soundsoftware-site: extra/soundsoftware/SoundSoftware.pm annotate

annotate extra/soundsoftware/SoundSoftware.pm @ 1628:9c5f8e24dadc live tip

Quieten this cron script

author	Chris Cannam
date	Tue, 25 Aug 2020 11:38:49 +0100
parents	2496b955f638
children

rev	line source
Chris@7	1 package Apache::Authn::SoundSoftware;
Chris@7	2
Chris@7	3 =head1 Apache::Authn::SoundSoftware
Chris@7	4
Chris@7	5 SoundSoftware - a mod_perl module for Apache authentication against a
Chris@7	6 Redmine database and optional LDAP implementing the access control
Chris@7	7 rules required for the SoundSoftware.ac.uk repository site.
Chris@7	8
Chris@7	9 =head1 SYNOPSIS
Chris@7	10
Chris@7	11 This module is closely based on the Redmine.pm authentication module
Chris@7	12 provided with Redmine. It is intended to be used for authentication
Chris@7	13 in front of a repository service such as hgwebdir.
Chris@7	14
Chris@7	15 Requirements:
Chris@7	16
Chris@7	17 1. Clone/pull from repo for public project: Any user, no
Chris@7	18 authentication required
Chris@7	19
Chris@7	20 2. Clone/pull from repo for private project: Project members only
Chris@7	21
Chris@7	22 3. Push to repo for public project: "Permitted" users only (this
Chris@8	23 probably means project members who are also identified in the hgrc web
Chris@8	24 section for the repository and so will be approved by hgwebdir?)
Chris@7	25
Chris@8	26 4. Push to repo for private project: "Permitted" users only (as above)
Chris@7	27
chris@300	28 5. Push to any repo that is tracking an external repo: Refused always
chris@300	29
Chris@7	30 =head1 INSTALLATION
Chris@7	31
Chris@7	32 Debian/ubuntu:
Chris@7	33
Chris@7	34 apt-get install libapache-dbi-perl libapache2-mod-perl2 \
Chris@1575	35 libdbd-mysql-perl libdbd-pg-perl libio-socket-ssl-perl \
Chris@1575	36 libauthen-simple-ldap-perl
Chris@7	37
Chris@7	38 Note that LDAP support is hardcoded "on" in this script (it is
Chris@7	39 optional in the original Redmine.pm).
Chris@7	40
Chris@7	41 =head1 CONFIGURATION
Chris@7	42
Chris@7	43 ## This module has to be in your perl path
Chris@7	44 ## eg: /usr/local/lib/site_perl/Apache/Authn/SoundSoftware.pm
Chris@7	45 PerlLoadModule Apache::Authn::SoundSoftware
Chris@7	46
Chris@7	47 # Example when using hgwebdir
Chris@7	48 ScriptAlias / "/var/hg/hgwebdir.cgi/"
Chris@7	49
Chris@7	50 <Location />
Chris@7	51 AuthName "Mercurial"
Chris@7	52 AuthType Basic
Chris@7	53 Require valid-user
Chris@7	54 PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
Chris@7	55 PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
Chris@7	56 SoundSoftwareDSN "DBI:mysql:database=redmine;host=localhost"
Chris@7	57 SoundSoftwareDbUser "redmine"
Chris@7	58 SoundSoftwareDbPass "password"
Chris@7	59 Options +ExecCGI
Chris@7	60 AddHandler cgi-script .cgi
Chris@7	61 ## Optional where clause (fulltext search would be slow and
Chris@7	62 ## database dependant).
Chris@7	63 # SoundSoftwareDbWhereClause "and members.role_id IN (1,2)"
Chris@8	64 ## Optional prefix for local repository URLs
Chris@8	65 # SoundSoftwareRepoPrefix "/var/hg/"
Chris@7	66 </Location>
Chris@7	67
Chris@7	68 See the original Redmine.pm for further configuration notes.
