Hello community, here is the log from the commit of package perl-Apache-AuthCookie for openSUSE:Factory checked in at 2016-09-26 12:36:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Apache-AuthCookie (Old) and /work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Apache-AuthCookie" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Apache-AuthCookie/perl-Apache-AuthCookie.changes 2016-01-22 01:09:48.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new/perl-Apache-AuthCookie.changes 2016-09-26 12:36:12.000000000 +0200 @@ -1,0 +2,16 @@ +Wed Aug 31 05:01:21 UTC 2016 - co...@suse.com + +- updated to 3.25 + see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes + + 3.25 2016-08-30 + - 2.4: fix POD typo and add missing ABSTRACT + - reorganize real.t tests into subtests + - make sure signature test ignores generated files + - remove autobox dependency + - fix authenticate so that r->user is copied from r->main on subrequests. + Previously this was only done for internal redirects (r->prev is defined). + This fixes DirectoryIndexes on AuthCookie enabled directories under apache + 2.4. + +------------------------------------------------------------------- Old: ---- Apache-AuthCookie-3.24.tar.gz New: ---- Apache-AuthCookie-3.25.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Apache-AuthCookie.spec ++++++ --- /var/tmp/diff_new_pack.LW7cms/_old 2016-09-26 12:36:13.000000000 +0200 +++ /var/tmp/diff_new_pack.LW7cms/_new 2016-09-26 12:36:13.000000000 +0200 @@ -17,7 +17,7 @@ Name: perl-Apache-AuthCookie -Version: 3.24 +Version: 3.25 Release: 0 %define cpan_name Apache-AuthCookie Summary: Perl Authentication and Authorization via cookies @@ -33,12 +33,11 @@ BuildRequires: perl(Apache::Test) >= 1.39 BuildRequires: perl(CGI) >= 3.12 BuildRequires: perl(Class::Load) >= 0.03 -BuildRequires: perl(autobox) >= 1.1 +BuildRequires: perl(Test::More) >= 0.94 BuildRequires: perl(mod_perl2) >= 1.999022 -Requires: perl(Apache::Test) >= 1.39 Requires: perl(CGI) >= 3.12 Requires: perl(Class::Load) >= 0.03 -Requires: perl(autobox) >= 1.1 +Requires: perl(Test::More) >= 0.94 Requires: perl(mod_perl2) >= 1.999022 %{perl_requires} # MANUAL BEGIN @@ -218,6 +217,6 @@ %files -f %{name}.files %defattr(-,root,root,755) -%doc Changes LICENSE README README.modperl2 +%doc Changes LICENSE README README.modperl2 scripts %changelog ++++++ Apache-AuthCookie-3.24.tar.gz -> Apache-AuthCookie-3.25.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/Changes new/Apache-AuthCookie-3.25/Changes --- old/Apache-AuthCookie-3.24/Changes 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/Changes 2016-08-30 17:32:01.000000000 +0200 @@ -1,5 +1,15 @@ Revision history for Apache::AuthCookie +3.25 2016-08-30 + - 2.4: fix POD typo and add missing ABSTRACT + - reorganize real.t tests into subtests + - make sure signature test ignores generated files + - remove autobox dependency + - fix authenticate so that r->user is copied from r->main on subrequests. + Previously this was only done for internal redirects (r->prev is defined). + This fixes DirectoryIndexes on AuthCookie enabled directories under apache + 2.4. + 3.24 2016-01-13 - Update Apache 2.4 README, flesh out guts of Authz Provider notes. - Improve Apache 2.4 README's AuthzProvider documentation diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/MANIFEST new/Apache-AuthCookie-3.25/MANIFEST --- old/Apache-AuthCookie-3.24/MANIFEST 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/MANIFEST 2016-08-30 17:32:01.000000000 +0200 @@ -1,4 +1,4 @@ -# This file was automatically generated by Dist::Zilla::Plugin::Manifest v5.023. +# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.006. Changes LICENSE MANIFEST @@ -20,9 +20,10 @@ lib/Apache2/AuthCookie/Base.pm lib/Apache2/AuthCookie/Params.pm lib/Apache2_4/AuthCookie.pm +scripts/perlbrew-smoke t/Skeleton/AuthCookieHandler.pm t/TEST.PL -t/autobox.t +t/author-pod-syntax.t t/conf/extra.conf.in t/htdocs/docs/authall/get_me.html t/htdocs/docs/authany/get_me.html @@ -35,6 +36,7 @@ t/htdocs/docs/myuser/get_me.html t/htdocs/docs/protected/echo_user.pl t/htdocs/docs/protected/get_me.html +t/htdocs/docs/protected/index.html t/htdocs/docs/stimeout/get_me.html t/lib/Sample/Apache/AuthCookieHandler.pm t/lib/Sample/Apache2/AuthCookieHandler.pm @@ -42,3 +44,4 @@ t/real.t t/signature.t t/startup.pl +t/util.t diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/META.yml new/Apache-AuthCookie-3.25/META.yml --- old/Apache-AuthCookie-3.24/META.yml 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/META.yml 2016-08-30 17:32:01.000000000 +0200 @@ -3,20 +3,23 @@ author: - 'Michael Schout <msch...@cpan.org>' build_requires: {} -dynamic_config: 0 -generated_by: 'Dist::Zilla version 5.023, CPAN::Meta::Converter version 2.142690' +configure_requires: + Apache::Test: '1.39' + ExtUtils::MakeMaker: '0' +dynamic_config: 1 +generated_by: 'Dist::Zilla version 6.006, CPAN::Meta::Converter version 2.143240' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Apache-AuthCookie requires: - Apache::Test: '1.39' CGI: '3.12' Class::Load: '0.03' - autobox: '1.10' + Test::More: '0.94' resources: bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=Apache-AuthCookie homepage: http://search.cpan.org/dist/Apache-AuthCookie/ repository: git://github.com/mschout/apache-authcookie.git -version: '3.24' +version: '3.25' +x_serialization_backend: 'YAML::Tiny version 1.63' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/Makefile.PL new/Apache-AuthCookie-3.25/Makefile.PL --- old/Apache-AuthCookie-3.24/Makefile.PL 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/Makefile.PL 2016-08-30 17:32:01.000000000 +0200 @@ -1,93 +1,118 @@ +# This Makefile.PL for Apache-AuthCookie was generated by +# Dist::Zilla::Plugin::MakeMaker::ApacheTest 0.03 +# and Dist::Zilla::Plugin::MakeMaker::Awesome 0.38. +# Don't edit it but the dist.ini and plugins used to construct it. + +use strict; +use warnings; + use ExtUtils::MakeMaker; -use File::Spec; -use File::Copy; -my @CLEAN_FILES = (); +# figure out if mod_perl v1 or v2 is installed. DynamicPrereqs in the +# PluginBundle