Hello community,
here is the log from the commit of package perl-Apache-AuthCookie for
openSUSE:Factory checked in at 2016-09-26 12:36:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Apache-AuthCookie (Old)
and /work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Apache-AuthCookie"
Changes:
--------
---
/work/SRC/openSUSE:Factory/perl-Apache-AuthCookie/perl-Apache-AuthCookie.changes
2016-01-22 01:09:48.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new/perl-Apache-AuthCookie.changes
2016-09-26 12:36:12.000000000 +0200
@@ -1,0 +2,16 @@
+Wed Aug 31 05:01:21 UTC 2016 - co...@suse.com
+
+- updated to 3.25
+ see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes
+
+ 3.25 2016-08-30
+ - 2.4: fix POD typo and add missing ABSTRACT
+ - reorganize real.t tests into subtests
+ - make sure signature test ignores generated files
+ - remove autobox dependency
+ - fix authenticate so that r->user is copied from r->main on subrequests.
+ Previously this was only done for internal redirects (r->prev is
defined).
+ This fixes DirectoryIndexes on AuthCookie enabled directories under
apache
+ 2.4.
+
+-------------------------------------------------------------------
Old:
----
Apache-AuthCookie-3.24.tar.gz
New:
----
Apache-AuthCookie-3.25.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Apache-AuthCookie.spec ++++++
--- /var/tmp/diff_new_pack.LW7cms/_old 2016-09-26 12:36:13.000000000 +0200
+++ /var/tmp/diff_new_pack.LW7cms/_new 2016-09-26 12:36:13.000000000 +0200
@@ -17,7 +17,7 @@
Name: perl-Apache-AuthCookie
-Version: 3.24
+Version: 3.25
Release: 0
%define cpan_name Apache-AuthCookie
Summary: Perl Authentication and Authorization via cookies
@@ -33,12 +33,11 @@
BuildRequires: perl(Apache::Test) >= 1.39
BuildRequires: perl(CGI) >= 3.12
BuildRequires: perl(Class::Load) >= 0.03
-BuildRequires: perl(autobox) >= 1.1
+BuildRequires: perl(Test::More) >= 0.94
BuildRequires: perl(mod_perl2) >= 1.999022
-Requires: perl(Apache::Test) >= 1.39
Requires: perl(CGI) >= 3.12
Requires: perl(Class::Load) >= 0.03
-Requires: perl(autobox) >= 1.1
+Requires: perl(Test::More) >= 0.94
Requires: perl(mod_perl2) >= 1.999022
%{perl_requires}
# MANUAL BEGIN
@@ -218,6 +217,6 @@
%files -f %{name}.files
%defattr(-,root,root,755)
-%doc Changes LICENSE README README.modperl2
+%doc Changes LICENSE README README.modperl2 scripts
%changelog
++++++ Apache-AuthCookie-3.24.tar.gz -> Apache-AuthCookie-3.25.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/Changes
new/Apache-AuthCookie-3.25/Changes
--- old/Apache-AuthCookie-3.24/Changes 2016-01-14 00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/Changes 2016-08-30 17:32:01.000000000 +0200
@@ -1,5 +1,15 @@
Revision history for Apache::AuthCookie
+3.25 2016-08-30
+ - 2.4: fix POD typo and add missing ABSTRACT
+ - reorganize real.t tests into subtests
+ - make sure signature test ignores generated files
+ - remove autobox dependency
+ - fix authenticate so that r->user is copied from r->main on subrequests.
+ Previously this was only done for internal redirects (r->prev is defined).
+ This fixes DirectoryIndexes on AuthCookie enabled directories under apache
+ 2.4.
+
3.24 2016-01-13
- Update Apache 2.4 README, flesh out guts of Authz Provider notes.
- Improve Apache 2.4 README's AuthzProvider documentation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/MANIFEST
new/Apache-AuthCookie-3.25/MANIFEST
--- old/Apache-AuthCookie-3.24/MANIFEST 2016-01-14 00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/MANIFEST 2016-08-30 17:32:01.000000000 +0200
@@ -1,4 +1,4 @@
-# This file was automatically generated by Dist::Zilla::Plugin::Manifest
v5.023.
+# This file was automatically generated by Dist::Zilla::Plugin::Manifest
v6.006.
Changes
LICENSE
MANIFEST
@@ -20,9 +20,10 @@
lib/Apache2/AuthCookie/Base.pm
lib/Apache2/AuthCookie/Params.pm
lib/Apache2_4/AuthCookie.pm
+scripts/perlbrew-smoke
t/Skeleton/AuthCookieHandler.pm
t/TEST.PL
-t/autobox.t
+t/author-pod-syntax.t
t/conf/extra.conf.in
t/htdocs/docs/authall/get_me.html
t/htdocs/docs/authany/get_me.html
@@ -35,6 +36,7 @@
t/htdocs/docs/myuser/get_me.html
t/htdocs/docs/protected/echo_user.pl
t/htdocs/docs/protected/get_me.html
+t/htdocs/docs/protected/index.html
t/htdocs/docs/stimeout/get_me.html
t/lib/Sample/Apache/AuthCookieHandler.pm
t/lib/Sample/Apache2/AuthCookieHandler.pm
@@ -42,3 +44,4 @@
t/real.t
t/signature.t
t/startup.pl
+t/util.t
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/META.yml
new/Apache-AuthCookie-3.25/META.yml
--- old/Apache-AuthCookie-3.24/META.yml 2016-01-14 00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/META.yml 2016-08-30 17:32:01.000000000 +0200
@@ -3,20 +3,23 @@
author:
- 'Michael Schout <msch...@cpan.org>'
build_requires: {}
-dynamic_config: 0
-generated_by: 'Dist::Zilla version 5.023, CPAN::Meta::Converter version
2.142690'
+configure_requires:
+ Apache::Test: '1.39'
+ ExtUtils::MakeMaker: '0'
+dynamic_config: 1
+generated_by: 'Dist::Zilla version 6.006, CPAN::Meta::Converter version
2.143240'
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
version: '1.4'
name: Apache-AuthCookie
requires:
- Apache::Test: '1.39'
CGI: '3.12'
Class::Load: '0.03'
- autobox: '1.10'
+ Test::More: '0.94'
resources:
bugtracker:
http://rt.cpan.org/Public/Dist/Display.html?Name=Apache-AuthCookie
homepage: http://search.cpan.org/dist/Apache-AuthCookie/
repository: git://github.com/mschout/apache-authcookie.git
-version: '3.24'
+version: '3.25'
+x_serialization_backend: 'YAML::Tiny version 1.63'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/Makefile.PL
new/Apache-AuthCookie-3.25/Makefile.PL
--- old/Apache-AuthCookie-3.24/Makefile.PL 2016-01-14 00:16:15.000000000
+0100
+++ new/Apache-AuthCookie-3.25/Makefile.PL 2016-08-30 17:32:01.000000000
+0200
@@ -1,93 +1,118 @@
+# This Makefile.PL for Apache-AuthCookie was generated by
+# Dist::Zilla::Plugin::MakeMaker::ApacheTest 0.03
+# and Dist::Zilla::Plugin::MakeMaker::Awesome 0.38.
+# Don't edit it but the dist.ini and plugins used to construct it.
