File Coverage

lib/Apache2/AuthColloquy.pm

Criterion	Covered	Total	%
statement	10	12	83.3
branch			n/a
condition			n/a
subroutine	4	4	100.0
pod			n/a
total	14	16	87.5

line	stmt	sub	time	code
1				############################################################
2				#
3				# $Id$
4				# Apache2::AuthColloquy - mod_perl authentication against the Colloquy users.lua file
5				#
6				# Copyright 2005,2006 Nicola Worthington
7				#
8				# Licensed under the Apache License, Version 2.0 (the "License");
9				# you may not use this file except in compliance with the License.
10				# You may obtain a copy of the License at
11				#
12				# http://www.apache.org/licenses/LICENSE-2.0
13				#
14				# Unless required by applicable law or agreed to in writing, software
15				# distributed under the License is distributed on an "AS IS" BASIS,
16				# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17				# See the License for the specific language governing permissions and
18				# limitations under the License.
19				#
20				############################################################
21
22				package Apache2::AuthColloquy;
23				# vim:ts=4:sw=4:tw=78
24
25	2	2	7321	use strict;
	2		3
	2		77
26	2	2	10	use vars qw($VERSION @ISA @EXPORT @EXPORT_OK);
	2		3
	2		130
27
28	2	2	1491	use MD5;
	2		352
	2		104
29	2	2	724	use mod_perl2;
	0
	0
30				use Colloquy::Data qw(:all);
31
32				require Exporter;
33
34				@ISA = qw(Exporter AutoLoader);
35				@EXPORT = qw();
36				$VERSION = '1.13' \|\| sprintf('%d.%02d', q$Revision: 1.12 $ =~ /(\d+)/g);
37
38				# Test for the version of mod_perl, and use the appropriate libraries
39				require Apache2::Access;
40				require Apache2::Connection;
41				require Apache2::Log;
42				require Apache2::RequestRec;
43				require Apache2::RequestUtil;
44				use Apache2::Const -compile => qw(HTTP_UNAUTHORIZED OK DECLINED);
45
46				# Handles Apache requests
47				sub handler {
48				my $r = shift;
49
50				my ($result, $password) = $r->get_basic_auth_pw;
51				return $result if $result;
52
53				my $user = $r->user;
54				my $users_lua = $r->dir_config('users_lua') \|\| '/usr/local/colloquy/data';
55				my $allowaltauth = $r->dir_config('AllowAlternateAuth') \|\| 'no';
56
57				# remove the domainname if logging in from winxp
58				## Parse $name's with Domain\Username
59				my $domain = '';
60				if ($user =~ m\|(\w+)[\\/](.+)\|) {
61				($domain, $user) = ($1, $2);
62				}
63
64				# Check that the username doesn't contain characters
65				# denied by Colloquy in main.lua
66				if ($user =~ /\[\!\;\'\:\@\?\,\`\.\]\s/) {
67				$r->note_basic_auth_failure;
68				$r->log_error(
69				"user $user: invalid username contains disallowed characters ",
70				$r->uri);
71				return (lc($allowaltauth) eq "yes" ? Apache2::Const::DECLINED : Apache2::Const::HTTP_UNAUTHORIZED);
72				}
73
74				# Check we have a password
75				unless (length($password)) {
76				$r->note_basic_auth_failure;
77				$r->log_error("user $user: no password supplied for URI ", $r->uri);
78				return Apache2::Const::HTTP_UNAUTHORIZED;
79				}
80
81				# Read the database
82				my $users = {};
83				eval {
84				($users) = Colloquy::Data::users($users_lua);
85				};
86
87				# Check we can read the database file
88				if ($@) {
89				$r->note_basic_auth_failure;
90				$r->log_error(
91				"user $user: unable to read users_lua database '$users_lua': $@ at URI ",
92				$r->uri);
93				return (lc($allowaltauth) eq "yes" ? Apache2::Const::DECLINED : Apache2::Const::HTTP_UNAUTHORIZED);
94				}
95
96				# Check we have found that user
97				unless (exists $users->{"$user"}->{password2} \|\| exists $users->{"$user"}->{password}) {
98				$r->note_basic_auth_failure;
99				$r->log_error(
100				"user $user: no valid user found for URI ",
101				$r->uri);
102				return (lc($allowaltauth) eq "yes" ? Apache2::Const::DECLINED : Apache2::Const::HTTP_UNAUTHORIZED);
103				}
104
105				# Now check the password
106				my $db_password_hash = $users->{"$user"}->{password2} \|\| $users->{"$user"}->{password} \|\| '_no_db_passd_';
107				my $our_password_hash = MD5->hexhash("$user$password") \|\| '_no_usr_passd_';
108				if ($our_password_hash eq $db_password_hash) {
109				return Apache2::Const::OK;
110				} else {
111				$r->log_error(
112				"user $user: invalid password for URI ",
113				$r->uri);
114				return (lc($allowaltauth) eq "yes" ? Apache2::Const::DECLINED : Apache2::Const::HTTP_UNAUTHORIZED);
115				}
116
117				# Otherwise fail
118				return (lc($allowaltauth) eq "yes" ? Apache2::Const::DECLINED : Apache2::Const::HTTP_UNAUTHORIZED);
119				}
120
121				1;
122
123				=pod
124
125				=head1 NAME
126
127				Apache2::AuthColloquy - mod_perl authentication against the Colloquy users.lua file
128
129				=head1 SYNOPSIS
130
131				AuthName "Talker Members Area"
132				AuthType Basic
133
134				# Full path to your users.lua file or users/ directory
135				PerlSetVar users_lua /home/system/colloquy/data
136
137				# Set if you want to allow an alternate method of authentication
138				PerlSetVar AllowAlternateAuth yes \| no
139
140				require valid-user
141				PerlAuthenHandler Apache2::AuthColloquy
142
143				=head1 DESCRIPTION
144
145				Apache2::AuthColloquy is an Apache 2 authentication module. It will
146				authenticate against a Colloquy users.lua user database file using
147				the newer password2 field.
148
149				This script munges the users.lua file in to executable perl code
150				which is then evaluated. It should therefore be used with caution
151				if you cannot gaurentee the integrity of the users.lua file. See
152				Colloquy::Data for more details.
153
154				=head1 SEE ALSO
155
156				L
157
158				=head1 VERSION
159
160				$Id$
161
162				=head1 AUTHOR
163
164				Nicola Worthington
165
166				L
167
168				=head1 COPYRIGHT
169
170				Copyright 2005,2006 Nicola Worthington.
171
172				This software is licensed under The Apache Software License, Version 2.0.
173
174				L
175
176				=cut
177
178				__END__