Re^2: Getting an error when invoking Apache2::RequestUtil->request

I've indeed configured Apache fallowing the POD of AuthCookie.

<VirtualHost ht2.dev>
    ServerName ht2.dev
    ServerAdmin wsl_research@websense.com
    DocumentRoot /var/www/html/ht2
    Alias /js /var/www/html/js
    Alias /images /var/www/html/images
    Alias /ht2 /var/www/html/ht2

    LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so
    PerlModule Apache2::Reload
    PerlInitHandler Apache2::Reload
    PerlModule ModPerl::Registry
    PerlModule WSL::AuthCookie
    PerlSetVar AuthCookieDebug 3
    PerlSetVar CCAPAuthPath /
    PerlSetVar CCAPAuthLoginScript /login.cgi
    <Location /ht2>
        AuthName CCAPAuth
        AuthType WSL::AuthCookie
        SetHandler perl-script
        Options +ExecCGI
        PerlOptions +GlobalRequest +ParseHeaders
        PerlAuthenHandler WSL::AuthCookie->authenticate
        PerlAuthzHandler WSL::AuthCookie->authorize
        Require valid-user
    </Location>
    <Files LOGIN>
        AuthName CCAPAuth
        AuthType WSL::AuthCookie
        PerlResponseHandler WSL::AuthCookie->login
        SetHandler perl-script
        Options +ExecCGI
        PerlOptions +GlobalRequest +ParseHeaders
    </Files>

    CustomLog /var/log/apache2/ht2-access.log combined
    ErrorLog /var/log/apache2/ht2-error.log
</VirtualHost>
[download]

And I create the subclass of Apache2::AuthCookie by override its methods of authen_cred and anthen_ses_key.

package WSL::AuthCookie;

use strict;
use warnings;

use Carp qw(carp confess);
#use CGI;
use Data::Dumper;
use Net::LDAP;
use WSL::Proxy;
use Digest::MD5 qw(md5_hex);
use Apache2::RequestRec;
#use Apache2::Const qw(:common HTTP_FORBIDDEN);

use base "Apache2::AuthCookie";

my $cycle = 300;
my $secret = "STRbjLab";

sub authen_cred
{
    my ($this, $r, @creds) = @_;

    carp Dumper(@creds);
    if ($this->is_authenticated($r, @creds)
        && $this->is_authorized($r, @creds))
    {
        return $this->make_ticket($r, $creds[0]);
    }

    return;
}

sub authen_ses_key
{
    my ($this, $r, $key) = @_;

    my $user = $this->check_ticket($r, $key);
    return $user if $user;

    return;
}

# Session summary -- $secret:$username:$expire
# Session signatur -- md5_hex(Session summary)
# Session key -- join ":", $user, $expire, $signature
sub make_ticket
{
    my ($this, $r, $user) = @_;
    my $expires = time() + $cycle;
    my $signature = md5_hex("$secret:$user:$expires");
    my $key = join(":", $user, $expires, $signature);
    return $key;
}

sub check_ticket
{
    my ($this, $r, $key) = @_;
    my ($user, $expires, $signature) = split(":", $key);
    my $hash = md5_hex("$secret:$user:$expires");
    return undef if $signature ne $hash
                    or $expires < time();

    return $user;
}
[download]

Then I write a login script to generate the login html.

#!/usr/bin/perl

# Render the login form

use strict;
use warnings;

use Carp qw|carp confess|;
use Data::Dumper;
use Apache2::RequestUtil;

my $r;
eval{$r = Apache2::RequestUtil->request;} || confess $@;
my $prev = $r->prev;
my $uri = $prev->uri;
my $args = $prev->args;
$uri .= "?$args" if $args;
my $reason = $prev->subprocess_env('AuthCookieReason');
my $error = "";
if ($reason)
{
    my $details;
    if ($reason eq "no_cookie")
    {
        $details = "";
    }
    elsif ($reason eq "bad_cookie")
    {
        $details = "The cookie you presented is invalid. You must logi
+n again!";
    }
    elsif ($reason eq "bad_credentials")
    {
        $details = "Invalid Username/Password";
    }
    else
    {
        $details = $reason;
    }

    $error = << "__REASON__";
      <div class="alert alert-error">
        $details
      </div>
__REASON__
}

print "content-type: text/html\n\n";

my $login_form = << "__LOGIN__";
<!DOCTYPE html>
<html>
  <head>
    <title>HT2 - Login</title>
    <link href="/login.css" rel="stylesheet" type="text/css">
  </head>
  <body>
    <div class="container">
      $error
      <div class="modal">
        <div class="modal-header" style="text-align:center">
          <img width="350px" height="86px" src="img/security_labs_logo
+_350.png"/>
        </div>
        <form class="form-horizontal" method="POST" action="/login">
          <fieldset>
            <div class="modal-body">
              <div class="control-group">
                <label class="control-label" for="username">Username:<
+/label>
                <div class="controls">
                  <input class="input" id="username" name="credential_
+0" autofocus="autofocus" type="text">
                </div>
              </div>
              <div class="control-group">
                <label class="control-label" for="password">Password:<
+/label>
                <div class="controls">
                  <input class="input" id="password" name="credential_
+1" type="password">
                </div>
              </div>
              <div class="hidden">
                <input class="input" id="destination" name="destinatio
+n" type="text" value="$uri">
              </div>
            </div>
          </fieldset>
          <div class="modal-footer">
            <button type="submit" class="btn btn-primary">
              <i class="icon-lock icon-white"></i>
              Login
            </button>
          </div>
        </form>
      </div>
    </div>
  </body>
</html>
__LOGIN__

print $login_form;
[download]

But after all these efforts I just get a error. Annoying!

Anything wrong???

Any ideas???

Comment on Re^2: Getting an error when invoking Apache2::RequestUtil->request Select or Download Code


Pathologically Eclectic Rubbish Lister
	PerlMonks