Add a test and update docs on how to pass-through the Authorization header under...

diff --git a/Changes b/Changes
index e6b8cd6..4154227 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
 # This file documents the revision history for Perl extension Catalyst.
 
+5.7013
+        - Added test and updated docs for handling the Authorization header
+          under mod_fastcgi/mod_cgi.
+
 5.7012  2007-12-16 23:44:00
         - Fix uri_for()'s and uri_with()'s handling of multibyte chars
           (Daisuke Murase)

diff --git a/lib/Catalyst.pm b/lib/Catalyst.pm
index b0d3c91..b27f090 100644 (file)
--- a/lib/Catalyst.pm
+++ b/lib/Catalyst.pm
@@ -65,7 +65,7 @@ __PACKAGE__->stats_class('Catalyst::Stats');
 
 # Remember to update this in Catalyst::Runtime as well!
 
-our $VERSION = '5.7012';
+our $VERSION = '5.7013';
 
 sub import {
     my ( $class, @arguments ) = @_;

diff --git a/lib/Catalyst/Engine/FastCGI.pm b/lib/Catalyst/Engine/FastCGI.pm
index 9a74c17..bd272a1 100644 (file)
--- a/lib/Catalyst/Engine/FastCGI.pm
+++ b/lib/Catalyst/Engine/FastCGI.pm
@@ -324,6 +324,16 @@ application.
 For more information on using FastCGI under Apache, visit
 L<http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html>
 
+=head3 Authorization header with mod_fastcgi or mod_cgi
+
+By default, mod_fastcgi/mod_cgi do not pass along the Authorization header,
+so modules like C<Catalyst::Plugin::Authentication::Credential::HTTP> will
+not work.  To enable pass-through of this header, add the following
+mod_rewrite directives:
+
+    RewriteCond %{HTTP:Authorization} ^(.+)
+    RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]
+
 =head2 Lighttpd
 
 These configurations were tested with Lighttpd 1.4.7.

diff --git a/lib/Catalyst/Runtime.pm b/lib/Catalyst/Runtime.pm
index 7654ba7..145d33e 100644 (file)
--- a/lib/Catalyst/Runtime.pm
+++ b/lib/Catalyst/Runtime.pm
@@ -7,7 +7,7 @@ BEGIN { require 5.008001; }
 
 # Remember to update this in Catalyst as well!
 
-our $VERSION='5.7012';
+our $VERSION='5.7013';
 
 =head1 NAME
 

diff --git a/t/conf/extra.conf.in b/t/conf/extra.conf.in
index 3b64074..5445db9 100644 (file)
--- a/t/conf/extra.conf.in
+++ b/t/conf/extra.conf.in
@@ -13,6 +13,10 @@
         # one CGI test will fail if you don't have mod_rewrite enabled
         RewriteEngine on
         RewriteRule /cgi$ /cgi/ [PT]
+        
+        # Pass-through Authorization header for CGI/FastCGI
+        RewriteCond %{HTTP:Authorization} ^(.+)
+        RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]
 
         <Location /rewrite>
             RewriteEngine on

diff --git a/t/live_engine_request_auth.t b/t/live_engine_request_auth.t
new file mode 100644 (file)
index 0000000..b15c4d7
--- /dev/null
+++ b/t/live_engine_request_auth.t
@@ -0,0 +1,43 @@
+#!perl
+
+# This tests to make sure the Authorization header is passed through by the engine.
+
+use strict;
+use warnings;
+
+use FindBin;
+use lib "$FindBin::Bin/lib";
+
+use Test::More tests => 7;
+use Catalyst::Test 'TestApp';
+
+use Catalyst::Request;
+use HTTP::Headers;
+use HTTP::Request::Common;
+
+{
+    my $creq;
+
+    my $request = GET(
+        'http://localhost/dump/request',
+        'Authorization' => 'Basic dGVzdDoxMjM0NQ==',
+    );
+
+    ok( my $response = request($request), 'Request' );
+    ok( $response->is_success, 'Response Successful 2xx' );
+    is( $response->content_type, 'text/plain', 'Response Content-Type' );
+    like( $response->content, qr/'Catalyst::Request'/,
+        'Content is a serialized Catalyst::Request' );
+
+    {
+        no strict 'refs';
+        ok(
+            eval '$creq = ' . $response->content,
+            'Unserialize Catalyst::Request'
+        );
+    }
+
+    isa_ok( $creq, 'Catalyst::Request' );
+    
+    is( $creq->header('Authorization'), 'Basic dGVzdDoxMjM0NQ==', 'auth header ok' );
+}