Hello community,
here is the log from the commit of package perl-Apache-AuthCookie for
openSUSE:Factory checked in at 2020-04-16 23:01:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Apache-AuthCookie (Old)
and /work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Apache-AuthCookie"
Thu Apr 16 23:01:15 2020 rev:29 rq:794245 version:3.30
Changes:
--------
---
/work/SRC/openSUSE:Factory/perl-Apache-AuthCookie/perl-Apache-AuthCookie.changes
2020-03-24 22:39:10.629288710 +0100
+++
/work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new.2738/perl-Apache-AuthCookie.changes
2020-04-16 23:01:37.103598947 +0200
@@ -1,0 +2,11 @@
+Wed Apr 15 03:07:39 UTC 2020 - <[email protected]>
+
+- updated to 3.30
+ see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes
+
+ 3.30 2020-04-14
+ - Fix logic error for EnforceLocalDestination
+ - Add a bunch of tests to cover all scenarios of EnforceLocalDestination
and
+ DefaultDestination
+
+-------------------------------------------------------------------
Old:
----
Apache-AuthCookie-3.29.tar.gz
New:
----
Apache-AuthCookie-3.30.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Apache-AuthCookie.spec ++++++
--- /var/tmp/diff_new_pack.nfHkQh/_old 2020-04-16 23:01:37.899599547 +0200
+++ /var/tmp/diff_new_pack.nfHkQh/_new 2020-04-16 23:01:37.903599550 +0200
@@ -17,7 +17,7 @@
Name: perl-Apache-AuthCookie
-Version: 3.29
+Version: 3.30
Release: 0
%define cpan_name Apache-AuthCookie
Summary: Perl Authentication and Authorization via cookies
++++++ Apache-AuthCookie-3.29.tar.gz -> Apache-AuthCookie-3.30.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/Changes
new/Apache-AuthCookie-3.30/Changes
--- old/Apache-AuthCookie-3.29/Changes 2020-03-22 20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/Changes 2020-04-14 17:36:57.000000000 +0200
@@ -1,5 +1,10 @@
Revision history for Apache::AuthCookie
+3.30 2020-04-14
+ - Fix logic error for EnforceLocalDestination
+ - Add a bunch of tests to cover all scenarios of EnforceLocalDestination and
+ DefaultDestination
+
3.29 2020-03-22
- Add optional support for enforcing a local destination, like so:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/MANIFEST
new/Apache-AuthCookie-3.30/MANIFEST
--- old/Apache-AuthCookie-3.29/MANIFEST 2020-03-22 20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/MANIFEST 2020-04-14 17:36:57.000000000 +0200
@@ -20,8 +20,11 @@
lib/Apache2/AuthCookie/Base.pm
lib/Apache2/AuthCookie/Params.pm
lib/Apache2_4/AuthCookie.pm
+scripts/docker-shell
scripts/docker-smoke
+scripts/dzil-build
scripts/perlbrew-smoke
+scripts/run-docker-tests
t/Skeleton/AuthCookieHandler.pm
t/TEST.PL
t/author-pod-syntax.t
@@ -37,6 +40,8 @@
t/htdocs/docs/logout.pl
t/htdocs/docs/myuser/get_me.html
t/htdocs/docs/protected/echo_user.pl
+t/htdocs/docs/protected/enforce-local/no-default/index.html
+t/htdocs/docs/protected/enforce-local/with-default/index.html
t/htdocs/docs/protected/get_me.html
t/htdocs/docs/protected/index.html
t/htdocs/docs/stimeout/get_me.html
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/MANIFEST.SKIP
new/Apache-AuthCookie-3.30/MANIFEST.SKIP
--- old/Apache-AuthCookie-3.29/MANIFEST.SKIP 2020-03-22 20:37:20.000000000
+0100
+++ new/Apache-AuthCookie-3.30/MANIFEST.SKIP 2020-04-14 17:36:57.000000000
+0200
@@ -24,4 +24,5 @@
^t/logs/
^t/TEST$
^t/SMOKE$
-
+^travis-build$
+^.travis.yml$
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/META.json
new/Apache-AuthCookie-3.30/META.json
--- old/Apache-AuthCookie-3.29/META.json 2020-03-22 20:37:20.000000000
+0100
+++ new/Apache-AuthCookie-3.30/META.json 2020-04-14 17:36:57.000000000
+0200
@@ -23,6 +23,7 @@
"develop" : {
"requires" : {
"Dist::Zilla" : "5",
+ "Dist::Zilla::Plugin::Git::Push" : "0",
"Dist::Zilla::Plugin::Prereqs" : "0",
"Dist::Zilla::PluginBundle::ApacheTest" : "0",
"Dist::Zilla::PluginBundle::Filter" : "0",
@@ -56,39 +57,39 @@
"provides" : {
"Apache2::AuthCookie" : {
"file" : "lib/Apache2/AuthCookie.pm",
- "version" : "3.29"
+ "version" : "3.30"
},
"Apache2::AuthCookie::Base" : {
"file" : "lib/Apache2/AuthCookie/Base.pm",
- "version" : "3.29"
+ "version" : "3.30"
},
"Apache2::AuthCookie::Params" : {
"file" : "lib/Apache2/AuthCookie/Params.pm",
- "version" : "3.29"
+ "version" : "3.30"
},
"Apache2_4::AuthCookie" : {
