1# please insert nothing before this line: -*- mode: cperl; cperl-indent-level: 4; cperl-continued-statement-offset: 4; indent-tabs-mode: nil -*- 2package TestAPI::access2; 3 4# testing $r->requires 5# in the POST test it returns: 6# 7# [ 8# { 9# 'method_mask' => -1, 10# 'requirement' => 'user goo bar' 11# }, 12# { 13# 'method_mask' => -1, 14# 'requirement' => 'group bar tar' 15# } 16# { 17# 'method_mask' => 4, 18# 'requirement' => 'valid-user' 19# } 20# ]; 21# 22# otherwise it returns the same, sans the 'valid-user' entry 23# 24# also test: 25# - $r->some_auth_required when it's required 26# - $r->satisfies when Satisfy is set 27 28use strict; 29use warnings FATAL => 'all'; 30 31use Apache2::Access (); 32use Apache2::RequestRec (); 33 34use Apache::TestTrace; 35 36use Apache2::Const -compile => qw(OK HTTP_UNAUTHORIZED SERVER_ERROR 37 M_POST :satisfy); 38 39my $users = "goo bar"; 40my $groups = "bar tar"; 41my %users = ( 42 goo => "goopass", 43 bar => "barpass", 44); 45 46sub handler { 47 my $r = shift; 48 die '$r->some_auth_required failed' unless $r->some_auth_required; 49 50 my $satisfies = $r->satisfies; 51 die "wanted satisfies=" . Apache2::Const::SATISFY_ALL . ", got $satisfies" 52 unless $r->satisfies() == Apache2::Const::SATISFY_ALL; 53 54 my ($rc, $sent_pw) = $r->get_basic_auth_pw; 55 return $rc if $rc != Apache2::Const::OK; 56 57 # extract just the requirement entries 58 my %require = 59 map { my ($k, $v) = split /\s+/, $_->{requirement}, 2; ($k, $v||'') } 60 @{ $r->requires }; 61 debug \%require; 62 63 # silly (we don't check user/pass here), just checking when 64 # the Limit options are getting through 65 if ($r->method_number == Apache2::Const::M_POST) { 66 if (exists $require{"valid-user"}) { 67 return Apache2::Const::OK; 68 } 69 else { 70 return Apache2::Const::SERVER_ERROR; 71 } 72 } 73 else { 74 # non-POST requests shouldn't see the Limit enclosed entry 75 return Apache2::Const::SERVER_ERROR if exists $require{"valid-user"}; 76 } 77 78 return Apache2::Const::SERVER_ERROR unless $require{user} eq $users; 79 return Apache2::Const::SERVER_ERROR unless $require{group} eq $groups; 80 81 my $user = $r->user; 82 my $pass = $users{$user} || ''; 83 unless (defined $pass and $sent_pw eq $pass) { 84 $r->note_basic_auth_failure; 85 return Apache2::Const::HTTP_UNAUTHORIZED; 86 } 87 88 Apache2::Const::OK; 89} 90 911; 92__DATA__ 93 94<NoAutoConfig> 95<IfModule mod_version.c> 96<IfVersion < 2.3.0> 97<Location /TestAPI__access2> 98 PerlAuthenHandler TestAPI::access2 99 PerlResponseHandler Apache::TestHandler::ok1 100 SetHandler modperl 101 102 <IfModule @ACCESS_MODULE@> 103 # needed to test $r->satisfies 104 Allow from All 105 </IfModule> 106 AuthType Basic 107 AuthName "Access" 108 Require user goo bar 109 Require group bar tar 110 <Limit POST> 111 Require valid-user 112 </Limit> 113 Satisfy All 114 <IfModule @AUTH_MODULE@> 115 # htpasswd -mbc auth-users goo foo 116 # htpasswd -mb auth-users bar mar 117 # using md5 password so it'll work on win32 too 118 AuthUserFile @DocumentRoot@/api/auth-users 119 # group: user1 user2 ... 120 AuthGroupFile @DocumentRoot@/api/auth-groups 121 </IfModule> 122</Location> 123</IfVersion> 124</IfModule> 125</NoAutoConfig> 126