needs this to require the appropriate mod_perl module. my $mp_version = mod_perl_version(); +# configure Apache::Test test_configure(); -my %makeconf = ( - 'NAME' => 'Apache::AuthCookie', - 'VERSION_FROM' => 'lib/Apache/AuthCookie.pm', - 'PREREQ_PM' => { - 'Apache::Test' => 1.39, - 'Test::More' => 0, - 'CGI' => 0, - 'Class::Load' => 0.03, - 'autobox' => 1.10 - }, - 'clean' => { - FILES => "@CLEAN_FILES" - } +my %WriteMakefileArgs = ( + "ABSTRACT" => "Perl Authentication and Authorization via cookies", + "AUTHOR" => "Michael Schout <mschout\@cpan.org>", + "CONFIGURE_REQUIRES" => { + "Apache::Test" => "1.39", + "ExtUtils::MakeMaker" => 0 + }, + "DISTNAME" => "Apache-AuthCookie", + "LICENSE" => "perl", + "NAME" => "Apache::AuthCookie", + "PREREQ_PM" => { + "CGI" => "3.12", + "Class::Load" => "0.03", + "Test::More" => "0.94" + }, + "VERSION" => "3.25", + "clean" => { + "FILES" => [ + "t/TEST" + ] + }, + "test" => { + "TESTS" => "t/*.t" + } ); -if (MM->can('signature_target')) { - $makeconf{SIGN} = 1; -} +my %FallbackPrereqs = ( + "CGI" => "3.12", + "Class::Load" => "0.03", + "Test::More" => "0.94" +); -if ($mp_version == 2) { - # 1.999022 == 2.0.0 RC5. mod_perl -> mod_perl2 renamed here. - $makeconf{PREREQ_PM}{mod_perl2} = '1.999022'; - # CGI.pm 3.12 is required to work with mod_perl2 - $makeconf{PREREQ_PM}{CGI} = '3.12'; -} -elsif ($mp_version == 1) { - $makeconf{PREREQ_PM}{mod_perl} = '1.27'; +# inserted by Dist::Zilla::Plugin::DynamicPrereqs 0.030 +if ($mp_version == 2) { requires('mod_perl2', '1.999022'); } elsif ($mp_version == 1) { requires('mod_perl', '1.27'); } + +unless ( eval { ExtUtils::MakeMaker->VERSION(6.63_03) } ) { + delete $WriteMakefileArgs{TEST_REQUIRES}; + delete $WriteMakefileArgs{BUILD_REQUIRES}; + $WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs; } -WriteMakefile(%makeconf); +delete $WriteMakefileArgs{CONFIGURE_REQUIRES} + unless eval { ExtUtils::MakeMaker->VERSION(6.52) }; + +WriteMakefile(%WriteMakefileArgs); -# inspired by Apache::Peek 1.01 sub test_configure { - if (eval { require Apache::TestMM }) { - # enable "make test" - Apache::TestMM->import(qw(test clean)); + require Apache::TestMM; - # accept configs from command line. - Apache::TestMM::filter_args(); + # enable make test + Apache::TestMM->import(qw(test clean)); - Apache::TestMM::generate_script('t/TEST'); + Apache::TestMM::filter_args(); - push @CLEAN_FILES, 't/TEST'; - } - else { - # overload test rule with a no-op - warn "***: You should install Apache::Test to do real testing\n"; - *MY::test = \&skip_no_apache_test; - } + Apache::TestMM::generate_script('t/TEST'); } sub mod_perl_version { - # try to figure out what version of mod_perl is installed. + # try MP2 eval { - require mod_perl + require mod_perl2; }; unless ($@) { - if ($mod_perl::VERSION >= 1.99) { - # mod_perl 2 prior to RC5 (1.99_21 or earlier) - die "mod_perl 2.0.0 RC5 or later is required for this module"; - } - - return 1; + return 2; } + # try MP1 eval { - require mod_perl2; + require mod_perl; }; unless ($@) { - return 2; - } + if ($mod_perl::VERSION >= 1.99) { + # mod_perl 2, prior to the mod_perl2 rename (1.99_21, AKA 2.0.0 RC5) + die "mod_perl 2.0 RC5 or later is required\n"; + } - # we didn't fine a supported version issue a warning, and assume version 2. - warn "no supported mod_perl version was found\n"; + return 1; + } + # assume mod_perl version 2 is wanted return 2; } -sub skip_no_apache_test { - return <<'EOF'; -test:: - @echo \*** This test suite requires Apache::Test available from CPAN -EOF +# inserted by Dist::Zilla::Plugin::DynamicPrereqs 0.030 +sub _add_prereq { + my ($mm_key, $module, $version_or_range) = @_; + warn "$module already exists in $mm_key -- need to do a sane metamerge!" + if exists $WriteMakefileArgs{$mm_key}{$module} + and $WriteMakefileArgs{$mm_key}{$module} ne ($version_or_range || 0); + warn "$module already exists in FallbackPrereqs -- need to do a sane metamerge!" + if exists $FallbackPrereqs{$module} and $FallbackPrereqs{$module} ne ($version_or_range || 0); + $WriteMakefileArgs{$mm_key}{$module} = $FallbackPrereqs{$module} = $version_or_range || 0; + return; +} + +sub requires { goto &runtime_requires } + +sub runtime_requires { + my ($module, $version_or_range) = @_; + _add_prereq(PREREQ_PM => $module, $version_or_range); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/SIGNATURE new/Apache-AuthCookie-3.25/SIGNATURE --- old/Apache-AuthCookie-3.24/SIGNATURE 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/SIGNATURE 2016-08-30 17:32:01.000000000 +0200 @@ -1,5 +1,5 @@ This file contains message digests of all files listed in MANIFEST, -signed via the Module::Signature module, version 0.73. +signed via the Module::Signature module, version 0.80. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: @@ -14,30 +14,31 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -SHA1 9fba73a06915fdf43a0e5a3809f174b5e860b182 Changes +SHA1 a2cae890f485e5357bd6a309a110aa00d12d3921 Changes SHA1 cb36dd242de6d18cd64c4b55444347ebf09e43e7 LICENSE -SHA1 4c0c99ee3b19ecbc08f30491799faa2ac9ecebf8 MANIFEST +SHA1 27eddb7073eace038eb55ca32d92e2516288bb63 MANIFEST SHA1 0ff75e1a6186d7274e76387884eca541fdd5ca4a MANIFEST.SKIP -SHA1 5ffafb81bd4fa549d1b9954477bdd30255a44299 META.yml -SHA1 7a2275cdc405f9585d15d08ff8edeeed8e6558de Makefile.PL +SHA1 8fab019a50e2b99459e18c6d22a52ded2ddde1a1 META.yml +SHA1 8dd68f95a4d4b109e87d297a4cbbb2ff802b0449 Makefile.PL SHA1 b9945378262a25db34dcdba06da956a52876188b README SHA1 0fbbaf3a8362d5356d104ce148db9e3d07e1c7bf README.apache-2.4.pod SHA1 ccbc46a0385aabadd1e6f4a22f8d4ebb11b44901 README.modperl2 -SHA1 b5885da476dded21d874ddaf62eeab9afa4ef660 lib/Apache/AuthCookie.pm -SHA1 6cbdbebc1b4a1ce90f9ded7bf5c31f19c19f4e1b lib/Apache/AuthCookie/Autobox.pm -SHA1 3fc5539118a30496b9c9a2659aa4ecba010d37f7 lib/Apache/AuthCookie/FAQ.pod -SHA1 f05973756eaa606d62965641ce181ef877061bde lib/Apache/AuthCookie/Params.pm -SHA1 8da245e78647a7d6f6319190b29571166b63ea34 lib/Apache/AuthCookie/Params/Base.pm -SHA1 7565fa5fb1bbd2ac8776e0f48950b067ef6b3974 lib/Apache/AuthCookie/Params/CGI.pm -SHA1 