API:EPrints/Apache/Auth: Difference between revisions
m adding Category:Rubbish |
No edit summary |
||
| Line 1: | Line 1: | ||
[[Category: | <!-- Pod2Wiki=_preamble_ | ||
This page has been automatically generated from the EPrints 3.4 source. Any wiki changes made between the 'Pod2Wiki=*' and 'Edit below this comment' comments will be lost. | |||
-->{{API}}{{Pod2Wiki}}{{API:Source|file=EPrints/Apache/Auth.pm|package_name=EPrints::Apache::Auth}}[[Category:API|AUTH]][[Category:API:EPrints/Apache|AUTH]]<div><!-- Edit below this comment --> | |||
<!-- Pod2Wiki=_private_ --><!-- Pod2Wiki=head_name --> | |||
==NAME== | |||
'''EPrints::Apache::Auth''' - Password authentication & authorisation checking for EPrints. | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=head_description --> | |||
==DESCRIPTION== | |||
This module handles the authentication and authorisation of users viewing private sections of an EPrints website. | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=head_methods --> | |||
==METHODS== | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=item_authen --> | |||
===authen=== | |||
$rc = EPrints::Apache::Auth::authen( $r, [ $realm ] ) | |||
Perform authentication on request $r. If using auth_basic then include $realm as well. | |||
Returns an HTTP response code. =cut ###################################################################### | |||
sub authen { | |||
my( $r, $realm ) = @_; | |||
return OK unless $r->is_initial_req; # only the first internal request | |||
my $repository = $EPrints::HANDLE->current_repository; | |||
if( !defined $repository ) | |||
{ | |||
return FORBIDDEN; | |||
} | |||
my $rc; | |||
if( !_use_auth_basic( $r, $repository ) ) | |||
{ | |||
$rc = auth_cookie( $r, $repository ); | |||
} | |||
else | |||
{ | |||
$rc = auth_basic( $r, $repository, $realm ); | |||
} | |||
return $rc; } | |||
sub _use_auth_basic { | |||
my( $r, $repository ) = @_; | |||
my $rc = 0; | |||
return 0 if ($repository->config( "disable_basic_auth" )); ## This is to prevent eprints falls back to use basic auth when it is not appropriate (e.g. shibboleth, adfs enabled repositories) GCUOER-57 | |||
if( !$repository->config( "cookie_auth" ) ) | |||
{ | |||
$rc = 1; | |||
} | |||
if( !$rc ) | |||
{ | |||
my $uri = URI->new( $r->uri, "http" ); | |||
my $script = $uri->path; | |||
my $econf = $repository->config( "auth_basic" ) || []; | |||
foreach my $exppath ( @$econf ) | |||
{ | |||
if( $exppath !~ /^\// ) | |||
{ | |||
$exppath = $repository->config( "rel_cgipath" )."/$exppath"; | |||
} | |||
if( $script =~ /^$exppath/ ) | |||
{ | |||
$rc = 1; | |||
last; | |||
} | |||
} | |||
} | |||
# if the user agent doesn't support text/html then use Basic Auth | |||
# NOTE: browsers requesting objects in <img src> will also not specify | |||
# text/html, so we always look for a cookie-authentication before checking | |||
# basic auth | |||
if( !$rc ) | |||
{ | |||
my $accept = $r->headers_in->{'Accept'} || ''; | |||
my @types = split /\s*,\s*/, $accept; | |||
if( !grep { m#^text/html\b# } @types ) | |||
{ | |||
$rc = 1; | |||
} | |||
# Microsoft Internet Explorer - Accept: */* | |||
my $agent = $r->headers_in->{'User-Agent'} || ''; | |||
# http://msdn.microsoft.com/en-us/library/ms537509(v=vs.85).aspx | |||
if( $agent =~ /\bMSIE ([0-9]{1,}[\.0-9]{0,})/ ) | |||
{ | |||
$rc = 0; | |||
} | |||
} | |||
return $rc; } | |||
###################################################################### =pod | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=item_authen_doc --> | |||
===authen_doc=== | |||
$rc = EPrints::Apache::Auth::authen_doc( $r, [ $realm ] ) | |||
Perform authentication on request $r for a document. If using auth_basic then include $realm as well. | |||
Returns an HTTP response code. | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=item_auth_cookie --> | |||
===auth_cookie=== | |||
$rc = EPrints::Apache::Auth::auth_cookie( $r, $repository ) | |||
Perform authentication by cookie on request $r for repository $repository. Redirect as appropriate. | |||
Returns an HTTP response code. | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=item_auth_basic --> | |||
===auth_basic=== | |||
$rc = EPrints::Apache::Auth::auth_basic( $r, $repository, $realm ) | |||
Perform authentication by basic authentication on request $r for repository $repository. | |||
Returns an HTTP response code. | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=item_authz --> | |||
===authz=== | |||
$rc = EPrints::Apache::Auth::authz( $r ) | |||
Perform authorization of request $r. | |||
Returns an HTTP response code (always 200 OK). | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=item_authz --> | |||
===authz=== | |||
$rc = EPrints::Apache::Auth::authz( $r ) | |||
Perform authorization of request $r for a document. | |||
Returns an HTTP response code | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=head_copyright --> | |||
==COPYRIGHT== | |||
{{API:Copyright}} | |||
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce; padding: 0em 1em 0em 1em; font-size: 80%; '> | |||
<span style='display:none'>User Comments</span> | |||
<!-- Edit below this comment --> | |||
<!-- Pod2Wiki= --> | |||
</div> | |||
<!-- Pod2Wiki=_postamble_ --><!-- Edit below this comment --> | |||
Revision as of 21:06, 14 December 2021
EPrints 3 Reference: Directory Structure - Metadata Fields - Repository Configuration - XML Config Files - XML Export Format - EPrints data structure - Core API - Data Objects
Latest Source Code (3.4, 3.3) | Revision Log | Before editing this page please read Pod2Wiki
NAME
EPrints::Apache::Auth - Password authentication & authorisation checking for EPrints.
