On Tue, 15 Feb 2000, Louis-David Mitterrand wrote:
> Although I see that the browser is returning a:
>
> 'Authorization' => 'Basic dnZ2dnY6bW1tbW1tbW1t',
>
> header, the $r->get_basic_auth_pw and $r->connection->user methods
> return nothing when used inside a content handler like Mason. Is this
> normal? Does it only return something from an auth handler?
Seems that way - irritating, isn't it?
I ended up doing this:
my ($auth) = $r->header_in('Authorization');
if (!$auth) {
# No login attempt
die My::Exception->Basic_Auth;
}
if ($auth =~ /Basic\s+(\S*)/) {
$auth = decode_base64($1);
my ($user, $pass) = split ':', $auth, 2;
my $userid;
if (!($userid = check_user($user, $pass) ) ) {
# password incorrect, display passwd dialog again
die My::Exception->Basic_Auth;
}
# password checks out!
$User = User->new($userid);
}
else {
die "Invalid Authorization request!\n";
}
(where My::Exception->Basic_Auth is caught many layers up and sends a 401).
--
<Matt/>
Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.
> Although I see that the browser is returning a:
>
> 'Authorization' => 'Basic dnZ2dnY6bW1tbW1tbW1t',
>
> header, the $r->get_basic_auth_pw and $r->connection->user methods
> return nothing when used inside a content handler like Mason. Is this
> normal? Does it only return something from an auth handler?
Seems that way - irritating, isn't it?
I ended up doing this:
my ($auth) = $r->header_in('Authorization');
if (!$auth) {
# No login attempt
die My::Exception->Basic_Auth;
}
if ($auth =~ /Basic\s+(\S*)/) {
$auth = decode_base64($1);
my ($user, $pass) = split ':', $auth, 2;
my $userid;
if (!($userid = check_user($user, $pass) ) ) {
# password incorrect, display passwd dialog again
die My::Exception->Basic_Auth;
}
# password checks out!
$User = User->new($userid);
}
else {
die "Invalid Authorization request!\n";
}
(where My::Exception->Basic_Auth is caught many layers up and sends a 401).
--
<Matt/>
Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.