File Coverage

blib/lib/Clustericious/Plugin/SelfPlugAuth.pm

Criterion	Covered	Total	%
statement	45	45	100.0
branch	8	10	80.0
condition	2	3	66.6
subroutine	8	8	100.0
pod	1	3	33.3
total	64	69	92.7

line	stmt	bran	cond	sub	pod	time	code
1							package Clustericious::Plugin::SelfPlugAuth;
2
3	26			26		24664	use strict;
	26					54
	26					945
4	26			26		136	use warnings;
	26					39
	26					853
5	26			26		130	use Clustericious::Log;
	26					41
	26					289
6	26			26		20097	use Mojo::ByteStream qw( b );
	26					52
	26					1997
7	26			26		146	use Mojo::Base 'Mojolicious::Plugin';
	26					58
	26					253
8
9							# ABSTRACT: Self authentication for PlugAuth
10							our $VERSION = '0.35'; # VERSION
11
12
13							sub register {
14	25			25	1	1248	my ($self, $app, $conf) = @_;
15	25					315	PlugAuth::Role::Plugin->_self_auth_plugin($self);
16	25					156	$self;
17							}
18
19							sub authenticate
20							{
21	87			87	0	357735	my($self, $c, $realm) = @_;
22
23	87					550	TRACE ("Authenticating for realm $realm");
24							# Everyone needs to send an authorization header
25	87	100				39435	my $auth = $c->req->headers->authorization or do {
26	6					246	$c->res->headers->www_authenticate(qq[Basic realm="$realm"]);
27	6					184	$c->render(text => "auth required", layout => "", status => 401);
28	6					9393	return;
29							};
30
31	81					3184	my ($method,$str) = split / /,$auth;
32	81					510	my $userinfo = b($str)->b64_decode;
33	81					2378	my ($user,$pw) = split /:/, $userinfo;
34
35	81					1381	$c->refresh;
36	81	100	66			734	if($c->authz->host_has_tag($c->tx->remote_address, 'trusted')
37							\|\| $c->auth->check_credentials($user,$pw)) {
38	75					40697	$c->stash(user => $user);
39	75					2416	return 1;
40							}
41
42	6					44	INFO "Authentication denied for $user";
43	6					6156	$c->res->headers->www_authenticate(qq[Basic realm="$realm"]);
44	6					239	$c->render(text => "authentication failure", status => 401);
45	6					8512	return;
46							}
47
48							sub authorize
49							{
50	75			75	0	89260	my($self, $c, $action, $resource) = @_;
51	75	50				306	my $user = $c->stash("user") or LOGDIE "missing user in authorize()";
52	75	50				1138	LOGDIE "missing action or resource in authorize()" unless @_==4;
53	75					483	TRACE "Authorizing user $user, action $action, resource $resource";
54	75					36669	$resource =~ s[^/][/];
55	75					4877	my $found = $c->authz->can_user_action_resource($user, $action, $resource);
56	75	100				257	if($found)
57							{
58	73					611	return 1;
59							}
60							else
61							{
62	2					12	$c->render(text => "unauthorized", status => 403);
63	2					2895	return 0;
64							}
65							}
66
67							1;
68
69							__END__
70
71							=pod
72
73							=encoding UTF-8
74
75							=head1 NAME
76
77							Clustericious::Plugin::SelfPlugAuth - Self authentication for PlugAuth
78
79							=head1 VERSION
80
81							version 0.35
82
83							=head1 DESCRIPTION
84
85							This class helps provide the self authentication/authorization mechanism
86							for PlugAuth.
87
88							=head1 AUTHOR
89
90							Graham Ollis <gollis@sesda3.com>
91
92							=head1 COPYRIGHT AND LICENSE
93
94							This software is copyright (c) 2012 by NASA GSFC.
95
96							This is free software; you can redistribute it and/or modify it under
97							the same terms as the Perl 5 programming language system itself.
98
99							=cut