b79b109eb9e83eae771f84150e9e29a6cafa0c97 lib/Apache/AuthCookie/Util.pm -SHA1 8893d614abb8a99907204bb493ef7508d5b6e769 lib/Apache2/AuthCookie.pm -SHA1 cfc494f7d1b3047f365fda488a57e9d31080b0b7 lib/Apache2/AuthCookie/Base.pm -SHA1 05f74437cc15aa913fda411cfeafd82613a2dc02 lib/Apache2/AuthCookie/Params.pm -SHA1 ca36db816d36bbe96f8b84f6481bf11b50234905 lib/Apache2_4/AuthCookie.pm +SHA1 283ecb3dd2a91c748569a52050f8184e76ba55b5 lib/Apache/AuthCookie.pm +SHA1 4a6981c49fc5837a91cb6a400b2a017a2760b3d7 lib/Apache/AuthCookie/Autobox.pm +SHA1 875772859ec423fc0f835abd0ce7e81f766fb2e5 lib/Apache/AuthCookie/FAQ.pod +SHA1 a4790453b96de7817a251e030965f1e2640bdc0b lib/Apache/AuthCookie/Params.pm +SHA1 298919bb5cf0db17e052c3ce320847b023382df5 lib/Apache/AuthCookie/Params/Base.pm +SHA1 1a5220eca9b8c8e783d7b5d6a172cd6d33a6a11e lib/Apache/AuthCookie/Params/CGI.pm +SHA1 1a72d6d93d85440e91df92f9cd979470d167a9ce lib/Apache/AuthCookie/Util.pm +SHA1 80b88c3c25428618615e547ff536da2696cbbe18 lib/Apache2/AuthCookie.pm +SHA1 6750d7ec675a34d2804334e6488dcd7f08398a1b lib/Apache2/AuthCookie/Base.pm +SHA1 933b45fe7bdc36ecff531b9badd73ef932d20a3a lib/Apache2/AuthCookie/Params.pm +SHA1 3266d20f24f0e6cce9bf537e2e8fa1c4fa36820d lib/Apache2_4/AuthCookie.pm +SHA1 e21395a75362501def2a576a112471e5b4f5b7fd scripts/perlbrew-smoke SHA1 3ac8de46e7bba83f6969caec3c9c14cbd99881cb t/Skeleton/AuthCookieHandler.pm SHA1 b1f854e6edecbdd44fc7b8db719e0fe21d9340d1 t/TEST.PL -SHA1 290c96de9cbeafe5cc6ad7f3a47d706e740ba28f t/autobox.t -SHA1 14b2d1c4e40ea7477059c6b792e31592b15120a4 t/conf/extra.conf.in +SHA1 f406569e6d2f498d09ae9f62baeb9b5b0c84ffbc t/author-pod-syntax.t +SHA1 85dd55d2df52d1fa188488e2c8a34502b1db1c65 t/conf/extra.conf.in SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/authall/get_me.html SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/authany/get_me.html SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/cookiename/get_me.html @@ -49,17 +50,19 @@ SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/myuser/get_me.html SHA1 b37a85d16cbb2342b407f2ba70b8a61aa1ca67bb t/htdocs/docs/protected/echo_user.pl SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/protected/get_me.html +SHA1 077d964c9f67b5dfe4f5f6a73c71ccbd60bd03af t/htdocs/docs/protected/index.html SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/stimeout/get_me.html SHA1 d8a8ea1ebe037a4dea4ad8d1c5b0704b2d43e854 t/lib/Sample/Apache/AuthCookieHandler.pm -SHA1 b17b0f3ee3a6643cd57c0d9946c4aa62b0d9e3bb t/lib/Sample/Apache2/AuthCookieHandler.pm -SHA1 2fe3e04dd78f4e0ea8322f6482153bee96585b9a t/lib/Sample/Apache2_4/AuthCookieHandler.pm -SHA1 97d4f24fa12ac67b785863fefcb491fcf8836af9 t/real.t -SHA1 61cea839dd94aaaeb301ccac9b83cde4c5c91b42 t/signature.t +SHA1 7b012cec6263c1427b5d6e3a639eaaf1abce78ba t/lib/Sample/Apache2/AuthCookieHandler.pm +SHA1 b19593e0dc51baa6a4d84bc27da2e53632ab8592 t/lib/Sample/Apache2_4/AuthCookieHandler.pm +SHA1 bcd7c4b28c34f78715c9d3418a28268dda747905 t/real.t +SHA1 f0c37746e0277de1ddb62c9227628a5ebe5a777a t/signature.t SHA1 e91bf0ef7d63322eaf15ca7d9907c6db47ce90ca t/startup.pl +SHA1 da33f704880ddd2596521c39be5b7b6a22913882 t/util.t -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iEYEARECAAYFAlaW2r8ACgkQ+CqvSzp9LOznBwCfVyvPHeoEKntFe34bphvP2cOh -bHEAn0jRy+56CvxnZpE0adpINHCgBTbI -=N7RO +iD8DBQFXxabx+CqvSzp9LOwRAkpVAJ9ZdgjHgf1JJuQRkW4I6uEMaoDUnACgrE+e ++4M5YVDFwyX+IaszG3YM2NA= +=kfdI -----END PGP SIGNATURE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Autobox.pm new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Autobox.pm --- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Autobox.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Autobox.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,9 +1,10 @@ package Apache::AuthCookie::Autobox; -$Apache::AuthCookie::Autobox::VERSION = '3.24'; +$Apache::AuthCookie::Autobox::VERSION = '3.25'; # ABSTRACT: Autobox Extensions for AuthCookie use strict; use base 'autobox'; +use Apache::AuthCookie::Util qw(is_blank); sub import { my $class = shift; @@ -14,7 +15,7 @@ } package Apache::AuthCookie::Autobox::Scalar; -$Apache::AuthCookie::Autobox::Scalar::VERSION = '3.24'; +$Apache::AuthCookie::Autobox::Scalar::VERSION = '3.25'; sub is_blank { return defined $_[0] && ($_[0] =~ /\S/) ? 0 : 1; } @@ -31,7 +32,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/FAQ.pod new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/FAQ.pod --- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/FAQ.pod 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/FAQ.pod 2016-08-30 17:32:01.000000000 +0200 @@ -1,6 +1,6 @@ # make Dist::Zilla happy. package Apache::AuthCookie::FAQ; -$Apache::AuthCookie::FAQ::VERSION = '3.24'; + # ABSTRACT: Frequently Asked Questions about Apache::AuthCookie. 1; @@ -15,7 +15,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 DESCRIPTION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params/Base.pm new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params/Base.pm --- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params/Base.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params/Base.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,5 +1,5 @@ package Apache::AuthCookie::Params::Base; -$Apache::AuthCookie::Params::Base::VERSION = '3.24'; +$Apache::AuthCookie::Params::Base::VERSION = '3.25'; # ABSTRACT: Internal CGI AuthCookie Params Base Class use strict; @@ -44,7 +44,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params/CGI.pm new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params/CGI.pm --- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params/CGI.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params/CGI.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,5 +1,5 @@ package Apache::AuthCookie::Params::CGI; -$Apache::AuthCookie::Params::CGI::VERSION = '3.24'; +$Apache::AuthCookie::Params::CGI::VERSION = '3.25'; # ABSTRACT: Internal CGI Params Subclass use strict; @@ -32,7 +32,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params.pm new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params.pm --- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Params.