DESCRIPTION
This module handles the authentication and authorisation of users viewing private sections of an EPrints website.
METHODS
authen
$rc = EPrints::Apache::Auth::authen( $r, [ $realm ] )
Perform authentication on request $r. If using auth_basic then include $realm as well.
Returns an HTTP response code. =cut ######################################################################
sub authen { my( $r, $realm ) = @_;
return OK unless $r->is_initial_req; # only the first internal request
my $repository = $EPrints::HANDLE->current_repository;
if( !defined $repository )
{
return FORBIDDEN;
}
my $rc;
if( !_use_auth_basic( $r, $repository ) )
{
$rc = auth_cookie( $r, $repository );
}
else
{
$rc = auth_basic( $r, $repository, $realm );
}
return $rc; }
sub _use_auth_basic { my( $r, $repository ) = @_;
my $rc = 0;
return 0 if ($repository->config( "disable_basic_auth" )); ## This is to prevent eprints falls back to use basic auth when it is not appropriate (e.g. shibboleth, adfs enabled repositories) GCUOER-57
if( !$repository->config( "cookie_auth" ) )
{
$rc = 1;
}
if( !$rc )
{
my $uri = URI->new( $r->uri, "http" );
my $script = $uri->path;
my $econf = $repository->config( "auth_basic" ) || [];
foreach my $exppath ( @$econf )
{
if( $exppath !~ /^\// )
{
$exppath = $repository->config( "rel_cgipath" )."/$exppath";
}
if( $script =~ /^$exppath/ )
{
$rc = 1;
last;
}
}
}
# if the user agent doesn't support text/html then use Basic Auth
# NOTE: browsers requesting objects in <img src> will also not specify
# text/html, so we always look for a cookie-authentication before checking
# basic auth
if( !$rc )
{
my $accept = $r->headers_in->{'Accept'} || ;
my @types = split /\s*,\s*/, $accept;
if( !grep { m#^text/html\b# } @types )
{
$rc = 1;
}
# Microsoft Internet Explorer - Accept: */*
my $agent = $r->headers_in->{'User-Agent'} || ;
# http://msdn.microsoft.com/en-us/library/ms537509(v=vs.85).aspx
if( $agent =~ /\bMSIE ([0-9]{1,}[\.0-9]{0,})/ )
{
$rc = 0;
}
}
return $rc; }
- =pod
authen_doc
$rc = EPrints::Apache::Auth::authen_doc( $r, [ $realm ] )
Perform authentication on request $r for a document. If using auth_basic then include $realm as well.
Returns an HTTP response code.
auth_cookie
$rc = EPrints::Apache::Auth::auth_cookie( $r, $repository )
Perform authentication by cookie on request $r for repository $repository. Redirect as appropriate.
Returns an HTTP response code.
auth_basic
$rc = EPrints::Apache::Auth::auth_basic( $r, $repository, $realm )
Perform authentication by basic authentication on request $r for repository $repository.
Returns an HTTP response code.
authz
$rc = EPrints::Apache::Auth::authz( $r )
Perform authorization of request $r.
Returns an HTTP response code (always 200 OK).
authz
$rc = EPrints::Apache::Auth::authz( $r )
Perform authorization of request $r for a document.
Returns an HTTP response code
COPYRIGHT
© Copyright 2000-2024 University of Southampton.
EPrints 3.4 is supplied by EPrints Services.
http://www.eprints.org/eprints-3.4/
LICENSE
This file is part of EPrints 3.4 http://www.eprints.org/.
EPrints 3.4 and this file are released under the terms of the GNU Lesser General Public License version 3 as published by the Free Software Foundation unless otherwise stated.
EPrints 3.4 is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with EPrints 3.4. If not, see http://www.gnu.org/licenses/.