Skip Menu |
 

This queue is for tickets about the Authen-Simple CPAN distribution.

Report information
The Basics
Id: 26464
Status: resolved
Priority: 0/
Queue: Authen-Simple

People
Owner: Nobody in particular
Requestors: GIFF [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Auth::Simple::Apache doesn't call note_basic_auth_failure on auth failure
Download (untitled) / with headers
text/plain 351b
If the Auth::Simple-based handler rejects the username and password, Auth::Simple::Apache::handle returns HTTP_UNAUTHORIZED without calling $r->note_basic_auth_failure. The result is that the browser won't prompt for the password again until it is restarted or its credential cache is cleared, which is annoying. Patch attached, which works for me.
Subject: authen-simple-apache-notefailure.patch
--- Apache.pm~ 2006-01-13 15:19:55.000000000 -0500 +++ Apache.pm 2007-04-17 23:24:31.000000000 -0400 @@ -17,7 +17,7 @@ eval "require $class"; } - my @import = qw( OK HTTP_UNAUTHORIZED SERVER_ERROR ); + my @import = qw( OK HTTP_UNAUTHORIZED AUTH_REQUIRED SERVER_ERROR ); if ( $mod_perl::VERSION >= 1.999022 ) { # mod_perl 2.0.0 RC5 require Apache2::RequestRec; @@ -95,7 +95,6 @@ $r->log->error( "PerlAuthenHandler $class - Required parameter '$config' is not set." ); return SERVER_ERROR; } - $params{ $option } = $value if defined($value); } @@ -114,8 +113,11 @@ $r->log->error( "PerlAuthenHandler $class - Couldn't authenticate. Reason: '$@'" ); return SERVER_ERROR; } - - return ( $success ) ? OK : HTTP_UNAUTHORIZED; + if (!$success) { + $r->note_basic_auth_failure(); + return AUTH_REQUIRED; + } + return OK; } 1;
Download (untitled) / with headers
text/plain 490b
On Tue Apr 17 23:28:30 2007, GIFF wrote: Show quoted text
> If the Auth::Simple-based handler rejects the username and password, > Auth::Simple::Apache::handle returns HTTP_UNAUTHORIZED without calling > $r->note_basic_auth_failure. The result is that the browser won't > prompt for the password again until it is restarted or its credential > cache is cleared, which is annoying.
Same problem, but note that HTTP_UNAUTHORIZED and AUTH_REQUIRED evaluate to the same value (401), simpler patch attached.
Download authen-simple.patch
text/x-diff 352b
--- lib/Authen/Simple/Apache.pm~ 2006-01-13 15:19:55.000000000 -0500 +++ lib/Authen/Simple/Apache.pm 2008-10-10 10:47:43.157055000 -0400 @@ -115,7 +115,10 @@ return SERVER_ERROR; } - return ( $success ) ? OK : HTTP_UNAUTHORIZED; + return OK if $success; + + $r->note_basic_auth_failure; + return HTTP_UNAUTHORIZED; } 1;
Download (untitled) / with headers
text/plain 130b
I have released a new version to CPAN which addresses this. <https://metacpan.org/release/CHANSEN/Authen-Simple-0.5> -- chansen


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.