"file" : "lib/Apache2_4/AuthCookie.pm",
- "version" : "3.29"
+ "version" : "3.30"
},
"Apache::AuthCookie" : {
"file" : "lib/Apache/AuthCookie.pm",
- "version" : "3.29"
+ "version" : "3.30"
},
"Apache::AuthCookie::Params" : {
"file" : "lib/Apache/AuthCookie/Params.pm",
- "version" : "3.29"
+ "version" : "3.30"
},
"Apache::AuthCookie::Params::Base" : {
"file" : "lib/Apache/AuthCookie/Params/Base.pm",
- "version" : "3.29"
+ "version" : "3.30"
},
"Apache::AuthCookie::Params::CGI" : {
"file" : "lib/Apache/AuthCookie/Params/CGI.pm",
- "version" : "3.29"
+ "version" : "3.30"
},
"Apache::AuthCookie::Util" : {
"file" : "lib/Apache/AuthCookie/Util.pm",
- "version" : "3.29"
+ "version" : "3.30"
}
},
"release_status" : "stable",
@@ -103,7 +104,7 @@
"web" : "https://github.com/mschout/apache-authcookie";
}
},
- "version" : "3.29",
+ "version" : "3.30",
"x_generated_by_perl" : "v5.26.2",
"x_serialization_backend" : "Cpanel::JSON::XS version 4.04"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/META.yml
new/Apache-AuthCookie-3.30/META.yml
--- old/Apache-AuthCookie-3.29/META.yml 2020-03-22 20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/META.yml 2020-04-14 17:36:57.000000000 +0200
@@ -17,31 +17,31 @@
provides:
Apache2::AuthCookie:
file: lib/Apache2/AuthCookie.pm
- version: '3.29'
+ version: '3.30'
Apache2::AuthCookie::Base:
file: lib/Apache2/AuthCookie/Base.pm
- version: '3.29'
+ version: '3.30'
Apache2::AuthCookie::Params:
file: lib/Apache2/AuthCookie/Params.pm
- version: '3.29'
+ version: '3.30'
Apache2_4::AuthCookie:
file: lib/Apache2_4/AuthCookie.pm
- version: '3.29'
+ version: '3.30'
Apache::AuthCookie:
file: lib/Apache/AuthCookie.pm
- version: '3.29'
+ version: '3.30'
Apache::AuthCookie::Params:
file: lib/Apache/AuthCookie/Params.pm
- version: '3.29'
+ version: '3.30'
Apache::AuthCookie::Params::Base:
file: lib/Apache/AuthCookie/Params/Base.pm
- version: '3.29'
+ version: '3.30'
Apache::AuthCookie::Params::CGI:
file: lib/Apache/AuthCookie/Params/CGI.pm
- version: '3.29'
+ version: '3.30'
Apache::AuthCookie::Util:
file: lib/Apache/AuthCookie/Util.pm
- version: '3.29'
+ version: '3.30'
recommends:
WWW::Form::UrlEncoded::XS: '0'
requires:
@@ -57,6 +57,6 @@
bugtracker: https://github.com/mschout/apache-authcookie/issues
homepage: https://github.com/mschout/apache-authcookie
repository: https://github.com/mschout/apache-authcookie.git
-version: '3.29'
+version: '3.30'
x_generated_by_perl: v5.26.2
x_serialization_backend: 'YAML::Tiny version 1.73'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/Makefile.PL
new/Apache-AuthCookie-3.30/Makefile.PL
--- old/Apache-AuthCookie-3.29/Makefile.PL 2020-03-22 20:37:20.000000000
+0100
+++ new/Apache-AuthCookie-3.30/Makefile.PL 2020-04-14 17:36:57.000000000
+0200
@@ -38,7 +38,7 @@
"TEST_REQUIRES" => {
"URI::Escape" => "1.31"
},
- "VERSION" => "3.29",
+ "VERSION" => "3.30",
"clean" => {
"FILES" => [
"t/TEST"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/SIGNATURE
new/Apache-AuthCookie-3.30/SIGNATURE
--- old/Apache-AuthCookie-3.29/SIGNATURE 2020-03-22 20:37:20.000000000
+0100
+++ new/Apache-AuthCookie-3.30/SIGNATURE 2020-04-14 17:36:57.000000000
+0200
@@ -14,33 +14,36 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
-SHA1 31ba629ca96ebda7b1709508f0fc8bf9677d8e3c Changes
+SHA1 375a1955e84a3fa4818c3d7461bb3c5edf1cd60e Changes
SHA1 cb36dd242de6d18cd64c4b55444347ebf09e43e7 LICENSE
-SHA1 34c525c30df8894d182381be05efa0199f71974b MANIFEST
-SHA1 0ff75e1a6186d7274e76387884eca541fdd5ca4a MANIFEST.SKIP
-SHA1 27e6db2262b210a23ef9d9caa1e048663c962c2d META.json
-SHA1 819cd9960e3a776170ab825bd1705d7567372342 META.yml
-SHA1 0b7f5458f3dcf34807bbc02dccc1873f9e438907 Makefile.PL
+SHA1 542696e08fe645aebe960ab6f83ce5637a120921 MANIFEST
+SHA1 dcf4f2dbf2980048059f61a840b89bc7579b7bed MANIFEST.SKIP
+SHA1 151de4b6221541d0d0100a6d36f1a87bace9e119 META.json
+SHA1 a48643fb7bf77ea3afc1ffb3b7db4c7829c4b7a3 META.yml
+SHA1 6418160ab4308442b78bae60945c1d2b6591313f Makefile.PL
SHA1 b9945378262a25db34dcdba06da956a52876188b README
SHA1 f9d2e5d4bcafb4b3d73b0a1f390aa25579cafbd2 README.apache-2.4.pod
SHA1 ccbc46a0385aabadd1e6f4a22f8d4ebb11b44901 README.modperl2
-SHA1 27e39d8407824657f07f031634152a1383099fd5 lib/Apache/AuthCookie.pm
-SHA1 80a91eddb5f9f4ad387ed574379ab35cc4c1dd2d lib/Apache/AuthCookie/FAQ.pod
