X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FCredential%2FRemote.pm;h=5e20adc54833317a138031dc0a03566f81328fe5;hb=3fc4303270dacbaf502bf8b88566ac1f641518ad;hp=e7bfb56f09e4ef240a33cd0aa0adfb596de8e1d1;hpb=8f57bf96b78b15ca9407e6ab5d2426745ac8a1f0;p=catagits%2FCatalyst-Plugin-Authentication.git diff --git a/lib/Catalyst/Authentication/Credential/Remote.pm b/lib/Catalyst/Authentication/Credential/Remote.pm index e7bfb56..5e20adc 100644 --- a/lib/Catalyst/Authentication/Credential/Remote.pm +++ b/lib/Catalyst/Authentication/Credential/Remote.pm @@ -1,15 +1,13 @@ package Catalyst::Authentication::Credential::Remote; +use Moose; +use namespace::autoclean; -use strict; -use warnings; -use Try::Tiny qw/ try catch /; +with 'MooseX::Emulate::Class::Accessor::Fast'; -use base 'Class::Accessor::Fast'; +use Try::Tiny qw/ try catch /; -BEGIN { - __PACKAGE__->mk_accessors( - qw/allow_re deny_re cutname_re source realm username_field/); -} +__PACKAGE__->mk_accessors( + qw/allow_re deny_re cutname_re source realm username_field/); sub new { my ( $class, $config, $app, $realm ) = @_; @@ -306,4 +304,61 @@ support $c->req->remote_user. This module tries some workarounds when it detects an older version and should work as well. +=head1 USING WITH A REVERSE PROXY + +If you are using a reverse proxy, then the WEBUSER will not be +directly accessible by the Catalyst server. To use remote +authentication, you will have to modify the web server to set a header +containing the WEBUSER. You would then need to modify the PSGI +configuration to map the header back to the WEBUSER variable. + +For example, in Apache you would add the configuration + + RequestHeader unset X-Forwarded-User + RewriteEngine On + RewriteCond %{LA-U:REMOTE_USER} (.+) + RewriteRule . - [E=RU:%1] + RequestHeader set X-Forwarded-User %{RU}e + +You then need to create a Plack::Middleware module to map the +header back to the WEBUSER: + + package Plack::Middleware::MyRemote; + + use parent qw( Plack::Middleware ); + + use Plack::Util; + + sub call { + my ($self, $env) = @_; + + my $user = $env->{HTTP_X_FORWARDED_USER} // ""; + + $env->{REMOTE_USER} = $user + if ($user && ($user ne '(null)')); + + my $res = $self->app->($env); + + return $res; + } + + 1; + +Finally, you need to modify F to use the custom middleware: + + use strict; + use warnings; + + use MyApp; + + use Plack::Builder; + + my $app = Drain->apply_default_middlewares(Drain->psgi_app); + + builder { + enable "Plack::Middleware::MyRemote"; + $app; + }; + + =cut