Chris@7	69
Chris@7	70 =cut
Chris@7	71
Chris@7	72 use strict;
Chris@7	73 use warnings FATAL => 'all', NONFATAL => 'redefine';
Chris@7	74
Chris@7	75 use DBI;
Chris@1331	76 use Digest::SHA;
Chris@7	77 use Authen::Simple::LDAP;
Chris@7	78 use Apache2::Module;
Chris@7	79 use Apache2::Access;
Chris@7	80 use Apache2::ServerRec qw();
Chris@7	81 use Apache2::RequestRec qw();
Chris@7	82 use Apache2::RequestUtil qw();
Chris@7	83 use Apache2::Const qw(:common :override :cmd_how);
Chris@7	84 use APR::Pool ();
Chris@7	85 use APR::Table ();
Chris@7	86
Chris@7	87 my @directives = (
Chris@7	88 {
Chris@7	89 name => 'SoundSoftwareDSN',
Chris@7	90 req_override => OR_AUTHCFG,
Chris@7	91 args_how => TAKE1,
Chris@7	92 errmsg => 'Dsn in format used by Perl DBI. eg: "DBI:Pg:dbname=databasename;host=my.db.server"',
Chris@7	93 },
Chris@7	94 {
Chris@7	95 name => 'SoundSoftwareDbUser',
Chris@7	96 req_override => OR_AUTHCFG,
Chris@7	97 args_how => TAKE1,
Chris@7	98 },
Chris@7	99 {
Chris@7	100 name => 'SoundSoftwareDbPass',
Chris@7	101 req_override => OR_AUTHCFG,
Chris@7	102 args_how => TAKE1,
Chris@7	103 },
Chris@7	104 {
Chris@7	105 name => 'SoundSoftwareDbWhereClause',
Chris@7	106 req_override => OR_AUTHCFG,
Chris@7	107 args_how => TAKE1,
Chris@7	108 },
Chris@7	109 {
Chris@8	110 name => 'SoundSoftwareRepoPrefix',
Chris@7	111 req_override => OR_AUTHCFG,
Chris@7	112 args_how => TAKE1,
Chris@7	113 },
Chris@732	114 {
Chris@732	115 name => 'SoundSoftwareSslRequired',
Chris@732	116 req_override => OR_AUTHCFG,
Chris@732	117 args_how => TAKE1,
Chris@732	118 },
Chris@7	119 );
Chris@7	120
Chris@7	121 sub SoundSoftwareDSN {
Chris@8	122 my ($self, $parms, $arg) = @_;
Chris@8	123 $self->{SoundSoftwareDSN} = $arg;
Chris@8	124 my $query = "SELECT
chris@301	125 hashed_password, salt, auth_source_id, permissions
Chris@7	126 FROM members, projects, users, roles, member_roles
Chris@7	127 WHERE
Chris@7	128 projects.id=members.project_id
Chris@7	129 AND member_roles.member_id=members.id
Chris@7	130 AND users.id=members.user_id
Chris@7	131 AND roles.id=member_roles.role_id
Chris@7	132 AND users.status=1
Chris@7	133 AND login=?
Chris@7	134 AND identifier=? ";
Chris@8	135 $self->{SoundSoftwareQuery} = trim($query);
Chris@7	136 }
Chris@7	137
Chris@7	138 sub SoundSoftwareDbUser { set_val('SoundSoftwareDbUser', @_); }
Chris@7	139 sub SoundSoftwareDbPass { set_val('SoundSoftwareDbPass', @_); }
Chris@7	140 sub SoundSoftwareDbWhereClause {
Chris@8	141 my ($self, $parms, $arg) = @_;
Chris@8	142 $self->{SoundSoftwareQuery} = trim($self->{SoundSoftwareQuery}.($arg ? $arg : "")." ");
Chris@7	143 }
Chris@7	144
Chris@8	145 sub SoundSoftwareRepoPrefix {
Chris@8	146 my ($self, $parms, $arg) = @_;
Chris@8	147 if ($arg) {
Chris@8	148 $self->{SoundSoftwareRepoPrefix} = $arg;
Chris@8	149 }
Chris@7	150 }
Chris@7	151
Chris@732	152 sub SoundSoftwareSslRequired { set_val('SoundSoftwareSslRequired', @_); }
Chris@732	153
Chris@7	154 sub trim {
Chris@8	155 my $string = shift;
Chris@8	156 $string =~ s/\s{2,}/ /g;
Chris@8	157 return $string;
Chris@7	158 }
Chris@7	159
Chris@7	160 sub set_val {
Chris@8	161 my ($key, $self, $parms, $arg) = @_;
Chris@8	162 $self->{$key} = $arg;
Chris@7	163 }
Chris@7	164
Chris@7	165 Apache2::Module::add(__PACKAGE__, \@directives);
Chris@7	166
Chris@7	167
Chris@7	168 my %read_only_methods = map { $_ => 1 } qw/GET PROPFIND REPORT OPTIONS/;
