The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.
 / 
Mojolicious-Plugin-DigestAuth-0.04
River stage zero No dependents
/ Mojolicious::Plugin::DigestAuth

NAME

Mojolicious::Plugin::DigestAuth - HTTP Digest Authentication for Mojolicious

SYNOPSIS

$self->plugin('digest_auth');

# In your action
return unless $self->digest_auth(allow => { sshaw => 'password' });

# Or, in startup()
my $r = $self->digest_auth('/admin', allow => { sshaw => 'password' });
$r->route('/new')->to('users#new');

CONFIGURATION

SETUP

Configuration can be done globally when loading the plugin

$self->plugin('digest_auth', %options)

or locally when calling digest_auth

$self->digest_auth(%options);

Local options override their global counterparts. For example, the following will apply to all authentication requests

# setup()
$self->plugin('digest_auth', realm   => 'Thangz',
                             expires => 120,
                             allow   => '/path/to/htdigest_file');


# controller
sub show
{
    my $self = shift;
    return unless $self->digest_auth;

    # ...
}

But can be overridden within an action

sub edit
{
    my $self = shift;
    return unless $self->digest_auth(realm   => 'RealmX',
                                     expires => 24*3600,
                                     allow   => { sshaw => 'Ay3Br4h_!' });
    # ...
}

For a full list of options see "digest_auth".

AUTHENTICATION

By default MD5/auth authentication is performed. This is configurable, see "digest_auth".

DB

Authentication information is given via the allow option and can be retrieved from a variety of sources:

  • A hash reference without a realm

    $self->plugin('digest_auth', allow => { sshaw => 'my_pAzw3rD',
                                        admin => '->fofinha!' });

    In this case users will either be placed into the realm given by the realm option or the default realm, WWW.

    Passwords must be given in plain text.

  • A hash reference with realm(s)

    $self->plugin('digest_auth', allow => { 'Admin Realm' => { sshaw => 'my_pAzw3rD' },
                                        'WWW Users'   => { tony  => 'vrooooooom' });

    Passwords must be given in plain text.

  • A htdigest style file

    $self->plugin('digest_auth', allow => '/home/sshaw/www_users');

  • An object with a get() method that returns hashed passwords

    $self->plugin('digest_auth', allow => $db);

    Arguments are passed to get() in the following order: realm, username.

PERFORMING AUTHENTICATION

Authentication can be performed by calling the digest_auth method from within the action you'd like to protect:

sub some_action
{
    my $self = shift;
    return unless $self->digest_auth;

    # Authenticated users get here
}

If authentication is successful digest_auth returns true, otherwise undef is returned and a HTTP 401 status code and the message: HTTP 401: Unauthorized are sent to the client. Currently this message cannot be changed.

Authentication can also be performed for a set of routes by calling digest_auth from within your application's startup function. This form performs authentication automatically for all of the routes defined under the given URL:

package YourWebApp;

use Mojo::Base 'Mojolicious';

sub startup
{
  my $self = shift;
  $self->plugin('digest_auth', %options);

  # ...

  my $admin = $self->digest_auth('/admin');
  $admin->route('/new')->to('users#new');
  $admin->route('/edit/:id')->to('users#edit');
}

In this case authentication is performed via a bridge with a callback.

WEB SERVERS

Authentication will fail if your application is sitting behind a web server does not pass the Authorization header to your application. In Apache this can be achieved with mod_rewrite:

RewriteEngine On
RewriteRule ^ - [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization}]

METHODS

plugin

$self->plugin('digest_auth', %options)

Loads the plugin and sets up the defaults given by %options.

Arguments

%options

See "digest_auth".

Errors

This method will croak if if any of the options are invalid or if there is an error loading the password database.

digest_auth

$self->digest_auth(%options)
$routes = $self->digest_auth($url, %options)

Arguments

$url

Optional. If provided authentication will be performed for all routes defined under $url. See "PERFORMING AUTHENTICATION".

%options

  • allow => { user => password }

  • allow => { realm => { user => password }}

  • allow => 'htdigest_file'

  • allow => $obj

    See "DB".

  • algorithm => 'MD5' | 'MD5-sess'

    Digest algorithm, either 'MD5' or 'MD5-sess'. Defaults to 'MD5', 'MD5-sess' requires a qop.

  • domain => '/path' | 'your.domain.com'

    Authentication domain. Defaults to '/'.

  • expires => seconds

    Nonce lifetime. Defaults to 300 seconds (5 minutes).

  • qop => 'auth' | ''

    Quality of protection. Defaults to 'auth'. auth-int is not supported.

  • realm => 'Your Realm'

    Authentication realm. Defaults to 'WWW'.

  • support_broken_browsers => 1 | 0

    When processing requests from certain browsers skip steps that would otherwise result in a HTTP 400 response. Defaults to 1.

    Currently only applies to IE 5 and 6. These two browsers fail to append the query string to the URI included in the Authorization header and, after authenticating, fail to include the opaque value.

Returns

Without a URL prefix:

True if authentication was successful, undef otherwise. If unsuccessful a HTTP 401 status code and message are sent to the client.

With a URL prefix:

An instance of Mojolicious::Routes. See "PERFORMING AUTHENTICATION".

Errors

Will croak if any of the options are invalid.

SEE ALSO

Mojolicious, Mojolicious::Plugin::BasicAuth, http://en.wikipedia.org/wiki/Digest_access_authentication

AUTHOR

Skye Shaw (sshaw AT lucas.cis.temple.edu)

LICENSE

Copyright (c) 2011 Skye Shaw. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.