]> iEval git - apache2-authen-passphrase.git/blob - lib/Apache2/Authen/Passphrase.pm
4beea0e0e8e10160a55465c48cbbb1ea7a923122
[apache2-authen-passphrase.git] / lib / Apache2 / Authen / Passphrase.pm
1 package Apache2::Authen::Passphrase 0.001001;
2
3 use 5.014000;
4 use strict;
5 use warnings;
6 use parent qw/Exporter/;
7
8 use constant +{
9 USER_REGEX => qr/^\w{2,20}$/pa,
10 PASSPHRASE_VERSION => 1,
11 INVALID_USER => "invalid-user\n",
12 BAD_PASSWORD => "bad-password\n",
13 };
14
15 use Apache2::RequestRec;
16 use Apache2::Access;
17 use Apache2::Const qw/OK HTTP_UNAUTHORIZED/;
18 use Authen::Passphrase;
19 use Authen::Passphrase::BlowfishCrypt;
20 use YAML::Any qw/LoadFile DumpFile/;
21
22 our @EXPORT_OK = qw/pwset pwcheck pwhash USER_REGEX PASSPHRASE_VERSION INVALID_USER BAD_PASSWORD/;
23
24 ##################################################
25
26 our $rootdir;
27
28 sub pwhash{
29 my ($pass)=@_;
30
31 my $ppr=Authen::Passphrase::BlowfishCrypt->new(
32 cost => 10,
33 passphrase => $pass,
34 salt_random => 1,
35 );
36
37 $ppr->as_rfc2307
38 }
39
40 sub pwset{
41 my ($user, $pass)=@_;
42
43 my $file = "$rootdir/$user.yml";
44 my $conf = eval { LoadFile $file } // undef;
45 $conf->{passphrase}=pwhash $pass;
46 $conf->{passphrase_version}=PASSPHRASE_VERSION;
47 DumpFile $file, $conf;
48
49 chmod 0660, $file;
50 }
51
52 sub pwcheck{
53 my ($user, $pass)=@_;
54 die INVALID_USER unless $user =~ USER_REGEX;
55 $user=${^MATCH};# Make taint shut up
56 my $conf=LoadFile "$rootdir/$user.yml";
57
58 die BAD_PASSWORD unless keys $conf;# Empty hash means no such user
59 die BAD_PASSWORD unless Authen::Passphrase->from_rfc2307($conf->{passphrase})->match($pass);
60 pwset $user, $pass if $conf->{passphrase_version} < PASSPHRASE_VERSION
61 }
62
63 sub handler{
64 my $r=shift;
65 local $rootdir = $r->dir_config('AuthenPassphraseRootdir');
66
67 my ($rc, $pass) = $r->get_basic_auth_pw;
68 return $rc unless $rc == OK;
69
70 my $user=$r->user;
71 unless (eval { pwcheck $user, $pass; 1 }) {
72 $r->note_basic_auth_failure;
73 return HTTP_UNAUTHORIZED
74 }
75
76 OK
77 }
78
79 1;
80 __END__
81
82 =head1 NAME
83
84 Apache2::Authen::Passphrase - basic authentication with Authen::Passphrase
85
86 =head1 SYNOPSIS
87
88 use Apache2::Authen::Passphrase qw/pwcheck pwset pwhash/;
89 $Apache2::Authen::Passphrase::rootdir = "/path/to/user/directory"
90 my $hash = pwhash $username, $password;
91 pwset $username, "pass123";
92 eval { pwcheck $username, "pass123" };
93
94 # In Apache2 config
95 <Location /secret>
96 PerlAuthenHandler Apache2::Authen::Passphrase
97 PerlSetVar AuthenPassphraseRootdir /path/to/user/directory
98 AuthName MyAuth
99 Require valid-user
100 </Location>
101
102 =head1 DESCRIPTION
103
104 Apache2::Authen::Passphrase is a perl module which provides easy-to-use Apache2 authentication. It exports some utility functions and it contains a PerlAuthenHandler.
105
106 =head1 FUNCTIONS
107
108 =over
109
110 =item B<pwhash>()
111
112 Takes the password as a single argument and returns the password hash.
113
114 =item B<pwset>(I<$username>, I<$password>)
115
116 Sets the password of $username to $password.
117
118 =item B<pwcheck>(I<$username>, I<$password>)
119
120 Checks the given username and password, throwing an exception if the username is invalid or the password is incorrect.
121
122 =item B<handler>
123
124 The PerlAuthenHandler for use in apache2. It uses Basic Access Authentication.
125
126 =item B<USER_REGEX>
127
128 A regex that matches valid usernames. Usernames must be at least 2 characters, at most 20 characters, and they may only contain word characters (C<[A-Za-z0-9_]>).
129
130 =item B<INVALID_USER>
131
132 Exception thrown if the username does not match C<USER_REGEX>.
133
134 =item B<BAD_PASSWORD>
135
136 Exception thrown if the password is different from the one stored in the user's yml file.
137
138 =item B<PASSPHRASE_VERSION>
139
140 The version of the passphrase. It is incremented each time the passphrase hashing scheme is changed. Versions so far:
141
142 =over
143
144 =item Version 1 B<(current)>
145
146 Uses C<Authen::Passphrase::BlowfishCrypt> with a cost factor of 10
147
148 =back
149
150 =back
151
152 =head1 AUTHOR
153
154 Marius Gavrilescu, E<lt>marius@ieval.roE<gt>
155
156 =head1 COPYRIGHT AND LICENSE
157
158 Copyright (C) 2013 by Marius Gavrilescu
159
160 This library is free software; you can redistribute it and/or modify
161 it under the same terms as Perl itself, either Perl version 5.14.2 or,
162 at your option, any later version of Perl 5 you may have available.
163
164
165 =cut
This page took 0.054973 seconds and 4 git commands to generate.