+
+use strict;
+use warnings;
+
use ExtUtils::MakeMaker;
-use File::Spec;
-use File::Copy;
-my @CLEAN_FILES = ();
+# figure out if mod_perl v1 or v2 is installed. DynamicPrereqs in the
+# PluginBundle needs this to require the appropriate mod_perl module.
my $mp_version = mod_perl_version();
+# configure Apache::Test
test_configure();
-my %makeconf = (
- 'NAME' => 'Apache::AuthCookie',
- 'VERSION_FROM' => 'lib/Apache/AuthCookie.pm',
- 'PREREQ_PM' => {
- 'Apache::Test' => 1.39,
- 'Test::More' => 0,
- 'CGI' => 0,
- 'Class::Load' => 0.03,
- 'autobox' => 1.10
- },
- 'clean' => {
- FILES => "@CLEAN_FILES"
- }
+my %WriteMakefileArgs = (
+ "ABSTRACT" => "Perl Authentication and Authorization via cookies",
+ "AUTHOR" => "Michael Schout <mschout\@cpan.org>",
+ "CONFIGURE_REQUIRES" => {
+ "Apache::Test" => "1.39",
+ "ExtUtils::MakeMaker" => 0
+ },
+ "DISTNAME" => "Apache-AuthCookie",
+ "LICENSE" => "perl",
+ "NAME" => "Apache::AuthCookie",
+ "PREREQ_PM" => {
+ "CGI" => "3.12",
+ "Class::Load" => "0.03",
+ "Test::More" => "0.94"
+ },
+ "VERSION" => "3.25",
+ "clean" => {
+ "FILES" => [
+ "t/TEST"
+ ]
+ },
+ "test" => {
+ "TESTS" => "t/*.t"
+ }
);
-if (MM->can('signature_target')) {
- $makeconf{SIGN} = 1;
-}
+my %FallbackPrereqs = (
+ "CGI" => "3.12",
+ "Class::Load" => "0.03",
+ "Test::More" => "0.94"
+);
-if ($mp_version == 2) {
- # 1.999022 == 2.0.0 RC5. mod_perl -> mod_perl2 renamed here.
- $makeconf{PREREQ_PM}{mod_perl2} = '1.999022';
- # CGI.pm 3.12 is required to work with mod_perl2
- $makeconf{PREREQ_PM}{CGI} = '3.12';
-}
-elsif ($mp_version == 1) {
- $makeconf{PREREQ_PM}{mod_perl} = '1.27';
+# inserted by Dist::Zilla::Plugin::DynamicPrereqs 0.030
+if ($mp_version == 2) { requires('mod_perl2', '1.999022'); } elsif
($mp_version == 1) { requires('mod_perl', '1.27'); }
+
+unless ( eval { ExtUtils::MakeMaker->VERSION(6.63_03) } ) {
+ delete $WriteMakefileArgs{TEST_REQUIRES};
+ delete $WriteMakefileArgs{BUILD_REQUIRES};
+ $WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs;
}
-WriteMakefile(%makeconf);
+delete $WriteMakefileArgs{CONFIGURE_REQUIRES}
+ unless eval { ExtUtils::MakeMaker->VERSION(6.52) };
+
+WriteMakefile(%WriteMakefileArgs);
-# inspired by Apache::Peek 1.01
sub test_configure {
- if (eval { require Apache::TestMM }) {
- # enable "make test"
- Apache::TestMM->import(qw(test clean));
+ require Apache::TestMM;
- # accept configs from command line.
- Apache::TestMM::filter_args();
+ # enable make test
+ Apache::TestMM->import(qw(test clean));
- Apache::TestMM::generate_script('t/TEST');
+ Apache::TestMM::filter_args();
- push @CLEAN_FILES, 't/TEST';
- }
- else {
- # overload test rule with a no-op
- warn "***: You should install Apache::Test to do real testing\n";
- *MY::test = \&skip_no_apache_test;
- }
+ Apache::TestMM::generate_script('t/TEST');
}
sub mod_perl_version {
- # try to figure out what version of mod_perl is installed.
+ # try MP2
eval {
- require mod_perl
+ require mod_perl2;
};
unless ($@) {
- if ($mod_perl::VERSION >= 1.99) {
- # mod_perl 2 prior to RC5 (1.99_21 or earlier)
- die "mod_perl 2.0.0 RC5 or later is required for this module";
- }
-
- return 1;
+ return 2;
}
+ # try MP1
eval {
- require mod_perl2;
+ require mod_perl;
};
unless ($@) {
- return 2;
- }
+ if ($mod_perl::VERSION >= 1.99) {
+ # mod_perl 2, prior to the mod_perl2 rename (1.99_21, AKA 2.0.0
RC5)
+ die "mod_perl 2.0 RC5 or later is required\n";
+ }
- # we didn't fine a supported version issue a warning, and assume version 2.
- warn "no supported mod_perl version was found\n";
+ return 1;
+ }
+ # assume mod_perl version 2 is wanted
return 2;
}
-sub skip_no_apache_test {
- return <<'EOF';
-test::
- @echo \*** This test suite requires Apache::Test available from CPAN
-EOF
+# inserted by Dist::Zilla::Plugin::DynamicPrereqs 0.030
+sub _add_prereq {
+ my ($mm_key, $module, $version_or_range) = @_;
+ warn "$module already exists in $mm_key -- need to do a sane metamerge!"
+ if exists $WriteMakefileArgs{$mm_key}{$module}
+ and $WriteMakefileArgs{$mm_key}{$module} ne ($version_or_range || 0);
+ warn "$module already exists in FallbackPrereqs -- need to do a sane
metamerge!"
+ if exists $FallbackPrereqs{$module} and $FallbackPrereqs{$module} ne
($version_or_range || 0);
+ $WriteMakefileArgs{$mm_key}{$module} = $FallbackPrereqs{$module} =
$version_or_range || 0;
+ return;
+}
+
+sub requires { goto &runtime_requires }
+
+sub runtime_requires {
+ my ($module, $version_or_range) = @_;
+ _add_prereq(PREREQ_PM => $module, $version_or_range);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/SIGNATURE
new/Apache-AuthCookie-3.25/SIGNATURE
--- old/Apache-AuthCookie-3.24/SIGNATURE 2016-01-14 00:16:15.000000000
+0100
+++ new/Apache-AuthCookie-3.25/SIGNATURE 2016-08-30 17:32:01.000000000
+0200
@@ -1,5 +1,5 @@
This file contains message digests of all files listed in MANIFEST,
-signed via the Module::Signature module, version 0.73.
+signed via the Module::Signature module, version 0.80.
