Skip Menu |

This queue is for tickets about the JSON-RPC CPAN distribution.

Report information
The Basics
Id: 77876
Status: resolved
Priority: 0/
Queue: JSON-RPC
People
Owner: Nobody in particular
Requestors: mcmic [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Jun 18 05:07:09 2012 mcmic [...] cpan.org - Ticket created
Subject: Support for HTTP authentication
Hello, I'd like to be able to use HTTP authentication to filter authorized from unauthorized JSON-RPC requests. Please find attached a patch that add this feature to JSONRPC::Server. If it seems OK to you, please apply it on CPAN.
Subject: http_auth.patch
--- booya/lib/JSON/RPC/Server.pm 2008-02-25 02:48:24.000000000 +0100 +++ JSON-RPC-0.96/lib/JSON/RPC/Server.pm 2012-06-18 11:02:54.781281293 +0200 @@ -30,7 +30,7 @@ BEGIN { for my $method (qw/request path_info json version error_message max_length charset content_type - error_response_header return_die_message/) + error_response_header return_die_message auth_callback auth_realm/) { eval qq| sub $method { @@ -55,6 +55,7 @@ charset => 'UTF-8', content_type => 'application/json', json => $class->create_json_coder, + auth_realm => "JSONRPCRealm", loaded_module => { name => {}, order => [], }, @_, }, $class; @@ -103,6 +104,18 @@ my ($self) = @_; my ($obj, $res, $jsondata); + if (defined($self->{auth_callback}) && !$self->request->header('Authorization')) { + return $self->response(HTTP::Response->new( + 401 => 'Authorization Required', + [ 'WWW-Authenticate' => 'Basic realm="'.$self->{auth_realm}.'"' ], + )); + } elsif (defined($self->{auth_callback})) { + my ($login, $password) = $self->request->authorization_basic(); + unless (&{$self->{auth_callback}}($login,$password)) { + return $self->response($self->response_header(403, 'Forbidden')); + } + } + if ($self->request->method eq 'POST') { $jsondata = $self->retrieve_json_from_post(); } @@ -598,6 +611,23 @@ Default is 'application/json'. +=item auth_callback + +Setter/Getter to function to call for HTTP authentication. +Default is C<undef> , meaning no authentication required. + +$server->auth_callback(sub { + my ($login, $password) = @_; + return (($login=="admin") && ($password=="secret")); +}); + + +=item auth_realm + +Setter/Getter to the name of the realm for HTTP authentication. +Default is 'JSONRPCRealm'. + + =item return_die_message When your program dies in your procedure,
  Mon Jun 18 05:13:53 2012 dmaki [...] cpan.org - Correspondence added
I believe the code for JSON::RPC assumes that it runs under PSGI. Given that, is there any reason why you can't use Plack::Middleware::Auth::Basic?
  Mon Jun 18 05:13:54 2012 The RT System itself - Status changed from 'new' to 'open'
  Mon Jun 18 05:56:09 2012 mcmic [...] cpan.org - Correspondence added
Le Lun 18 Juin 2012 05:13:53, DMAKI a écrit : Show quoted text
> I believe the code for JSON::RPC assumes that it runs under PSGI. > Given that, is there any reason > why you can't use Plack::Middleware::Auth::Basic?
Sorry, I was not aware of the new version based on PSGI, I was still using 0.96 I never used PSGI, is there any guide somewhere to migrate from 0.96 Legacy version to PSGI system?
  Mon Jun 18 06:15:24 2012 dmaki [...] cpan.org - Correspondence added
Oh hmm Please consider the old version (which was from a different maintainer, btw: we discussed and I received ownership for the new version) EOL. As far as migrating to PSGI goes, it's a whole different story, and it's hard to give specific advice for JSON::RPC alone. But if you can spare the time to do it, you definitely should migrate your app to PSGI :) it's well worth it. I think the hardest one to migrate to would be mod_perl, btw. hopefully you're not using mod_perl... Anyway, so that would be a different topic, and I'm closing this ticket. try #plack on freenode maybe?
  Mon Jun 18 06:15:25 2012 dmaki [...] cpan.org - Status changed from 'open' to 'resolved'