Chris@7	169
Chris@7	170 sub access_handler {
Chris@8	171 my $r = shift;
Chris@7	172
Chris@517	173 print STDERR "SoundSoftware.pm:$$: In access handler at " . scalar localtime() . "\n";
Chris@7	174
Chris@8	175 unless ($r->some_auth_required) {
Chris@8	176 $r->log_reason("No authentication has been configured");
Chris@8	177 return FORBIDDEN;
Chris@8	178 }
Chris@7	179
Chris@8	180 my $method = $r->method;
Chris@7	181
Chris@517	182 print STDERR "SoundSoftware.pm:$$: Method: $method, uri " . $r->uri . ", location " . $r->location . "\n";
Chris@1585	183 # print STDERR "SoundSoftware.pm:$$: Accept: " . $r->headers_in->{Accept} . "\n";
Chris@7	184
Chris@8	185 my $dbh = connect_database($r);
Chris@152	186 unless ($dbh) {
Chris@517	187 print STDERR "SoundSoftware.pm:$$: Database connection failed!: " . $DBI::errstr . "\n";
Chris@152	188 return FORBIDDEN;
Chris@152	189 }
Chris@152	190
chris@300	191 print STDERR "Connected to db, dbh is " . $dbh . "\n";
Chris@7	192
Chris@8	193 my $project_id = get_project_identifier($dbh, $r);
chris@300	194
Chris@732	195 # We want to delegate most of the work to the authentication
Chris@732	196 # handler (to ensure that user is asked to login even for
Chris@732	197 # nonexistent projects -- so they can't tell whether a private
Chris@732	198 # project exists or not without authenticating). So
Chris@732	199 #
Chris@732	200 # * if the project is public
Chris@732	201 # - if the method is read-only
Chris@732	202 # + set handler to OK, no auth needed
Chris@732	203 # - if the method is not read-only
Chris@732	204 # + if the repo is read-only, return forbidden
Chris@732	205 # + else require auth
Chris@732	206 # * if the project is not public or does not exist
Chris@732	207 # + require auth
Chris@732	208 #
Chris@732	209 # If we are requiring auth and are not currently https, and
Chris@732	210 # https is required, then we must return a redirect to https
Chris@732	211 # instead of an OK.
chris@300	212
Chris@8	213 my $status = get_project_status($dbh, $project_id, $r);
Chris@732	214 my $readonly = project_repo_is_readonly($dbh, $project_id, $r);
Chris@7	215
Chris@8	216 $dbh->disconnect();
Chris@8	217 undef $dbh;
Chris@7	218
Chris@734	219 my $auth_ssl_reqd = will_require_ssl_auth($r);
Chris@734	220
Chris@732	221 if ($status == 1) { # public
Chris@732	222
Chris@732	223 print STDERR "SoundSoftware.pm:$$: Project is public\n";
Chris@732	224
Chris@732	225 if (!defined $read_only_methods{$method}) {
Chris@732	226
Chris@732	227 print STDERR "SoundSoftware.pm:$$: Method is not read-only\n";
Chris@732	228
Chris@732	229 if ($readonly) {
Chris@732	230 print STDERR "SoundSoftware.pm:$$: Project repo is read-only, refusing access\n";
Chris@732	231 return FORBIDDEN;
Chris@732	232 } else {
Chris@732	233 print STDERR "SoundSoftware.pm:$$: Project repo is read-write, auth required\n";
Chris@732	234 # fall through, this is the normal case
Chris@732	235 }
Chris@732	236
Chris@734	237 } elsif ($auth_ssl_reqd and $r->unparsed_uri =~ m/cmd=branchmap/) {
Chris@734	238
Chris@734	239 # A hac^H^H^Hspecial case. We want to ensure we switch to
Chris@734	240 # https (if it will be necessarily for authentication)
Chris@734	241 # before the first POST request, and this is what I think
Chris@734	242 # will give us suitable warning for Mercurial.