To verify the content in this distribution, first make sure you have
Module::Signature installed, then type:
@@ -14,30 +14,31 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-SHA1 9fba73a06915fdf43a0e5a3809f174b5e860b182 Changes
+SHA1 a2cae890f485e5357bd6a309a110aa00d12d3921 Changes
SHA1 cb36dd242de6d18cd64c4b55444347ebf09e43e7 LICENSE
-SHA1 4c0c99ee3b19ecbc08f30491799faa2ac9ecebf8 MANIFEST
+SHA1 27eddb7073eace038eb55ca32d92e2516288bb63 MANIFEST
SHA1 0ff75e1a6186d7274e76387884eca541fdd5ca4a MANIFEST.SKIP
-SHA1 5ffafb81bd4fa549d1b9954477bdd30255a44299 META.yml
-SHA1 7a2275cdc405f9585d15d08ff8edeeed8e6558de Makefile.PL
+SHA1 8fab019a50e2b99459e18c6d22a52ded2ddde1a1 META.yml
+SHA1 8dd68f95a4d4b109e87d297a4cbbb2ff802b0449 Makefile.PL
SHA1 b9945378262a25db34dcdba06da956a52876188b README
SHA1 0fbbaf3a8362d5356d104ce148db9e3d07e1c7bf README.apache-2.4.pod
SHA1 ccbc46a0385aabadd1e6f4a22f8d4ebb11b44901 README.modperl2
-SHA1 b5885da476dded21d874ddaf62eeab9afa4ef660 lib/Apache/AuthCookie.pm
-SHA1 6cbdbebc1b4a1ce90f9ded7bf5c31f19c19f4e1b lib/Apache/AuthCookie/Autobox.pm
-SHA1 3fc5539118a30496b9c9a2659aa4ecba010d37f7 lib/Apache/AuthCookie/FAQ.pod
-SHA1 f05973756eaa606d62965641ce181ef877061bde lib/Apache/AuthCookie/Params.pm
-SHA1 8da245e78647a7d6f6319190b29571166b63ea34
lib/Apache/AuthCookie/Params/Base.pm
-SHA1 7565fa5fb1bbd2ac8776e0f48950b067ef6b3974
lib/Apache/AuthCookie/Params/CGI.pm
-SHA1 b79b109eb9e83eae771f84150e9e29a6cafa0c97 lib/Apache/AuthCookie/Util.pm
-SHA1 8893d614abb8a99907204bb493ef7508d5b6e769 lib/Apache2/AuthCookie.pm
-SHA1 cfc494f7d1b3047f365fda488a57e9d31080b0b7 lib/Apache2/AuthCookie/Base.pm
-SHA1 05f74437cc15aa913fda411cfeafd82613a2dc02 lib/Apache2/AuthCookie/Params.pm
-SHA1 ca36db816d36bbe96f8b84f6481bf11b50234905 lib/Apache2_4/AuthCookie.pm
+SHA1 283ecb3dd2a91c748569a52050f8184e76ba55b5 lib/Apache/AuthCookie.pm
+SHA1 4a6981c49fc5837a91cb6a400b2a017a2760b3d7 lib/Apache/AuthCookie/Autobox.pm
+SHA1 875772859ec423fc0f835abd0ce7e81f766fb2e5 lib/Apache/AuthCookie/FAQ.pod
+SHA1 a4790453b96de7817a251e030965f1e2640bdc0b lib/Apache/AuthCookie/Params.pm
+SHA1 298919bb5cf0db17e052c3ce320847b023382df5
lib/Apache/AuthCookie/Params/Base.pm
+SHA1 1a5220eca9b8c8e783d7b5d6a172cd6d33a6a11e
lib/Apache/AuthCookie/Params/CGI.pm
+SHA1 1a72d6d93d85440e91df92f9cd979470d167a9ce lib/Apache/AuthCookie/Util.pm
+SHA1 80b88c3c25428618615e547ff536da2696cbbe18 lib/Apache2/AuthCookie.pm
+SHA1 6750d7ec675a34d2804334e6488dcd7f08398a1b lib/Apache2/AuthCookie/Base.pm
+SHA1 933b45fe7bdc36ecff531b9badd73ef932d20a3a lib/Apache2/AuthCookie/Params.pm
+SHA1 3266d20f24f0e6cce9bf537e2e8fa1c4fa36820d lib/Apache2_4/AuthCookie.pm
+SHA1 e21395a75362501def2a576a112471e5b4f5b7fd scripts/perlbrew-smoke
SHA1 3ac8de46e7bba83f6969caec3c9c14cbd99881cb t/Skeleton/AuthCookieHandler.pm
SHA1 b1f854e6edecbdd44fc7b8db719e0fe21d9340d1 t/TEST.PL
-SHA1 290c96de9cbeafe5cc6ad7f3a47d706e740ba28f t/autobox.t
-SHA1 14b2d1c4e40ea7477059c6b792e31592b15120a4 t/conf/extra.conf.in
+SHA1 f406569e6d2f498d09ae9f62baeb9b5b0c84ffbc t/author-pod-syntax.t
+SHA1 85dd55d2df52d1fa188488e2c8a34502b1db1c65 t/conf/extra.conf.in
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/authall/get_me.html
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/authany/get_me.html
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9
t/htdocs/docs/cookiename/get_me.html
@@ -49,17 +50,19 @@
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/myuser/get_me.html
SHA1 b37a85d16cbb2342b407f2ba70b8a61aa1ca67bb
t/htdocs/docs/protected/echo_user.pl
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9
t/htdocs/docs/protected/get_me.html
+SHA1 077d964c9f67b5dfe4f5f6a73c71ccbd60bd03af
t/htdocs/docs/protected/index.html
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9
t/htdocs/docs/stimeout/get_me.html
SHA1 d8a8ea1ebe037a4dea4ad8d1c5b0704b2d43e854
t/lib/Sample/Apache/AuthCookieHandler.pm
-SHA1 b17b0f3ee3a6643cd57c0d9946c4aa62b0d9e3bb
t/lib/Sample/Apache2/AuthCookieHandler.pm
-SHA1 2fe3e04dd78f4e0ea8322f6482153bee96585b9a
t/lib/Sample/Apache2_4/AuthCookieHandler.pm
-SHA1 97d4f24fa12ac67b785863fefcb491fcf8836af9 t/real.t
-SHA1 61cea839dd94aaaeb301ccac9b83cde4c5c91b42 t/signature.t
+SHA1 7b012cec6263c1427b5d6e3a639eaaf1abce78ba
t/lib/Sample/Apache2/AuthCookieHandler.pm
+SHA1 b19593e0dc51baa6a4d84bc27da2e53632ab8592
t/lib/Sample/Apache2_4/AuthCookieHandler.pm
+SHA1 bcd7c4b28c34f78715c9d3418a28268dda747905 t/real.t
+SHA1 f0c37746e0277de1ddb62c9227628a5ebe5a777a t/signature.t
SHA1 e91bf0ef7d63322eaf15ca7d9907c6db47ce90ca t/startup.pl
+SHA1 da33f704880ddd2596521c39be5b7b6a22913882 t/util.t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-iEYEARECAAYFAlaW2r8ACgkQ+CqvSzp9LOznBwCfVyvPHeoEKntFe34bphvP2cOh
-bHEAn0jRy+56CvxnZpE0adpINHCgBTbI
-=N7RO
+iD8DBQFXxabx+CqvSzp9LOwRAkpVAJ9ZdgjHgf1JJuQRkW4I6uEMaoDUnACgrE+e
++4M5YVDFwyX+IaszG3YM2NA=
+=kfdI
-----END PGP SIGNATURE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Autobox.pm
new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Autobox.pm
--- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Autobox.pm 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Autobox.pm 2016-08-30
17:32:01.000000000 +0200
@@ -1,9 +1,10 @@
package Apache::AuthCookie::Autobox;
-$Apache::AuthCookie::Autobox::VERSION = '3.24';
+$Apache::AuthCookie::Autobox::VERSION = '3.25';
# ABSTRACT: Autobox Extensions for AuthCookie
use strict;
use base 'autobox';
+use Apache::AuthCookie::Util qw(is_blank);
sub import {
my $class = shift;
@@ -14,7 +15,7 @@
}
package Apache::AuthCookie::Autobox::Scalar;
-$Apache::AuthCookie::Autobox::Scalar::VERSION = '3.24';
+$Apache::AuthCookie::Autobox::Scalar::VERSION = '3.25';
sub is_blank {
return defined $_[0] && ($_[0] =~ /\S/) ? 0 : 1;
}
@@ -31,7 +32,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/FAQ.pod
new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/FAQ.pod
--- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/FAQ.pod 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/FAQ.pod 2016-08-30
17:32:01.000000000 +0200
@@ -1,6 +1,6 @@
# make Dist::Zilla happy.
package Apache::AuthCookie::FAQ;
-$Apache::AuthCookie::FAQ::VERSION = '3.24';
