From: Karen Etheridge Date: Tue, 27 Jun 2017 23:21:31 +0000 (-0700) Subject: Catalyst-Authentication-Credential-HTTP-1.017 X-Git-Tag: v1.017^0 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Authentication-Credential-HTTP.git;a=commitdiff_plain;h=5010bd74848e732669ef739b3df2b0d34e8f84c1 Catalyst-Authentication-Credential-HTTP-1.017 - modernized the tooling for 5.26 compatibility --- diff --git a/CONTRIBUTING b/CONTRIBUTING new file mode 100644 index 0000000..a00e9fd --- /dev/null +++ b/CONTRIBUTING @@ -0,0 +1,100 @@ + +CONTRIBUTING + +Thank you for considering contributing to this distribution. This file +contains instructions that will help you work with the source code. + +PLEASE NOTE that if you have any questions or difficulties, you can reach the +maintainer(s) through the bug queue described later in this document +(preferred), or by emailing the releaser directly. You are not required to +follow any of the steps in this document to submit a patch or bug report; +these are just recommendations, intended to help you (and help us help you +faster). + +The distribution is managed with Dist::Zilla (https://metacpan.org/release/Dist-Zilla). +This means than many of the usual files you might expect are not in the +repository, but are generated at release time (e.g. Makefile.PL). + +However, you can run tests directly using the 'prove' tool: + + $ prove -l + $ prove -lv t/some_test_file.t + $ prove -lvr t/ + +In most cases, 'prove' is entirely sufficent for you to test any +patches you have. + +You may need to satisfy some dependencies. The easiest way to satisfy +dependencies is to install the last release -- this is available at +https://metacpan.org/release/Catalyst-Authentication-Credential-HTTP + +If you use cpanminus, you can do it without downloading the tarball first: + + $ cpanm --reinstall --installdeps --with-recommends Catalyst::Authentication::Credential::HTTP + +Dist::Zilla is a very powerful authoring tool, but requires a number of +author-specific plugins. If you would like to use it for contributing, +install it from CPAN, then run one of the following commands, depending on +your CPAN client: + + $ cpan `dzil authordeps --missing` +or + $ dzil authordeps --missing | cpanm + +You should then also install any additional requirements not needed by the +dzil build but may be needed by tests or other development: + + $ cpan `dzil listdeps --author --missing` +or + $ dzil listdeps --author --missing | cpanm + +Or, you can use the 'dzil stale' command to install all requirements at once: + + $ cpan Dist::Zilla::App::Command::stale + $ cpan `dzil stale --all` +or + $ cpanm Dist::Zilla::App::Command::stale + $ dzil stale --all | cpanm + +You can also do this via cpanm directly: + + $ cpanm --reinstall --installdeps --with-develop --with-recommends Catalyst::Authentication::Credential::HTTP + +Once installed, here are some dzil commands you might try: + + $ dzil build + $ dzil test + $ dzil test --release + $ dzil xtest + $ dzil listdeps --json + $ dzil build --notgz + +You can learn more about Dist::Zilla at http://dzil.org/. + +The code for this distribution is hosted at GitHub. The repository is: +https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP +You can submit code changes by forking the repository, pushing your code +changes to your clone, and then submitting a pull request. Detailed +instructions for doing that is available here: + +https://help.github.com/articles/creating-a-pull-request + +If you have found a bug, but do not have an accompanying patch to fix it, you +can submit an issue report here: +https://rt.cpan.org/Public/Dist/Display.html?Name=Catalyst-Authentication-Credential-HTTP +or via email: bug-Catalyst-Authentication-Credential-HTTP@rt.cpan.org + +There is also a mailing list available for users of this distribution, at +http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst +There is also an irc channel available for users of this distribution, at +irc://irc.perl.org/#catalyst + +If you send me a patch or pull request, your name and email address will be +included in the documentation as a contributor (using the attribution on the +commit or patch), unless you specifically request for it not to be. If you +wish to be listed under a different name or address, you should submit a pull +request to the .mailmap file to contain the correct mapping. + + +This file was generated via Dist::Zilla::Plugin::GenerateFile::FromShareDir 0.013 from a +template file originating in Dist-Zilla-PluginBundle-Author-ETHER-0.125. diff --git a/Changes b/Changes index 8260d61..08806ed 100644 --- a/Changes +++ b/Changes @@ -1,6 +1,6 @@ Release history for Catalyst-Authentication-Store-Htpasswd -{{$NEXT}} +1.017 2017-06-27 23:20:58Z - modernized the tooling for 5.26 compatibility 1.016 2013-07-27 diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..fdeb97c --- /dev/null +++ b/INSTALL @@ -0,0 +1,43 @@ +This is the Perl distribution Catalyst-Authentication-Credential-HTTP. + +Installing Catalyst-Authentication-Credential-HTTP is straightforward. + +## Installation with cpanm + +If you have cpanm, you only need one line: + + % cpanm Catalyst::Authentication::Credential::HTTP + +If it does not have permission to install modules to the current perl, cpanm +will automatically set up and install to a local::lib in your home directory. +See the local::lib documentation (https://metacpan.org/pod/local::lib) for +details on enabling it in your environment. + +## Installing with the CPAN shell + +Alternatively, if your CPAN shell is set up, you should just be able to do: + + % cpan Catalyst::Authentication::Credential::HTTP + +## Manual installation + +As a last resort, you can manually install it. Download the tarball, untar it, +then build it: + + % perl Build.PL + % ./Build && ./Build test + +Then install it: + + % ./Build install + +If your perl is system-managed, you can create a local::lib in your home +directory to install modules to. For details, see the local::lib documentation: +https://metacpan.org/pod/local::lib + +## Documentation + +Catalyst-Authentication-Credential-HTTP documentation is available as POD. +You can run perldoc from a shell to read the documentation: + + % perldoc Catalyst::Authentication::Credential::HTTP diff --git a/LICENCE b/LICENCE new file mode 100644 index 0000000..ec94a7d --- /dev/null +++ b/LICENCE @@ -0,0 +1,379 @@ +This software is copyright (c) 2006 by יובל קוג'מן (Yuval Kogman). + +This is free software; you can redistribute it and/or modify it under +the same terms as the Perl 5 programming language system itself. + +Terms of the Perl programming language system itself + +a) the GNU General Public License as published by the Free + Software Foundation; either version 1, or (at your option) any + later version, or +b) the "Artistic License" + +--- The GNU General Public License, Version 1, February 1989 --- + +This software is Copyright (c) 2006 by יובל קוג'מן (Yuval Kogman). + +This is free software, licensed under: + + The GNU General Public License, Version 1, February 1989 + + GNU GENERAL PUBLIC LICENSE + Version 1, February 1989 + + Copyright (C) 1989 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The license agreements of most software companies try to keep users +at the mercy of those companies. By contrast, our General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. The +General Public License applies to the Free Software Foundation's +software and to any other program whose authors commit to using it. +You can use it for your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Specifically, the General Public License is designed to make +sure that you have the freedom to give away or sell copies of free +software, that you receive source code or can get it if you want it, +that you can change the software or use pieces of it in new free +programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of a such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must tell them their rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any program or other work which +contains a notice placed by the copyright holder saying it may be +distributed under the terms of this General Public License. The +"Program", below, refers to any such program or work, and a "work based +on the Program" means either the Program or any work containing the +Program or a portion of it, either verbatim or with modifications. Each +licensee is addressed as "you". + + 1. You may copy and distribute verbatim copies of the Program's source +code as you receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice and +disclaimer of warranty; keep intact all the notices that refer to this +General Public License and to the absence of any warranty; and give any +other recipients of the Program a copy of this General Public License +along with the Program. You may charge a fee for the physical act of +transferring a copy. + + 2. You may modify your copy or copies of the Program or any portion of +it, and copy and distribute such modifications under the terms of Paragraph +1 above, provided that you also do the following: + + a) cause the modified files to carry prominent notices stating that + you changed the files and the date of any change; and + + b) cause the whole of any work that you distribute or publish, that + in whole or in part contains the Program or any part thereof, either + with or without modifications, to be licensed at no charge to all + third parties under the terms of this General Public License (except + that you may choose to grant warranty protection to some or all + third parties, at your option). + + c) If the modified program normally reads commands interactively when + run, you must cause it, when started running for such interactive use + in the simplest and most usual way, to print or display an + announcement including an appropriate copyright notice and a notice + that there is no warranty (or else, saying that you provide a + warranty) and that users may redistribute the program under these + conditions, and telling the user how to view a copy of this General + Public License. + + d) You may charge a fee for the physical act of transferring a + copy, and you may at your option offer warranty protection in + exchange for a fee. + +Mere aggregation of another independent work with the Program (or its +derivative) on a volume of a storage or distribution medium does not bring +the other work under the scope of these terms. + + 3. You may copy and distribute the Program (or a portion or derivative of +it, under Paragraph 2) in object code or executable form under the terms of +Paragraphs 1 and 2 above provided that you also do one of the following: + + a) accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of + Paragraphs 1 and 2 above; or, + + b) accompany it with a written offer, valid for at least three + years, to give any third party free (except for a nominal charge + for the cost of distribution) a complete machine-readable copy of the + corresponding source code, to be distributed under the terms of + Paragraphs 1 and 2 above; or, + + c) accompany it with the information you received as to where the + corresponding source code may be obtained. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form alone.) + +Source code for a work means the preferred form of the work for making +modifications to it. For an executable file, complete source code means +all the source code for all modules it contains; but, as a special +exception, it need not include source code for modules which are standard +libraries that accompany the operating system on which the executable +file runs, or for standard header files or definitions files that +accompany that operating system. + + 4. You may not copy, modify, sublicense, distribute or transfer the +Program except as expressly provided under this General Public License. +Any attempt otherwise to copy, modify, sublicense, distribute or transfer +the Program is void, and will automatically terminate your rights to use +the Program under this License. However, parties who have received +copies, or rights to use copies, from you under this General Public +License will not have their licenses terminated so long as such parties +remain in full compliance. + + 5. By copying, distributing or modifying the Program (or any work based +on the Program) you indicate your acceptance of this license to do so, +and all its terms and conditions. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the original +licensor to copy, distribute or modify the Program subject to these +terms and conditions. You may not impose any further restrictions on the +recipients' exercise of the rights granted herein. + + 7. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of the license which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +the license, you may choose any version ever published by the Free Software +Foundation. + + 8. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + Appendix: How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to humanity, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + + To do so, attach the following notices to the program. It is safest to +attach them to the start of each source file to most effectively convey +the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 1, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19xx name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the +appropriate parts of the General Public License. Of course, the +commands you use may be called something other than `show w' and `show +c'; they could even be mouse-clicks or menu items--whatever suits your +program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the + program `Gnomovision' (a program to direct compilers to make passes + at assemblers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +That's all there is to it! + + +--- The Artistic License 1.0 --- + +This software is Copyright (c) 2006 by יובל קוג'מן (Yuval Kogman). + +This is free software, licensed under: + + The Artistic License 1.0 + +The Artistic License + +Preamble + +The intent of this document is to state the conditions under which a Package +may be copied, such that the Copyright Holder maintains some semblance of +artistic control over the development of the package, while giving the users of +the package the right to use and distribute the Package in a more-or-less +customary fashion, plus the right to make reasonable modifications. + +Definitions: + + - "Package" refers to the collection of files distributed by the Copyright + Holder, and derivatives of that collection of files created through + textual modification. + - "Standard Version" refers to such a Package if it has not been modified, + or has been modified in accordance with the wishes of the Copyright + Holder. + - "Copyright Holder" is whoever is named in the copyright or copyrights for + the package. + - "You" is you, if you're thinking about copying or distributing this Package. + - "Reasonable copying fee" is whatever you can justify on the basis of media + cost, duplication charges, time of people involved, and so on. (You will + not be required to justify it to the Copyright Holder, but only to the + computing community at large as a market that must bear the fee.) + - "Freely Available" means that no fee is charged for the item itself, though + there may be fees involved in handling the item. It also means that + recipients of the item may redistribute it under the same conditions they + received it. + +1. You may make and give away verbatim copies of the source form of the +Standard Version of this Package without restriction, provided that you +duplicate all of the original copyright notices and associated disclaimers. + +2. You may apply bug fixes, portability fixes and other modifications derived +from the Public Domain or from the Copyright Holder. A Package modified in such +a way shall still be considered the Standard Version. + +3. You may otherwise modify your copy of this Package in any way, provided that +you insert a prominent notice in each changed file stating how and when you +changed that file, and provided that you do at least ONE of the following: + + a) place your modifications in the Public Domain or otherwise make them + Freely Available, such as by posting said modifications to Usenet or an + equivalent medium, or placing the modifications on a major archive site + such as ftp.uu.net, or by allowing the Copyright Holder to include your + modifications in the Standard Version of the Package. + + b) use the modified Package only within your corporation or organization. + + c) rename any non-standard executables so the names do not conflict with + standard executables, which must also be provided, and provide a separate + manual page for each non-standard executable that clearly documents