Authentifizierung: Unterstützung für HTTP Basic Authentication RFC 7617

author Moritz Bunkus <m.bunkus@linet-services.de>

Fri, 15 Mar 2019 11:30:30 +0000 (12:30 +0100)

committer Moritz Bunkus <m.bunkus@linet-services.de>

Fri, 15 Mar 2019 11:30:30 +0000 (12:30 +0100)
author Moritz Bunkus <m.bunkus@linet-services.de>
Fri, 15 Mar 2019 11:30:30 +0000 (12:30 +0100)
committer Moritz Bunkus <m.bunkus@linet-services.de>
Fri, 15 Mar 2019 11:30:30 +0000 (12:30 +0100)
diff --git a/SL/Auth.pm b/SL/Auth.pm

index 82be3b8..63412e0 100644 (file)
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -94,6 +94,18 @@ sub set_client {
    return $self->client;
  }
  
+sub get_default_client_id {
+  my ($self) = @_;
+
+  my $dbh    = $self->dbconnect;
+
+  return unless $dbh;
+
+  my $row = $dbh->selectrow_hashref(qq|SELECT id FROM auth.clients WHERE is_default = TRUE LIMIT 1|);
+
+  return $row->{id} if $row;
+}
+
  sub DESTROY {
    my $self = shift;
  
diff --git a/SL/Dispatcher/AuthHandler/User.pm b/SL/Dispatcher/AuthHandler/User.pm

index ba5071a..182d654 100644 (file)
--- a/SL/Dispatcher/AuthHandler/User.pm
+++ b/SL/Dispatcher/AuthHandler/User.pm
@@ -3,15 +3,22 @@ package SL::Dispatcher::AuthHandler::User;
  use strict;
  use parent qw(Rose::Object);
  
+use Encode ();
+use MIME::Base64 ();
+
  use SL::Layout::Dispatcher;
  
  sub handle {
    my ($self, %param) = @_;
  
-  my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login');
+  my ($http_auth_login, $http_auth_password) = $self->_parse_http_basic_auth;
+
+  my $login = $::form->{'{AUTH}login'} // $http_auth_login // $::auth->get_session_value('login');
+
    return $self->_error(%param) if !defined $login;
  
-  my $client_id = $::form->{'{AUTH}client_id'} || $::auth->get_session_value('client_id');
+  my $client_id = $::form->{'{AUTH}client_id'} // $::auth->get_session_value('client_id') // $::auth->get_default_client_id;
+
    return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id);
  
    %::myconfig = User->get_default_myconfig($::auth->read_user(login => $login));
@@ -22,8 +29,9 @@ sub handle {
    $::request->{layout} = SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});
  
    my $ok   =  $::auth->is_api_token_cookie_valid;
-  $ok    ||=  $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
-  $ok    ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
+  $ok    ||=  $::form->{'{AUTH}login'}                      && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
+  $ok    ||= !$::form->{'{AUTH}login'} &&  $http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $http_auth_password));
+  $ok    ||= !$::form->{'{AUTH}login'} && !$http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
  
    return $self->_error(%param) if !$ok;
  
@@ -44,4 +52,26 @@ sub _error {
    return 0;
  }
  
+sub _parse_http_basic_auth {
+  my ($self) = @_;
+
+  # See RFC 7617.
+
+  # Requires that the server passes the 'Authorization' header as the
+  # environment variable 'HTTP_AUTHORIZATION'. Example code for
+  # Apache:
+
+  # SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+
+  my $data = $ENV{HTTP_AUTHORIZATION};
+
+  return unless ($data // '') =~ m{^basic +(.+)}i;
+
+  $data = Encode::decode('utf-8', MIME::Base64::decode($1));
+
+  return unless $data =~ m{(.+?):(.+)};
+
+  return ($1, $2);
+}
+
  1;
author	Moritz Bunkus <m.bunkus@linet-services.de>
	Fri, 15 Mar 2019 11:30:30 +0000 (12:30 +0100)
committer	Moritz Bunkus <m.bunkus@linet-services.de>
	Fri, 15 Mar 2019 11:30:30 +0000 (12:30 +0100)
SL/Auth.pm		patch \| blob \| history
SL/Dispatcher/AuthHandler/User.pm		patch \| blob \| history