+
# ABSTRACT: Frequently Asked Questions about Apache::AuthCookie.
1;
@@ -15,7 +15,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 DESCRIPTION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params/Base.pm
new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params/Base.pm
--- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params/Base.pm
2016-01-14 00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params/Base.pm
2016-08-30 17:32:01.000000000 +0200
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Params::Base;
-$Apache::AuthCookie::Params::Base::VERSION = '3.24';
+$Apache::AuthCookie::Params::Base::VERSION = '3.25';
# ABSTRACT: Internal CGI AuthCookie Params Base Class
use strict;
@@ -44,7 +44,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params/CGI.pm
new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params/CGI.pm
--- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params/CGI.pm
2016-01-14 00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params/CGI.pm
2016-08-30 17:32:01.000000000 +0200
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Params::CGI;
-$Apache::AuthCookie::Params::CGI::VERSION = '3.24';
+$Apache::AuthCookie::Params::CGI::VERSION = '3.25';
# ABSTRACT: Internal CGI Params Subclass
use strict;
@@ -32,7 +32,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params.pm
new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params.pm
--- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params.pm 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params.pm 2016-08-30
17:32:01.000000000 +0200
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Params;
-$Apache::AuthCookie::Params::VERSION = '3.24';
+$Apache::AuthCookie::Params::VERSION = '3.25';
# ABSTRACT: AuthCookie Params Driver for mod_perl 1.x
use strict;
@@ -44,7 +44,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Util.pm
new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Util.pm
--- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Util.pm 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Util.pm 2016-08-30
17:32:01.000000000 +0200
@@ -1,8 +1,11 @@
package Apache::AuthCookie::Util;
-$Apache::AuthCookie::Util::VERSION = '3.24';
+$Apache::AuthCookie::Util::VERSION = '3.25';
# ABSTRACT: Internal Utility Functions for AuthCookie
use strict;
+use base 'Exporter';
+
+our @EXPORT_OK = qw(is_blank);
# -- expires() shamelessly taken from CGI::Util
sub expires {
@@ -84,6 +87,11 @@
return 1;
}
+# return true if the given value is blank or not defined.
+sub is_blank {
+ return defined $_[0] && ($_[0] =~ /\S/) ? 0 : 1;
+}
+
1;
__END__
@@ -96,7 +104,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 SOURCE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie.pm
new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie.pm
--- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie.pm 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie.pm 2016-08-30
17:32:01.000000000 +0200
@@ -1,5 +1,5 @@
package Apache::AuthCookie;
-$Apache::AuthCookie::VERSION = '3.24';
+$Apache::AuthCookie::VERSION = '3.25';
# ABSTRACT: Perl Authentication and Authorization via cookies
use strict;
@@ -8,22 +8,21 @@
use mod_perl qw(1.07 StackedHandlers MethodHandlers Authen Authz);
use Apache::Constants qw(:common M_GET FORBIDDEN OK REDIRECT);
use Apache::AuthCookie::Params;
-use Apache::AuthCookie::Util;
-use Apache::AuthCookie::Autobox;
+use Apache::AuthCookie::Util qw(is_blank);
use Apache::Util qw(escape_uri);
sub recognize_user ($$) {
my ($self, $r) = @_;
# only check if user is not already set
- return DECLINED unless $r->connection->user->is_blank;
+ return DECLINED unless is_blank($r->connection->user);
my $debug = $r->dir_config("AuthCookieDebug") || 0;
my ($auth_type, $auth_name) = ($r->auth_type, $r->auth_name);
- return DECLINED if $auth_type->is_blank or $auth_name->is_blank;
+ return DECLINED if is_blank($auth_type) or is_blank($auth_name);
- return DECLINED if $r->header_in('Cookie')->is_blank;
+ return DECLINED if is_blank($r->header_in('Cookie'));
my $cookie_name = $self->cookie_name($r);
@@ -32,7 +31,7 @@
return DECLINED unless $cookie;
my ($user, @args) = $auth_type->authen_ses_key($r, $cookie);
- if (!$user->is_blank and scalar @args == 0) {
+ if (!is_blank($user) and scalar @args == 0) {
$r->log_error("user is $user") if $debug >= 2;
# if SessionTimeout is on, send new cookie with new Expires.
@@ -46,7 +45,7 @@
return $auth_type->custom_errors($r, $user, @args);
}
- return $user->is_blank ? DECLINED : OK;
+ return is_blank($user) ? DECLINED : OK;
}
sub cookie_name {
@@ -259,7 +258,7 @@
my ($auth_user, @args) =
$auth_type->authen_ses_key($r, $ses_key_cookie);
- if (!$auth_user->is_blank and scalar @args == 0) {
+ if (!is_blank($auth_user) and scalar @args == 0) {
# We have a valid session key, so we return with an OK value.
# Tell the rest of Apache what the authentication method and
@@ -383,7 +382,7 @@
my $reqs_arr = $r->requires or return DECLINED;
my $user = $r->connection->user;
- if ($user->is_blank) {
+ if (is_blank($user)) {
# authentication failed
$r->log_reason("No user authenticated", $r->uri);
return FORBIDDEN;
@@ -549,7 +548,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie/Base.pm
new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie/Base.pm
--- old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie/Base.pm 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie/Base.pm 2016-08-30
17:32:01.000000000 +0200
@@ -1,10 +1,10 @@
package Apache2::AuthCookie::Base;
-$Apache2::AuthCookie::Base::VERSION = '3.24';
+$Apache2::AuthCookie::Base::VERSION = '3.25';
use strict;
use mod_perl2 '1.99022';
use Carp;
-use Apache::AuthCookie::Util;
+use Apache::AuthCookie::Util qw(is_blank);
use Apache2::AuthCookie::Params;
use Apache2::RequestRec;
use Apache2::RequestUtil;
@@ -12,7 +12,6 @@
use Apache2::Access;
use Apache2::Response;
use Apache2::Util;
-use Apache::AuthCookie::Autobox;
use APR::Table;
use Apache2::Const qw(:common M_GET HTTP_FORBIDDEN HTTP_MOVED_TEMPORARILY
HTTP_OK);
@@ -20,16 +19,16 @@
my ($self, $r) = @_;
# only check if user is not already set
- return DECLINED unless $r->user->is_blank;
+ return DECLINED unless is_blank($r->user);
my $debug = $r->dir_config("AuthCookieDebug") || 0;
my $auth_type = $r->auth_type;
my $auth_name = $r->auth_name;
- return DECLINED if $auth_type->is_blank or $auth_name->is_blank;
+ return DECLINED if is_blank($auth_type) or is_blank($auth_name);
- return DECLINED if $r->headers_in->get('Cookie')->is_blank;
+ return DECLINED if is_blank($r->headers_in->get('Cookie'));
my $cookie = $self->key($r);
my $cookie_name = $self->cookie_name($r);
@@ -37,11 +36,11 @@
$r->server->log_error("cookie $cookie_name is $cookie")
if $debug >= 2;
- return DECLINED if $cookie->is_blank;
+ return DECLINED if is_blank($cookie);
my ($user,@args) = $auth_type->authen_ses_key($r, $cookie);
- if (!$user->is_blank and scalar @args == 0) {
+ if (!is_blank($user) and scalar @args == 0) {
$r->server->log_error("user is $user") if $debug >= 2;
# send cookie with update expires timestamp if session timeout is on
@@ -55,7 +54,7 @@
return $auth_type->custom_errors($r, $user, @args);
}
- return $user->is_blank ? DECLINED : OK;
+ return is_blank($user) ? DECLINED : OK;
}
sub cookie_name {
@@ -228,12 +227,14 @@
$r->server->log_error("authenticate() entry") if ($debug >= 3);
$r->server->log_error("auth_type " . $auth_type) if ($debug >= 3);
- unless ($r->is_initial_req) {
- if (defined $r->prev) {
- # we are in a subrequest. Just copy user from previous request.
