summaryrefslogtreecommitdiffstats
path: root/Bugzilla/ModPerl/BasicAuth.pm
blob: e93680e9d1a9fcfff7e28bb0cb4601414d6db727 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
package Bugzilla::ModPerl::BasicAuth;
use 5.10.1;
use strict;
use warnings;

# Protects a mod_perl <Location> with Basic HTTP authentication.
#
# Example use:
#
# <Location "/ses">
#   PerlAuthenHandler Bugzilla::ModPerl::BasicAuth
#   PerlSetEnv AUTH_VAR_NAME ses_username
#   PerlSetEnv AUTH_VAR_PASS ses_password
#   AuthName SES
#   AuthType Basic
#   require valid-user
# </Location>
#
# AUTH_VAR_NAME and AUTH_VAR_PASS are the names of variables defined in
# `localconfig` which hold the authentication credentials.

use Apache2::Const -compile => qw(OK HTTP_UNAUTHORIZED);
use Bugzilla ();

sub handler {
    my $r = shift;
    my ($status, $password) = $r->get_basic_auth_pw;
    return $status if $status != Apache2::Const::OK;

    my $auth_var_name = $ENV{AUTH_VAR_NAME};
    my $auth_var_pass = $ENV{AUTH_VAR_PASS};
    unless ($auth_var_name && $auth_var_pass) {
        warn "AUTH_VAR_NAME and AUTH_VAR_PASS environmental vars not set\n";
        $r->note_basic_auth_failure;
        return Apache2::Const::HTTP_UNAUTHORIZED;
    }

    my $auth_user = Bugzilla->localconfig->{$auth_var_name};
    my $auth_pass = Bugzilla->localconfig->{$auth_var_pass};
    unless ($auth_user && $auth_pass) {
        warn "$auth_var_name and $auth_var_pass not configured\n";
        $r->note_basic_auth_failure;
        return Apache2::Const::HTTP_UNAUTHORIZED;
    }

    unless ($r->user eq $auth_user && $password eq $auth_pass) {
        $r->note_basic_auth_failure;
        return Apache2::Const::HTTP_UNAUTHORIZED;
    }

    return Apache2::Const::OK;
}

1;