LP#1449283: fix auth when running under Apache 2.4

author Galen Charlton <gmc@esilibrary.com>

Thu, 30 Apr 2015 18:07:14 +0000 (11:07 -0700)

committer Bill Erickson <berickxx@gmail.com>

Fri, 1 May 2015 20:17:31 +0000 (16:17 -0400)
author Galen Charlton <gmc@esilibrary.com>
Thu, 30 Apr 2015 18:07:14 +0000 (11:07 -0700)
committer Bill Erickson <berickxx@gmail.com>
Fri, 1 May 2015 20:17:31 +0000 (16:17 -0400)
diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in

index 3d60fda..d4bbd78 100644 (file)
--- a/Open-ILS/examples/apache_24/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in
@@ -441,11 +441,10 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
      PerlOptions +GlobalRequest
      PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
      PerlAuthenHandler OpenILS::WWW::Proxy::Authen
-    require valid-user
+    Require valid-user
      PerlHandler OpenILS::WWW::Exporter
      Options +ExecCGI
      PerlSendHeader On
-    Require all granted 
  </Location>
  
  <Location /opac/extras/merge_template>
@@ -455,11 +454,10 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
      PerlOptions +GlobalRequest
      PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
      PerlAuthenHandler OpenILS::WWW::Proxy::Authen
-    require valid-user
+    Require valid-user
      PerlHandler OpenILS::WWW::TemplateBatchBibUpdate
      PerlSendHeader On
      Options +ExecCGI
-    Require all granted 
  </Location>
  
  <Location /opac/extras/circ>
@@ -468,10 +466,9 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
      PerlOptions +GlobalRequest
      PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
      PerlAuthenHandler OpenILS::WWW::Proxy::Authen
-    require valid-user
+    Require valid-user
      Options +ExecCGI
      PerlSendHeader On
-    Require all granted 
  </Location>
  
  <Location /collections>
@@ -481,10 +478,9 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
      PerlOptions +GlobalRequest
      PerlSetVar OILSProxyPermissions "money.collections_tracker.create"
      PerlAuthenHandler OpenILS::WWW::Proxy::Authen
-    require valid-user
+    Require valid-user
      Options +ExecCGI
      PerlSendHeader On
-    Require all granted 
  </Location>
  
  # ----------------------------------------------------------------------------------
@@ -496,7 +492,7 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
      PerlOptions +GlobalRequest
      PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
      PerlAuthenHandler OpenILS::WWW::Proxy::Authen
-    require valid-user
+    Require valid-user
      PerlSendHeader On
      allow from all
      SSLRequireSSL
@@ -511,10 +507,9 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
      PerlOptions +GlobalRequest
      PerlSetVar OILSProxyPermissions "VIEW_REPORT_OUTPUT"
      PerlAuthenHandler OpenILS::WWW::Proxy::Authen
-    require valid-user
+    Require valid-user
      Options +ExecCGI
      PerlSendHeader On
-    Require all granted 
  </Location>
  
  # ----------------------------------------------------------------------------------
@@ -526,10 +521,9 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
      PerlOptions +GlobalRequest
      PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
      PerlAuthenHandler OpenILS::WWW::Proxy::Authen
-    require valid-user
+    Require valid-user
      Options +ExecCGI
      PerlSendHeader On
-    Require all granted 
  </LocationMatch>
  
  
@@ -600,10 +594,9 @@ RewriteRule ^/conify/([a-z]{2}-[A-Z]{2})/global/(.*)$ /conify/global/$2 [E=local
      PerlOptions +GlobalRequest
      PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
      PerlAuthenHandler OpenILS::WWW::Proxy::Authen
-    require valid-user
+    Require valid-user
      Options +ExecCGI
      PerlSendHeader On
-    Require all granted 
  </Location>
  
  # ----------------------------------------------------------------------------------
@@ -613,14 +606,13 @@ RewriteRule ^/conify/([a-z]{2}-[A-Z]{2})/global/(.*)$ /conify/global/$2 [E=local
      SetHandler perl-script
      AuthType Basic
      AuthName "PhoneList Login"
-    require valid-user
+    Require valid-user
      PerlOptions +GlobalRequest
      PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
      PerlHandler OpenILS::WWW::PhoneList
      PerlAuthenHandler OpenILS::WWW::Proxy::Authen
      Options +ExecCGI
      PerlSendHeader On
-    allow from all
      <IfModule mod_headers.c>
          Header onsuccess set Cache-Control no-cache
      </IfModule>
diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm

index 2e33aa1..5b1c64b 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm
@@ -102,6 +102,10 @@ sub handler {
                          -expires=>'-1h'
                  );
              } else {
+                # it appears that as of Apache 2.4, authentication
+                # handlers are expected to ensure that the request
+                # object has ->user set.
+                $apache->user($user->usrname);
                  $bad_auth = 0;
              }
          }
author	Galen Charlton <gmc@esilibrary.com>
	Thu, 30 Apr 2015 18:07:14 +0000 (11:07 -0700)
committer	Bill Erickson <berickxx@gmail.com>
	Fri, 1 May 2015 20:17:31 +0000 (16:17 -0400)
Open-ILS/examples/apache_24/eg_vhost.conf.in		patch \| blob \| history
Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm		patch \| blob \| history