Difference between revisions of "API:EPrints/Apache/Auth"

From EPrints Documentation
Jump to: navigation, search
m (adding Category:Rubbish)
Line 1: Line 1:
[[Category: Rubbish]]
+
<!-- Pod2Wiki=_preamble_
 +
This page has been automatically generated from the EPrints 3.4 source. Any wiki changes made between the 'Pod2Wiki=*' and 'Edit below this comment' comments will be lost.
 +
-->{{API}}{{Pod2Wiki}}{{API:Source|file=EPrints/Apache/Auth.pm|package_name=EPrints::Apache::Auth}}[[Category:API|AUTH]][[Category:API:EPrints/Apache|AUTH]]<div><!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki=_private_ --><!-- Pod2Wiki=head_name -->
 +
==NAME==
 +
'''EPrints::Apache::Auth''' - Password authentication &amp; authorisation checking  for EPrints.
 +
 
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=head_description -->
 +
==DESCRIPTION==
 +
This module handles the authentication and authorisation of users viewing private sections of an EPrints website.
 +
 
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=head_methods -->
 +
==METHODS==
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=item_authen -->
 +
===authen===
 +
 
 +
$rc = EPrints::Apache::Auth::authen( $r, [ $realm ] )
 +
Perform authentication on request $r.  If using auth_basic then include $realm as well.
 +
 
 +
Returns an HTTP response code. =cut ######################################################################
 +
 
 +
sub authen {
 +
my( $r, $realm ) = @_;
 +
 
 +
  return OK unless $r-&gt;is_initial_req; # only the first internal request
 +
 
 +
  my $repository = $EPrints::HANDLE-&gt;current_repository;
 +
  if( !defined $repository )
 +
  {
 +
    return FORBIDDEN;
 +
  }
 +
 
 +
  my $rc;
 +
  if( !_use_auth_basic( $r, $repository ) )
 +
  {
 +
    $rc = auth_cookie( $r, $repository );
 +
  }
 +
  else
 +
  {
 +
    $rc = auth_basic( $r, $repository, $realm );
 +
  }
 +
 
 +
  return $rc; }
 +
 
 +
sub _use_auth_basic {
 +
my( $r, $repository ) = @_;
 +
 
 +
  my $rc = 0;
 +
   
 +
    return 0 if ($repository-&gt;config( "disable_basic_auth" )); ## This is to prevent eprints falls back to use basic auth when it is not appropriate (e.g. shibboleth, adfs enabled repositories) GCUOER-57
 +
 
 +
  if( !$repository-&gt;config( "cookie_auth" ) )
 +
  {
 +
    $rc = 1;
 +
  }
 +
  if( !$rc )
 +
  {
 +
    my $uri = URI-&gt;new( $r-&gt;uri, "http" );
 +
    my $script = $uri-&gt;path;
 +
 
 +
    my $econf = $repository-&gt;config( "auth_basic" ) || [];
 +
 
 +
    foreach my $exppath ( @$econf )
 +
    {
 +
      if( $exppath !~ /^\// )
 +
      {
 +
        $exppath = $repository-&gt;config( "rel_cgipath" )."/$exppath";
 +
      }
 +
      if( $script =~ /^$exppath/ )
 +
      {
 +
        $rc = 1;
 +
        last;
 +
      }
 +
    }
 +
  }
 +
  # if the user agent doesn't support text/html then use Basic Auth
 +
  # NOTE: browsers requesting objects in &lt;img src&gt; will also not specify
 +
  # text/html, so we always look for a cookie-authentication before checking
 +
  # basic auth
 +
  if( !$rc )
 +
  {
 +
    my $accept = $r-&gt;headers_in-&gt;{'Accept'} || '';
 +
    my @types = split /\s*,\s*/, $accept;
 +
    if( !grep { m#^text/html\b# } @types )
 +
    {
 +
      $rc = 1;
 +
    }
 +
    # Microsoft Internet Explorer - Accept: */*
 +
    my $agent = $r-&gt;headers_in-&gt;{'User-Agent'} || '';
 +
    # http://msdn.microsoft.com/en-us/library/ms537509(v=vs.85).aspx
 +
    if( $agent =~ /\bMSIE ([0-9]{1,}[\.0-9]{0,})/ )
 +
    {
 +
      $rc = 0;
 +
    }
 +
  }
 +
 
 +
  return $rc; }
 +
 
 +
###################################################################### =pod
 +
 
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=item_authen_doc -->
 +
===authen_doc===
 +
 
 +
$rc = EPrints::Apache::Auth::authen_doc( $r, [ $realm ] )
 +
Perform authentication on request $r for a document.  If using  auth_basic then include $realm as well.
 +
 
 +
Returns an HTTP response code.
 +
 
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=item_auth_cookie -->
 +
===auth_cookie===
 +
 
 +
$rc = EPrints::Apache::Auth::auth_cookie( $r, $repository )
 +
Perform authentication by cookie on request $r for repository $repository.  Redirect as appropriate.
 +
 
 +
Returns an HTTP response code.
 +
 
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=item_auth_basic -->
 +
===auth_basic===
 +
 
 +
$rc = EPrints::Apache::Auth::auth_basic( $r, $repository, $realm )
 +
Perform authentication by basic authentication on request $r for  repository $repository.
 +
 
 +
Returns an HTTP response code.
 +
 
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=item_authz -->
 +
===authz===
 +
 
 +
$rc = EPrints::Apache::Auth::authz( $r )
 +
Perform authorization of request $r.
 +
 