Chris@734	243
Chris@734	244 print STDERR "SoundSoftware.pm:$$: Switching to HTTPS in preparation\n";
Chris@734	245 # fall through, this is the normal case
Chris@734	246
Chris@732	247 } else {
Chris@732	248 # Public project, read-only method -- this is the only
Chris@732	249 # case we can decide for certain to accept in this function
Chris@732	250 print STDERR "SoundSoftware.pm:$$: Method is read-only, no restriction here\n";
Chris@732	251 $r->set_handlers(PerlAuthenHandler => [\&OK]);
Chris@1612	252 if (!defined $r->user or $r->user eq '') {
Chris@1612	253 # Apache 2.4+ requires auth module to set user if no
Chris@1612	254 # auth was needed. Note that this actually tells
Chris@1612	255 # apache that user has been identified, so authen
Chris@1612	256 # handler will never be called (i.e. we must not do
Chris@1612	257 # this unless we are actually approving the auth-free
Chris@1612	258 # access). If we don't do this, we get a 500 error
Chris@1612	259 # here after the set_handlers call above
Chris@1612	260 $r->user('anon');
Chris@1612	261 }
Chris@732	262 return OK;
Chris@732	263 }
Chris@732	264
Chris@732	265 } else { # status != 1, i.e. nonexistent or private -- equivalent here
Chris@732	266
Chris@732	267 print STDERR "SoundSoftware.pm:$$: Project is private or nonexistent, auth required\n";
Chris@732	268 # fall through
Chris@8	269 }
Chris@7	270
Chris@734	271 if ($auth_ssl_reqd) {
Chris@734	272 my $redir_to = "https://" . $r->hostname() . $r->unparsed_uri();
Chris@734	273 print STDERR "SoundSoftware.pm:$$: Need to switch to HTTPS, redirecting to $redir_to\n";
Chris@734	274 $r->headers_out->add('Location' => $redir_to);
Chris@734	275 return REDIRECT;
Chris@732	276 } else {
Chris@734	277 return OK;
Chris@732	278 }
Chris@7	279 }
Chris@7	280
Chris@7	281 sub authen_handler {
Chris@8	282 my $r = shift;
Chris@8	283
Chris@517	284 print STDERR "SoundSoftware.pm:$$: In authentication handler at " . scalar localtime() . "\n";
Chris@7	285
Chris@8	286 my $dbh = connect_database($r);
Chris@152	287 unless ($dbh) {
Chris@517	288 print STDERR "SoundSoftware.pm:$$: Database connection failed!: " . $DBI::errstr . "\n";
Chris@152	289 return AUTH_REQUIRED;
Chris@152	290 }
Chris@8	291
Chris@8	292 my $project_id = get_project_identifier($dbh, $r);
Chris@8	293 my $realm = get_realm($dbh, $project_id, $r);
Chris@8	294 $r->auth_name($realm);
Chris@8	295
Chris@8	296 my ($res, $redmine_pass) = $r->get_basic_auth_pw();
Chris@8	297 unless ($res == OK) {
Chris@8	298 $dbh->disconnect();
Chris@8	299 undef $dbh;
Chris@8	300 return $res;
Chris@8	301 }
Chris@8	302
Chris@517	303 print STDERR "SoundSoftware.pm:$$: User is " . $r->user . ", got password\n";
Chris@8	304
Chris@732	305 my $status = get_project_status($dbh, $project_id, $r);
Chris@732	306 if ($status == 0) {
Chris@732	307 # nonexistent, behave like private project you aren't a member of
Chris@732	308 print STDERR "SoundSoftware.pm:$$: Project doesn't exist, not permitted\n";
Chris@732	309 $dbh->disconnect();
Chris@732	310 undef $dbh;
Chris@732	311 $r->note_auth_failure();
Chris@732	312 return AUTH_REQUIRED;
Chris@732	313 }
Chris@732	314
Chris@8	315 my $permitted = is_permitted($dbh, $project_id, $r->user, $redmine_pass, $r);
Chris@8	316
Chris@8	317 $dbh->disconnect();
Chris@8	318 undef $dbh;
