Using Basic Auth with WebGUI (#12198)
Per IRC discussion with preaction, make HTTP auth failures soft failures. Don't attempt to re-auth the user on failure. Otherwise, .htaccess or similar put in place to protect a site and WebGUI get into a skirmish (users are asked to re-auth even if they did the .htaccess correctly, the log gets flooded, cats get radio shows, etc).
This commit is contained in:
Scott Walters
parent
ee121e9460
commit
622391b61d
3 changed files with 73 additions and 71 deletions
|
|
@ -64,12 +64,30 @@ to the user, instead of displaying the Page Not Found page.
|
|||
sub handler {
|
||||
my ($request, $server, $config) = @_;
|
||||
$request->push_handlers(PerlResponseHandler => sub {
|
||||
|
||||
my $request = shift;
|
||||
$request = Apache2::Request->new($request);
|
||||
|
||||
my $session = $request->pnotes('wgSession');
|
||||
|
||||
WEBGUI_FATAL: {
|
||||
unless (defined $session) {
|
||||
$session = WebGUI::Session->open($server->dir_config('WebguiRoot'), $config->getFilename, $request, $server);
|
||||
return Apache2::Const::OK if ! defined $session;
|
||||
}
|
||||
|
||||
# if there's no session cookie but there is HTTP auth, try to log in using that
|
||||
my $auth = $request->headers_in->{'Authorization'};
|
||||
if( $session->user->isVisitor and $auth ) {
|
||||
if( $auth =~ m/^Basic/ ) {
|
||||
$auth =~ s/Basic //;
|
||||
WebGUI::authen($request, split(":", MIME::Base64::decode_base64($auth), 2), $session);
|
||||
}
|
||||
else { # realm oriented
|
||||
$request->push_handlers(PerlAuthenHandler => sub { return WebGUI::authen($request, undef, undef, $session)});
|
||||
}
|
||||
}
|
||||
|
||||
WebGUI::Asset::Template->processVariableHeaders($session);
|
||||
foreach my $handler (@{$config->get("contentHandlers")}) {
|
||||
my $output = eval { WebGUI::Pluggable::run($handler, "handler", [ $session ] )};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue