diff options
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Install/Localconfig.pm | 10 | ||||
| -rw-r--r-- | Bugzilla/ModPerl.pm | 10 | ||||
| -rw-r--r-- | Bugzilla/ModPerl/BasicAuth.pm | 60 |
3 files changed, 79 insertions, 1 deletions
diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index f877829c5..646dbc1a7 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -163,7 +163,15 @@ use constant LOCALCONFIG_VARS => ( { name => 'attachment_base', default => _migrate_param( "attachment_base", '' ), - } + }, + { + name => 'ses_username', + default => '', + }, + { + name => 'ses_password', + default => '', + }, ); diff --git a/Bugzilla/ModPerl.pm b/Bugzilla/ModPerl.pm index 142df63d4..a5c840897 100644 --- a/Bugzilla/ModPerl.pm +++ b/Bugzilla/ModPerl.pm @@ -97,6 +97,16 @@ ErrorDocument 500 /errors/500.html [% root_htaccess.contents FILTER indent %] </Directory> +# AWS SES endpoint for handling mail bounces/complaints +<Location "/ses"> + PerlSetEnv AUTH_VAR_NAME ses_username + PerlSetEnv AUTH_VAR_PASS ses_password + PerlAuthenHandler Bugzilla::ModPerl::BasicAuth + AuthName SES + AuthType Basic + require valid-user +</Location> + # directory rules for all the other places we have .htaccess files [% FOREACH htaccess IN htaccess_files %] # from [% htaccess.file %] diff --git a/Bugzilla/ModPerl/BasicAuth.pm b/Bugzilla/ModPerl/BasicAuth.pm new file mode 100644 index 000000000..e93680e9d --- /dev/null +++ b/Bugzilla/ModPerl/BasicAuth.pm @@ -0,0 +1,60 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# This Source Code Form is "Incompatible With Secondary Licenses", as +# defined by the Mozilla Public License, v. 2.0. +package Bugzilla::ModPerl::BasicAuth; +use 5.10.1; +use strict; +use warnings; + +# Protects a mod_perl <Location> with Basic HTTP authentication. +# +# Example use: +# +# <Location "/ses"> +# PerlAuthenHandler Bugzilla::ModPerl::BasicAuth +# PerlSetEnv AUTH_VAR_NAME ses_username +# PerlSetEnv AUTH_VAR_PASS ses_password +# AuthName SES +# AuthType Basic +# require valid-user +# </Location> +# +# AUTH_VAR_NAME and AUTH_VAR_PASS are the names of variables defined in +# `localconfig` which hold the authentication credentials. + +use Apache2::Const -compile => qw(OK HTTP_UNAUTHORIZED); +use Bugzilla (); + +sub handler { + my $r = shift; + my ($status, $password) = $r->get_basic_auth_pw; + return $status if $status != Apache2::Const::OK; + + my $auth_var_name = $ENV{AUTH_VAR_NAME}; + my $auth_var_pass = $ENV{AUTH_VAR_PASS}; + unless ($auth_var_name && $auth_var_pass) { + warn "AUTH_VAR_NAME and AUTH_VAR_PASS environmental vars not set\n"; + $r->note_basic_auth_failure; + return Apache2::Const::HTTP_UNAUTHORIZED; + } + + my $auth_user = Bugzilla->localconfig->{$auth_var_name}; + my $auth_pass = Bugzilla->localconfig->{$auth_var_pass}; + unless ($auth_user && $auth_pass) { + warn "$auth_var_name and $auth_var_pass not configured\n"; + $r->note_basic_auth_failure; + return Apache2::Const::HTTP_UNAUTHORIZED; + } + + unless ($r->user eq $auth_user && $password eq $auth_pass) { + $r->note_basic_auth_failure; + return Apache2::Const::HTTP_UNAUTHORIZED; + } + + return Apache2::Const::OK; +} + +1; |