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Params.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,5 +1,5 @@ package Apache::AuthCookie::Params; -$Apache::AuthCookie::Params::VERSION = '3.24'; +$Apache::AuthCookie::Params::VERSION = '3.25'; # ABSTRACT: AuthCookie Params Driver for mod_perl 1.x use strict; @@ -44,7 +44,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Util.pm new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Util.pm --- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie/Util.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie/Util.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,8 +1,11 @@ package Apache::AuthCookie::Util; -$Apache::AuthCookie::Util::VERSION = '3.24'; +$Apache::AuthCookie::Util::VERSION = '3.25'; # ABSTRACT: Internal Utility Functions for AuthCookie use strict; +use base 'Exporter'; + +our @EXPORT_OK = qw(is_blank); # -- expires() shamelessly taken from CGI::Util sub expires { @@ -84,6 +87,11 @@ return 1; } +# return true if the given value is blank or not defined. +sub is_blank { + return defined $_[0] && ($_[0] =~ /\S/) ? 0 : 1; +} + 1; __END__ @@ -96,7 +104,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 SOURCE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie.pm new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie.pm --- old/Apache-AuthCookie-3.24/lib/Apache/AuthCookie.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache/AuthCookie.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,5 +1,5 @@ package Apache::AuthCookie; -$Apache::AuthCookie::VERSION = '3.24'; +$Apache::AuthCookie::VERSION = '3.25'; # ABSTRACT: Perl Authentication and Authorization via cookies use strict; @@ -8,22 +8,21 @@ use mod_perl qw(1.07 StackedHandlers MethodHandlers Authen Authz); use Apache::Constants qw(:common M_GET FORBIDDEN OK REDIRECT); use Apache::AuthCookie::Params; -use Apache::AuthCookie::Util; -use Apache::AuthCookie::Autobox; +use Apache::AuthCookie::Util qw(is_blank); use Apache::Util qw(escape_uri); sub recognize_user ($$) { my ($self, $r) = @_; # only check if user is not already set - return DECLINED unless $r->connection->user->is_blank; + return DECLINED unless is_blank($r->connection->user); my $debug = $r->dir_config("AuthCookieDebug") || 0; my ($auth_type, $auth_name) = ($r->auth_type, $r->auth_name); - return DECLINED if $auth_type->is_blank or $auth_name->is_blank; + return DECLINED if is_blank($auth_type) or is_blank($auth_name); - return DECLINED if $r->header_in('Cookie')->is_blank; + return DECLINED if is_blank($r->header_in('Cookie')); my $cookie_name = $self->cookie_name($r); @@ -32,7 +31,7 @@ return DECLINED unless $cookie; my ($user, @args) = $auth_type->authen_ses_key($r, $cookie); - if (!$user->is_blank and scalar @args == 0) { + if (!is_blank($user) and scalar @args == 0) { $r->log_error("user is $user") if $debug >= 2; # if SessionTimeout is on, send new cookie with new Expires. @@ -46,7 +45,7 @@ return $auth_type->custom_errors($r, $user, @args); } - return $user->is_blank ? DECLINED : OK; + return is_blank($user) ? DECLINED : OK; } sub cookie_name { @@ -259,7 +258,7 @@ my ($auth_user, @args) = $auth_type->authen_ses_key($r, $ses_key_cookie); - if (!$auth_user->is_blank and scalar @args == 0) { + if (!is_blank($auth_user) and scalar @args == 0) { # We have a valid session key, so we return with an OK value. # Tell the rest of Apache what the authentication method and @@ -383,7 +382,7 @@ my $reqs_arr = $r->requires or return DECLINED; my $user = $r->connection->user; - if ($user->is_blank) { + if (is_blank($user)) { # authentication failed $r->log_reason("No user authenticated", $r->uri); return FORBIDDEN; @@ -549,7 +548,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie/Base.pm new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie/Base.pm --- old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie/Base.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie/Base.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,10 +1,10 @@ package Apache2::AuthCookie::Base; -$Apache2::AuthCookie::Base::VERSION = '3.24'; +$Apache2::AuthCookie::Base::VERSION = '3.25'; use strict; use mod_perl2 '1.99022'; use Carp; -use Apache::AuthCookie::Util; +use Apache::AuthCookie::Util qw(is_blank); use Apache2::AuthCookie::Params; use Apache2::RequestRec; use Apache2::RequestUtil; @@ -12,7 +12,6 @@ use Apache2::Access; use Apache2::Response; use Apache2::Util; -use Apache::AuthCookie::Autobox; use APR::Table; use Apache2::Const qw(:common M_GET HTTP_FORBIDDEN HTTP_MOVED_TEMPORARILY HTTP_OK); @@ -20,16 +19,16 @@ my ($self, $r) = @_; # only check if user is not already set - return DECLINED unless $r->user->is_blank; + return DECLINED unless is_blank($r->user); my $debug = $r->dir_config("AuthCookieDebug") || 0; my $auth_type = $r->auth_type; my $auth_name = $r->auth_name; - return DECLINED if $auth_type->is_blank or $auth_name->is_blank; + return DECLINED if is_blank($auth_type) or is_blank($auth_name); - return DECLINED if $r->headers_in->get('Cookie')->is_blank; + return DECLINED if is_blank($r->headers_in->get('Cookie')); my $cookie = $self->key($r); my $cookie_name = $self->cookie_name($r); @@ -37,11 +36,11 @@ $r->server->log_error("cookie $cookie_name is $cookie") if $debug >= 2; - return DECLINED if $cookie->is_blank; + return DECLINED if is_blank($cookie); my ($user,@args) = $auth_type->authen_ses_key($r, $cookie); - if (!$user->is_blank and scalar @args == 0) { + if (!is_blank($user) and scalar @args == 0) { $r->server->log_error("user is $user") if $debug >= 2; # send cookie with update expires timestamp if session timeout is on @@ -55,7 +54,7 @@ return $auth_type->custom_errors($r, $user, @args); } - return $user->is_blank ? DECLINED : OK; + return is_blank($user) ? DECLINED : OK; } sub cookie_name { @@ -228,12 +227,14 @@ $r->server->log_error("authenticate() entry") if ($debug >= 3); $r->server->log_error("auth_type " . $auth_type) if ($debug >= 3); - unless ($r->is_initial_req) { - if (defined $r->prev) { - # we are in a subrequest. Just copy user from previous request. - $r->user( $r->prev->user ); + if (my $prev = ($r->prev || $r->main)) { + # we are in a subrequest or internal redirect. Just copy user from the + # previous or main request if its is present + if (defined $prev->user) { + $r->server->log_error('authenticate() is in a subrequest or internal redirect.') if $debug >= 3; + $r->user( $prev->user ); + return OK; } - return OK; } if ($debug >= 3) { @@ -266,7 +267,7 @@ if ($ses_key_cookie) { my ($auth_user, @args) = $auth_type->authen_ses_key($r, $ses_key_cookie); - if (!