You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Matt Sergeant <ma...@sergeant.org> on 2000/02/15 10:18:02 UTC

Re: $r->get_basic_auth_pw

On Tue, 15 Feb 2000, Louis-David Mitterrand wrote:
> Although I see that the browser is returning a:
> 
> 'Authorization' => 'Basic dnZ2dnY6bW1tbW1tbW1t',
> 
> header, the $r->get_basic_auth_pw and $r->connection->user methods
> return nothing when used inside a content handler like Mason. Is this
> normal? Does it only return something from an auth handler?

Seems that way - irritating, isn't it?

I ended up doing this:

my ($auth) = $r->header_in('Authorization');
if (!$auth) {
	# No login attempt
	die My::Exception->Basic_Auth;
}
if ($auth =~ /Basic\s+(\S*)/) {
	$auth = decode_base64($1);
	my ($user, $pass) = split ':', $auth, 2;
	my $userid;
	if (!($userid = check_user($user, $pass) ) ) {
		# password incorrect, display passwd dialog again
		die My::Exception->Basic_Auth;
	}
	# password checks out!
	$User = User->new($userid);
}
else {
	die "Invalid Authorization request!\n";
}

(where My::Exception->Basic_Auth is caught many layers up and sends a 401).

-- 
<Matt/>

Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.

RE: $r->get_basic_auth_pw

Posted by Matt Sergeant <ma...@sergeant.org>.

On Tue, 15 Feb 2000, Gerald Richter wrote:
> > > On Tue, 15 Feb 2000, Louis-David Mitterrand wrote:
> > > > Although I see that the browser is returning a:
> > > >
> > > > 'Authorization' => 'Basic dnZ2dnY6bW1tbW1tbW1t',
> > > >
> > > > header, the $r->get_basic_auth_pw and $r->connection->user methods
> > > > return nothing when used inside a content handler like Mason. Is this
> > > > normal? Does it only return something from an auth handler?
> > >
> 
> AuthType must be set to Basic in your httpd.conf, otherwise you won't see
> anything from get_basic_auth_pw and have to do it like Matt wrote.

It should be added that most of the Auth stuff segfaults if you don't have
AuthType set.

-- 
<Matt/>

Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.

RE: $r->get_basic_auth_pw

Posted by Gerald Richter <ri...@ecos.de>.

> > On Tue, 15 Feb 2000, Louis-David Mitterrand wrote:
> > > Although I see that the browser is returning a:
> > >
> > > 'Authorization' => 'Basic dnZ2dnY6bW1tbW1tbW1t',
> > >
> > > header, the $r->get_basic_auth_pw and $r->connection->user methods
> > > return nothing when used inside a content handler like Mason. Is this
> > > normal? Does it only return something from an auth handler?
> >

AuthType must be set to Basic in your httpd.conf, otherwise you won't see
anything from get_basic_auth_pw and have to do it like Matt wrote.

Gerald


> > Seems that way - irritating, isn't it?
> >
> > I ended up doing this:
> >
> > my ($auth) = $r->header_in('Authorization');
> > if (!$auth) {
> > 	# No login attempt
> > 	die My::Exception->Basic_Auth;
> > }
> > if ($auth =~ /Basic\s+(\S*)/) {
> > 	$auth = decode_base64($1);
>
> Almost forgot: decode_base64 is from MIME::Base64.
>
> --
> <Matt/>
>
> Details: FastNet Software Ltd - XML, Perl, Databases.
> Tagline: High Performance Web Solutions
> Web Sites: http://come.to/fastnet http://sergeant.org
> Available for Consultancy, Contracts and Training.
>

Re: $r->get_basic_auth_pw

Posted by Matt Sergeant <ma...@sergeant.org>.

On Tue, 15 Feb 2000, Matt Sergeant wrote:
> On Tue, 15 Feb 2000, Louis-David Mitterrand wrote:
> > Although I see that the browser is returning a:
> > 
> > 'Authorization' => 'Basic dnZ2dnY6bW1tbW1tbW1t',
> > 
> > header, the $r->get_basic_auth_pw and $r->connection->user methods
> > return nothing when used inside a content handler like Mason. Is this
> > normal? Does it only return something from an auth handler?
> 
> Seems that way - irritating, isn't it?
> 
> I ended up doing this:
> 
> my ($auth) = $r->header_in('Authorization');
> if (!$auth) {
> 	# No login attempt
> 	die My::Exception->Basic_Auth;
> }
> if ($auth =~ /Basic\s+(\S*)/) {
> 	$auth = decode_base64($1);

Almost forgot: decode_base64 is from MIME::Base64.

-- 
<Matt/>

Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.