Chris@8	319
Chris@8	320 if ($permitted) {
Chris@8	321 return OK;
Chris@8	322 } else {
Chris@517	323 print STDERR "SoundSoftware.pm:$$: Not permitted\n";
Chris@8	324 $r->note_auth_failure();
Chris@8	325 return AUTH_REQUIRED;
Chris@8	326 }
Chris@7	327 }
Chris@7	328
Chris@7	329 sub get_project_status {
Chris@8	330 my $dbh = shift;
Chris@7	331 my $project_id = shift;
Chris@7	332 my $r = shift;
Chris@8	333
Chris@8	334 if (!defined $project_id or $project_id eq '') {
Chris@8	335 return 0; # nonexistent
Chris@8	336 }
Chris@7	337
Chris@7	338 my $sth = $dbh->prepare(
Chris@7	339 "SELECT is_public FROM projects WHERE projects.identifier = ?;"
Chris@7	340 );
Chris@7	341
Chris@7	342 $sth->execute($project_id);
Chris@8	343 my $ret = 0; # nonexistent
Chris@7	344 if (my @row = $sth->fetchrow_array) {
Chris@7	345 if ($row[0] eq "1" \|\| $row[0] eq "t") {
Chris@7	346 $ret = 1; # public
Chris@7	347 } else {
Chris@8	348 $ret = 2; # private
Chris@7	349 }
Chris@7	350 }
Chris@7	351 $sth->finish();
Chris@7	352 undef $sth;
Chris@7	353
Chris@7	354 $ret;
Chris@7	355 }
Chris@7	356
Chris@734	357 sub will_require_ssl_auth {
Chris@734	358 my $r = shift;
Chris@734	359
Chris@734	360 my $cfg = Apache2::Module::get_config
Chris@734	361 (__PACKAGE__, $r->server, $r->per_dir_config);
Chris@734	362
Chris@734	363 if ($cfg->{SoundSoftwareSslRequired} eq "on") {
Chris@734	364 if ($r->dir_config('HTTPS') eq "on") {
Chris@734	365 # already have ssl
Chris@734	366 return 0;
Chris@734	367 } else {
Chris@734	368 # require ssl for auth, don't have it yet
Chris@734	369 return 1;
Chris@734	370 }
Chris@734	371 } elsif ($cfg->{SoundSoftwareSslRequired} eq "off") {
Chris@734	372 # don't require ssl for auth
Chris@734	373 return 0;
Chris@734	374 } else {
Chris@734	375 print STDERR "WARNING: SoundSoftware.pm:$$: SoundSoftwareSslRequired should be either 'on' or 'off'\n";
Chris@734	376 # this is safer
Chris@734	377 return 1;
Chris@734	378 }
Chris@734	379 }
Chris@734	380
chris@300	381 sub project_repo_is_readonly {
chris@300	382 my $dbh = shift;
chris@300	383 my $project_id = shift;
chris@300	384 my $r = shift;
chris@300	385
chris@300	386 if (!defined $project_id or $project_id eq '') {
chris@300	387 return 0; # nonexistent
chris@300	388 }
chris@300	389
chris@300	390 my $sth = $dbh->prepare(
chris@300	391 "SELECT repositories.is_external FROM repositories, projects WHERE projects.identifier = ? AND repositories.project_id = projects.id;"
chris@300	392 );
chris@300	393
chris@300	394 $sth->execute($project_id);
chris@300	395 my $ret = 0; # nonexistent
chris@300	396 if (my @row = $sth->fetchrow_array) {
chris@301	397 if (defined($row[0]) && ($row[0] eq "1" \|\| $row[0] eq "t")) {
chris@300	398 $ret = 1; # read-only (i.e. external)
chris@300	399 } else {
chris@300	400 $ret = 0; # read-write
chris@300	401 }
chris@300	402 }
chris@300	403 $sth->finish();
chris@300	404 undef $sth;
chris@300	405
chris@300	406 $ret;
chris@300	407 }
chris@300	408
Chris@8	409 sub is_permitted {
Chris@8	410 my $dbh = shift;
Chris@8	411 my $project_id = shift;
Chris@8	412 my $redmine_user = shift;
Chris@8	413 my $redmine_pass = shift;
Chris@8	414 my $r = shift;
Chris@7	415
Chris@1331	416 my $pass_digest = Digest::SHA::sha1_hex($redmine_pass);
Chris@7	417
Chris@8	418 my $cfg = Apache2::Module::get_config