$auth_user->is_blank and scalar @args == 0) { + if (!is_blank($auth_user) and scalar @args == 0) { # We have a valid session key, so we return with an OK value. # Tell the rest of Apache what the authentication method and # user is. @@ -450,7 +451,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 SOURCE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie/Params.pm new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie/Params.pm --- old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie/Params.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie/Params.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,5 +1,5 @@ package Apache2::AuthCookie::Params; -$Apache2::AuthCookie::Params::VERSION = '3.24'; +$Apache2::AuthCookie::Params::VERSION = '3.25'; # ABSTRACT: AuthCookie Params Driver for mod_perl 2.x use strict; @@ -40,7 +40,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie.pm new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie.pm --- old/Apache-AuthCookie-3.24/lib/Apache2/AuthCookie.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache2/AuthCookie.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,13 +1,13 @@ package Apache2::AuthCookie; -$Apache2::AuthCookie::VERSION = '3.24'; +$Apache2::AuthCookie::VERSION = '3.25'; # ABSTRACT: Perl Authentication and Authorization via cookies use strict; use Carp; use base 'Apache2::AuthCookie::Base'; -use Apache::AuthCookie::Autobox; use Apache2::Const qw(OK DECLINED SERVER_ERROR HTTP_FORBIDDEN); +use Apache::AuthCookie::Util qw(is_blank); sub authorize { my ($auth_type, $r) = @_; @@ -30,7 +30,7 @@ $r->server->log_error("authorize user=$user type=$auth_type") if $debug >=3; - if ($user->is_blank) { + if (is_blank($user)) { # the authentication failed $r->server->log_error("No user authenticated", $r->uri); return HTTP_FORBIDDEN; @@ -113,7 +113,7 @@ =head1 VERSION -version 3.24 +version 3.25 =head1 SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/lib/Apache2_4/AuthCookie.pm new/Apache-AuthCookie-3.25/lib/Apache2_4/AuthCookie.pm --- old/Apache-AuthCookie-3.24/lib/Apache2_4/AuthCookie.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/lib/Apache2_4/AuthCookie.pm 2016-08-30 17:32:01.000000000 +0200 @@ -1,10 +1,12 @@ package Apache2_4::AuthCookie; -$Apache2_4::AuthCookie::VERSION = '3.24'; +$Apache2_4::AuthCookie::VERSION = '3.25'; +# ABSTRACT: Perl Authentication and Authorization via cookies for Apache 2.4 + use strict; use base 'Apache2::AuthCookie::Base'; -use Apache::AuthCookie::Autobox; use Apache2::Log; use Apache2::Const -compile => qw(AUTHZ_GRANTED AUTHZ_DENIED AUTHZ_DENIED_NO_USER); +use Apache::AuthCookie::Util qw(is_blank); # You really do not need this provider at all. This provides an implementation # for "Require user ..." directives, that is compatible with mod_authz_core @@ -18,12 +20,12 @@ my $user = $r->user; - if ($user->is_blank) { + if (is_blank($user)) { # user is not yet authenticated return Apache2::Const::AUTHZ_DENIED_NO_USER; } - if ($requires->is_blank) { + if (is_blank($requires)) { $r->server->log_error(q[Your 'Require user ...' config does not specify any users]); return Apache2::Const::AUTHZ_DENIED; } @@ -52,11 +54,11 @@ =head1 NAME -Apache2_4::AuthCookie +Apache2_4::AuthCookie - Perl Authentication and Authorization via cookies for Apache 2.4 =head1 VERSION -version 3.24 +version 3.25 =head1 SYNOPSIS @@ -571,7 +573,7 @@ Why is my authz method called twice per request? -This is normal behaviour under Apache 2.4. This is to accomodate for +This is normal behaviour under Apache 2.4. This is to accommodate for authorization of anonymous access. You are expected to return C<Apache2::Const::AUTHZ_DENIED_NO_USER> IF C<< $r->user >> has not yet been set if you want authentication to proceed. Your authz handler will be called a diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/scripts/perlbrew-smoke new/Apache-AuthCookie-3.25/scripts/perlbrew-smoke --- old/Apache-AuthCookie-3.24/scripts/perlbrew-smoke 1970-01-01 01:00:00.000000000 +0100 +++ new/Apache-AuthCookie-3.25/scripts/perlbrew-smoke 2016-08-30 17:32:01.000000000 +0200 @@ -0,0 +1,97 @@ +#!/usr/bin/env bash +# +# This is an internal use only script for smoke testing this dist against +# various perlbrew installations. +# + +# fail fast and hard +set -eo pipefail + +# make sure perlbrew is initialized +. $HOME/perl5/perlbrew/etc/bashrc + +die() { + echo $@ + exit 1 +} + +check_perlbrew() { + if [ -z "$PERLBREW_ROOT" ] || [ -z "$PERLBREW_PERL" ]; then + die "perlbrew does not seem to be initialized" + fi + + if [ ! -d $PERLBREW_ROOT/perls/$PERLBREW_PERL ]; then + die "$PERLBREW_PERL does not seem to be a valid perl installation" + fi + + if [ ! -d $PERLBREW_ROOT/perls/$PERLBREW_PERL/.git ]; then + die "perlbrew installation $PERLBREW_PERL is not a git repository" + fi +} + +perlbrew_reset() { + ( + cd $PERLBREW_ROOT/perls/$PERLBREW_PERL + git clean -fdx + git checkout . + ) +} + +install_cpan_deps() { + PERL_VERSION=$(perl -e 'print $]') + + if [ ! -z "$CPAN_MINVERSION" ]; then + cpanm -q --notest \ + Test::More@0.94 \ + URI@1.30 \ + LWP::UserAgent@2.033 \ + Apache::Test@1.39 \ + Class::Load@0.03 + else + cpanm -q --notest --skip-satisfied --installdeps . + + # install optional modules so that tests run + cpanm -q --notest --skip-satisfied URI~1.30 LWP::UserAgent~2.033 + + # modern Test::More+ApacheTest and 5.8.9 do not play nicely together. + # force downgrade to 0.94 if necessary + if [ $PERL_VERSION = "5.008009" ] || [ $PERL_VERSION = "5.010001" ]; then + cpanm -q --notest Test::More@0.94 + fi + fi + + # if author testing is set, install author testing deps + if [ ! -z "$AUTHOR_TESTING" ]; then + cpanm -q --notest Test::Pod + fi + + # if signature testing is on, install Module::Signature + if [ ! -z "$TEST_SIGNATURE" ]; then + cpanm -q --notest Module::Signature + fi +} + +smoke_perl() { + local variant=$1 + + perlbrew use $variant + + check_perlbrew + + perlbrew_reset + + install_cpan_deps + + [ -f Makefile ] && make clean + + perl Makefile.PL && make test +} + +perlbrew list | grep apache | sed -e 's/*//' | while read variant +do + echo "=====> TESTING AGAINST PERLBREW INSTALL: $variant <=====" + + smoke_perl $variant + + echo "" +done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/author-pod-syntax.t new/Apache-AuthCookie-3.25/t/author-pod-syntax.t --- old/Apache-AuthCookie-3.24/t/author-pod-syntax.t 1970-01-01 01:00:00.000000000 +0100 +++ new/Apache-AuthCookie-3.25/t/author-pod-syntax.t 2016-08-30 17:32:01.000000000 +0200 @@ -0,0 +1,15 @@ +#!perl + +BEGIN { + unless ($ENV{AUTHOR_TESTING}) { + print "1..0 # SKIP these tests are for testing by the author\n"; + exit + } +} + +# This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests. +use strict; use warnings; +use Test::More; +use Test::Pod 1.41; + +all_pod_files_ok(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/autobox.t new/Apache-AuthCookie-3.25/t/autobox.t --- old/Apache-AuthCookie-3.24/t/autobox.t 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/t/autobox.t 1970-01-01 01:00:00.000000000 +0100 @@ -1,20 +0,0 @@ -#!/usr/bin/env perl -# -# tests for Apache::AuthCookie::Autobox -# - -use strict; -use Test::More tests => 8; - -# don't use_ok, this needs to load at compile time. -use Apache::AuthCookie::Autobox; - -ok ' '->is_blank; -ok ''->is_blank; -ok "\t"->is_blank; -ok "\n"->is_blank; -ok "\r\n"->is_blank; -ok undef->is_blank; -ok !0->is_blank; -ok !'a'->is_blank; - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/conf/extra.conf.in new/Apache-AuthCookie-3.25/t/conf/extra.conf.in --- old/Apache-AuthCookie-3.24/t/conf/extra.conf.in 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/t/conf/extra.conf.in 2016-08-30 17:32:01.000000000 +0200 @@ -51,6 +51,8 @@ </IfDefine> </IfDefine> Require user programmer + + DirectoryIndex index.html </Location> # must satisfy any requirement diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/htdocs/docs/protected/index.html new/Apache-AuthCookie-3.25/t/htdocs/docs/protected/index.html --- old/Apache-AuthCookie-3.24/t/htdocs/docs/protected/index.html 1970-01-01 01:00:00.000000000 +0100 +++ new/Apache-AuthCookie-3.25/t/htdocs/docs/protected/index.html 2016-08-30 17:32:01.000000000 +0200 @@ -0,0 +1,9 @@ +<HTML> +<HEAD> +<TITLE>Congratulations</TITLE> +</HEAD> +<BODY> +<H1>Congratulations, you got index.html</H1> +<P><A HREF="../logout.pl">Log Out</A></P> +</BODY> +</HTML> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/lib/Sample/Apache2/AuthCookieHandler.pm new/Apache-AuthCookie-3.25/t/lib/Sample/Apache2/AuthCookieHandler.pm --- old/Apache-AuthCookie-3.24/t/lib/Sample/Apache2/AuthCookieHandler.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/t/lib/Sample/Apache2/AuthCookieHandler.pm 2016-08-30 17:32:01.000000000 +0200 @@ -5,7 +5,6 @@ use Apache2::AuthCookie; use Apache2::RequestRec; use Apache2::RequestIO; -use Apache::AuthCookie::Autobox; use vars qw(@ISA); use Apache::Test; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/lib/Sample/Apache2_4/AuthCookieHandler.pm new/Apache-AuthCookie-3.25/t/lib/Sample/Apache2_4/AuthCookieHandler.pm --- old/Apache-AuthCookie-3.24/t/lib/Sample/Apache2_4/AuthCookieHandler.pm 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/t/lib/Sample/Apache2_4/AuthCookieHandler.pm 2016-08-30 17:32:01.000000000 +0200 @@ -4,7 +4,7 @@ use Sample::Apache2::AuthCookieHandler; use Apache2::Const qw(AUTHZ_DENIED_NO_USER); use Apache2::RequestRec; -use Apache::AuthCookie::Autobox; +use Apache::AuthCookie::Util qw(is_blank); use vars qw(@ISA); @@ -21,7 +21,7 @@ my $user = $r->user; - if ($user->is_blank) { + if (is_blank($user)) { $r->server->log_error("No user authenticted yet"); return Apache2::Const::AUTHZ_DENIED_NO_USER; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/real.t new/Apache-AuthCookie-3.25/t/real.t --- old/Apache-AuthCookie-3.24/t/real.t 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/t/real.t 2016-08-30 17:32:01.000000000 +0200 @@ -14,33 +14,39 @@ Apache::TestRequest::user_agent( reset => 1, requests_redirectable => 0 ); -plan tests => 52, need_lwp; +plan tests => 32, need_lwp; -ok 1; # we loaded. +ok 1, 'Test initialized'; # TODO: the test descriptions should be things other than 'test #' here. # check that /docs/index.html works. If this fails, the test environment did # not configure properly. -{ +subtest 'get index.html' => sub { + plan tests => 1; + my $url = '/docs/index.html'; my $data = strip_cr(GET_BODY $url); like($data, qr/Get the protected document/s, '/docs/index.html seems to work'); -} +}; # test no_cookie failure -{ +subtest 'no cookie' => sub { + plan tests => 1; + my $url = '/docs/protected/get_me.html'; my $r = GET $url; like($r->content, qr/Failure reason: 'no_cookie'/s, 'no_cookie works'); -} +}; # should succeed with redirect. -{ +subtest 'login redirects' => sub { + plan tests => 2; + my $r = POST('/LOGIN', [ destination => '/docs/protected/get_me.html', credential_0 => 'programmer', @@ -50,10 +56,31 @@ is($r->code, 302, 'login produces redirect'); is($r->header('Location'), '/docs/protected/get_me.html', 'redirect header exists, and contains expected url'); -} +}; + +subtest 'redirect with bad session key' => sub { + plan tests => 3; + + my $r = POST('/LOGIN', [ + destination => '/docs/protected/get_me.html', + credential_0 => 'programmer', + credential_1 => 'Heroo' + ]); + + is($r->code, 302, 'programmer:Heroo login replies with redirect'); + + is($r->header('Location'), '/docs/protected/get_me.html', + 'programmer:Heroo location header contains expected URL'); + + is($r->header('Set-Cookie'), + 'Sample::AuthCookieHandler_WhatEver=programmer:Heroo; path=/', + 