Skip Menu |

This queue is for tickets about the Authen-Simple CPAN distribution.

Report information
The Basics
Id: 26464
Status: resolved
Priority: 0/
Queue: Authen-Simple
People
Owner: Nobody in particular
Requestors: GIFF [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Apr 17 23:28:30 2007 GIFF [...] cpan.org - Ticket created
Subject: Auth::Simple::Apache doesn't call note_basic_auth_failure on auth failure
If the Auth::Simple-based handler rejects the username and password, Auth::Simple::Apache::handle returns HTTP_UNAUTHORIZED without calling $r->note_basic_auth_failure. The result is that the browser won't prompt for the password again until it is restarted or its credential cache is cleared, which is annoying. Patch attached, which works for me.
Subject: authen-simple-apache-notefailure.patch
--- Apache.pm~ 2006-01-13 15:19:55.000000000 -0500 +++ Apache.pm 2007-04-17 23:24:31.000000000 -0400 @@ -17,7 +17,7 @@ eval "require $class"; } - my @import = qw( OK HTTP_UNAUTHORIZED SERVER_ERROR ); + my @import = qw( OK HTTP_UNAUTHORIZED AUTH_REQUIRED SERVER_ERROR ); if ( $mod_perl::VERSION >= 1.999022 ) { # mod_perl 2.0.0 RC5 require Apache2::RequestRec; @@ -95,7 +95,6 @@ $r->log->error( "PerlAuthenHandler $class - Required parameter '$config' is not set." ); return SERVER_ERROR; } - $params{ $option } = $value if defined($value); } @@ -114,8 +113,11 @@ $r->log->error( "PerlAuthenHandler $class - Couldn't authenticate. Reason: '$@'" ); return SERVER_ERROR; } - - return ( $success ) ? OK : HTTP_UNAUTHORIZED; + if (!$success) { + $r->note_basic_auth_failure(); + return AUTH_REQUIRED; + } + return OK; } 1;
  Fri Oct 10 10:56:38 2008 RFRANKEL [...] cpan.org - Correspondence added
On Tue Apr 17 23:28:30 2007, GIFF wrote: Show quoted text
> If the Auth::Simple-based handler rejects the username and password, > Auth::Simple::Apache::handle returns HTTP_UNAUTHORIZED without calling > $r->note_basic_auth_failure. The result is that the browser won't > prompt for the password again until it is restarted or its credential > cache is cleared, which is annoying.
Same problem, but note that HTTP_UNAUTHORIZED and AUTH_REQUIRED evaluate to the same value (401), simpler patch attached.
--- lib/Authen/Simple/Apache.pm~ 2006-01-13 15:19:55.000000000 -0500 +++ lib/Authen/Simple/Apache.pm 2008-10-10 10:47:43.157055000 -0400 @@ -115,7 +115,10 @@ return SERVER_ERROR; } - return ( $success ) ? OK : HTTP_UNAUTHORIZED; + return OK if $success; + + $r->note_basic_auth_failure; + return HTTP_UNAUTHORIZED; } 1;
  Fri Oct 10 10:56:43 2008 The RT System itself - Status changed from 'new' to 'open'
  Thu Apr 19 13:08:45 2012 chansen [...] cpan.org - Correspondence added
I have released a new version to CPAN which addresses this. <https://metacpan.org/release/CHANSEN/Authen-Simple-0.5> -- chansen
  Thu Apr 19 13:08:45 2012 chansen [...] cpan.org - Status changed from 'open' to 'resolved'