1 package Apache2
::Authen
::Passphrase
;
6 use parent qw
/Exporter/;
7 use subs qw
/OK HTTP_UNAUTHORIZED/;
9 our $VERSION = 0.002001;
11 use constant USER_REGEX
=> qr/^\w{2,20}$/pas;
12 use constant PASSPHRASE_VERSION
=> 1;
13 use constant INVALID_USER
=> "invalid-user\n";
14 use constant BAD_PASSWORD
=> "bad-password\n";
16 use if $ENV{MOD_PERL
}, 'Apache2::RequestRec';
17 use if $ENV{MOD_PERL
}, 'Apache2::RequestUtil';
18 use if $ENV{MOD_PERL
}, 'Apache2::Access';
19 use if $ENV{MOD_PERL
}, 'Apache2::Const' => qw
/OK HTTP_UNAUTHORIZED/;
20 use Authen
::Passphrase
;
21 use Authen
::Passphrase
::BlowfishCrypt
;
22 use YAML
::Any qw
/LoadFile DumpFile/;
24 our @EXPORT_OK = qw
/pwset pwcheck pwhash USER_REGEX PASSPHRASE_VERSION INVALID_USER BAD_PASSWORD/;
26 ##################################################
29 $rootdir //= $ENV{AAP_ROOTDIR
};
34 my $ppr=Authen
::Passphrase
::BlowfishCrypt
->new(
46 my $file = "$rootdir/$user.yml";
47 my $conf = eval { LoadFile
$file } // undef;
48 $conf->{passphrase
}=pwhash
$pass;
49 $conf->{passphrase_version
}=PASSPHRASE_VERSION
;
50 DumpFile
$file, $conf;
57 die INVALID_USER
unless $user =~ USER_REGEX
; ## no critic (RequireCarping)
58 $user=${^MATCH
};# Make taint shut up
59 my $conf=LoadFile
"$rootdir/$user.yml";
61 ## no critic (RequireCarping)
62 die BAD_PASSWORD
unless keys $conf;# Empty hash means no such user
63 die BAD_PASSWORD
unless Authen
::Passphrase
->from_rfc2307($conf->{passphrase
})->match($pass);
65 pwset
$user, $pass if $conf->{passphrase_version
} < PASSPHRASE_VERSION
70 local $rootdir = $r->dir_config('AuthenPassphraseRootdir');
72 my ($rc, $pass) = $r->get_basic_auth_pw;
73 return $rc unless $rc == OK
;
76 unless (eval { pwcheck
$user, $pass; 1 }) {
77 $r->note_basic_auth_failure;
78 return HTTP_UNAUTHORIZED
89 Apache2::Authen::Passphrase - basic authentication with Authen::Passphrase
93 use Apache2::Authen::Passphrase qw/pwcheck pwset pwhash/;
94 $Apache2::Authen::Passphrase::rootdir = "/path/to/user/directory"
95 my $hash = pwhash $username, $password;
96 pwset $username, "pass123";
97 eval { pwcheck $username, "pass123" };
101 PerlAuthenHandler Apache2::Authen::Passphrase
102 PerlSetVar AuthenPassphraseRootdir /path/to/user/directory
109 Apache2::Authen::Passphrase is a perl module which provides easy-to-use Apache2 authentication. It exports some utility functions and it contains a PerlAuthenHandler.
111 The password hashes are stored in YAML files in an directory (called the C<rootdir>), one file per user.
113 Set the C<rootdir> like this:
115 $Apache2::Authen::Passphrase::rootdir = '/path/to/rootdir';
117 or by setting the C<AAP_ROOTDIR> enviroment variable to the desired value.
125 Takes the password as a single argument and returns the password hash.
127 =item B<pwset>(I<$username>, I<$password>)
129 Sets the password of $username to $password.
131 =item B<pwcheck>(I<$username>, I<$password>)
133 Checks the given username and password, throwing an exception if the username is invalid or the password is incorrect.
137 The PerlAuthenHandler for use in apache2. It uses Basic Access Authentication.
141 A regex that matches valid usernames. Usernames must be at least 2 characters, at most 20 characters, and they may only contain word characters (C<[A-Za-z0-9_]>).
143 =item B<INVALID_USER>
145 Exception thrown if the username does not match C<USER_REGEX>.
147 =item B<BAD_PASSWORD>
149 Exception thrown if the password is different from the one stored in the user's yml file.
151 =item B<PASSPHRASE_VERSION>
153 The version of the passphrase. It is incremented each time the passphrase hashing scheme is changed. Versions so far:
157 =item Version 1 B<(current)>
159 Uses C<Authen::Passphrase::BlowfishCrypt> with a cost factor of 10
171 If the C<rootdir> is not explicitly set, it is taken from this environment variable.
177 Marius Gavrilescu, E<lt>marius@ieval.roE<gt>
179 =head1 COPYRIGHT AND LICENSE
181 Copyright (C) 2013 by Marius Gavrilescu
183 This library is free software; you can redistribute it and/or modify
184 it under the same terms as Perl itself, either Perl version 5.14.2 or,
185 at your option, any later version of Perl 5 you may have available.