|
21 |
my $client_id = $::form->{'{AUTH}client_id'} // $::auth->get_session_value('client_id') // $::auth->get_default_client_id; |
|
19 |
my $client_id = $::form->{'{AUTH}client_id'} // $http_headers_client // $::auth->get_session_value('client_id') // $::auth->get_default_client_id;
|
|
22 | 20 |
|
23 | 21 |
return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id); |
24 | 22 |
|
... | ... | |
37 | 35 |
: SL::Layout::Dispatcher->new(style => $::myconfig{menustyle}); |
38 | 36 |
|
39 | 37 |
my $ok = $::auth->is_api_token_cookie_valid; |
38 |
$ok ||= $http_headers_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, \'dummy!')); |
|
40 | 39 |
$ok ||= $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'})); |
41 | 40 |
$ok ||= !$::form->{'{AUTH}login'} && $http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $http_auth_password)); |
42 | 41 |
$ok ||= !$::form->{'{AUTH}login'} && !$http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef)); |
... | ... | |
59 | 58 |
return 0; |
60 | 59 |
} |
61 | 60 |
|
62 |
sub _parse_http_basic_auth { |
|
63 |
my ($self) = @_; |
|
64 |
|
|
65 |
# See RFC 7617. |
|
66 |
|
|
67 |
# Requires that the server passes the 'Authorization' header as the |
|
68 |
# environment variable 'HTTP_AUTHORIZATION'. Example code for |
|
69 |
# Apache: |
|
70 |
|
|
71 |
# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 |
|
72 |
|
|
73 |
my $data = $ENV{HTTP_AUTHORIZATION}; |
|
74 |
|
|
75 |
return unless ($data // '') =~ m{^basic +(.+)}i; |
|
76 |
|
|
77 |
$data = Encode::decode('utf-8', MIME::Base64::decode($1)); |
|
78 |
|
|
79 |
return unless $data =~ m{(.+?):(.+)}; |
|
80 |
|
|
81 |
return ($1, $2); |
|
82 |
} |
|
83 |
|
|
84 | 61 |
1; |
Auch abrufbar als: Unified diff
[LINET] Auth: automatisches SSO mittels gewisser HTTP-Header