Basic authentication and Dancer
Hi! I try to run one simple Dancer app behind Apache proxy and because there is a bunch of old CGI scripts running on same server, restricted by basic authentication, I'd like to use the same authentication scheme in Dancer app too. My Apache config looks like this: <Location /xyz/z > ProxyPass http://localhost:5001 ProxyPassReverse http://localhost:5001 RequestHeader set Request-Base /xyz/z AuthName "myadmin" AuthType basic AuthUserFile /etc/htpasswd.adm Require valid-user </Location> So far, so good. Problem: in Dancer I can't access env variable REMOTE_USER. AFAIU Dancer::Request object does not forward this variable. What is the best way to access REMOTE_USER value inside Dancer? Tia, -- Wbr, Kõike hääd, Gunnar
you could use Plack::Builder; append the following inside your app.psgi file use Plack::Builder; builder { enable "Auth::Basic", authenticator => \&authen_cb; } sub authen_cb { my($username, $password, $env) = @_; return ($username eq 'testuser' && $password eq 'testpassword') } On Fri, Feb 12, 2016 at 11:09 PM, WK <wanradt@gmail.com> wrote:
Hi!
I try to run one simple Dancer app behind Apache proxy and because there is a bunch of old CGI scripts running on same server, restricted by basic authentication, I'd like to use the same authentication scheme in Dancer app too.
My Apache config looks like this:
<Location /xyz/z > ProxyPass http://localhost:5001 ProxyPassReverse http://localhost:5001 RequestHeader set Request-Base /xyz/z AuthName "myadmin" AuthType basic AuthUserFile /etc/htpasswd.adm Require valid-user </Location>
So far, so good.
Problem: in Dancer I can't access env variable REMOTE_USER.
AFAIU Dancer::Request object does not forward this variable. What is the best way to access REMOTE_USER value inside Dancer?
Tia, -- Wbr, Kõike hääd,
Gunnar _______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
Hi! 2016-02-12 23:25 GMT+02:00 Nikos Vaggalis <nikos.vaggalis@gmail.com>:
you could use Plack::Builder;
append the following inside your app.psgi file
use Plack::Builder;
builder { enable "Auth::Basic", authenticator => \&authen_cb; }
sub authen_cb { my($username, $password, $env) = @_; return ($username eq 'testuser' && $password eq 'testpassword') }
Thank you for quick response. As I see, it provides full authentication capabilities itself, but I still don't figure out, how I could see the value of $username inside my app? -- Wbr, Kõike hääd, Gunnar
those variables get filled with the values you enter in the Authentication dialogue when it asks for a username and password On Fri, Feb 12, 2016 at 11:30 PM, WK <wanradt@gmail.com> wrote:
Hi!
2016-02-12 23:25 GMT+02:00 Nikos Vaggalis <nikos.vaggalis@gmail.com>:
you could use Plack::Builder;
append the following inside your app.psgi file
use Plack::Builder;
builder { enable "Auth::Basic", authenticator => \&authen_cb; }
sub authen_cb { my($username, $password, $env) = @_; return ($username eq 'testuser' && $password eq 'testpassword') }
Thank you for quick response. As I see, it provides full authentication capabilities itself, but I still don't figure out, how I could see the value of $username inside my app?
-- Wbr, Kõike hääd,
Gunnar _______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
On Feb 12, 2016, at 2:54 PM, Nikos Vaggalis <nikos.vaggalis@gmail.com> wrote:
those variables get filled with the values you enter in the Authentication dialogue
I think he’s asking how you get those values from *Dancer* rather than from Plack. Or at least, how you get at Plack stuff underneath Dancer, say, from a route handler.
On Feb 12, 2016, at 2:56 PM, Warren Young <wyml@etr-usa.com> wrote:
On Feb 12, 2016, at 2:54 PM, Nikos Vaggalis <nikos.vaggalis@gmail.com> wrote:
those variables get filled with the values you enter in the Authentication dialogue
I think he’s asking how you get those values from *Dancer* rather than from Plack. Or at least, how you get at Plack stuff underneath Dancer, say, from a route handler.
To clarify, the OP couched this issue in terms of HTTP Basic Authentication, but it’s broader than that. The same question would apply if you used, say, Microsoft’s SSPI mechanism to allow single-sign-on to your web app: http://stackoverflow.com/questions/1003751/ Once the user is logged in, you still need the user name provided by the browser to tag database records for ownership by that user, to look up prior actions by that user, etc.
I hope I'm not oversimplifying, but can't one set session user => $username; when it is validated and refer to it as session('user') later? --john
On Feb 12, 2016, at 2:54 PM, Nikos Vaggalis <nikos.vaggalis@gmail.com> wrote:
those variables get filled with the values you enter in the Authentication dialogue I think he’s asking how you get those values from *Dancer* rather than from Plack. Or at least, how you get at Plack stuff underneath Dancer, say, from a route handler. To clarify, the OP couched this issue in terms of HTTP Basic Authentication, but it’s broader than that. The same question would apply if you used, say, Microsoft’s SSPI mechanism to allow single-sign-on to your web app:
http://stackoverflow.com/questions/1003751/
Once the user is logged in, you still need the user name provided by the browser to tag database records for ownership by that user, to look up prior actions by that user, etc. _______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
-- John J. McDermott, CPLP Learning and Performance Consultant jjm at jkintl.com 575/737-8556 Check out my security blog posts Add an A for the Arts To STEM and get STEAM and a strong engine to move forward.
2016-02-13 0:23 GMT+02:00 John McDermott, CPLP <jjm@jkintl.com>:
I hope I'm not oversimplifying, but can't one set session user => $username; when it is validated and refer to it as session('user') later?
Of course, it would be obvious way, if I could initialize $username from somewhere... But I think I am approaching to solution somehow and try to make some test. Problem: I don't want to use Plack::Middleware::Auth::Basic as authenticator, because the authenticator mechanism is already set inside Apache. Idea for solution: if I understand correctly, ::Auth::Basic sets user-value inside Dancer's request object and if I should be able to read username inside authenticator-callback. Then I could return true if REMOTE_USER is set and false otherwise... I try it and let you know. Thank you for your hints anyway -- Wbr, Kõike hääd, Gunnar
2016-02-12 23:54 GMT+02:00 Nikos Vaggalis <nikos.vaggalis@gmail.com>:
those variables get filled with the values you enter in the Authentication dialogue when it asks for a username and password
Yes, I understand, but how could you access them inside Dancer? [Yes, Warren is right] Wbr, -- Kõike hääd, Gunnar
2016-02-12 23:54 GMT+02:00 Nikos Vaggalis <nikos.vaggalis@gmail.com>:
those variables get filled with the values you enter in the Authentication dialogue when it asks for a username and password
Thank you, Nikos! Your direction toward Plack::Middleware::Auth::Basic was good hint. Maybe this solution has some value to others to, so I share it here. Because my little app acts like AJAX-feeder for other pages (which are protected with Auth basic), it is not permitted to reponse indepentently, but only if it is called from pages behind certain realm. So all I needed finally, was this little app.psgi: #!/usr/bin/env perl use Dancer; use Plack::Builder; use Plack::Middleware::Auth::Basic; use My::App; my $app = sub { my $env = shift; my $request = Dancer::Request->new( env => $env ); Dancer->dance( $request ); }; builder { enable "Auth::Basic", realm => 'admin', authenticator => sub { my ( $username, $password ) = @_; return $username ? 1 : 0; }; $app; }; Thank you all! -- Wbr, Kõike hääd, G
participants (4)
-
John McDermott, CPLP -
Nikos Vaggalis -
Warren Young -
WK