-SHA1 8b95c211543c7e6268b50873adfb8deaad2ed537 lib/Apache/AuthCookie/Params.pm
-SHA1 3df3ec40ae5d9e92e5f2a2567e8372785a6b6061
lib/Apache/AuthCookie/Params/Base.pm
-SHA1 8d5b7a5762c874a127420df1741ea60b04dbdfa0
lib/Apache/AuthCookie/Params/CGI.pm
-SHA1 10c92d998b8d6963045a0290eebeae461f342340 lib/Apache/AuthCookie/Util.pm
-SHA1 18b3e60144534176328e04cd0ebf6883ed7b8af0 lib/Apache2/AuthCookie.pm
-SHA1 e4b9406d8668147e6be8254aa326a4873b17c73d lib/Apache2/AuthCookie/Base.pm
-SHA1 cb19296a1431e866f35e0cffe5cb3bcd9fe9cafd lib/Apache2/AuthCookie/Params.pm
-SHA1 43d7023fd161d9e4bf3d4aaee39c894af0d9374f lib/Apache2_4/AuthCookie.pm
+SHA1 fc0708f4b4e74f2b3dcb8ca82409ff85360a3185 lib/Apache/AuthCookie.pm
+SHA1 230cc7f97f735ad51defd14cbbb99a65afb2a671 lib/Apache/AuthCookie/FAQ.pod
+SHA1 1487322b93fe2494c348b6cf47caa790f1250a71 lib/Apache/AuthCookie/Params.pm
+SHA1 22b0ccea20bc7aebb74a14808eb3dd8243c06ece
lib/Apache/AuthCookie/Params/Base.pm
+SHA1 c545d90e446fea48500e5f6ae0190e7837d402a3
lib/Apache/AuthCookie/Params/CGI.pm
+SHA1 8c8aef69590175ec89d2971002fb6068604b71aa lib/Apache/AuthCookie/Util.pm
+SHA1 e346c43e215195b235a201bc5a7b7ed4f37bde93 lib/Apache2/AuthCookie.pm
+SHA1 e2b0026242aec662b74bd9c25cdf70aae988b76e lib/Apache2/AuthCookie/Base.pm
+SHA1 9e334ee16e5ce6d6b6a13d187fe3dad0d748dfbb lib/Apache2/AuthCookie/Params.pm
+SHA1 14ecc1018b1164c9de41a32fc42fbc262371631b lib/Apache2_4/AuthCookie.pm
+SHA1 e9a1441d3978e0c7f20373cdffde4e44059f1f59 scripts/docker-shell
SHA1 202ecf6a31c02ad029aa6e372ece61a935dd74bf scripts/docker-smoke
+SHA1 fd937f1a4ab774883c703fb869c9108eabbce5f1 scripts/dzil-build
SHA1 fee15f1cd6c3fe17e8370838aafe6d54bfd72611 scripts/perlbrew-smoke
+SHA1 c3fe2ecbcdea18bfb66ee1b48cdc3120af6dff2d scripts/run-docker-tests
SHA1 3ac8de46e7bba83f6969caec3c9c14cbd99881cb t/Skeleton/AuthCookieHandler.pm
SHA1 b1f854e6edecbdd44fc7b8db719e0fe21d9340d1 t/TEST.PL
SHA1 8efad25309730a4d501fb40fc03eda4697303372 t/author-pod-syntax.t
SHA1 19cc343f8a85c6805bbeb02580487483a6283887 t/author-signature.t
-SHA1 1f622a23011f98ead60d3bd0f5a64bf61a0540c0 t/conf/extra.conf.in
+SHA1 a6db6d6b6791f6b296c2b4da81ba6ba563c40375 t/conf/extra.conf.in
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/authall/get_me.html
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/authany/get_me.html
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9
t/htdocs/docs/cookiename/get_me.html
@@ -51,30 +54,32 @@
SHA1 b9eca1b328da7d703abaec2d6a6d5751866843ac t/htdocs/docs/logout.pl
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/myuser/get_me.html
SHA1 b37a85d16cbb2342b407f2ba70b8a61aa1ca67bb
t/htdocs/docs/protected/echo_user.pl
+SHA1 24be947e7f5f765c02bab477dd47d0915e061bcf
t/htdocs/docs/protected/enforce-local/no-default/index.html
+SHA1 d767e693a331d021863a40f43f348ce688bae595
t/htdocs/docs/protected/enforce-local/with-default/index.html
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9
t/htdocs/docs/protected/get_me.html
SHA1 077d964c9f67b5dfe4f5f6a73c71ccbd60bd03af
t/htdocs/docs/protected/index.html
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9
t/htdocs/docs/stimeout/get_me.html
SHA1 b17cdb6e4dfb752901c2a9df5ce822a2d54b92b5
t/lib/Sample/Apache/AuthCookieHandler.pm
SHA1 9ba342e14a302d89f38ab063c56e5ae000a7595c
t/lib/Sample/Apache2/AuthCookieHandler.pm
SHA1 b19593e0dc51baa6a4d84bc27da2e53632ab8592
t/lib/Sample/Apache2_4/AuthCookieHandler.pm
-SHA1 a61e0019aa3d40fcef8954b1b58703a686c23102 t/real.t
+SHA1 b872739fede90854e5685bfb60ff9408cba73fc1 t/real.t
SHA1 f0c37746e0277de1ddb62c9227628a5ebe5a777a t/signature.t
SHA1 e91bf0ef7d63322eaf15ca7d9907c6db47ce90ca t/startup.pl
SHA1 da33f704880ddd2596521c39be5b7b6a22913882 t/util.t
-----BEGIN PGP SIGNATURE-----
-iQJFBAEBCAAvFiEE2EtuRfhGgngE8PsARAzvLrlUzY4FAl53vnARHG1zY2hvdXRA
-Y3Bhbi5vcmcACgkQRAzvLrlUzY6rpRAApqUTgPXtRrzNcRZ86M70q/NgFmBNkiUB
-rEWoaITcUFbwbIYYq8RcoWTh04FAUAkHhsd8oiHLj+mj2OduQGWzM6Mo6rXQq0sR
-do12cF4f8aKeQBf/U1xtUe8fIL38hrEmehCghivfc9k/V8IFAUyEXjQbQMV0+7ex
-5OPBHr5gAVe1NzLuzqgsiDQGk+kW1BUW9P+r4qzB+yx0bOclFR/RuTn4wOuy64do
-P1tgCMKXr3hqFhk9VO+h+gOppNjUkaTM7zKVK+XeA42XXpBUPkH6843UpUehJzPG
-PyqvqVvDG9Dlr0Hj5uY3dKNJKtvpr13Taj188buhDo5ki1HM4m3q6W6lE0fMX06E
-rwwP0eWn3C5p/+jou6LKCqKPuiAQ2JWCVmCG5sG5Gk7jsNBa5uciKIVQbYNGoqAA