Chris@8	419 (__PACKAGE__, $r->server, $r->per_dir_config);
Chris@7	420
Chris@8	421 my $query = $cfg->{SoundSoftwareQuery};
Chris@8	422 my $sth = $dbh->prepare($query);
Chris@8	423 $sth->execute($redmine_user, $project_id);
Chris@7	424
Chris@8	425 my $ret;
chris@301	426 while (my ($hashed_password, $salt, $auth_source_id, $permissions) = $sth->fetchrow_array) {
Chris@7	427
Chris@8	428 # Test permissions for this user before we verify credentials
Chris@8	429 # -- if the user is not permitted this action anyway, there's
Chris@8	430 # not much point in e.g. contacting the LDAP
Chris@7	431
Chris@8	432 my $method = $r->method;
Chris@7	433
Chris@8	434 if ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/)
Chris@8	435 \|\| $permissions =~ /:commit_access/) {
Chris@8	436
Chris@8	437 # User would be permitted this action, if their
Chris@8	438 # credentials checked out -- test those now
Chris@8	439
Chris@8	440 print STDERR "SoundSoftware.pm: User $redmine_user has required role, checking credentials\n";
Chris@8	441
Chris@8	442 unless ($auth_source_id) {
Chris@1331	443 my $salted_password = Digest::SHA::sha1_hex($salt.$pass_digest);
chris@301	444 if ($hashed_password eq $salted_password) {
Chris@8	445 print STDERR "SoundSoftware.pm: User $redmine_user authenticated via password\n";
Chris@8	446 $ret = 1;
Chris@8	447 last;
Chris@8	448 }
Chris@8	449 } else {
Chris@8	450 my $sthldap = $dbh->prepare(
Chris@8	451 "SELECT host,port,tls,account,account_password,base_dn,attr_login FROM auth_sources WHERE id = ?;"
Chris@8	452 );
Chris@8	453 $sthldap->execute($auth_source_id);
Chris@8	454 while (my @rowldap = $sthldap->fetchrow_array) {
Chris@8	455 my $ldap = Authen::Simple::LDAP->new(
Chris@8	456 host => ($rowldap[2] eq "1" \|\| $rowldap[2] eq "t") ? "ldaps://$rowldap[0]" : $rowldap[0],
Chris@8	457 port => $rowldap[1],
Chris@8	458 basedn => $rowldap[5],
Chris@8	459 binddn => $rowldap[3] ? $rowldap[3] : "",
Chris@8	460 bindpw => $rowldap[4] ? $rowldap[4] : "",
Chris@8	461 filter => "(".$rowldap[6]."=%s)"
Chris@8	462 );
Chris@8	463 if ($ldap->authenticate($redmine_user, $redmine_pass)) {
Chris@517	464 print STDERR "SoundSoftware.pm:$$: User $redmine_user authenticated via LDAP\n";
Chris@8	465 $ret = 1;
Chris@8	466 }
Chris@8	467 }
Chris@8	468 $sthldap->finish();
Chris@8	469 undef $sthldap;
Chris@735	470 last if ($ret);
Chris@8	471 }
Chris@8	472 } else {
Chris@517	473 print STDERR "SoundSoftware.pm:$$: User $redmine_user lacks required role for this project\n";
Chris@8	474 }
Chris@7	475 }
Chris@7	476
Chris@8	477 $sth->finish();
Chris@8	478 undef $sth;
Chris@8	479
Chris@8	480 $ret;
Chris@7	481 }
Chris@7	482
Chris@7	483 sub get_project_identifier {
Chris@8	484 my $dbh = shift;
Chris@7	485 my $r = shift;
Chris@7	486 my $location = $r->location;
Chris@737	487 my ($repo) = $r->uri =~ m{$location/([^/])};
Chris@10	488
Chris@10	489 return $repo if (!$repo);
Chris@10	490
Chris@7	491 $repo =~ s/[^a-zA-Z0-9\._-]//g;
Chris@736	492
Chris@8	493 # The original Redmine.pm returns the string just calculated as
Chris@8	494 # the project identifier. That won't do for us -- we may have
Chris@8	495 # (and in fact already do have, in our test instance) projects
Chris@8	496 # whose repository names differ from the project identifiers.