 +
Returns an HTTP response code (always 200 OK).
 +
 
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=item_authz -->
 +
===authz===
 +
 
 +
$rc = EPrints::Apache::Auth::authz( $r )
 +
Perform authorization of request $r for a document.
 +
 
 +
Returns an HTTP response code
 +
 
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=head_copyright -->
 +
==COPYRIGHT==
 +
{{API:Copyright}}
 +
<div style='background-color: #e8e8f; margin: 0.5em 0em 1em 0em; border: solid 1px #cce;  padding: 0em 1em 0em 1em; font-size: 80%; '>
 +
<span style='display:none'>User Comments</span>
 +
<!-- Edit below this comment -->
 +
 
 +
 
 +
<!-- Pod2Wiki= -->
 +
</div>
 +
<!-- Pod2Wiki=_postamble_ --><!-- Edit below this comment -->

Revision as of 21:06, 14 December 2021

EPrints 3 Reference: Directory Structure - Metadata Fields - Repository Configuration - XML Config Files - XML Export Format - EPrints data structure - Core API - Data Objects

API: Core API

Latest Source Code (3.4, 3.3) | Revision Log | Before editing this page please read Pod2Wiki


NAME

EPrints::Apache::Auth - Password authentication & authorisation checking for EPrints.

User Comments


DESCRIPTION

This module handles the authentication and authorisation of users viewing private sections of an EPrints website.

User Comments


METHODS

User Comments


authen

$rc = EPrints::Apache::Auth::authen( $r, [ $realm ] )

Perform authentication on request $r. If using auth_basic then include $realm as well.

Returns an HTTP response code. =cut ######################################################################

sub authen { my( $r, $realm ) = @_; 

 return OK unless $r->is_initial_req; # only the first internal request
 
 my $repository = $EPrints::HANDLE->current_repository;
 if( !defined $repository )
 {
   return FORBIDDEN;
 }
 
 my $rc;
 if( !_use_auth_basic( $r, $repository ) )
 {
   $rc = auth_cookie( $r, $repository );
 }
 else
 {
   $rc = auth_basic( $r, $repository, $realm );
 }
 
 return $rc; }

sub _use_auth_basic { my( $r, $repository ) = @_; 

 my $rc = 0;
   
   return 0 if ($repository->config( "disable_basic_auth" )); ## This is to prevent eprints falls back to use basic auth when it is not appropriate (e.g. shibboleth, adfs enabled repositories) GCUOER-57
 
 if( !$repository->config( "cookie_auth" ) ) 
 {
   $rc = 1;
 }
 if( !$rc )
 {
   my $uri = URI->new( $r->uri, "http" );
   my $script = $uri->path;
 
   my $econf = $repository->config( "auth_basic" ) || [];
 
   foreach my $exppath ( @$econf )
   {
     if( $exppath !~ /^\// )
     {
       $exppath = $repository->config( "rel_cgipath" )."/$exppath";
     }
     if( $script =~ /^$exppath/ )
     {
       $rc = 1;
       last;
     }
   }
 }
 # if the user agent doesn't support text/html then use Basic Auth
 # NOTE: browsers requesting objects in <img src> will also not specify
 # text/html, so we always look for a cookie-authentication before checking
 # basic auth
 if( !$rc )
 {
   my $accept = $r->headers_in->{'Accept'} || ;
   my @types = split /\s*,\s*/, $accept;
   if( !grep { m#^text/html\b# } @types )
   {
     $rc = 1;
   }
   # Microsoft Internet Explorer - Accept: */*
   my $agent = $r->headers_in->{'User-Agent'} || ;
   # http://msdn.microsoft.com/en-us/library/ms537509(v=vs.85).aspx
   if( $agent =~ /\bMSIE ([0-9]{1,}[\.0-9]{0,})/ )
   {
     $rc = 0;
   }
 }
 
 return $rc; }
                                                                                                                                            1. =pod

User Comments


authen_doc

$rc = EPrints::Apache::Auth::authen_doc( $r, [ $realm ] )

Perform authentication on request $r for a document. If using auth_basic then include $realm as well.

Returns an HTTP response code.

User Comments


auth_cookie

$rc = EPrints::Apache::Auth::auth_cookie( $r, $repository )

Perform authentication by cookie on request $r for repository $repository. Redirect as appropriate.

Returns an HTTP response code.

User Comments


auth_basic

$rc = EPrints::Apache::Auth::auth_basic( $r, $repository, $realm )

Perform authentication by basic authentication on request $r for repository $repository.

Returns an HTTP response code.

User Comments


authz

$rc = EPrints::Apache::Auth::authz( $r )

Perform authorization of request $r.

Returns an HTTP response code (always 200 OK).

User Comments


authz

$rc = EPrints::Apache::Auth::authz( $r )

Perform authorization of request $r for a document.

Returns an HTTP response code

User Comments


COPYRIGHT

© Copyright 2023 University of Southampton.

EPrints 3.4 is supplied by EPrints Services.

http://www.eprints.org/eprints-3.4/

LICENSE

This file is part of EPrints 3.4 http://www.eprints.org/.

EPrints 3.4 and this file are released under the terms of the GNU Lesser General Public License version 3 as published by the Free Software Foundation unless otherwise stated.

EPrints 3.4 is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with EPrints 3.4. If not, see http://www.gnu.org/licenses/.

User Comments


Retrieved from ‘https://wiki.eprints.org/w/index.php?title=API:EPrints/Apache/Auth&oldid=13918