how it + differs from the Standard Version. + + d) make other distribution arrangements with the Copyright Holder. + +4. You may distribute the programs of this Package in object code or executable +form, provided that you do at least ONE of the following: + + a) distribute a Standard Version of the executables and library files, + together with instructions (in the manual page or equivalent) on where to + get the Standard Version. + + b) accompany the distribution with the machine-readable source of the Package + with your modifications. + + c) accompany any non-standard executables with their corresponding Standard + Version executables, giving the non-standard executables non-standard + names, and clearly documenting the differences in manual pages (or + equivalent), together with instructions on where to get the Standard + Version. + + d) make other distribution arrangements with the Copyright Holder. + +5. You may charge a reasonable copying fee for any distribution of this +Package. You may charge any fee you choose for support of this Package. You +may not charge a fee for this Package itself. However, you may distribute this +Package in aggregate with other (possibly commercial) programs as part of a +larger (possibly commercial) software distribution provided that you do not +advertise this Package as a product of your own. + +6. The scripts and library files supplied as input to or produced as output +from the programs of this Package do not automatically fall under the copyright +of this Package, but belong to whomever generated them, and may be sold +commercially, and may be aggregated with this Package. + +7. C or perl subroutines supplied by you and linked into this Package shall not +be considered part of this Package. + +8. The name of the Copyright Holder may not be used to endorse or promote +products derived from this software without specific prior written permission. + +9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + +The End + diff --git a/README.pod b/README.pod new file mode 100644 index 0000000..5f0a81f --- /dev/null +++ b/README.pod @@ -0,0 +1,353 @@ +=pod + +=encoding UTF-8 + +=head1 NAME + +Catalyst::Authentication::Credential::HTTP - HTTP Basic and Digest authentication for Catalyst + +=head1 VERSION + +version 1.017 + +=head1 SYNOPSIS + + use Catalyst qw/ + Authentication + /; + + __PACKAGE__->config( authentication => { + default_realm => 'example', + realms => { + example => { + credential => { + class => 'HTTP', + type => 'any', # or 'digest' or 'basic' + password_type => 'clear', + password_field => 'password' + }, + store => { + class => 'Minimal', + users => { + Mufasa => { password => "Circle Of Life", }, + }, + }, + }, + } + }); + + sub foo : Local { + my ( $self, $c ) = @_; + + $c->authenticate({}, "example"); + # either user gets authenticated or 401 is sent + # Note that the authentication realm sent to the client (in the + # RFC 2617 sense) is overridden here, but this *does not* + # effect the Catalyst::Authentication::Realm used for + # authentication - to do that, you need + # $c->authenticate({}, 'otherrealm') + + do_stuff(); + } + + sub always_auth : Local { + my ( $self, $c ) = @_; + + # Force authorization headers onto the response so that the user + # is asked again for authentication, even if they successfully + # authenticated. + my $realm = $c->get_auth_realm('example'); + $realm->credential->authorization_required_response($c, $realm); + } + + # with ACL plugin + __PACKAGE__->deny_access_unless("/path", sub { $_[0]->authenticate }); + +=head1 DESCRIPTION + +This module lets you use HTTP authentication with +L. Both basic and digest authentication +are currently supported. + +When authentication is required, this module sets a status of 401, and +the body of the response to 'Authorization required.'. To override +this and set your own content, check for the C<< $c->res->status == +401 >> in your C action, and change the body accordingly. + +=head2 TERMS + +=over 4 + +=item Nonce + +A nonce is a one-time value sent with each digest authentication +request header. The value must always be unique, so per default the +last value of the nonce is kept using L. To +change this behaviour, override the +C and +C methods as shown below. + +=back + +=for stopwords rfc +rfc2617 +auth +sess + +=head1 METHODS + +=over 4 + +=item new $config, $c, $realm + +Simple constructor. + +=item init + +Validates that $config is ok. + +=item authenticate $c, $realm, \%auth_info + +Tries to authenticate the user, and if that fails calls +C and detaches the current action call stack. + +Looks inside C<< $c->request->headers >> and processes the digest and basic +(badly named) authorization header. + +This will only try the methods set in the configuration. First digest, then basic. + +The %auth_info hash can contain a number of keys which control the authentication behaviour: + +=over + +=item realm + +Sets the HTTP authentication realm presented to the client. Note this does not alter the +Catalyst::Authentication::Realm object used for the authentication. + +=item domain + +Array reference to domains used to build the authorization headers. + +This list of domains defines the protection space. If a domain URI is an +absolute path (starts with /), it is relative to the root URL of the server being accessed. +An absolute URI in this list may refer to a different server than the one being accessed. + +The client will use this list to determine the set of URIs for which the same authentication +information may be sent. + +If this is omitted or its value is empty, the client will assume that the +protection space consists of all URIs on the responding server. + +Therefore, if your application is not hosted at the root of this domain, and you want to +prevent the authentication credentials for this application being sent to any other applications. +then you should use the I configuration option, and pass a domain of I. + +=back + +=item authenticate_basic $c, $realm, \%auth_info + +Performs HTTP basic authentication. + +=item authenticate_digest $c, $realm, \%auth_info + +Performs HTTP digest authentication. + +The password_type B be I for digest authentication to +succeed. If you do not want to store your user passwords as clear +text, you may instead store the MD5 digest in hex of the string +'$username:$realm:$password'. + +L is used for persistent storage of the nonce +values (see L). It must be loaded in your application, unless +you override the C and +C methods as shown below. + +Takes an additional parameter of I, the possible values of which are 'MD5' (the default) +and 'MD5-sess'. For more information about 'MD5-sess', see section 3.2.2.2 in RFC 2617. + +=item authorization_required_response $c, $realm, \%auth_info + +Sets C<< $c->response >> to the correct status code, and adds the correct +header to demand authentication data from the user agent. + +Typically used by C, but may be invoked manually. + +%opts can contain C and C, which are used to build +%the digest header. + +=item store_digest_authorization_nonce $c, $key, $nonce + +=item get_digest_authorization_nonce $c, $key + +Set or get the C<$nonce> object used by the digest auth mode. + +You may override these methods. By default they will call C and C on +C<< $c->cache >>. + +=item authentication_failed + +Sets the 401 response and calls C<< $ctx->detach >>. + +=back + +=head1 CONFIGURATION + +All configuration is stored in C<< YourApp->config('Plugin::Authentication' => { yourrealm => { credential => { class => 'HTTP', %config } } } >>. + +This should be a hash, and it can contain the following entries: + +=over + +=item type + +Can be either C (the default), C or C. + +This controls C and C, but +not the "manual" methods. + +=item authorization_required_message + +Set this to a string to override the default body content "Authorization required.", or set to undef to suppress body content being generated. + +=item password_type + +The type of password returned by the user object. Same usage as in +L + +=item password_field + +The name of accessor used to retrieve the value of the password field from the user object. Same usage as in +L + +=item username_field + +The field name that the user's username is mapped into when finding the user from the realm. Defaults to 'username'. + +=item use_uri_for + +If this configuration key has a true value, then the domain(s) for the authorization header will be +run through $c->uri_for(). Use this configuration option if your application is not running at the root +of your domain, and you want to ensure that authentication credentials from your application are not shared with +other applications on the same server. + +=item require_ssl + +If this configuration key has a true value then authentication will be denied +(and a 401 issued in normal circumstances) unless the request is via https. + +=item no_unprompted_authorization_required + +Causes authentication to fail as normal modules do, without calling +C<< $c->detach >>. This means that the basic auth credential can be used as +part of the progressive realm. + +However use like this is probably not optimum it also means that users in +browsers ill never get a HTTP authenticate dialogue box (unless you manually +return a 401 response in your application), and even some automated +user agents (for APIs) will not send the Authorization header without +specific manipulation of the request headers. + +=item broken_dotnet_digest_without_query_string + +Enables support for .NET (or other similarly broken clients), which +fails to include the query string in the uri in the digest +Authorization header, contrary to rfc2617. + +This option has no effect on clients that include the query string; +they will continue to work as normal. + +=back + +=head1 RESTRICTIONS + +When using digest authentication, this module will only work together +with authentication stores whose User objects have a C +method that returns the plain-text password. It will not work together +with L, or +L stores whose +C methods return a hashed or salted version of the password. + +=head1 SEE ALSO + +RFC 2617 (or its successors), L, L + +=head1 SUPPORT + +Bugs may be submitted through L +(or L). + +There is also a mailing list available for users of this distribution, at +L. + +There is also an irc channel available for users of this distribution, at +L on C|irc://irc.perl.org/#catalyst>. + +=head1 AUTHOR + +יובל קוג'מן (Yuval Kogman) + +=head1 CONTRIBUTORS + +=for stopwords Tomas Doran Karen Etheridge Sascha Kiefer Devin Austin Ronald J Kimball Jess Robinson Ton Voon J. Shirley Brian Cassidy Jonathan Rockway + +=over 4 + +=item * + +Tomas Doran + +=item * + +Karen Etheridge + +=item * + +Sascha Kiefer + +=item * + +Devin Austin + +=item * + +Ronald J Kimball + +=item * + +Jess Robinson + +=item * + +Ronald J Kimball + +=item * + +Tomas Doran + +=item * + +Ton Voon + +=item * + +J. Shirley + +=item * + +Brian Cassidy + +=item * + +Jonathan Rockway + +=back + +=head1 COPYRIGHT AND LICENCE + +This software is copyright (c) 2006 by יובל קוג'מן (Yuval Kogman). + +This is free software; you can redistribute it and/or modify it under +the same terms as the Perl 5 programming language system itself. + +=cut