-PSXF9gd9Jbm0fLizRQgdFpvoIwoYCwLDTJegR5+xBYGH15W3q5r7+mM55oS4Zv1q
-VcwWEB96mHwdITlIqz3nhPVTUIcYdgaKmAALV5nwDpD1nnEePKhxTSGVZgKk9UsU
-qRSzB4lYDpADU2gI7pqzIwht6hZL3CqdEN5LeLlYwIQtXOD8iwQ3VSlRPRTDQIOx
-pcDyj8NWy35st1bnFX8wjnHTUzzB3ecZbJ6hIg+r/ZK64iSkCcGgzGnv65QKogJT
-XPqyiHnELjo=
-=qkgY
+iQJFBAEBCAAvFiEE2EtuRfhGgngE8PsARAzvLrlUzY4FAl6V2JkRHG1zY2hvdXRA
+Y3Bhbi5vcmcACgkQRAzvLrlUzY7/9Q/9Hk6EjLkTbl2gT/2i4bYPsmIu3IhNxaY8
+eWEEYR2+F3gsHmt4fEeKQiXtqQsJw7Vkd2AyvDmwvsBU0TWvW+TA4yWFFr0lEItE
+TEsFcmm6P/7uvUqPj6AaCO95lLBwyAtOtEQ/wUdWw/EsgQcgcuYpY4x4loerZ5w/
+wL2an6FXUw7UgMKmnkG6nzWTvBQ7gsgTjVIBDal+QVSSE0Iar/CDdB0Y2m94BAPy
+tOOUhkR0Vjdknq/QZcgZLLByknEWWtn1X5QqLiPR0sPHQlXTe9CTVICeWwdydtS8
++tk1fXxxaTl801a7PMnpEtDvfJALQODh0SLgl/SZFE/UUnCnGuk/DWP33gjnjYEP
++10FqN6UaHSYp2FqQHGomWFXZhP0oNTJmyN9qaYrxeRgwF2wEZm/HD2rgkJBrDwR
+2he6FR9382FBhOtjg1RNh7HPQWzKbrfExcqIlOgsnp85bn8zwr1Aztsw5tEAk6dc
+HINFAOLqWnPdRGpioUDN7WRRNm5BRUZXzotvKB5I6RPT85NDeksuELtXdHPx0YSA
+k9n0k8tQDBEZQ/VOkMc3nb6F/lg+298X9WErJLfCP3NLal4jan2iJwnsgE7u1DRw
+kua420FkTafZQgbzmJHrTs11eGUPs/IwJwKNx3++oUqwWcsR0IktNBY9hjcG051N
+Yg+R6gUlKPk=
+=1BzL
-----END PGP SIGNATURE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/FAQ.pod
new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/FAQ.pod
--- old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/FAQ.pod 2020-03-22
20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/FAQ.pod 2020-04-14
17:36:57.000000000 +0200
@@ -17,7 +17,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 DESCRIPTION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params/Base.pm
new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/Params/Base.pm
--- old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params/Base.pm
2020-03-22 20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/Params/Base.pm
2020-04-14 17:36:57.000000000 +0200
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Params::Base;
-$Apache::AuthCookie::Params::Base::VERSION = '3.29';
+$Apache::AuthCookie::Params::Base::VERSION = '3.30';
# ABSTRACT: Internal CGI AuthCookie Params Base Class
use strict;
@@ -57,7 +57,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params/CGI.pm
new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/Params/CGI.pm
--- old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params/CGI.pm
2020-03-22 20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/Params/CGI.pm
2020-04-14 17:36:57.000000000 +0200
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Params::CGI;
-$Apache::AuthCookie::Params::CGI::VERSION = '3.29';
+$Apache::AuthCookie::Params::CGI::VERSION = '3.30';
# ABSTRACT: Internal CGI Params Subclass
use strict;
@@ -182,7 +182,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params.pm
new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/Params.pm
--- old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params.pm 2020-03-22
20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/Params.pm 2020-04-14
17:36:57.000000000 +0200
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Params;
-$Apache::AuthCookie::Params::VERSION = '3.29';
+$Apache::AuthCookie::Params::VERSION = '3.30';
# ABSTRACT: AuthCookie Params Driver for mod_perl 1.x
use strict;
@@ -42,7 +42,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Util.pm
new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/Util.pm
--- old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Util.pm 2020-03-22
20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie/Util.pm 2020-04-14
17:36:57.000000000 +0200
@@ -1,12 +1,15 @@
package Apache::AuthCookie::Util;
-$Apache::AuthCookie::Util::VERSION = '3.29';
+$Apache::AuthCookie::Util::VERSION = '3.30';
# ABSTRACT: Internal Utility Functions for AuthCookie
use strict;
use base 'Exporter';
+use URI;
-our @EXPORT_OK = qw(is_blank);
-
+our @EXPORT_OK = qw(
+ is_blank
+ is_local_destination
+);
sub expires {
my($time,$format) = @_;
@@ -92,6 +95,33 @@
return defined $_[0] && ($_[0] =~ /\S/) ? 0 : 1;
}
+# returns true if the given value looks like a local destination
+sub is_local_destination {
+ my ($destination, $current_uri) = @_;
+
+ # blank location is not considered "local"
+ return 0 if is_blank($destination);
+
+ # If the location does not start with a scheme or is not protocol relative,
+ # then the location is local.
