File Coverage

blib/lib/Apache2/Authen/Passphrase.pm

Criterion	Covered	Total	%
statement	66	77	85.7
branch	6	12	50.0
condition	2	2	100.0
subroutine	19	20	95.0
pod	4	4	100.0
total	97	115	84.3

line	stmt	bran	cond	sub	pod	time	code
1							package Apache2::Authen::Passphrase;
2
3	1			1		33130	use 5.014000;
	1					3
	1					27
4	1			1		4	use strict;
	1					1
	1					25
5	1			1		3	use warnings;
	1					4
	1					30
6	1			1		4	use parent qw/Exporter/;
	1					1
	1					4
7	1			1		538	use subs qw/OK HTTP_UNAUTHORIZED/;
	1					16
	1					4
8
9							our $VERSION = 0.002002;
10
11	1			1		71	use constant USER_REGEX => qr/^\w{2,20}$/pas;
	1					1
	1					53
12	1			1		4	use constant PASSPHRASE_VERSION => 1;
	1					1
	1					36
13	1			1		4	use constant INVALID_USER => "invalid-user\n";
	1					1
	1					35
14	1			1		3	use constant BAD_PASSWORD => "bad-password\n";
	1					1
	1					39
15
16	1			1		513	use if $ENV{MOD_PERL}, 'Apache2::RequestRec';
	1					8
	1					4
17	1			1		38	use if $ENV{MOD_PERL}, 'Apache2::RequestUtil';
	1					1
	1					5
18	1			1		25	use if $ENV{MOD_PERL}, 'Apache2::Access';
	1					2
	1					3
19	1			1		28	use if $ENV{MOD_PERL}, 'Apache2::Const' => qw/OK HTTP_UNAUTHORIZED/;
	1					1
	1					6
20	1			1		544	use Authen::Passphrase;
	1					3748
	1					26
21	1			1		566	use Authen::Passphrase::BlowfishCrypt;
	1					14750
	1					32
22	1			1		431	use YAML::Any qw/LoadFile DumpFile/;
	1					986
	1					5
23
24							our @EXPORT_OK = qw/pwset pwcheck pwhash USER_REGEX PASSPHRASE_VERSION INVALID_USER BAD_PASSWORD/;
25
26							##################################################
27
28							our $rootdir;
29							$rootdir //= $ENV{AAP_ROOTDIR};
30
31							sub pwhash{
32	2			2	1	6	my ($pass)=@_;
33
34	2					22	my $ppr=Authen::Passphrase::BlowfishCrypt->new(
35							cost => 10,
36							passphrase => $pass,
37							salt_random => 1,
38							);
39
40	2					185538	$ppr->as_rfc2307
41							}
42
43							sub pwset{
44	2			2	1	91649	my ($user, $pass)=@_;
45
46	2					8	my $file = "$rootdir/$user.yml";
47	2		100			4	my $conf = eval { LoadFile $file } // undef;
	2					10
48	2					4871	$conf->{passphrase}=pwhash $pass;
49	2					164	$conf->{passphrase_version}=PASSPHRASE_VERSION;
50	2					13	DumpFile $file, $conf;
51
52	2					14997	chmod 0660, $file;
53							}
54
55							sub pwcheck{
56	6			6	1	1840	my ($user, $pass)=@_;
57	6	100				50	die INVALID_USER unless $user =~ USER_REGEX; ## no critic (RequireCarping)
58	3					12	$user=${^MATCH}; # Make taint shut up
59	3					25	my $conf=LoadFile "$rootdir/$user.yml";
60
61							## no critic (RequireCarping)
62	3	50				14600	die BAD_PASSWORD unless keys %$conf; # Empty hash means no such user
63	3	100				30	die BAD_PASSWORD unless Authen::Passphrase->from_rfc2307($conf->{passphrase})->match($pass);
64							## use critic
65	2	50				179630	pwset $user, $pass if $conf->{passphrase_version} < PASSPHRASE_VERSION
66							}
67
68							sub handler{
69	0			0	1		my $r=shift;
70	0						local $rootdir = $r->dir_config('AuthenPassphraseRootdir');
71
72	0						my ($rc, $pass) = $r->get_basic_auth_pw;
73	0	0					return $rc unless $rc == OK;
74
75	0						my $user=$r->user;
76	0	0					unless (eval { pwcheck $user, $pass; 1 }) {
	0
	0
77	0						$r->note_basic_auth_failure;
78	0						return HTTP_UNAUTHORIZED
79							}
80
81							OK
82	0						}
83
84							1;
85							__END__