- $r->user( $r->prev->user );
+ if (my $prev = ($r->prev || $r->main)) {
+ # we are in a subrequest or internal redirect. Just copy user from the
+ # previous or main request if its is present
+ if (defined $prev->user) {
+ $r->server->log_error('authenticate() is in a subrequest or
internal redirect.') if $debug >= 3;
+ $r->user( $prev->user );
+ return OK;
}
- return OK;
}
if ($debug >= 3) {
@@ -266,7 +267,7 @@
if ($ses_key_cookie) {
my ($auth_user, @args) = $auth_type->authen_ses_key($r,
$ses_key_cookie);
- if (!$auth_user->is_blank and scalar @args == 0) {
+ if (!is_blank($auth_user) and scalar @args == 0) {
# We have a valid session key, so we return with an OK value.
# Tell the rest of Apache what the authentication method and
# user is.
@@ -450,7 +451,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 SOURCE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie/Params.pm
new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie/Params.pm
--- old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie/Params.pm 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie/Params.pm 2016-08-30
17:32:01.000000000 +0200
@@ -1,5 +1,5 @@
package Apache2::AuthCookie::Params;
-$Apache2::AuthCookie::Params::VERSION = '3.24';
+$Apache2::AuthCookie::Params::VERSION = '3.25';
# ABSTRACT: AuthCookie Params Driver for mod_perl 2.x
use strict;
@@ -40,7 +40,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie.pm
new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie.pm
--- old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie.pm 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie.pm 2016-08-30
17:32:01.000000000 +0200
@@ -1,13 +1,13 @@
package Apache2::AuthCookie;
-$Apache2::AuthCookie::VERSION = '3.24';
+$Apache2::AuthCookie::VERSION = '3.25';
# ABSTRACT: Perl Authentication and Authorization via cookies
use strict;
use Carp;
use base 'Apache2::AuthCookie::Base';
-use Apache::AuthCookie::Autobox;
use Apache2::Const qw(OK DECLINED SERVER_ERROR HTTP_FORBIDDEN);
+use Apache::AuthCookie::Util qw(is_blank);
sub authorize {
my ($auth_type, $r) = @_;
@@ -30,7 +30,7 @@
$r->server->log_error("authorize user=$user type=$auth_type") if $debug
>=3;
- if ($user->is_blank) {
+ if (is_blank($user)) {
# the authentication failed
$r->server->log_error("No user authenticated", $r->uri);
return HTTP_FORBIDDEN;
@@ -113,7 +113,7 @@
=head1 VERSION
-version 3.24
+version 3.25
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache2_4/AuthCookie.pm
new/Apache-AuthCookie-3.25/lib/Apache2_4/AuthCookie.pm
--- old/Apache-AuthCookie-3.24/lib/Apache2_4/AuthCookie.pm 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/lib/Apache2_4/AuthCookie.pm 2016-08-30
17:32:01.000000000 +0200
@@ -1,10 +1,12 @@
package Apache2_4::AuthCookie;
-$Apache2_4::AuthCookie::VERSION = '3.24';
+$Apache2_4::AuthCookie::VERSION = '3.25';
+# ABSTRACT: Perl Authentication and Authorization via cookies for Apache 2.4
+
use strict;
use base 'Apache2::AuthCookie::Base';
-use Apache::AuthCookie::Autobox;
use Apache2::Log;
use Apache2::Const -compile => qw(AUTHZ_GRANTED AUTHZ_DENIED
AUTHZ_DENIED_NO_USER);
+use Apache::AuthCookie::Util qw(is_blank);
# You really do not need this provider at all. This provides an implementation
# for "Require user ..." directives, that is compatible with mod_authz_core
@@ -18,12 +20,12 @@
my $user = $r->user;
- if ($user->is_blank) {
+ if (is_blank($user)) {
# user is not yet authenticated
return Apache2::Const::AUTHZ_DENIED_NO_USER;
}
- if ($requires->is_blank) {
+ if (is_blank($requires)) {
$r->server->log_error(q[Your 'Require user ...' config does not
specify any users]);
return Apache2::Const::AUTHZ_DENIED;
}
@@ -52,11 +54,11 @@
=head1 NAME
-Apache2_4::AuthCookie
+Apache2_4::AuthCookie - Perl Authentication and Authorization via cookies for
Apache 2.4
=head1 VERSION
-version 3.24
+version 3.25
=head1 SYNOPSIS
@@ -571,7 +573,7 @@
Why is my authz method called twice per request?
-This is normal behaviour under Apache 2.4. This is to accomodate for
+This is normal behaviour under Apache 2.4. This is to accommodate for
authorization of anonymous access. You are expected to return
C<Apache2::Const::AUTHZ_DENIED_NO_USER> IF C<< $r->user >> has not yet been set
if you want authentication to proceed. Your authz handler will be called a
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/scripts/perlbrew-smoke
new/Apache-AuthCookie-3.25/scripts/perlbrew-smoke
--- old/Apache-AuthCookie-3.24/scripts/perlbrew-smoke 1970-01-01
01:00:00.000000000 +0100
+++ new/Apache-AuthCookie-3.25/scripts/perlbrew-smoke 2016-08-30
17:32:01.000000000 +0200
@@ -0,0 +1,97 @@
+#!/usr/bin/env bash
+#
+# This is an internal use only script for smoke testing this dist against
+# various perlbrew installations.
+#
+
+# fail fast and hard
+set -eo pipefail
+
+# make sure perlbrew is initialized
+. $HOME/perl5/perlbrew/etc/bashrc
+
+die() {
+ echo $@
+ exit 1
+}
+
+check_perlbrew() {
+ if [ -z "$PERLBREW_ROOT" ] || [ -z "$PERLBREW_PERL" ]; then
+ die "perlbrew does not seem to be initialized"
+ fi
+
+ if [ ! -d $PERLBREW_ROOT/perls/$PERLBREW_PERL ]; then
+ die "$PERLBREW_PERL does not seem to be a valid perl installation"
+ fi
+
+ if [ ! -d $PERLBREW_ROOT/perls/$PERLBREW_PERL/.git ]; then
+ die "perlbrew installation $PERLBREW_PERL is not a git repository"
+ fi
+}
+
+perlbrew_reset() {
+ (
+ cd $PERLBREW_ROOT/perls/$PERLBREW_PERL
+ git clean -fdx
+ git checkout .
+ )
+}
+
+install_cpan_deps() {
+ PERL_VERSION=$(perl -e 'print $]')
+
+ if [ ! -z "$CPAN_MINVERSION" ]; then
+ cpanm -q --notest \
+ Test::More@0.94 \
+ URI@1.30 \
+ LWP::UserAgent@2.033 \
+ Apache::Test@1.39 \
+ Class::Load@0.03
+ else
+ cpanm -q --notest --skip-satisfied --installdeps .
