Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision f7417f07

Von Moritz Bunkus vor 3 Monaten hinzugefügt

  • ID f7417f07b04d434bf283b919a5c8ed3128f64df9
  • Vorgänger 7800cf05
  • Nachfolger ded6b9c8

Auth: automatisches SSO mittels gewisser HTTP-Header

Unterschiede anzeigen:

SL/Dispatcher/AuthHandler/User.pm
package SL::Dispatcher::AuthHandler::User;
use strict;
use parent qw(Rose::Object);
use Encode ();
use MIME::Base64 ();
use parent qw(SL::Dispatcher::AuthHandler::Base);
use SL::Helper::UserPreferences::DisplayPreferences;
use SL::Layout::Dispatcher;
......
sub handle {
my ($self, %param) = @_;
my ($http_auth_login, $http_auth_password) = $self->_parse_http_basic_auth;
my ($http_auth_login, $http_auth_password) = $self->_parse_http_basic_auth;
my ($http_headers_client, $http_headers_login) = $self->_parse_http_headers_auth;
my $login = $::form->{'{AUTH}login'} // $http_auth_login // $::auth->get_session_value('login');
my $login = $::form->{'{AUTH}login'} // $http_auth_login // $http_headers_login // $::auth->get_session_value('login');
return $self->_error(%param) if !defined $login;
my $client_id = $::form->{'{AUTH}client_id'} // $::auth->get_session_value('client_id') // $::auth->get_default_client_id;
my $client_id = $::form->{'{AUTH}client_id'} // $http_headers_client // $::auth->get_session_value('client_id') // $::auth->get_default_client_id;
return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id);
......
: SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});
my $ok = $::auth->is_api_token_cookie_valid;
$ok ||= $http_headers_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, \'dummy!'));
$ok ||= $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
$ok ||= !$::form->{'{AUTH}login'} && $http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $http_auth_password));
$ok ||= !$::form->{'{AUTH}login'} && !$http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
......
return 0;
}
sub _parse_http_basic_auth {
my ($self) = @_;
# See RFC 7617.
# Requires that the server passes the 'Authorization' header as the
# environment variable 'HTTP_AUTHORIZATION'. Example code for
# Apache:
# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
my $data = $ENV{HTTP_AUTHORIZATION};
return unless ($data // '') =~ m{^basic +(.+)}i;
$data = Encode::decode('utf-8', MIME::Base64::decode($1));
return unless $data =~ m{(.+?):(.+)};
return ($1, $2);
}
1;

Auch abrufbar als: Unified diff