'programmer:Heroo cookie header contains expected data'); +}; # get protected document with valid cookie. Should succeed. -{ +subtest 'redirect wit valid cookie' => sub { + plan tests => 2; + my $uri = '/docs/protected/get_me.html'; my $r = GET( @@ -64,20 +91,27 @@ is($r->code, '200', 'get protected document'); like($r->content, qr/Congratulations, you got past AuthCookie/s, 'check protected document content'); -} +}; -# should fail with no_cookie -{ - my $url = '/docs/protected/get_me.html'; +subtest 'directory index' => sub { + plan tests => 2; - my $dat = strip_cr(GET_BODY($url)); + my $uri = '/docs/protected/'; - like($dat, qr/Failure reason: 'no_cookie'/s, - 'test failure reason: no_cookie'); -} + my $r = GET( + $uri, + Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero;' + ); + + is($r->code, '200', 'get protected document'); + like($r->content, qr/Congratulations, you got index\.html/s, + 'check protected index.html document content'); +}; # should have a Set-Cookie header that expired at epoch. -{ +subtest 'logout deletes cookie' => sub { + plan tests => 1; + my $url = '/docs/logout.pl'; my $r = GET($url); @@ -86,58 +120,48 @@ my $expected = 'Sample::AuthCookieHandler_WhatEver=; expires=Mon, 21-May-1971 00:00:00 GMT; path=/'; is($data, $expected, 'logout tries to delete the cookie'); -} +}; # check the session key -{ +subtest 'session key data' => sub { + plan tests => 1; + my $data = GET_BODY( '/docs/echo_cookie.pl', Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero;' ); is(strip_cr($data), 'programmer:Hero', 'session key contains expected data'); -} +}; # should fail because of 'require user programmer' -{ +subtest 'invalid user' => sub { + plan tests => 1; + my $r = GET( '/docs/protected/get_me.html', Cookie => 'Sample::AuthCookieHandler_WhatEver=some-user:duck;' ); is($r->code, '403', 'user "some-user" is not authorized'); -} - -# Should redirect to /docs/protected/get_me.html -{ - my $r = POST('/LOGIN', [ - destination => '/docs/protected/get_me.html', - credential_0 => 'programmer', - credential_1 => 'Heroo' - ]); - - is($r->code, 302, 'programmer:Heroo login replies with redirect'); - - is($r->header('Location'), '/docs/protected/get_me.html', - 'programmer:Heroo location header contains expected URL'); - - is($r->header('Set-Cookie'), - 'Sample::AuthCookieHandler_WhatEver=programmer:Heroo; path=/', - 'programmer:Heroo cookie header contains expected data'); -} +}; # should get the login form back (bad_cookie). -{ +subtest 'invalid cookie' => sub { + plan tests => 1; + my $data = GET_BODY( '/docs/protected/get_me.html', Cookie=>'Sample::AuthCookieHandler_WhatEver=programmer:Heroo' ); like($data, qr/Failure reason: 'bad_cookie'/, 'invalid cookie'); -} +}; # should get the login form back (bad_credentials) -{ +subtest 'bad credentials' => sub { + plan tests => 1; + my $r = POST('/LOGIN', [ destination => '/docs/protected/get_me.html', credential_0 => 'fail', @@ -146,10 +170,11 @@ like($r->content, qr/Failure reason: 'bad_credentials'/, 'invalid credentials'); -} +}; + +subtest 'AuthAny' => sub { + plan tests => 3; -# check that the destination is right. -{ my $r = POST('/LOGIN', [ destination => '/docs/authany/get_me.html', credential_0 => 'some-user', @@ -164,21 +189,21 @@ 'Set-Cookie header is correct'); is($r->code, 302, 'redirect code is correct'); -} +}; # should fail because all requirements are not met -{ +subtest 'AuthAll' => sub { + plan tests => 3; + my $r = GET( '/docs/authall/get_me.html', Cookie => 'Sample::AuthCookieHandler_WhatEver=some-user:mypassword' ); is($r->code(), 403, 'unauthorized if requirements are not met'); -} -# should pass, ALL requirements are met -{ - my $r = GET( + # should pass, ALL requirements are met + $r = GET( '/docs/authall/get_me.html', Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero' ); @@ -186,28 +211,32 @@ is($r->code, '200', 'get protected document'); like($r->content, qr/Congratulations, you got past AuthCookie/s, 'check protected document content'); -} +}; + +subtest 'POST to GET conversion' => sub { + plan tests => 1; -# test POST to GET conversion -{ my $r = POST('/docs/protected/get_me.html', [ foo => 'bar' ]); like($r->content, qr#"/docs/protected/get_me\.html\?foo=bar"#, 'POST -> GET conversion works'); -} +}; + +subtest 'QUERY_STRING is preserved' => sub { + plan tests => 1; -# same test at #16, but in GET mode. Should succeed -{ my $data = GET_BODY('/docs/protected/get_me.html?foo=bar'); like($data, qr#"/docs/protected/get_me\.html\?foo=bar"#, 'input query string exists in desintation'); -} +}; # should succeed (any requirement is met) -{ +subtest 'AuthAny' => sub { + plan tests => 3; + my $r = GET( '/docs/authany/get_me.html', Cookie => 'Sample::AuthCookieHandler_WhatEver=some-user:mypassword' @@ -215,21 +244,29 @@ like($r->content, qr/Congratulations, you got past AuthCookie/, 'AuthAny access allowed'); -} -# any requirement, username=0 works. -{ - my $r = GET( + # any requirement, username=0 works. + $r = GET( '/docs/authany/get_me.html', Cookie => 'Sample::AuthCookieHandler_WhatEver=0:mypassword' ); like($r->content, qr/Congratulations, you got past AuthCookie/, 'username=0 access allowed'); -} + + # no AuthAny requirements met + $r = GET( + '/docs/authany/get_me.html', + Cookie => 'Sample::AuthCookieHandler_WhatEver=nouser:mypassword' + ); + + is($r->code, 403, 'AuthAny forbidden'); +}; # local authz provider test for 2.4 (works same as authany on older versions) -{ +subtest 'Authz Provider' => sub { + plan tests => 1; + my $r = GET( '/docs/myuser/get_me.html', Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero' @@ -237,10 +274,12 @@ like($r->content, qr/Congratulations, you got past AuthCookie/, 'myuser=programmer access allowed'); -} +}; # login with username=0 works -{ +subtest 'login with username=0' => sub { + plan tests => 2; + my $r = POST('/LOGIN', [ destination => '/docs/authany/get_me.html', credential_0 => '0', @@ -250,20 +289,12 @@ is($r->code, 302, 'username=0 login produces redirect'); is($r->header('Location'), '/docs/authany/get_me.html', 'redirect