# Copyright (c) 2005-2009 bivio Software, Inc. All Rights Reserved. # $Id$ package Bivio::Biz::Action::BasicAuthorization; use strict; use Bivio::Base 'Biz.Action'; use MIME::Base64 (); my($_AC) = b_use('Ext.ApacheConstants'); b_use('Agent.Task')->register(__PACKAGE__) if b_use('IO.Config')->if_version(1); sub execute { my($proto, $req) = @_; Bivio::IO::Alert->warn_deprecated( $req->get('task'), ': remove Action.BasicAuthorization and set want_basic_authorization=1 on task'); return $proto->handle_pre_auth_task(undef, $req); } sub handle_pre_auth_task { my($self, $task, $req) = @_; return 0 if $req->unsafe_get('auth_user'); my($f) = Bivio::Biz::Model->new($req, 'UserLoginForm'); my($r) = $req->unsafe_get('r'); my($auth) = $r && $r->header_in('Authorization'); return _unauth($task, $f) unless $auth; $f->disable_assert_cookie; my($u, $p) = (MIME::Base64::decode(($auth =~ /Basic\s*(.+)/)[0] || '') || '') =~ /^([^:]+):(.*)$/; unless ($u) { b_warn($u, ': could not parse user'); return _unauth($task, $f); } my($su); my($ro); if ($u =~ s/^(.*)\>//) { my($su) = $1; $f->validate($su, $p); unless ($f->in_error) { $f->execute_ok; if ($req->is_super_user) { $f->validate_login($u); $f->substitute_user($ro = $f->get('realm_owner'), $req) unless $f->in_error; } else { b_warn($su, ': attempted to substitute user to: ', $u); return _unauth($task, $f); } } } else { $f->validate($u, $p); unless ($f->in_error) { $f->execute_ok; $ro = $f->unsafe_get('realm_owner'); } } return 0 if $ro; b_warn($f->get_errors) if $f->in_error; return _unauth($task, $f); } sub _unauth { my($task, $login) = @_; return 0 unless !$task || $task->unsafe_get('want_basic_authorization'); my($req) = $login->req; $req->get('reply')->set_header( 'WWW-Authenticate', qq{Basic realm="@{[$login->get_basic_authorization_realm]}"}, )->set_http_status($_AC->HTTP_UNAUTHORIZED) ->set_output_type('text/plain') ->set_output(\('')); return 1; } 1;