+ # Scheme is defined in RFC 3986 as:
+ # ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+ return 1 if $destination !~ m|^ (?: [a-z] [a-z0-9+-.]* :)? //|ix;
+
+ # Otherwise it is an absolute URL, but it might still be local to the
+ # current request, so we need to account for that.
+ $current_uri = URI->new($current_uri) or return 0;
+ my $destination_uri = URI->new($destination) or return 0;
+
+ # If the current URI and the destination have same scheme, host, and port,
+ # then the URL is local
+ return 1 if lc($current_uri->scheme) eq lc($destination_uri->scheme)
+ and lc($current_uri->host) eq lc($destination_uri->host)
+ and $current_uri->port == $destination_uri->port;
+
+ return 0;
+}
+
1;
__END__
@@ -106,7 +136,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 DESCRIPTION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie.pm
new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie.pm
--- old/Apache-AuthCookie-3.29/lib/Apache/AuthCookie.pm 2020-03-22
20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache/AuthCookie.pm 2020-04-14
17:36:57.000000000 +0200
@@ -1,5 +1,5 @@
package Apache::AuthCookie;
-$Apache::AuthCookie::VERSION = '3.29';
+$Apache::AuthCookie::VERSION = '3.30';
# ABSTRACT: Perl Authentication and Authorization via cookies
use strict;
@@ -8,8 +8,9 @@
use mod_perl qw(1.07 StackedHandlers MethodHandlers Authen Authz);
use Apache::Constants qw(:common M_GET FORBIDDEN OK REDIRECT);
use Apache::AuthCookie::Params;
-use Apache::AuthCookie::Util qw(is_blank);
+use Apache::AuthCookie::Util qw(is_blank is_local_destination);
use Apache::Util qw(escape_uri);
+use Apache::URI;
use Encode ();
@@ -217,13 +218,19 @@
}
if ($r->dir_config("${auth_name}EnforceLocalDestination")) {
- if ($destination !~ m|^\s*/|) {
+ my $current_url = Apache::URI->parse($r)->unparse;
+ unless (is_local_destination($destination, $current_url)) {
$r->log_error("non-local destination $destination detected for uri
",$r->uri);
- unless (is_blank($default_destination)) {
+ if (is_local_destination($default_destination, $current_url)) {
$destination = $default_destination;
$r->log_error("destination changed to $destination");
}
+ else {
+ $r->log_error("Returning login form: non local destination:
$destination");
+ $r->subprocess_env('AuthCookieReason', 'no_cookie');
+ return $auth_type->login_form($r);
+ }
}
}
@@ -662,7 +669,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie/Base.pm
new/Apache-AuthCookie-3.30/lib/Apache2/AuthCookie/Base.pm
--- old/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie/Base.pm 2020-03-22
20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache2/AuthCookie/Base.pm 2020-04-14
17:36:57.000000000 +0200
@@ -1,18 +1,19 @@
package Apache2::AuthCookie::Base;
-$Apache2::AuthCookie::Base::VERSION = '3.29';
+$Apache2::AuthCookie::Base::VERSION = '3.30';
# ABSTRACT: Common Methods Shared by Apache2 and Apache2_4 AuthCookie
Subclasses.