+
+ # install optional modules so that tests run
+ cpanm -q --notest --skip-satisfied URI~1.30 LWP::UserAgent~2.033
+
+ # modern Test::More+ApacheTest and 5.8.9 do not play nicely together.
+ # force downgrade to 0.94 if necessary
+ if [ $PERL_VERSION = "5.008009" ] || [ $PERL_VERSION = "5.010001" ];
then
+ cpanm -q --notest Test::More@0.94
+ fi
+ fi
+
+ # if author testing is set, install author testing deps
+ if [ ! -z "$AUTHOR_TESTING" ]; then
+ cpanm -q --notest Test::Pod
+ fi
+
+ # if signature testing is on, install Module::Signature
+ if [ ! -z "$TEST_SIGNATURE" ]; then
+ cpanm -q --notest Module::Signature
+ fi
+}
+
+smoke_perl() {
+ local variant=$1
+
+ perlbrew use $variant
+
+ check_perlbrew
+
+ perlbrew_reset
+
+ install_cpan_deps
+
+ [ -f Makefile ] && make clean
+
+ perl Makefile.PL && make test
+}
+
+perlbrew list | grep apache | sed -e 's/*//' | while read variant
+do
+ echo "=====> TESTING AGAINST PERLBREW INSTALL: $variant <====="
+
+ smoke_perl $variant
+
+ echo ""
+done
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/author-pod-syntax.t
new/Apache-AuthCookie-3.25/t/author-pod-syntax.t
--- old/Apache-AuthCookie-3.24/t/author-pod-syntax.t 1970-01-01
01:00:00.000000000 +0100
+++ new/Apache-AuthCookie-3.25/t/author-pod-syntax.t 2016-08-30
17:32:01.000000000 +0200
@@ -0,0 +1,15 @@
+#!perl
+
+BEGIN {
+ unless ($ENV{AUTHOR_TESTING}) {
+ print "1..0 # SKIP these tests are for testing by the author\n";
+ exit
+ }
+}
+
+# This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests.
+use strict; use warnings;
+use Test::More;
+use Test::Pod 1.41;
+
+all_pod_files_ok();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/autobox.t
new/Apache-AuthCookie-3.25/t/autobox.t
--- old/Apache-AuthCookie-3.24/t/autobox.t 2016-01-14 00:16:15.000000000
+0100
+++ new/Apache-AuthCookie-3.25/t/autobox.t 1970-01-01 01:00:00.000000000
+0100
@@ -1,20 +0,0 @@
-#!/usr/bin/env perl
-#
-# tests for Apache::AuthCookie::Autobox
-#
-
-use strict;
-use Test::More tests => 8;
-
-# don't use_ok, this needs to load at compile time.
-use Apache::AuthCookie::Autobox;
-
-ok ' '->is_blank;
-ok ''->is_blank;
-ok "\t"->is_blank;
-ok "\n"->is_blank;
-ok "\r\n"->is_blank;
-ok undef->is_blank;
-ok !0->is_blank;
-ok !'a'->is_blank;
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/conf/extra.conf.in
new/Apache-AuthCookie-3.25/t/conf/extra.conf.in
--- old/Apache-AuthCookie-3.24/t/conf/extra.conf.in 2016-01-14
00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/t/conf/extra.conf.in 2016-08-30
17:32:01.000000000 +0200
@@ -51,6 +51,8 @@
</IfDefine>
</IfDefine>
Require user programmer
+
+ DirectoryIndex index.html
</Location>
# must satisfy any requirement
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.24/t/htdocs/docs/protected/index.html
new/Apache-AuthCookie-3.25/t/htdocs/docs/protected/index.html
--- old/Apache-AuthCookie-3.24/t/htdocs/docs/protected/index.html
1970-01-01 01:00:00.000000000 +0100
+++ new/Apache-AuthCookie-3.25/t/htdocs/docs/protected/index.html
2016-08-30 17:32:01.000000000 +0200
@@ -0,0 +1,9 @@
+<HTML>
+<HEAD>
+<TITLE>Congratulations</TITLE>
+</HEAD>
+<BODY>
+<H1>Congratulations, you got index.html</H1>
+<P><A HREF="../logout.pl">Log Out</A></P>
+</BODY>
+</HTML>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.24/t/lib/Sample/Apache2/AuthCookieHandler.pm
new/Apache-AuthCookie-3.25/t/lib/Sample/Apache2/AuthCookieHandler.pm
--- old/Apache-AuthCookie-3.24/t/lib/Sample/Apache2/AuthCookieHandler.pm
2016-01-14 00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/t/lib/Sample/Apache2/AuthCookieHandler.pm
2016-08-30 17:32:01.000000000 +0200
@@ -5,7 +5,6 @@
use Apache2::AuthCookie;
use Apache2::RequestRec;
use Apache2::RequestIO;
-use Apache::AuthCookie::Autobox;
use vars qw(@ISA);
use Apache::Test;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.24/t/lib/Sample/Apache2_4/AuthCookieHandler.pm
new/Apache-AuthCookie-3.25/t/lib/Sample/Apache2_4/AuthCookieHandler.pm
--- old/Apache-AuthCookie-3.24/t/lib/Sample/Apache2_4/AuthCookieHandler.pm
2016-01-14 00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/t/lib/Sample/Apache2_4/AuthCookieHandler.pm
2016-08-30 17:32:01.000000000 +0200
@@ -4,7 +4,7 @@
use Sample::Apache2::AuthCookieHandler;
use Apache2::Const qw(AUTHZ_DENIED_NO_USER);
use Apache2::RequestRec;
-use Apache::AuthCookie::Autobox;
+use Apache::AuthCookie::Util qw(is_blank);
use vars qw(@ISA);
@@ -21,7 +21,7 @@
my $user = $r->user;
- if ($user->is_blank) {
+ if (is_blank($user)) {
$r->server->log_error("No user authenticted yet");
return Apache2::Const::AUTHZ_DENIED_NO_USER;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/real.t
new/Apache-AuthCookie-3.25/t/real.t
--- old/Apache-AuthCookie-3.24/t/real.t 2016-01-14 00:16:15.000000000 +0100
+++ new/Apache-AuthCookie-3.25/t/real.t 2016-08-30 17:32:01.000000000 +0200
@@ -14,33 +14,39 @@
Apache::TestRequest::user_agent( reset => 1, requests_redirectable => 0 );
-plan tests => 52, need_lwp;
+plan tests => 32, need_lwp;
-ok 1; # we loaded.
+ok 1, 'Test initialized';
# TODO: the test descriptions should be things other than 'test #' here.
# check that /docs/index.html works. If this fails, the test environment did
# not configure properly.
-{
+subtest 'get index.html' => sub {
+ plan tests => 1;
+
my $url = '/docs/index.html';
my $data = strip_cr(GET_BODY $url);
like($data, qr/Get the protected document/s,
'/docs/index.html seems to work');
-}
+};
# test no_cookie failure
-{
+subtest 'no cookie' => sub {
+ plan tests => 1;
+
my $url = '/docs/protected/get_me.html';
my $r = GET $url;
like($r->content, qr/Failure reason: 'no_cookie'/s,
'no_cookie works');
-}
+};
