1 package Apache2
::Authen
::Passphrase
;
3 our $VERSION = 0.002001;
8 use parent qw
/Exporter/;
9 use subs qw
/OK HTTP_UNAUTHORIZED/;
12 USER_REGEX
=> qr/^\w{2,20}$/pa,
13 PASSPHRASE_VERSION
=> 1,
14 INVALID_USER
=> "invalid-user\n",
15 BAD_PASSWORD
=> "bad-password\n",
18 use if $ENV{MOD_PERL
}, 'Apache2::RequestRec';
19 use if $ENV{MOD_PERL
}, 'Apache2::Access';
20 use if $ENV{MOD_PERL
}, 'Apache2::Const' => qw
/OK HTTP_UNAUTHORIZED/;
21 use Authen
::Passphrase
;
22 use Authen
::Passphrase
::BlowfishCrypt
;
23 use YAML
::Any qw
/LoadFile DumpFile/;
25 our @EXPORT_OK = qw
/pwset pwcheck pwhash USER_REGEX PASSPHRASE_VERSION INVALID_USER BAD_PASSWORD/;
27 ##################################################
29 our $rootdir //= $ENV{AAP_ROOTDIR
};
34 my $ppr=Authen
::Passphrase
::BlowfishCrypt
->new(
46 my $file = "$rootdir/$user.yml";
47 my $conf = eval { LoadFile
$file } // undef;
48 $conf->{passphrase
}=pwhash
$pass;
49 $conf->{passphrase_version
}=PASSPHRASE_VERSION
;
50 DumpFile
$file, $conf;
57 die INVALID_USER
unless $user =~ USER_REGEX
;
58 $user=${^MATCH
};# Make taint shut up
59 my $conf=LoadFile
"$rootdir/$user.yml";
61 die BAD_PASSWORD
unless keys $conf;# Empty hash means no such user
62 die BAD_PASSWORD
unless Authen
::Passphrase
->from_rfc2307($conf->{passphrase
})->match($pass);
63 pwset
$user, $pass if $conf->{passphrase_version
} < PASSPHRASE_VERSION
68 local $rootdir = $r->dir_config('AuthenPassphraseRootdir');
70 my ($rc, $pass) = $r->get_basic_auth_pw;
71 return $rc unless $rc == OK
;
74 unless (eval { pwcheck
$user, $pass; 1 }) {
75 $r->note_basic_auth_failure;
76 return HTTP_UNAUTHORIZED
87 Apache2::Authen::Passphrase - basic authentication with Authen::Passphrase
91 use Apache2::Authen::Passphrase qw/pwcheck pwset pwhash/;
92 $Apache2::Authen::Passphrase::rootdir = "/path/to/user/directory"
93 my $hash = pwhash $username, $password;
94 pwset $username, "pass123";
95 eval { pwcheck $username, "pass123" };
99 PerlAuthenHandler Apache2::Authen::Passphrase
100 PerlSetVar AuthenPassphraseRootdir /path/to/user/directory
107 Apache2::Authen::Passphrase is a perl module which provides easy-to-use Apache2 authentication. It exports some utility functions and it contains a PerlAuthenHandler.
109 The password hashes are stored in YAML files in an directory (called the C<rootdir>), one file per user.
111 Set the C<rootdir> like this:
113 $Apache2::Authen::Passphrase::rootdir = '/path/to/rootdir';
115 or by setting the C<AAP_ROOTDIR> enviroment variable to the desired value.
123 Takes the password as a single argument and returns the password hash.
125 =item B<pwset>(I<$username>, I<$password>)
127 Sets the password of $username to $password.
129 =item B<pwcheck>(I<$username>, I<$password>)
131 Checks the given username and password, throwing an exception if the username is invalid or the password is incorrect.
135 The PerlAuthenHandler for use in apache2. It uses Basic Access Authentication.
139 A regex that matches valid usernames. Usernames must be at least 2 characters, at most 20 characters, and they may only contain word characters (C<[A-Za-z0-9_]>).
141 =item B<INVALID_USER>
143 Exception thrown if the username does not match C<USER_REGEX>.
145 =item B<BAD_PASSWORD>
147 Exception thrown if the password is different from the one stored in the user's yml file.
149 =item B<PASSPHRASE_VERSION>
151 The version of the passphrase. It is incremented each time the passphrase hashing scheme is changed. Versions so far:
155 =item Version 1 B<(current)>
157 Uses C<Authen::Passphrase::BlowfishCrypt> with a cost factor of 10
169 If the C<rootdir> is not explicitly set, it is taken from this environment variable.
175 Marius Gavrilescu, E<lt>marius@ieval.roE<gt>
177 =head1 COPYRIGHT AND LICENSE
179 Copyright (C) 2013 by Marius Gavrilescu
181 This library is free software; you can redistribute it and/or modify
182 it under the same terms as Perl itself, either Perl version 5.14.2 or,
183 at your option, any later version of Perl 5 you may have available.
This page took 0.027719 seconds and 4 git commands to generate.