use strict;
use mod_perl2 '1.99022';
use Carp;
-use Apache::AuthCookie::Util qw(is_blank);
+use Apache::AuthCookie::Util qw(is_blank is_local_destination);
use Apache2::AuthCookie::Params;
use Apache2::RequestRec;
use Apache2::RequestUtil;
use Apache2::Log;
use Apache2::Access;
use Apache2::Response;
+use Apache2::URI;
use Apache2::Util;
use APR::Table;
use Apache2::Const qw(OK DECLINED SERVER_ERROR M_GET HTTP_FORBIDDEN
HTTP_MOVED_TEMPORARILY HTTP_OK);
@@ -284,13 +285,19 @@
}
if ($r->dir_config("${auth_name}EnforceLocalDestination")) {
- if ($destination !~ m|^\s*/|) {
- $r->server->log_error("invalid destination $destination detected
for uri ",$r->uri);
+ my $current_url = $r->construct_url;
+ unless (is_local_destination($destination, $current_url)) {
+ $r->server->log_error("non-local destination $destination detected
for uri ",$r->uri);
- unless (is_blank($default_destination)) {
+ if (is_local_destination($default_destination, $current_url)) {
$destination = $default_destination;
$r->server->log_error("destination changed to $destination");
}
+ else {
+ $r->server->log_error("Returning login form: non local
destination: $destination");
+ $r->subprocess_env('AuthCookieReason', 'no_cookie');
+ return $auth_type->login_form($r);
+ }
}
}
@@ -561,7 +568,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 DESCRIPTION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie/Params.pm
new/Apache-AuthCookie-3.30/lib/Apache2/AuthCookie/Params.pm
--- old/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie/Params.pm 2020-03-22
20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache2/AuthCookie/Params.pm 2020-04-14
17:36:57.000000000 +0200
@@ -1,5 +1,5 @@
package Apache2::AuthCookie::Params;
-$Apache2::AuthCookie::Params::VERSION = '3.29';
+$Apache2::AuthCookie::Params::VERSION = '3.30';
# ABSTRACT: AuthCookie Params Driver for mod_perl 2.x
use strict;
@@ -42,7 +42,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie.pm
new/Apache-AuthCookie-3.30/lib/Apache2/AuthCookie.pm
--- old/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie.pm 2020-03-22
20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache2/AuthCookie.pm 2020-04-14
17:36:57.000000000 +0200
@@ -1,5 +1,5 @@
package Apache2::AuthCookie;
-$Apache2::AuthCookie::VERSION = '3.29';
+$Apache2::AuthCookie::VERSION = '3.30';
# ABSTRACT: Perl Authentication and Authorization via cookies
use strict;
@@ -118,7 +118,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/lib/Apache2_4/AuthCookie.pm
new/Apache-AuthCookie-3.30/lib/Apache2_4/AuthCookie.pm
--- old/Apache-AuthCookie-3.29/lib/Apache2_4/AuthCookie.pm 2020-03-22
20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/lib/Apache2_4/AuthCookie.pm 2020-04-14
17:36:57.000000000 +0200
@@ -1,5 +1,5 @@
package Apache2_4::AuthCookie;
-$Apache2_4::AuthCookie::VERSION = '3.29';
+$Apache2_4::AuthCookie::VERSION = '3.30';
# ABSTRACT: Perl Authentication and Authorization via cookies for Apache 2.4
use strict;
@@ -60,7 +60,7 @@
=head1 VERSION
-version 3.29
+version 3.30
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/scripts/docker-shell
new/Apache-AuthCookie-3.30/scripts/docker-shell
--- old/Apache-AuthCookie-3.29/scripts/docker-shell 1970-01-01
01:00:00.000000000 +0100
+++ new/Apache-AuthCookie-3.30/scripts/docker-shell 2020-04-14
17:36:57.000000000 +0200
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+DOCKER_IMAGE=$1
+
+if [ -z "$DOCKER_IMAGE" ]; then
+ echo "Usage: $0 docker-image-tag"
+ exit 1
+fi
+
+cd $(dirname $0)/..
+
+docker run --rm -v $PWD:/app -it $DOCKER_IMAGE bash
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/scripts/dzil-build
new/Apache-AuthCookie-3.30/scripts/dzil-build
--- old/Apache-AuthCookie-3.29/scripts/dzil-build 1970-01-01
01:00:00.000000000 +0100
+++ new/Apache-AuthCookie-3.30/scripts/dzil-build 2020-04-14
17:36:57.000000000 +0200
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -xeo pipefail
+
+cd $(dirname $0)/..
+
+dzil authordeps --missing | cpanm -q --notest
+
+dzil build $*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/scripts/run-docker-tests
new/Apache-AuthCookie-3.30/scripts/run-docker-tests
--- old/Apache-AuthCookie-3.29/scripts/run-docker-tests 1970-01-01
01:00:00.000000000 +0100
+++ new/Apache-AuthCookie-3.30/scripts/run-docker-tests 2020-04-14
17:36:57.000000000 +0200
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+IMAGES="\
+ mschout/modperl:apache-1.3-perl-5.10-mp-1.32\
+ mschout/modperl:apache-2.0.53-perl-5.14.4-mp-2.0.9\
+ mschout/modperl:apache-2.2.31-perl-5.20.3-mp-2.0.9\
+ mschout/modperl:apache-2.4.38-perl-5.20.3-mp-2.0.11\
+"
+
+set -eo pipefail
+
+builddir=$1
+
+if [ -z "$builddir" ]; then
+ echo "Usage: $0 ./path/to/Apache-AuthCookie-X.YY"
+ exit 1
+fi
+
+test_in_docker_image() {
+ local docker_image=$1
+
+ echo ">>> Testing in image $docker_image"
+ docker run --rm -v $builddir:/app -it $docker_image /app/scripts/docker-smoke
+}
+
+for image in $IMAGES; do
+ test_in_docker_image $image
+done
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/t/conf/extra.conf.in
new/Apache-AuthCookie-3.30/t/conf/extra.conf.in
--- old/Apache-AuthCookie-3.29/t/conf/extra.conf.in 2020-03-22