# should succeed with redirect.
-{
+subtest 'login redirects' => sub {
+ plan tests => 2;
+
my $r = POST('/LOGIN', [
destination => '/docs/protected/get_me.html',
credential_0 => 'programmer',
@@ -50,10 +56,31 @@
is($r->code, 302, 'login produces redirect');
is($r->header('Location'), '/docs/protected/get_me.html',
'redirect header exists, and contains expected url');
-}
+};
+
+subtest 'redirect with bad session key' => sub {
+ plan tests => 3;
+
+ my $r = POST('/LOGIN', [
+ destination => '/docs/protected/get_me.html',
+ credential_0 => 'programmer',
+ credential_1 => 'Heroo'
+ ]);
+
+ is($r->code, 302, 'programmer:Heroo login replies with redirect');
+
+ is($r->header('Location'), '/docs/protected/get_me.html',
+ 'programmer:Heroo location header contains expected URL');
+
+ is($r->header('Set-Cookie'),
+ 'Sample::AuthCookieHandler_WhatEver=programmer:Heroo; path=/',
+ 'programmer:Heroo cookie header contains expected data');
+};
# get protected document with valid cookie. Should succeed.
-{
+subtest 'redirect wit valid cookie' => sub {
+ plan tests => 2;
+
my $uri = '/docs/protected/get_me.html';
my $r = GET(
@@ -64,20 +91,27 @@
is($r->code, '200', 'get protected document');
like($r->content, qr/Congratulations, you got past AuthCookie/s,
'check protected document content');
-}
+};
-# should fail with no_cookie
-{
- my $url = '/docs/protected/get_me.html';
+subtest 'directory index' => sub {
+ plan tests => 2;
- my $dat = strip_cr(GET_BODY($url));
+ my $uri = '/docs/protected/';
- like($dat, qr/Failure reason: 'no_cookie'/s,
- 'test failure reason: no_cookie');
-}
+ my $r = GET(
+ $uri,
+ Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero;'
+ );
+
+ is($r->code, '200', 'get protected document');
+ like($r->content, qr/Congratulations, you got index\.html/s,
+ 'check protected index.html document content');
+};
# should have a Set-Cookie header that expired at epoch.
-{
+subtest 'logout deletes cookie' => sub {
+ plan tests => 1;
+
my $url = '/docs/logout.pl';
my $r = GET($url);
@@ -86,58 +120,48 @@
my $expected = 'Sample::AuthCookieHandler_WhatEver=; expires=Mon,
21-May-1971 00:00:00 GMT; path=/';
is($data, $expected, 'logout tries to delete the cookie');
-}
+};
# check the session key
-{
+subtest 'session key data' => sub {
+ plan tests => 1;
+
my $data = GET_BODY(
'/docs/echo_cookie.pl',
Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero;'
);
is(strip_cr($data), 'programmer:Hero', 'session key contains expected
data');
-}
+};
# should fail because of 'require user programmer'
-{
+subtest 'invalid user' => sub {
+ plan tests => 1;
+
my $r = GET(
'/docs/protected/get_me.html',
Cookie => 'Sample::AuthCookieHandler_WhatEver=some-user:duck;'
);
is($r->code, '403', 'user "some-user" is not authorized');
-}
-
-# Should redirect to /docs/protected/get_me.html
-{
- my $r = POST('/LOGIN', [
- destination => '/docs/protected/get_me.html',
- credential_0 => 'programmer',
- credential_1 => 'Heroo'
- ]);
-
- is($r->code, 302, 'programmer:Heroo login replies with redirect');
-
- is($r->header('Location'), '/docs/protected/get_me.html',
- 'programmer:Heroo location header contains expected URL');
-
- is($r->header('Set-Cookie'),
- 'Sample::AuthCookieHandler_WhatEver=programmer:Heroo; path=/',
- 'programmer:Heroo cookie header contains expected data');
-}
+};
# should get the login form back (bad_cookie).
-{
+subtest 'invalid cookie' => sub {
+ plan tests => 1;
+
my $data = GET_BODY(
'/docs/protected/get_me.html',
Cookie=>'Sample::AuthCookieHandler_WhatEver=programmer:Heroo'
);
like($data, qr/Failure reason: 'bad_cookie'/, 'invalid cookie');
-}
+};
# should get the login form back (bad_credentials)
-{
+subtest 'bad credentials' => sub {
+ plan tests => 1;
+
my $r = POST('/LOGIN', [
destination => '/docs/protected/get_me.html',
credential_0 => 'fail',
@@ -146,10 +170,11 @@
like($r->content, qr/Failure reason: 'bad_credentials'/,
'invalid credentials');
-}
+};
+
+subtest 'AuthAny' => sub {
+ plan tests => 3;
-# check that the destination is right.
-{
my $r = POST('/LOGIN', [
destination => '/docs/authany/get_me.html',
credential_0 => 'some-user',
@@ -164,21 +189,21 @@
'Set-Cookie header is correct');
is($r->code, 302, 'redirect code is correct');
-}
+};
# should fail because all requirements are not met
-{
+subtest 'AuthAll' => sub {
+ plan tests => 3;
+
my $r = GET(
'/docs/authall/get_me.html',
Cookie => 'Sample::AuthCookieHandler_WhatEver=some-user:mypassword'
);
is($r->code(), 403, 'unauthorized if requirements are not met');
-}
-# should pass, ALL requirements are met
-{
- my $r = GET(
+ # should pass, ALL requirements are met
+ $r = GET(
'/docs/authall/get_me.html',
Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero'
);
@@ -186,28 +211,32 @@
is($r->code, '200', 'get protected document');
like($r->content, qr/Congratulations, you got past AuthCookie/s,
'check protected document content');
-}
+};
+
+subtest 'POST to GET conversion' => sub {
+ plan tests => 1;
-# test POST to GET conversion
-{
my $r = POST('/docs/protected/get_me.html', [
foo => 'bar'
]);
like($r->content, qr#"/docs/protected/get_me\.html\?foo=bar"#,
'POST -> GET conversion works');
-}
+};
+
+subtest 'QUERY_STRING is preserved' => sub {
+ plan tests => 1;
-# same test at #16, but in GET mode. Should succeed
-{
my $data = GET_BODY('/docs/protected/get_me.html?foo=bar');
like($data, qr#"/docs/protected/get_me\.html\?foo=bar"#,
'input query string exists in desintation');
-}
+};
# should succeed (any requirement is met)
-{
+subtest 'AuthAny' => sub {
+ plan tests => 3;
+
my $r = GET(
'/docs/authany/get_me.html',
Cookie => 'Sample::AuthCookieHandler_WhatEver=some-user:mypassword'
@@ -215,21 +244,29 @@
like($r->content, qr/Congratulations, you got past AuthCookie/,
'AuthAny access allowed');
-}
-# any requirement, username=0 works.
-{
- my $r = GET(
+ # any requirement, username=0 works.
+ $r = GET(
'/docs/authany/get_me.html',
Cookie => 'Sample::AuthCookieHandler_WhatEver=0:mypassword'
);
like($r->content, qr/Congratulations, you got past AuthCookie/,
'username=0 access allowed');
-}
+
+ # no AuthAny requirements met
+ $r = GET(
+ '/docs/authany/get_me.html',
+ Cookie => 'Sample::AuthCookieHandler_WhatEver=nouser:mypassword'
+ );
+
+ is($r->code, 403, 'AuthAny forbidden');
+};
# local authz provider test for 2.4 (works same as authany on older versions)
-{
+subtest 'Authz Provider' => sub {
+ plan tests => 1;
+
my $r = GET(
'/docs/myuser/get_me.html',
Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero'
@@ -237,10 +274,12 @@
like($r->content, qr/Congratulations, you got past AuthCookie/,
'myuser=programmer access allowed');
-}
+};
# login with username=0 works
-{
+subtest 'login with username=0' => sub {
+ plan tests => 2;
+
my $r = POST('/LOGIN', [
destination => '/docs/authany/get_me.html',
credential_0 => '0',
@@ -250,20 +289,12 @@
is($r->code, 302, 'username=0 login produces redirect');
is($r->header('Location'), '/docs/authany/get_me.html',
'redirect header exists, and contains expected url');
-}
-
-# should fail: AuthAny and NONE of the requirements are met.
