package Apache::AuthzDigest;
use Apache::Constants qw(OK DECLINED AUTH_REQUIRED);
use Apache::Log;
use Apache::AuthDigest::API;
use strict;
sub handler {
my $r = Apache::AuthDigest::API->new(shift);
my $log = $r->server->log;
if (Apache->module('mod_digest.c')) {
$log->info('Apache::AuthzDigest - deferring to mod_digest');
return DECLINED;
}
my $user = $r->user;
unless ($user) {
$log->error('Apache::AuthzDigest - no user found!');
$r->note_digest_auth_failure;
return AUTH_REQUIRED;
}
foreach my $requires (@{$r->requires}) {
my ($directive, @list) = split " ", $requires->{requirement};
# We're ok if only valid-user was required.
return OK if lc($directive) eq 'valid-user';
# Likewise if the user requirement was specified and
# we match based on what we already know.
return OK if lc($directive) eq 'user' && grep { $_ eq $user } @list;
}
# if we get here we couldn't validate the user
$log->error("Apache::AuthzDigest - user '", $r->user,
"' not allowed");
$r->note_digest_auth_failure;
return AUTH_REQUIRED;
}
1;
__END__
=head1 NAME
Apache::AuthzDigest - pick up the authorization pieces of mod_digest
=head1 SYNOPSIS
PerlModule Apache::AuthDigest
PerlModule Apache::AuthzDigest
<Location /protected>
PerlAuthenHandler Apache::AuthDigest
PerlAuthzHandler Apache::AuthzDigest
Require user foo
AuthType Digest
AuthName "cookbook"
AuthDigestFile .htdigest
</Location>
=head1 DESCRIPTION
Apache::AuthzDigest picks up the authorization pieces of
mod_digest that Apache::AuthDigest leaves behind, namely
the checking behind the "Require user" directive.
see the Apache::AuthDigest manpage for more information
on Apache::AuthDigest, which is the real driver here -
Apache::AuthzDigest doesn't do much, really.
=head1 EXAMPLE
see the SYNOPSIS.
=head1 NOTES
Apache::AuthzDigest will decline to process the transaction
if mod_digest.c is detected, allowing the faster mod_digest
implementation to control the fate of the request.
=head1 FEATURES/BUGS
none that I know of yet, but consider this alphaware.
=head1 SEE ALSO
perl(1), mod_perl(1), Apache(3), Apache::AuthDigest(3)
=head1 AUTHORS
Geoffrey Young E<lt>geoff@modperlcookbook.orgE<gt>
Paul Lindner E<lt>paul@modperlcookbook.orgE<gt>
Randy Kobes E<lt>randy@modperlcookbook.orgE<gt>
=head1 COPYRIGHT
Copyright (c) 2002, Geoffrey Young, Paul Lindner, Randy Kobes.
All rights reserved.
This module is free software. It may be used, redistributed
and/or modified under the same terms as Perl itself.
=head1 HISTORY
This code is derived from the I<Cookbook::AuthzRole> module,
available as part of "The mod_perl Developer's Cookbook".
For more information, visit http://www.modperlcookbook.org/
=cut