20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/t/conf/extra.conf.in 2020-04-14
17:36:57.000000000 +0200
@@ -23,8 +23,6 @@
PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver
PerlSetVar WhatEverEncoding UTF-8
PerlSetVar WhatEverRequiresEncoding UTF-8
-PerlSetVar WhatEverDefaultDestination /docs/protected/index.html
-PerlSetVar WhatEverEnforceLocalDestination On
<Directory @ServerRoot@>
AllowOverride All
@@ -228,6 +226,92 @@
<IfDefine APACHE1>
AuthType Sample::Apache::AuthCookieHandler
PerlHandler Sample::Apache::AuthCookieHandler->login
+ </IfDefine>
+ <IfDefine APACHE2>
+ <IfDefine !APACHE2_4>
+ AuthType Sample::Apache2::AuthCookieHandler
+ </IfDefine>
+ <IfDefine APACHE2_4>
+ AuthType Sample::Apache2_4::AuthCookieHandler
+ Require all granted
+ </IfDefine>
+ PerlResponseHandler Sample::Apache2::AuthCookieHandler->login
+ </IfDefine>
+</Files>
+
+<Files LOGIN-WITHDEFAULT>
+ AuthName WhatEver
+ SetHandler perl-script
+ PerlSetVar WhatEverDefaultDestination /docs/protected/index.html
+
+ <IfDefine APACHE1>
+ AuthType Sample::Apache::AuthCookieHandler
+ PerlHandler Sample::Apache::AuthCookieHandler->login
+ </IfDefine>
+ <IfDefine APACHE2>
+ <IfDefine !APACHE2_4>
+ AuthType Sample::Apache2::AuthCookieHandler
+ </IfDefine>
+ <IfDefine APACHE2_4>
+ AuthType Sample::Apache2_4::AuthCookieHandler
+ Require all granted
+ </IfDefine>
+ PerlResponseHandler Sample::Apache2::AuthCookieHandler->login
+ </IfDefine>
+</Files>
+
+<Files LOGIN-ENFORCELOCAL-WITHDEFAULT>
+ AuthName WhatEver
+ SetHandler perl-script
+ PerlSetVar WhatEverEnforceLocalDestination On
+ PerlSetVar WhatEverDefaultDestination /docs/protected/index.html
+
+ <IfDefine APACHE1>
+ AuthType Sample::Apache::AuthCookieHandler
+ PerlHandler Sample::Apache::AuthCookieHandler->login
+ </IfDefine>
+ <IfDefine APACHE2>
+ <IfDefine !APACHE2_4>
+ AuthType Sample::Apache2::AuthCookieHandler
+ </IfDefine>
+ <IfDefine APACHE2_4>
+ AuthType Sample::Apache2_4::AuthCookieHandler
+ Require all granted
+ </IfDefine>
+ PerlResponseHandler Sample::Apache2::AuthCookieHandler->login
+ </IfDefine>
+</Files>
+
+<Files LOGIN-ENFORCELOCAL-REMOTEDEFAULT>
+ AuthName WhatEver
+ SetHandler perl-script
+ PerlSetVar WhatEverEnforceLocalDestination On
+ PerlSetVar WhatEverDefaultDestination http://metacpan.org
+
+ <IfDefine APACHE1>
+ AuthType Sample::Apache::AuthCookieHandler
+ PerlHandler Sample::Apache::AuthCookieHandler->login
+ </IfDefine>
+ <IfDefine APACHE2>
+ <IfDefine !APACHE2_4>
+ AuthType Sample::Apache2::AuthCookieHandler
+ </IfDefine>
+ <IfDefine APACHE2_4>
+ AuthType Sample::Apache2_4::AuthCookieHandler
+ Require all granted
+ </IfDefine>
+ PerlResponseHandler Sample::Apache2::AuthCookieHandler->login
+ </IfDefine>
+</Files>
+
+<Files LOGIN-ENFORCELOCAL-NODEFAULT>
+ AuthName WhatEver
+ SetHandler perl-script
+ PerlSetVar WhatEverEnforceLocalDestination On
+
+ <IfDefine APACHE1>
+ AuthType Sample::Apache::AuthCookieHandler
+ PerlHandler Sample::Apache::AuthCookieHandler->login
</IfDefine>
<IfDefine APACHE2>
<IfDefine !APACHE2_4>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.29/t/htdocs/docs/protected/enforce-local/no-default/index.html
new/Apache-AuthCookie-3.30/t/htdocs/docs/protected/enforce-local/no-default/index.html
---
old/Apache-AuthCookie-3.29/t/htdocs/docs/protected/enforce-local/no-default/index.html
1970-01-01 01:00:00.000000000 +0100
+++
new/Apache-AuthCookie-3.30/t/htdocs/docs/protected/enforce-local/no-default/index.html
2020-04-14 17:36:57.000000000 +0200
@@ -0,0 +1,9 @@
+<HTML>
+<HEAD>
+<TITLE>Congratulations</TITLE>
+</HEAD>
+<BODY>
+<H1>Congratulations, you got enforce-local/no-default/index.html</H1>
+<P><A HREF="/docs/logout.pl">Log Out</A></P>
+</BODY>
+</HTML>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.29/t/htdocs/docs/protected/enforce-local/with-default/index.html
new/Apache-AuthCookie-3.30/t/htdocs/docs/protected/enforce-local/with-default/index.html
---
old/Apache-AuthCookie-3.29/t/htdocs/docs/protected/enforce-local/with-default/index.html
1970-01-01 01:00:00.000000000 +0100
+++
new/Apache-AuthCookie-3.30/t/htdocs/docs/protected/enforce-local/with-default/index.html
2020-04-14 17:36:57.000000000 +0200
@@ -0,0 +1,9 @@
+<HTML>
+<HEAD>
+<TITLE>Congratulations</TITLE>
+</HEAD>
+<BODY>
+<H1>Congratulations, you got enforce-local/with-default/index.html</H1>
+<P><A HREF="/docs/logout.pl">Log Out</A></P>
+</BODY>
+</HTML>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.29/t/real.t
new/Apache-AuthCookie-3.30/t/real.t
--- old/Apache-AuthCookie-3.29/t/real.t 2020-03-22 20:37:20.000000000 +0100
+++ new/Apache-AuthCookie-3.30/t/real.t 2020-04-14 17:36:57.000000000 +0200
@@ -13,13 +13,18 @@
use Apache::TestUtil;
use Apache::TestRequest qw(GET POST GET_BODY);
use Encode qw(encode);
+use URI;
Apache::TestRequest::user_agent( reset => 1, requests_redirectable => 0 );
-plan tests => 36, need_lwp;
+plan tests => 39, need_lwp;
ok 1, 'Test initialized';
+# extract the configured hostname + port from Apache::Test
+my $apache_test_config = Apache::Test::config();
+my $host_port = Apache::TestRequest::hostport($apache_test_config);
