API:EPrints/Apache/Auth
EPrints 3 Reference: Directory Structure - Metadata Fields - Repository Configuration - XML Config Files - XML Export Format - EPrints data structure - Core API - Data Objects
Latest Source Code (3.4, 3.3) | Revision Log | Before editing this page please read Pod2Wiki
Contents
NAME
EPrints::Apache::Auth - Password authentication & authorisation checking for EPrints.
DESCRIPTION
This module handles the authentication and authorisation of users viewing private sections of an EPrints website.
METHODS
authen
$rc = EPrints::Apache::Auth::authen( $r, [ $realm ] )
Perform authentication on request $r. If using auth_basic then include $realm as well.
Returns an HTTP response code. =cut ######################################################################
sub authen { my( $r, $realm ) = @_;
return OK unless $r->is_initial_req; # only the first internal request
my $repository = $EPrints::HANDLE->current_repository;
if( !defined $repository )
{
return FORBIDDEN;
}
my $rc;
if( !_use_auth_basic( $r, $repository ) )
{
$rc = auth_cookie( $r, $repository );
}
else
{
$rc = auth_basic( $r, $repository, $realm );
}
return $rc; }
sub _use_auth_basic { my( $r, $repository ) = @_;
my $rc = 0;
return 0 if ($repository->config( "disable_basic_auth" )); ## This is to prevent eprints falls back to use basic auth when it is not appropriate (e.g. shibboleth, adfs enabled repositories) GCUOER-57
if( !$repository->config( "cookie_auth" ) )
{
$rc = 1;
}
if( !$rc )
{
my $uri = URI->new( $r->uri, "http" );
my $script = $uri->path;
my $econf = $repository->config( "auth_basic" ) || [];
foreach my $exppath ( @$econf )
{
if( $exppath !~ /^\// )
{
$exppath = $repository->config( "rel_cgipath" )."/$exppath";
}
if( $script =~ /^$exppath/ )
{
$rc = 1;
last;
}
}
}
# if the user agent doesn't support text/html then use Basic Auth
# NOTE: browsers requesting objects in <img src> will also not specify
# text/html, so we always look for a cookie-authentication before checking
# basic auth
if( !$rc )
{
my $accept = $r->headers_in->{'Accept'} || ;
my @types = split /\s*,\s*/, $accept;
if( !grep { m#^text/html\b# } @types )
{
$rc = 1;
}
# Microsoft Internet Explorer - Accept: */*
my $agent = $r->headers_in->{'User-Agent'} || ;
# http://msdn.microsoft.com/en-us/library/ms537509(v=vs.85).aspx
if( $agent =~ /\bMSIE ([0-9]{1,}[\.0-9]{0,})/ )
{
$rc = 0;
}
}
return $rc; }
- =pod
authen_doc
$rc = EPrints::Apache::Auth::authen_doc( $r, [ $realm ] )
Perform authentication on request $r for a document. If using auth_basic then include $realm as well.
Returns an HTTP response code.
auth_cookie
$rc = EPrints::Apache::Auth::auth_cookie( $r, $repository )
Perform authentication by cookie on request $r for repository $repository. Redirect as appropriate.
Returns an HTTP response code.
auth_basic
$rc = EPrints::Apache::Auth::auth_basic( $r, $repository, $realm )
Perform authentication by basic authentication on request $r for repository $repository.
Returns an HTTP response code.
authz
$rc = EPrints::Apache::Auth::authz( $r )
Perform authorization of request $r.
Returns an HTTP response code (always 200 OK).
authz
$rc = EPrints::Apache::Auth::authz( $r )
Perform authorization of request $r for a document.
Returns an HTTP response code
COPYRIGHT
© Copyright 2023 University of Southampton.
EPrints 3.4 is supplied by EPrints Services.
http://www.eprints.org/eprints-3.4/
LICENSE
This file is part of EPrints 3.4 http://www.eprints.org/.
EPrints 3.4 and this file are released under the terms of the GNU Lesser General Public License version 3 as published by the Free Software Foundation unless otherwise stated.
EPrints 3.4 is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with EPrints 3.4. If not, see http://www.gnu.org/licenses/.
