Hello community, here is the log from the commit of package perl-Apache-AuthCookie for openSUSE:Factory checked in at 2011-11-14 14:52:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Apache-AuthCookie (Old) and /work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Apache-AuthCookie", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Apache-AuthCookie/perl-Apache-AuthCookie.changes 2011-09-23 12:35:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new/perl-Apache-AuthCookie.changes 2011-11-14 14:52:50.000000000 +0100 @@ -1,0 +2,32 @@ +Thu Oct 20 13:03:30 UTC 2011 - [email protected] + +- update to 3.18 2011-01-24 + * remove 3.17's test skip hacks and bump Apache::Test prereq to + v1.53 which fixes this issue + * fix MANIFEST.SKIP to ignore genereated t/conf/mime.types + * remove dist.inim weaver.ini from dists + * fixed t/real.t to use correct -withtestmore import syntax + * rename sample authcookie handlers to Sample::Apache and + Sample::Apache2 namespaces + +- update to 3.17 2011-01-19 + * skip the test suite if running as root. Apache::Test 1.34 fails + the test suite if running as root instead of skipping it. By + skipping, AuthCookie can be installed via CPAN.pm as root + +- update to 3.16 2011-01-19 + * require Apache::Test 1.32 - fixes Ubuntu build issue + * remove mod_perl/mod_perl2 related rereq's from META.yml. The + correct mod perl version is not known until Makefile.PL is run. + CPAN.pm should not try to install either one until it is known + which one is appropriate. (RT 64926) + +- update to 3.15 2010-08-27 + * enable Dist::Zilla Manifest plugin + * add FAQ + * add FAQ entry on how to protect an entire site/document root + * recognize_user: return DECLINED if user is already set + * refactor P3P header generation into send_p3p($r) so subclasses + can overload it + +------------------------------------------------------------------- Old: ---- Apache-AuthCookie-3.14.tar.bz2 New: ---- Apache-AuthCookie-3.18.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Apache-AuthCookie.spec ++++++ --- /var/tmp/diff_new_pack.UuQmg1/_old 2011-11-14 14:52:51.000000000 +0100 +++ /var/tmp/diff_new_pack.UuQmg1/_new 2011-11-14 14:52:51.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package perl-Apache-AuthCookie (Version 3.14) +# spec file for package perl-Apache-AuthCookie # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,56 +15,213 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: perl-Apache-AuthCookie +Version: 3.18 +Release: 1 +License: GPL+ or Artistic %define cpan_name Apache-AuthCookie Summary: Perl Authentication and Authorization via cookies -Version: 3.14 -Release: 2 -License: GPL v1+, Artistic License -Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/Apache-AuthCookie/ -#Source: http://www.cpan.org/modules/by-module/Apache/Apache-AuthCookie-3.14.tar.gz -Source: %{cpan_name}-%{version}.tar.bz2 +Group: Development/Libraries/Perl +Source: http://www.cpan.org/authors/id/M/MS/MSCHOUT/%{cpan_name}-%{version}.tar.gz BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build -%{perl_requires} BuildRequires: perl BuildRequires: perl-macros -BuildRequires: perl(Apache) -BuildRequires: perl(Carp) +BuildRequires: perl(Apache::Test) >= 1.35 BuildRequires: perl(CGI) >= 3.12 -BuildRequires: perl(constant) -BuildRequires: perl(Module::Signature) -BuildRequires: perl(Socket) -BuildRequires: perl(vars) -Requires: perl(Apache) -Requires: perl(Carp) +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(mod_perl2) >= 1.999022 +BuildRequires: perl(Test::More) +#BuildRequires: perl(Apache) +#BuildRequires: perl(Apache2::Access) +#BuildRequires: perl(Apache2::AuthCookie) +#BuildRequires: perl(Apache2::Const) +#BuildRequires: perl(Apache2::Log) +#BuildRequires: perl(Apache2::RequestIO) +#BuildRequires: perl(Apache2::RequestRec) +#BuildRequires: perl(Apache2::RequestUtil) +#BuildRequires: perl(Apache2::Response) +#BuildRequires: perl(Apache2::Util) +#BuildRequires: perl(Apache::AuthCookie) +#BuildRequires: perl(Apache::AuthCookie::Util) +#BuildRequires: perl(Apache::Constants) +#BuildRequires: perl(Apache::TestMM) +#BuildRequires: perl(Apache::TestRequest) +#BuildRequires: perl(Apache::TestRunPerl) +#BuildRequires: perl(Apache::TestUtil) +#BuildRequires: perl(Apache::Util) +#BuildRequires: perl(APR::Table) +#BuildRequires: perl(Carp) +#BuildRequires: perl(constant) +#BuildRequires: perl(File::Copy) +#BuildRequires: perl(File::Spec) +#BuildRequires: perl(mod_perl) +#BuildRequires: perl(Module::Signature) +#BuildRequires: perl(Socket) +#BuildRequires: perl(vars) +Requires: perl(Apache::Test) >= 1.35 Requires: perl(CGI) >= 3.12 +Requires: perl(mod_perl2) >= 1.999022 +Requires: perl(Test::More) +%{perl_requires} %description -Apache::AuthCookie allows you to intercept a user's first -unauthenticated access to a protected document. The user will be -presented with a custom form where they can enter authentication -credentials. The credentials are posted to the server where AuthCookie -verifies them and returns a session key. - -The session key is returned to the user's browser as a cookie. As a -cookie, the browser will pass the session key on every subsequent -accesses. AuthCookie will verify the session key and re-authenticate -the user. - -All you have to do is write a custom module that inherits from -AuthCookie. - - - -Authors: --------- - Michael Schout <[email protected]> - Ken Williams <[email protected]> +*Apache::AuthCookie* allows you to intercept a user's first unauthenticated +access to a protected document. The user will be presented with a custom +form where they can enter authentication credentials. The credentials are +posted to the server where AuthCookie verifies them and returns a session +key. + +The session key is returned to the user's browser as a cookie. As a cookie, +the browser will pass the session key on every subsequent accesses. +AuthCookie will verify the session key and re-authenticate the user. + +All you have to do is write a custom module that inherits from AuthCookie. +Your module is a class which implements two methods: + +* 'authen_cred()' + + Verify the user-supplied credentials and return a session key. The + session key can be any string - often you'll use some string containing + username, timeout info, and any other information you need to determine + access to documents, and append a one-way hash of those values together + with some secret key. + +* 'authen_ses_key()' + + Verify the session key (previously generated by 'authen_cred()', possibly + during a previous request) and return the user ID. This user ID will be + fed to '$r->connection->user()' to set Apache's idea of who's logged in. + +By using AuthCookie versus Apache's built-in AuthBasic you can design your +own authentication system. There are several benefits. + +* 1. + + The client doesn't *have* to pass the user credentials on every + subsequent access. If you're using passwords, this means that the + password can be sent on the first request only, and subsequent requests + don't need to send this (potentially sensitive) information. This is + known as "ticket-based" authentication. + +* 2. + + When you determine that the client should stop using the + credentials/session key, the server can tell the client to delete the + cookie. Letting users "log out" is a notoriously impossible-to-solve + problem of AuthBasic. + +* 3. + + AuthBasic dialog boxes are ugly. You can design your own HTML login forms + when you use AuthCookie. + +* 4. + + You can specify the domain of a cookie using PerlSetVar commands. For + instance, if your AuthName is 'WhatEver', you can put the command + + PerlSetVar WhatEverDomain .yourhost.com + + into your server setup file and your access cookies will span all hosts + ending in '.yourhost.com'. + +* 5. + + You can optionally specify the name of your cookie using the 'CookieName' + directive. For instance, if your AuthName is 'WhatEver', you can put the + command + + PerlSetVar WhatEverCookieName MyCustomName + + into your server setup file and your cookies