X-Git-Url: http://git.ieval.ro/?a=blobdiff_plain;f=lib%2FApache2%2FAuthen%2FPassphrase.pm;h=5debb55607d64c95409e1a76638ca8a02452f4f0;hb=804310f692e98c8d5c09e697deebe2e715411c49;hp=4beea0e0e8e10160a55465c48cbbb1ea7a923122;hpb=f7fdbaad4baa1b241e5f5bfa30c7585abb10b0bd;p=apache2-authen-passphrase.git

diff --git a/lib/Apache2/Authen/Passphrase.pm b/lib/Apache2/Authen/Passphrase.pm
index 4beea0e..5debb55 100644
--- a/lib/Apache2/Authen/Passphrase.pm
+++ b/lib/Apache2/Authen/Passphrase.pm
@@ -1,20 +1,22 @@
-package Apache2::Authen::Passphrase 0.001001;
+package Apache2::Authen::Passphrase;
 
 use 5.014000;
 use strict;
 use warnings;
 use parent qw/Exporter/;
+use subs qw/OK HTTP_UNAUTHORIZED/;
 
-use constant +{
-  USER_REGEX => qr/^\w{2,20}$/pa,
-  PASSPHRASE_VERSION => 1,
-  INVALID_USER => "invalid-user\n",
-  BAD_PASSWORD => "bad-password\n",
-};
+our $VERSION = 0.002001;
 
-use Apache2::RequestRec;
-use Apache2::Access;
-use Apache2::Const qw/OK HTTP_UNAUTHORIZED/;
+use constant USER_REGEX => qr/^\w{2,20}$/pas;
+use constant PASSPHRASE_VERSION => 1;
+use constant INVALID_USER => "invalid-user\n";
+use constant BAD_PASSWORD => "bad-password\n";
+
+use if $ENV{MOD_PERL}, 'Apache2::RequestRec';
+use if $ENV{MOD_PERL}, 'Apache2::RequestUtil';
+use if $ENV{MOD_PERL}, 'Apache2::Access';
+use if $ENV{MOD_PERL}, 'Apache2::Const' => qw/OK HTTP_UNAUTHORIZED/;
 use Authen::Passphrase;
 use Authen::Passphrase::BlowfishCrypt;
 use YAML::Any qw/LoadFile DumpFile/;
@@ -24,56 +26,59 @@ our @EXPORT_OK = qw/pwset pwcheck pwhash USER_REGEX PASSPHRASE_VERSION INVALID_U
 ##################################################
 
 our $rootdir;
+$rootdir //= $ENV{AAP_ROOTDIR};
 
 sub pwhash{
-  my ($pass)=@_;
+	my ($pass)=@_;
 
-  my $ppr=Authen::Passphrase::BlowfishCrypt->new(
-	cost => 10,
-	passphrase => $pass,
-	salt_random => 1,
-  );
+	my $ppr=Authen::Passphrase::BlowfishCrypt->new(
+		cost => 10,
+		passphrase => $pass,
+		salt_random => 1,
+	);
 
-  $ppr->as_rfc2307
+	$ppr->as_rfc2307
 }
 
 sub pwset{
-  my ($user, $pass)=@_;
+	my ($user, $pass)=@_;
 
-  my $file = "$rootdir/$user.yml";
-  my $conf = eval { LoadFile $file } // undef;
-  $conf->{passphrase}=pwhash $pass;
-  $conf->{passphrase_version}=PASSPHRASE_VERSION;
-  DumpFile $file, $conf;
+	my $file = "$rootdir/$user.yml";
+	my $conf = eval { LoadFile $file } // undef;
+	$conf->{passphrase}=pwhash $pass;
+	$conf->{passphrase_version}=PASSPHRASE_VERSION;
+	DumpFile $file, $conf;
 
-  chmod 0660, $file;
+	chmod 0660, $file;
 }
 
 sub pwcheck{
-  my ($user, $pass)=@_;
-  die INVALID_USER unless $user =~ USER_REGEX;
-  $user=${^MATCH};# Make taint shut up
-  my $conf=LoadFile "$rootdir/$user.yml";
-
-  die BAD_PASSWORD unless keys $conf;# Empty hash means no such user
-  die BAD_PASSWORD unless Authen::Passphrase->from_rfc2307($conf->{passphrase})->match($pass);
-  pwset $user, $pass if $conf->{passphrase_version} < PASSPHRASE_VERSION
+	my ($user, $pass)=@_;
+	die INVALID_USER unless $user =~ USER_REGEX; ## no critic (RequireCarping)
+	$user=${^MATCH};                             # Make taint shut up
+	my $conf=LoadFile "$rootdir/$user.yml";
+
+	## no critic (RequireCarping)
+	die BAD_PASSWORD unless keys %$conf;          # Empty hash means no such user
+	die BAD_PASSWORD unless Authen::Passphrase->from_rfc2307($conf->{passphrase})->match($pass);
+	## use critic
+	pwset $user, $pass if $conf->{passphrase_version} < PASSPHRASE_VERSION
 }
 
 sub handler{
-  my $r=shift;
-  local $rootdir = $r->dir_config('AuthenPassphraseRootdir');
+	my $r=shift;
+	local $rootdir = $r->dir_config('AuthenPassphraseRootdir');
 
-  my ($rc, $pass) = $r->get_basic_auth_pw;
-  return $rc unless $rc == OK;
+	my ($rc, $pass) = $r->get_basic_auth_pw;
+	return $rc unless $rc == OK;
 
-  my $user=$r->user;
-  unless (eval { pwcheck $user, $pass; 1 }) {
-	$r->note_basic_auth_failure;
-	return HTTP_UNAUTHORIZED
-  }
+	my $user=$r->user;
+	unless (eval { pwcheck $user, $pass; 1 }) {
+		$r->note_basic_auth_failure;
+		return HTTP_UNAUTHORIZED
+	}
 
-  OK
+	OK
 }
 
 1;
@@ -103,6 +108,14 @@ Apache2::Authen::Passphrase - basic authentication with Authen::Passphrase
 
 Apache2::Authen::Passphrase is a perl module which provides easy-to-use Apache2 authentication. It exports some utility functions and it contains a PerlAuthenHandler.
 
+The password hashes are stored in YAML files in an directory (called the C<rootdir>), one file per user.
+
+Set the C<rootdir> like this:
+
+  $Apache2::Authen::Passphrase::rootdir = '/path/to/rootdir';
+
+or by setting the C<AAP_ROOTDIR> enviroment variable to the desired value.
+
 =head1 FUNCTIONS
 
 =over
@@ -149,13 +162,23 @@ Uses C<Authen::Passphrase::BlowfishCrypt> with a cost factor of 10
 
 =back
 
+=head1 ENVIRONMENT
+
+=over
+
+=item AAP_ROOTDIR
+
+If the C<rootdir> is not explicitly set, it is taken from this environment variable.
+
+=back
+
 =head1 AUTHOR
 
 Marius Gavrilescu, E<lt>marius@ieval.roE<gt>
 
 =head1 COPYRIGHT AND LICENSE
 
-Copyright (C) 2013 by Marius Gavrilescu
+Copyright (C) 2013-2015 by Marius Gavrilescu
 
 This library is free software; you can redistribute it and/or modify
 it under the same terms as Perl itself, either Perl version 5.14.2 or,