* Added support for an "auth_basic" config to use basic authenticati…

…on on specific URLs * Usage: $c->{auth_basic} = [ "/cgi/users/oai_accesslogs" ]; $c->{auth_basic} = [ "users/oai_accesslogs" ]; # CGI is prepended first git-svn-id: https://svn.eprints.org/eprints/trunk/system@3611 9491667e-5006-0410-a446-efbe8990b998
eprints · May 19, 2008 · 3013ff54b9f3e9eebbf5a2c64e84cd2cc1241872 · 3013ff5
1 parent 85c0b91
commit 3013ff54b9f3e9eebbf5a2c64e84cd2cc1241872
Showing with 41 additions and 6 deletions.

+1 −0 CHANGELOG

+1 −1 bin/generate_apacheconf

+39 −5 perl_lib/EPrints/Apache/Auth.pm
diff --git a/CHANGELOG b/CHANGELOG
@@ -7473,4 +7473,5 @@ EPRINTS-3.1-beta-2
 
 2008-05-19 tdb
  * Fixed bug in Session::get_secure that returned false in Auth stage
+ * Added support for an "auth_basic" config to use basic authentication on specific URLs
 
diff --git a/bin/generate_apacheconf b/bin/generate_apacheconf
@@ -447,7 +447,7 @@ print CONF <<END;
   Alias $http_root/ $htdocs_path/
 
   <Location "$http_root">
-    ErrorDocument 401 $http_root/error401.html
+    # ErrorDocument 401 $http_root/error401.html
     ErrorDocument 404 $http_cgiroot/handle_404
     PerlSetVar EPrints_ArchiveID $repository_id
     Redirect $http_root/perl/ http://$hostport$http_cgiroot

diff --git a/perl_lib/EPrints/Apache/Auth.pm b/perl_lib/EPrints/Apache/Auth.pm
@@ -35,6 +35,7 @@ package EPrints::Apache::Auth;
 use strict;
 
 use EPrints::Apache::AnApache; # exports apache constants
+use URI;
 
 #use EPrints::Session;
 #use EPrints::SystemSettings;
@@ -55,7 +56,7 @@ sub authen
 	}
 
 	my $rc;
-	if( $session->get_archive->get_conf( "cookie_auth" ) ) 
+	if( !_use_auth_basic( $r, $session ) )
 	{
 		$rc = auth_cookie( $r, $session );
 	}
@@ -69,6 +70,40 @@ sub authen
 	return $rc;
 }
 
+sub _use_auth_basic
+{
+	my( $r, $session ) = @_;
+
+	my $rc = 0;
+
+	if( !$session->get_repository->get_conf( "cookie_auth" ) ) 
+	{
+		$rc = 1;
+	}
+	else
+	{
+		my $uri = URI->new( $r->uri, "http" );
+		my $script = $uri->path;
+
+		my $econf = $session->get_repository->get_conf( "auth_basic" ) || [];
+
+		foreach my $exppath ( @$econf )
+		{
+			if( $exppath !~ /^\// )
+			{
+				$exppath = $session->get_repository->get_conf( "rel_cgipath" )."/$exppath";
+			}
+			if( $script =~ /^$exppath/ )
+			{
+				$rc = 1;
+				last;
+			}
+		}
+	}
+
+	return $rc;
+}
+
 sub authen_doc
 {
 	my( $r ) = @_;
@@ -103,7 +138,7 @@ sub _authen_doc
 	}
 
 	my $rc;
-	if( $session->get_archive->get_conf( "cookie_auth" ) ) 
+	if( !_use_auth_basic( $r, $session ) )
 	{
 		$rc = auth_cookie( $r, $session, 1 );
 	}
@@ -180,8 +215,6 @@ sub auth_basic
 		return AUTH_REQUIRED;
 	}
 
-	my $area = $r->dir_config( "EPrints_Security_Area" );
-
 	my $user_ds = $session->get_repository->get_dataset( "user" );
 
 	my $user = EPrints::DataObj::User::user_with_username( $session, $user_sent );
@@ -191,7 +224,8 @@ sub auth_basic
 		return AUTH_REQUIRED;
 	}
 
-	return $session->valid_login( $user_sent, $passwd_sent );
+	return $session->valid_login( $user_sent, $passwd_sent ) ?
+			OK : AUTH_REQUIRED;
 }
 
 sub authz