Fix indentation

[apache2-authen-passphrase.git] / lib / Apache2 / Authen / Passphrase.pm

diff --git a/lib/Apache2/Authen/Passphrase.pm b/lib/Apache2/Authen/Passphrase.pm
index 0770f74a72fc879403ff01f910a5d66e4e67b094..d2be6625e24e91abd3686f283749595821bb0441 100644 (file)
--- a/lib/Apache2/Authen/Passphrase.pm
+++ b/lib/Apache2/Authen/Passphrase.pm
@@ -1,20 +1,22 @@
-package Apache2::Authen::Passphrase 0.001;
+package Apache2::Authen::Passphrase;
 
 use 5.014000;
 use strict;
 use warnings;
 use parent qw/Exporter/;
+use subs qw/OK HTTP_UNAUTHORIZED/;
 
-use constant +{
-  USER_REGEX => qr/^\w{2,20}$/pa,
-  PASSPHRASE_VERSION => 1,
-  INVALID_USER => "invalid-user\n",
-  BAD_PASSWORD => "bad-password\n",
-};
+our $VERSION = 0.002001;
 
-use Apache2::RequestRec;
-use Apache2::Access;
-use Apache2::Const qw/OK HTTP_UNAUTHORIZED/;
+use constant USER_REGEX => qr/^\w{2,20}$/pas;
+use constant PASSPHRASE_VERSION => 1;
+use constant INVALID_USER => "invalid-user\n";
+use constant BAD_PASSWORD => "bad-password\n";
+
+use if $ENV{MOD_PERL}, 'Apache2::RequestRec';
+use if $ENV{MOD_PERL}, 'Apache2::RequestUtil';
+use if $ENV{MOD_PERL}, 'Apache2::Access';
+use if $ENV{MOD_PERL}, 'Apache2::Const' => qw/OK HTTP_UNAUTHORIZED/;
 use Authen::Passphrase;
 use Authen::Passphrase::BlowfishCrypt;
 use YAML::Any qw/LoadFile DumpFile/;
@@ -24,55 +26,59 @@ our @EXPORT_OK = qw/pwset pwcheck pwhash USER_REGEX PASSPHRASE_VERSION INVALID_U
 ##################################################
 
 our $rootdir;
+$rootdir //= $ENV{AAP_ROOTDIR};
 
 sub pwhash{
-  my ($pass)=@_;
+       my ($pass)=@_;
 
-  my $ppr=Authen::Passphrase::BlowfishCrypt->new(
-       cost => 10,
-       passphrase => $pass,
-       salt_random => 1,
-  );
+       my $ppr=Authen::Passphrase::BlowfishCrypt->new(
+               cost => 10,
+               passphrase => $pass,
+               salt_random => 1,
+       );
 
-  $ppr->as_rfc2307
+       $ppr->as_rfc2307
 }
 
 sub pwset{
-  my ($user, $pass)=@_;
+       my ($user, $pass)=@_;
 
-  my $file = "$rootdir/us/$user.yml";
-  my $conf = eval { LoadFile $file } // undef;
-  $conf->{passphrase}=pwhash $pass;
-  $conf->{passphrase_version}=PASSPHRASE_VERSION;
-  DumpFile $file, $conf;
+       my $file = "$rootdir/$user.yml";
+       my $conf = eval { LoadFile $file } // undef;
+       $conf->{passphrase}=pwhash $pass;
+       $conf->{passphrase_version}=PASSPHRASE_VERSION;
+       DumpFile $file, $conf;
 
-  chmod 0660, $file;
+       chmod 0660, $file;
 }
 
 sub pwcheck{
-  my ($user, $pass)=@_;
-  die INVALID_USER unless $user =~ USER_REGEX;
-  $user=${^MATCH};# Make taint shut up
-  my $conf=LoadFile "$rootdir/us/$user.yml";
-
-  die BAD_PASSWORD unless keys $conf;# Empty hash means no such user
-  die BAD_PASSWORD unless Authen::Passphrase->from_rfc2307($conf->{passphrase})->match($pass);
-  pwset $user, $pass if $conf->{passphrase_version} < PASSPHRASE_VERSION
+       my ($user, $pass)=@_;
+       die INVALID_USER unless $user =~ USER_REGEX; ## no critic (RequireCarping)
+       $user=${^MATCH};                             # Make taint shut up
+       my $conf=LoadFile "$rootdir/$user.yml";
+
+       ## no critic (RequireCarping)
+       die BAD_PASSWORD unless keys $conf;          # Empty hash means no such user
+       die BAD_PASSWORD unless Authen::Passphrase->from_rfc2307($conf->{passphrase})->match($pass);
+       ## use critic
+       pwset $user, $pass if $conf->{passphrase_version} < PASSPHRASE_VERSION
 }
 
 sub handler{
-  my $r=shift;
+       my $r=shift;
+       local $rootdir = $r->dir_config('AuthenPassphraseRootdir');
 
-  my ($rc, $pass) = $r->get_basic_auth_pw;
-  return $rc unless $rc == OK;
+       my ($rc, $pass) = $r->get_basic_auth_pw;
+       return $rc unless $rc == OK;
 
-  my $user=$r->user;
-  unless (eval { pwcheck $user, $pass; 1 }) {
-       $r->note_basic_auth_failure;
-       return HTTP_UNAUTHORIZED
-  }
+       my $user=$r->user;
+       unless (eval { pwcheck $user, $pass; 1 }) {
+               $r->note_basic_auth_failure;
+               return HTTP_UNAUTHORIZED
+       }
 
-  OK
+       OK
 }
 
 1;
@@ -85,6 +91,7 @@ Apache2::Authen::Passphrase - basic authentication with Authen::Passphrase
 =head1 SYNOPSIS
 
   use Apache2::Authen::Passphrase qw/pwcheck pwset pwhash/;
+  $Apache2::Authen::Passphrase::rootdir = "/path/to/user/directory"
   my $hash = pwhash $username, $password;
   pwset $username, "pass123";
   eval { pwcheck $username, "pass123" };
@@ -92,6 +99,7 @@ Apache2::Authen::Passphrase - basic authentication with Authen::Passphrase
   # In Apache2 config
   <Location /secret>
     PerlAuthenHandler Apache2::Authen::Passphrase
+    PerlSetVar AuthenPassphraseRootdir /path/to/user/directory
     AuthName MyAuth
     Require valid-user
   </Location>
@@ -100,6 +108,14 @@ Apache2::Authen::Passphrase - basic authentication with Authen::Passphrase
 
 Apache2::Authen::Passphrase is a perl module which provides easy-to-use Apache2 authentication. It exports some utility functions and it contains a PerlAuthenHandler.
 
+The password hashes are stored in YAML files in an directory (called the C<rootdir>), one file per user.
+
+Set the C<rootdir> like this:
+
+  $Apache2::Authen::Passphrase::rootdir = '/path/to/rootdir';
+
+or by setting the C<AAP_ROOTDIR> enviroment variable to the desired value.
+
 =head1 FUNCTIONS
 
 =over
@@ -146,6 +162,16 @@ Uses C<Authen::Passphrase::BlowfishCrypt> with a cost factor of 10
 
 =back
 
+=head1 ENVIRONMENT
+
+=over
+
+=item AAP_ROOTDIR
+
+If the C<rootdir> is not explicitly set, it is taken from this environment variable.
+
+=back
+
 =head1 AUTHOR
 
 Marius Gavrilescu, E<lt>marius@ieval.roE<gt>