Chris@8	497
Chris@8	498 # This is a rather fundamental change because it means that almost
Chris@8	499 # every request needs more than one database query -- which
Chris@8	500 # prompts us to start passing around $dbh instead of connecting
Chris@8	501 # locally within each function as is done in Redmine.pm.
Chris@8	502
Chris@7	503 my $sth = $dbh->prepare(
Chris@7	504 "SELECT projects.identifier FROM projects, repositories WHERE repositories.project_id = projects.id AND repositories.url LIKE ?;"
Chris@7	505 );
Chris@7	506
Chris@8	507 my $cfg = Apache2::Module::get_config
Chris@8	508 (__PACKAGE__, $r->server, $r->per_dir_config);
Chris@8	509
Chris@8	510 my $prefix = $cfg->{SoundSoftwareRepoPrefix};
Chris@8	511 if (!defined $prefix) { $prefix = '%/'; }
Chris@7	512 my $identifier = '';
Chris@7	513
Chris@8	514 $sth->execute($prefix . $repo);
Chris@7	515 my $ret = 0;
Chris@7	516 if (my @row = $sth->fetchrow_array) {
Chris@7	517 $identifier = $row[0];
Chris@7	518 }
Chris@7	519 $sth->finish();
Chris@7	520 undef $sth;
Chris@7	521
Chris@517	522 print STDERR "SoundSoftware.pm:$$: Repository '$repo' belongs to project '$identifier'\n";
Chris@7	523
Chris@7	524 $identifier;
Chris@7	525 }
Chris@7	526
Chris@8	527 sub get_realm {
Chris@8	528 my $dbh = shift;
Chris@8	529 my $project_id = shift;
Chris@8	530 my $r = shift;
Chris@8	531
Chris@8	532 my $sth = $dbh->prepare(
Chris@8	533 "SELECT projects.name FROM projects WHERE projects.identifier = ?;"
Chris@8	534 );
Chris@8	535
Chris@8	536 my $name = $project_id;
Chris@8	537
Chris@8	538 $sth->execute($project_id);
Chris@8	539 my $ret = 0;
Chris@8	540 if (my @row = $sth->fetchrow_array) {
Chris@8	541 $name = $row[0];
Chris@8	542 }
Chris@8	543 $sth->finish();
Chris@8	544 undef $sth;
Chris@8	545
Chris@8	546 # be timid about characters not permitted in auth realm and revert
Chris@8	547 # to project identifier if any are found
Chris@8	548 if ($name =~ m/[^\w\d\s\._-]/) {
Chris@8	549 $name = $project_id;
Chris@733	550 } elsif ($name =~ m/^\s*$/) {
Chris@733	551 # empty or whitespace
Chris@733	552 $name = $project_id;
Chris@733	553 }
Chris@733	554
Chris@733	555 if ($name =~ m/^\s*$/) {
Chris@733	556 # nothing even in $project_id -- probably a nonexistent project.
Chris@733	557 # use repo name instead (don't want to admit to user that project
Chris@733	558 # doesn't exist)
Chris@733	559 my $location = $r->location;
Chris@737	560 my ($repo) = $r->uri =~ m{$location/([^/])};
Chris@733	561 $name = $repo;
Chris@8	562 }
Chris@8	563
Chris@1271	564 # my $realm = '"Mercurial repository for ' . "'$name'" . '"';
Chris@1271	565 # see #577:
Chris@1271	566 my $realm = '"Mercurial repository for ' . "$name" . '"';
Chris@8	567
Chris@8	568 $realm;
Chris@8	569 }
Chris@8	570
Chris@7	571 sub connect_database {
Chris@7	572 my $r = shift;
Chris@7	573
Chris@8	574 my $cfg = Apache2::Module::get_config
Chris@8	575 (__PACKAGE__, $r->server, $r->per_dir_config);
Chris@8	576
Chris@8	577 return DBI->connect($cfg->{SoundSoftwareDSN},
Chris@152	578 $cfg->{SoundSoftwareDbUser},
Chris@152	579 $cfg->{SoundSoftwareDbPass});
Chris@7	580 }
Chris@7	581
Chris@7	582 1;

Mercurial > hg > soundsoftware-site

annotate extra/soundsoftware/SoundSoftware.pm @ 1628:9c5f8e24dadc live tip