for this AuthCookie realm + will be named MyCustomName. Default is AuthType_AuthName. + +* 6. + + By default users must satisfy ALL of the 'require' directives. If you + want authentication to succeed if ANY 'require' directives are met, use + the 'Satisfy' directive. For instance, if your AuthName is 'WhatEver', + you can put the command + + PerlSetVar WhatEverSatisfy Any + + into your server startup file and authentication for this realm will + succeed if ANY of the 'require' directives are met. + +This is the flow of the authentication handler, less the details of the +redirects. Two REDIRECT's are used to keep the client from displaying the +user's credentials in the Location field. They don't really change +AuthCookie's model, but they do add another round-trip request to the +client. + + (-----------------------) +---------------------------------+ + ( Request a protected ) | AuthCookie sets custom error | + ( page, but user hasn't )---->| document and returns | + ( authenticated (no ) | FORBIDDEN. Apache abandons | + ( session key cookie) ) | current request and creates sub | + (-----------------------) | request for the error document. |<-+ + | Error document is a script that | | + | generates a form where the user | | + return | enters authentication | | + ^------------------->| credentials (login & password). | | + / \ False +---------------------------------+ | + / \ | | + / \ | | + / \ V | + / \ +---------------------------------+ | + / Pass \ | User's client submits this form | | + / user's \ | to the LOGIN URL, which calls | | + | credentials |<------------| AuthCookie->login(). | | + \ to / +---------------------------------+ | + \authen_cred/ | + \ function/ | + \ / | + \ / | + \ / +------------------------------------+ | + \ / return | Authen cred returns a session | +--+ + V------------->| key which is opaque to AuthCookie.*| | + True +------------------------------------+ | + | | + +--------------------+ | +---------------+ + | | | | If we had a | + V | V | cookie, add | + +----------------------------+ r | ^ | a Set-Cookie | + | If we didn't have a session| e |T / \ | header to | + | key cookie, add a | t |r / \ | override the | + | Set-Cookie header with this| u |u / \ | invalid cookie| + | session key. Client then | r |e / \ +---------------+ + | returns session key with | n | / pass \ ^ + | successive requests | | / session \ | + +----------------------------+ | / key to \ return | + | +-| authen_ses_key|------------+ + V \ / False + +-----------------------------------+ \ / + | Tell Apache to set Expires header,| \ / + | set user to user ID returned by | \ / + | authen_ses_key, set authentication| \ / + | to our type (e.g. AuthCookie). | \ / + +-----------------------------------+ \ / + V + (---------------------) ^ + ( Request a protected ) | + ( page, user has a )--------------+ + ( session key cookie ) + (---------------------) + + + * The session key that the client gets can be anything you want. For + example, encrypted information about the user, a hash of the + username and password (similar in function to Digest + authentication), or the user name and password in plain text + (similar in function to HTTP Basic authentication). + + The only requirement is that the authen_ses_key function that you + create must be able to determine if this session_key is valid and + map it back to the originally authenticated user ID. %prep %setup -q -n %{cpan_name}-%{version} @@ -78,18 +235,11 @@ %install %perl_make_install -# do not perl_process_packlist (noarch) -# remove .packlist file -%{__rm} -rf $RPM_BUILD_ROOT%perl_vendorarch -# remove perllocal.pod file -%{__rm} -rf $RPM_BUILD_ROOT%perl_archlib +%perl_process_packlist %perl_gen_filelist -%clean -%{__rm} -rf $RPM_BUILD_ROOT - %files -f %{name}.files -%defattr(-,root,root,-) -%doc Changes dist.ini LICENSE README README.modperl2 SIGNATURE weaver.ini +%defattr(-,root,root,755) +%doc Changes LICENSE README README.modperl2 %changelog -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