-{
- my $r = GET(
- '/docs/authany/get_me.html',
- Cookie => 'Sample::AuthCookieHandler_WhatEver=nouser:mypassword'
- );
-
- is($r->code, 403, 'AuthAny forbidden');
-}
+};
# Should succeed and cookie should have HttpOnly attribute
-{
+subtest 'HttpOnly cookie attribute' => sub {
+ plan tests => 3;
+
my $r = POST('/LOGIN-HTTPONLY', [
destination => '/docs/protected/get_me.html',
credential_0 => 'programmer',
@@ -278,10 +309,12 @@
'cookie contains HttpOnly attribute');
is($r->code, 302, 'check redirect response code');
-}
+};
# test SessionTimeout
-{
+subtest 'session timeout' => sub {
+ plan tests => 1;
+
my $r = GET(
'/docs/stimeout/get_me.html',
Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero'
@@ -290,11 +323,13 @@
like($r->header('Set-Cookie'),
qr/^Sample::AuthCookieHandler_WhatEver=.*expires=.+/,
'Set-Cookie contains expires property');
-}
+};
# should return bad credentials page, and credentials should be in a comment.
# We are checking here that $r->prev->pnotes('WhatEverCreds') works.
-{
+subtest 'creds are in pnotes' => sub {
+ plan tests => 1;
+
my $r = POST('/LOGIN', [
destination => '/docs/protected/get_me.html',
credential_0 => 'fail',
@@ -302,11 +337,13 @@
]);
like($r->content, qr/creds: fail Hero/s, 'WhatEverCreds pnotes works');
-}
+};
# regression - Apache2::URI::unescape_url() does not handle '+' to ' '
# conversion.
-{
+subtest 'unescape URL with spaces' => sub {
+ plan tests => 1;
+
my $r = POST('/LOGIN', [
destination => '/docs/protected/get_me.html',
credential_0 => 'fail',
@@ -315,11 +352,13 @@
like($r->content, qr/creds: fail one two/,
'read form data handles "+" conversion');
-}
+};
# variation of '+' to ' ' regression. Make sure we do not remove encoded
# '+'
-{
+subtest 'do not remove encoded +' => sub {
+ plan tests => 1;
+
my $r = POST('/LOGIN', [
destination => '/docs/protected/get_me.html',
credential_0 => 'fail',
@@ -328,10 +367,12 @@
like($r->content, qr/creds: fail one\+two/,
'read form data handles "+" conversion with encoded +');
-}
+};
# XSS attack prevention. make sure embedded \r, \n, \t is escaped in the
destination.
-{
+subtest 'XSS: no newlines in destination' => sub {
+ plan tests => 4;
+
my $r = POST('/LOGIN', [
destination => "/docs/protected/get_me.html\r\nX-Test-Bar:
True\r\nX-Test-Foo: True\r\n",
credential_0 => 'programmer',
@@ -350,28 +391,33 @@
ok(!defined $r->header('X-Test-Foo'), 'anti XSS injection with escaped
CRLF');
ok(!defined $r->header('X-Test-Bar'), 'anti XSS injection with escaped
CRLF');
-}
+};
# embedded html tags in destination
-{
+subtest 'XSS: no embedded HTML in destination' => sub {
+ plan tests => 1;
+
my $r = POST('/LOGIN', [
destination => '"><form method="post">Embedded Form</form>'
]);
like $r->content, qr{"%22%3E%3Cform method=%22post%22%3EEmbedded
Form%3C/form%3E"};
-}
+};
# embedded script tags
-{
+subtest 'XSS: no embedded script' => sub {
+ plan tests => 1;
+
my $r = POST('/LOGIN', [
destination => q{"><script>alert('123')</script>}
]);
ok index($r->content, q{<script>alert('123')</script>}) == -1;
-}
+};
+
+subtest 'preserve / in password' => sub {
+ plan tests => 1;
-# make sure '/' in password is preserved.
-{
my $r = POST('/LOGIN', [
destination => '/docs/protected/get_me.html',
credential_0 => 'fail',
@@ -380,10 +426,12 @@
like($r->content, qr/creds: fail one\/two/,
'read form data handles "/" conversion with encoded +');
-}
+};
# make sure multi-valued form data is preserved.
-{
+subtest 'multi-valued form data is preserved' => sub {
+ plan tests => 2;
+
my $r = POST('/docs/protected/xyz', [
one => 'abc',
one => 'def'
@@ -396,19 +444,23 @@
# check for multi-valued form data.
like($r->content, qr/one=abc&one=def/,
'post conversion perserves multi-valued fields');
-}
+};
# make sure $ENV{REMOTE_USER} gets set up
-{
+subtest 'setup $ENV{REMOTE_USER}' => sub {
+ plan tests => 1;
+
my $r = GET('/docs/protected/echo_user.pl',
Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero'
);
like($r->content, qr/User: programmer/);
-}
+};
# test login form response status=OK with SymbianOS
-{
+subtest 'SymbianOS login form response code' => sub {
+ plan tests => 4;
+
my $orig_agent = Apache::TestRequest::user_agent()->agent;
# should get a 403 response by default
@@ -425,15 +477,17 @@
like $r->content, qr/\bcredential_0\b/, 'got login form';
Apache::TestRequest::user_agent()->agent($orig_agent);
-}
+};
+
+subtest 'recognize user' => sub {
+ plan tests => 1;
-{
# recognize user
my $body = GET_BODY('/docs/echo-user.pl',
Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero');
is $body, 'programmer';
-}
+};
# remove CR's from a string. Win32 apache apparently does line ending
# conversion, and that can cause test cases to fail because output does not
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/signature.t
new/Apache-AuthCookie-3.25/t/signature.t
--- old/Apache-AuthCookie-3.24/t/signature.t 2016-01-14 00:16:15.000000000
+0100
+++ new/Apache-AuthCookie-3.25/t/signature.t 2016-08-30 17:32:01.000000000
+0200
@@ -28,7 +28,7 @@
plan tests => 1;
}
-my $ret = Module::Signature::verify();
+my $ret = Module::Signature::verify(skip => 1);
SKIP: {
skip "Module::Signature cannot verify", 1
if $ret eq Module::Signature::CANNOT_VERIFY();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/util.t
new/Apache-AuthCookie-3.25/t/util.t
--- old/Apache-AuthCookie-3.24/t/util.t 1970-01-01 01:00:00.000000000 +0100
+++ new/Apache-AuthCookie-3.25/t/util.t 2016-08-30 17:32:01.000000000 +0200
@@ -0,0 +1,25 @@
+#!/usr/bin/env perl
+#
+# tests for Apache::AuthCookie::Util
+#
+
+use strict;
+use Test::More tests => 2;
+
+# don't use_ok, this needs to load at compile time.
+use_ok 'Apache::AuthCookie::Util' or exit 1;
+
+subtest is_blank => sub {
+ plan tests => 8;
+
+ Apache::AuthCookie::Util->import('is_blank');
+
+ ok is_blank(' ');
+ ok is_blank('');
+ ok is_blank("\t");
+ ok is_blank("\n");
+ ok is_blank("\r\n");
+ ok is_blank(undef);
+ ok !is_blank(0);
+ ok !is_blank('a');
+};