header exists, and contains expected url'); -} - -# should fail: AuthAny and NONE of the requirements are met. -{ - my $r = GET( - '/docs/authany/get_me.html', - Cookie => 'Sample::AuthCookieHandler_WhatEver=nouser:mypassword' - ); - - is($r->code, 403, 'AuthAny forbidden'); -} +}; # Should succeed and cookie should have HttpOnly attribute -{ +subtest 'HttpOnly cookie attribute' => sub { + plan tests => 3; + my $r = POST('/LOGIN-HTTPONLY', [ destination => '/docs/protected/get_me.html', credential_0 => 'programmer', @@ -278,10 +309,12 @@ 'cookie contains HttpOnly attribute'); is($r->code, 302, 'check redirect response code'); -} +}; # test SessionTimeout -{ +subtest 'session timeout' => sub { + plan tests => 1; + my $r = GET( '/docs/stimeout/get_me.html', Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero' @@ -290,11 +323,13 @@ like($r->header('Set-Cookie'), qr/^Sample::AuthCookieHandler_WhatEver=.*expires=.+/, 'Set-Cookie contains expires property'); -} +}; # should return bad credentials page, and credentials should be in a comment. # We are checking here that $r->prev->pnotes('WhatEverCreds') works. -{ +subtest 'creds are in pnotes' => sub { + plan tests => 1; + my $r = POST('/LOGIN', [ destination => '/docs/protected/get_me.html', credential_0 => 'fail', @@ -302,11 +337,13 @@ ]); like($r->content, qr/creds: fail Hero/s, 'WhatEverCreds pnotes works'); -} +}; # regression - Apache2::URI::unescape_url() does not handle '+' to ' ' # conversion. -{ +subtest 'unescape URL with spaces' => sub { + plan tests => 1; + my $r = POST('/LOGIN', [ destination => '/docs/protected/get_me.html', credential_0 => 'fail', @@ -315,11 +352,13 @@ like($r->content, qr/creds: fail one two/, 'read form data handles "+" conversion'); -} +}; # variation of '+' to ' ' regression. Make sure we do not remove encoded # '+' -{ +subtest 'do not remove encoded +' => sub { + plan tests => 1; + my $r = POST('/LOGIN', [ destination => '/docs/protected/get_me.html', credential_0 => 'fail', @@ -328,10 +367,12 @@ like($r->content, qr/creds: fail one\+two/, 'read form data handles "+" conversion with encoded +'); -} +}; # XSS attack prevention. make sure embedded \r, \n, \t is escaped in the destination. -{ +subtest 'XSS: no newlines in destination' => sub { + plan tests => 4; + my $r = POST('/LOGIN', [ destination => "/docs/protected/get_me.html\r\nX-Test-Bar: True\r\nX-Test-Foo: True\r\n", credential_0 => 'programmer', @@ -350,28 +391,33 @@ ok(!defined $r->header('X-Test-Foo'), 'anti XSS injection with escaped CRLF'); ok(!defined $r->header('X-Test-Bar'), 'anti XSS injection with escaped CRLF'); -} +}; # embedded html tags in destination -{ +subtest 'XSS: no embedded HTML in destination' => sub { + plan tests => 1; + my $r = POST('/LOGIN', [ destination => '"><form method="post">Embedded Form</form>' ]); like $r->content, qr{"%22%3E%3Cform method=%22post%22%3EEmbedded Form%3C/form%3E"}; -} +}; # embedded script tags -{ +subtest 'XSS: no embedded script' => sub { + plan tests => 1; + my $r = POST('/LOGIN', [ destination => q{"><script>alert('123')</script>} ]); ok index($r->content, q{<script>alert('123')</script>}) == -1; -} +}; + +subtest 'preserve / in password' => sub { + plan tests => 1; -# make sure '/' in password is preserved. -{ my $r = POST('/LOGIN', [ destination => '/docs/protected/get_me.html', credential_0 => 'fail', @@ -380,10 +426,12 @@ like($r->content, qr/creds: fail one\/two/, 'read form data handles "/" conversion with encoded +'); -} +}; # make sure multi-valued form data is preserved. -{ +subtest 'multi-valued form data is preserved' => sub { + plan tests => 2; + my $r = POST('/docs/protected/xyz', [ one => 'abc', one => 'def' @@ -396,19 +444,23 @@ # check for multi-valued form data. like($r->content, qr/one=abc&one=def/, 'post conversion perserves multi-valued fields'); -} +}; # make sure $ENV{REMOTE_USER} gets set up -{ +subtest 'setup $ENV{REMOTE_USER}' => sub { + plan tests => 1; + my $r = GET('/docs/protected/echo_user.pl', Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero' ); like($r->content, qr/User: programmer/); -} +}; # test login form response status=OK with SymbianOS -{ +subtest 'SymbianOS login form response code' => sub { + plan tests => 4; + my $orig_agent = Apache::TestRequest::user_agent()->agent; # should get a 403 response by default @@ -425,15 +477,17 @@ like $r->content, qr/\bcredential_0\b/, 'got login form'; Apache::TestRequest::user_agent()->agent($orig_agent); -} +}; + +subtest 'recognize user' => sub { + plan tests => 1; -{ # recognize user my $body = GET_BODY('/docs/echo-user.pl', Cookie => 'Sample::AuthCookieHandler_WhatEver=programmer:Hero'); is $body, 'programmer'; -} +}; # remove CR's from a string. Win32 apache apparently does line ending # conversion, and that can cause test cases to fail because output does not diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/signature.t new/Apache-AuthCookie-3.25/t/signature.t --- old/Apache-AuthCookie-3.24/t/signature.t 2016-01-14 00:16:15.000000000 +0100 +++ new/Apache-AuthCookie-3.25/t/signature.t 2016-08-30 17:32:01.000000000 +0200 @@ -28,7 +28,7 @@ plan tests => 1; } -my $ret = Module::Signature::verify(); +my $ret = Module::Signature::verify(skip => 1); SKIP: { skip "Module::Signature cannot verify", 1 if $ret eq Module::Signature::CANNOT_VERIFY(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Apache-AuthCookie-3.24/t/util.t new/Apache-AuthCookie-3.25/t/util.t --- old/Apache-AuthCookie-3.24/t/util.t 1970-01-01 01:00:00.000000000 +0100 +++ new/Apache-AuthCookie-3.25/t/util.t 2016-08-30 17:32:01.000000000 +0200 @@ -0,0 +1,25 @@ +#!/usr/bin/env perl +# +# tests for Apache::AuthCookie::Util +# + +use strict; +use Test::More tests => 2; + +# don't use_ok, this needs to load at compile time. +use_ok 'Apache::AuthCookie::Util' or exit 1; + +subtest is_blank => sub { + plan tests => 8; + + Apache::AuthCookie::Util->import('is_blank'); + + ok is_blank(' '); + ok is_blank(''); + ok is_blank("\t"); + ok is_blank("\n"); + ok is_blank("\r\n"); + ok is_blank(undef); + ok !is_blank(0); + ok !is_blank('a'); +};