File Coverage

blib/lib/Dancer2/Plugin/Auth/HTTP/Basic/DWIW.pm

Criterion	Covered	Total	%
statement	52	52	100.0
branch	14	18	77.7
condition	5	10	50.0
subroutine	9	9	100.0
pod			n/a
total	80	89	89.8

line	stmt	bran	cond	sub	time	code
1	7			7	4519039	use strict;
	7				55
	7				187
2	7			7	34	use warnings;
	7				13
	7				350
3
4						package Dancer2::Plugin::Auth::HTTP::Basic::DWIW;
5						# ABSTRACT: HTTP Basic authentication plugin for Dancer2 that does what I want.
6						$Dancer2::Plugin::Auth::HTTP::Basic::DWIW::VERSION = '0.0801';
7	7			7	2844	use MIME::Base64;
	7				4329
	7				385
8	7			7	3144	use Dancer2::Plugin;
	7				289153
	7				53
9
10						our $HANDLERS = {
11						check_login => undef,
12						no_auth => undef,
13						};
14
15						register http_basic_auth => sub {
16	6			6	330	my ($dsl, $stuff, $sub, @other_stuff) = @_;
17
18	6		50		31	my $realm = plugin_setting->{'realm'} // 'Please login';
19
20						return sub {
21	12			12	1233201	local $@ = undef;
22	12				30	eval {
23	12		100		168	my $header = $dsl->app->request->header('Authorization') \|\| die \401;
24
25	8				1829	my ($auth_method, $auth_string) = split(' ', $header);
26
27	8	50	33		89	$auth_method ne 'Basic' \|\| $auth_string \|\| die \400;
28
29	8				63	my ($username, $password) = split(':', decode_base64($auth_string), 2);
30
31	8	50	33		43	$username \|\| $password \|\| die \401;
32
33	8	100			58	if(my $handler = $HANDLERS->{check_login}) {
34	5	50			27	if(ref($handler) eq 'CODE') {
35	5				26	my $check_result = eval { $handler->($username, $password); };
	5				20
36
37	5	100			43	if($@) {
38	1				7	$dsl->error("Error while validating credentials: $@");
39	1				593	die \500;
40						}
41
42	4	100			21	if(!$check_result) {
43	2				10	die \401;
44						}
45						}
46						}
47						};
48
49	12	100			820	unless ($@) {
50	5				35	return $sub->($dsl->app, @other_stuff);
51						}
52						else {
53	7				16	my $error_code = ${$@};
	7				19
54
55	7				52	$dsl->header('WWW-Authenticate' => 'Basic realm="' . $realm . '"');
56	7				1377	$dsl->status($error_code);
57
58	7	100			774	if(my $handler = $HANDLERS->{no_auth}) {
59	2	50			7	if(ref($handler) eq 'CODE') {
60	2				7	return $handler->();
61						}
62						}
63
64	5				33	return;
65						}
66	6				956	};
67						};
68
69						register http_basic_auth_login => sub {
70	4			4	43	my ($dsl) = @_;
71	4				13	my $app = $dsl->app;
72
73	4				56	my @auth_header = split(' ', $dsl->app->request->header('Authorization'));
74	4				135	my $auth_string = $auth_header[1];
75	4				28	my @auth_parts = split(':', decode_base64($auth_string), 2);
76
77	4				20	return @auth_parts;
78						},
79						{
80						is_global => 0
81						};
82
83						register http_basic_auth_set_check_handler => sub {
84	2			2	196	my ($dsl, $handler) = @_;
85
86	2				107	warn 'This is deprecated! Please use http_basic_auth_handler check_login => sub {}';
87	2				17	$dsl->http_basic_auth_handler(check_login => $handler);
88						};
89
90						register http_basic_auth_handler => sub {
91	4			4	112	my ($dsl, $name, $handler) = @_;
92	4				19	$HANDLERS->{$name} = $handler;
93						};
94
95						register_plugin for_versions => [2];
96						1;
97
98						__END__
99
100						=pod
101
102						=encoding UTF-8
103
104						=head1 NAME
105
106						Dancer2::Plugin::Auth::HTTP::Basic::DWIW - HTTP Basic authentication plugin for Dancer2 that does what I want.
107
108						=head1 VERSION
109
110						version 0.0801
111
112						=head1 SYNOPSIS
113
114						package test;
115
116						use Dancer2;
117						use Dancer2::Plugin::Auth::HTTP::Basic::DWIW;
118
119						http_basic_auth_handler check_login => sub {
120						my ( $user, $pass ) = @_;
121
122						# you probably want to check the user in a better way
123						return $user eq 'test' && $pass eq 'bla';
124						};
125
126						http_basic_auth_handler no_auth => sub {
127						template 'auth_error';
128						};
129
130						get '/' => http_basic_auth required => sub {
131						my ( $user, $pass ) = http_basic_auth_login;
132
133						return $user;
134						};
135						1;
136
137						=head1 DESCRIPTION
138
139						This plugin gives you the option to use HTTP Basic authentication with Dancer2.
140
141						You can set a handler to check the supplied credentials. If you don't set a handler, every username/password combination will work.
142
143						=head1 CAUTION
144
145						Don't ever use HTTP Basic authentication over clear-text connections! Always use HTTPS!
146
147						The only case were using HTTP is ok is while developing an application. Don't use HTTP because you think it is ok in corporate networks or something alike, you can always have bad bad people in your network..
148
149						=head1 CONFIGURATION
150
151						=over 4
152
153						=item realm
154
155						The realm presented by browsers in the login dialog.
156
157						Defaults to "Please login".
158
159						=back
160
161						=head1 OTHER
162
163						This is my first perl module published on CPAN. Please don't hurt me when it is bad and feel free to make suggestions or to fork it on GitHub.
164
165						=head1 BUGS
166
167						Please report any bugs or feature requests to C<littlefox at fsfe.org>, or through
168						the web interface at L<https://github.com/LittleFox94/Dancer2-Plugin-Auth-HTTP-Basic-DWIW/issues>. I will be notified, and then you'll
169						automatically be notified of progress on your bug as I make changes.
170
171						=head1 SUPPORT
172
173						After installation you can find documentation for this module with the perldoc command:
174
175						perldoc Dancer2::Plugin::Auth::HTTP::Basic::DWIW
176
177						=head1 AUTHOR
178
179						Mara Sophie Grosch (LittleFox) <littlefox@cpan.org>
180
181						=head1 COPYRIGHT AND LICENSE
182
183						This software is copyright (c) 2020 by Mara Sophie Grosch (LittleFox).
184
185						This is free software; you can redistribute it and/or modify it under
186						the same terms as the Perl 5 programming language system itself.
187
188						=cut