+
# TODO: the test descriptions should be things other than 'test #' here.
# check that /docs/index.html works. If this fails, the test environment did
@@ -541,7 +546,7 @@
subtest 'DefaultDestination' => sub {
plan tests => 1;
- my $r = POST('/LOGIN', [
+ my $r = POST('/LOGIN-WITHDEFAULT', [
credential_0 => 'programmer',
credential_1 => 'Hero'
]);
@@ -550,18 +555,153 @@
'redirected to default destination');
};
-# Test EnforceLocalDestination
-subtest 'EnforceLocalDestination' => sub {
- plan tests => 1;
+subtest 'DefaultDestination' => sub {
+ plan tests => 3;
- my $r = POST('/LOGIN', [
- destination => "http://metacpan.org/";,
+ my $r = POST('/LOGIN-WITHDEFAULT', [
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), '/docs/protected/index.html',
+ 'redirected to default destination - no destination in params');
+
+ $r = POST('/LOGIN-WITHDEFAULT', [
+ destination => 'http://metacpan.org/',
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), 'http://metacpan.org/',
+ 'redirected to remote default destination');
+
+ $r = POST('/LOGIN-WITHDEFAULT', [
+ destination => '/docs/protected/get_me.html',
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), '/docs/protected/get_me.html',
+ 'redirected to requested local default destination');
+};
+
+subtest 'EnforceLocalDestination with default destination' => sub {
+ plan tests => 5;
+
+ my $r = POST('/LOGIN-ENFORCELOCAL-WITHDEFAULT', [
+ destination => 'http://metacpan.org/',
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), '/docs/protected/index.html',
+ 'redirected to default destination - remote destination in params');
+
+ $r = POST('/LOGIN-ENFORCELOCAL-WITHDEFAULT', [
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), '/docs/protected/index.html',
+ 'redirected to default destination - no destiantion in params');
+
+ $r = POST('/LOGIN-ENFORCELOCAL-WITHDEFAULT', [
+ destination => '/docs/protected/get_me.html',
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), '/docs/protected/get_me.html',
+ 'redirected to requested local destination');
+
+ $r = POST('/LOGIN-ENFORCELOCAL-WITHDEFAULT', [
+ destination => '//metacpan.org/index.html',
credential_0 => 'programmer',
credential_1 => 'Hero'
]);
is($r->header('Location'), '/docs/protected/index.html',
- 'enforced local destination, redirected to default destination');
+ 'redirected to default destination - protocol-relative destination in
params');
+
+ my $abs_destination =
URI->new("http://${host_port}/docs/protected/get_me.html";)->as_string;
+ note "abs destination: $abs_destination";
+ $r = POST('/LOGIN-ENFORCELOCAL-WITHDEFAULT', [
+ destination => $abs_destination,
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), $abs_destination,
+ 'redirected to requested destination - absolute URI is local to current
request');
+};
+
+subtest 'EnforceLocalDestination with no default destination' => sub {
+ plan tests => 4;
+
+ my $r = POST('/LOGIN-ENFORCELOCAL-NODEFAULT', [
+ destination => 'http://metacpan.org/',
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ like($r->content, qr/Failure reason: 'no_cookie'/,
+ 'login form was returned for remote destination');
+
+ $r = POST('/LOGIN-ENFORCELOCAL-NODEFAULT', [
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ like($r->content, qr/Failure reason: 'no_cookie'/,
+ 'login form was returned for no destination in params');
+
+ $r = POST('/LOGIN-ENFORCELOCAL-NODEFAULT', [
+ destination => '/docs/protected/get_me.html',
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), '/docs/protected/get_me.html',
+ 'Got redirected to protected document for local destination');
+
+ $r = POST('/LOGIN-ENFORCELOCAL-NODEFAULT', [
+ destination => '//metacpan.org/index.html',
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ like($r->content, qr/Failure reason: 'no_cookie'/,
+ 'login form was returned - protocol relative destination in params');
+};
+
+subtest 'EnforceLocalDestination with non local default destination' => sub {
+ plan tests => 3;
+
+ my $r = POST('/LOGIN-ENFORCELOCAL-REMOTEDEFAULT', [
+ destination => "http://metacpan.org/";,
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ like($r->content, qr/Failure reason: 'no_cookie'/,
+ 'login form was returned for non local destination');
+
+ $r = POST('/LOGIN-ENFORCELOCAL-REMOTEDEFAULT', [
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ like($r->content, qr/Failure reason: 'no_cookie'/,
+ 'login form was returned for no destination in params');
+
+ $r = POST('/LOGIN-ENFORCELOCAL-REMOTEDEFAULT', [
+ destination => '/docs/protected/get_me.html',
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), '/docs/protected/get_me.html',
+ 'Got redirected to protected document for local destination');
};
# remove CR's from a string. Win32 apache apparently does line ending
