From 18b3a48e842d1e13b5a8505f8fd18069836d8fa5 Mon Sep 17 00:00:00 2001
From: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>
Date: Mon, 26 Aug 2013 03:04:28 +0000
Subject: Fix handling of login session expiration and incorrect caching of
 login redirect responses.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1517413 13f79535-47bb-0310-9956-ffa450edef68
---
 sca-cpp/trunk/modules/http/mod-openauth.cpp | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'sca-cpp/trunk/modules/http/mod-openauth.cpp')

diff --git a/sca-cpp/trunk/modules/http/mod-openauth.cpp b/sca-cpp/trunk/modules/http/mod-openauth.cpp
index 3adc488301..1a45473caf 100644
--- a/sca-cpp/trunk/modules/http/mod-openauth.cpp
+++ b/sca-cpp/trunk/modules/http/mod-openauth.cpp
@@ -28,6 +28,7 @@
  * - OAuth2 using Tuscany's mod-tuscany-oauth2
  * - OpenID using mod_auth_openid
  * - Form-based using HTTPD's mod_auth_form
+ * - HTTP basic auth using mod_auth_basic
  * - SSL certificate using SSLFakeBasicAuth and mod_auth_basic
  */
 
@@ -142,7 +143,7 @@ const failable<int> checkAuthnzProviders(const string& user, const string& pw, r
 }
 
 const failable<int> checkAuthnz(const string& user, const string& pw, request_rec* const r, const DirConf& dc) {
-    if(substr(user, 0, 1) == "/" && pw == "password")
+    if(substr(user, 0, 1) == "/")
         return mkfailure<int>(string("Encountered FakeBasicAuth spoof: ") + user, HTTP_UNAUTHORIZED);
 
     if(isNull((const list<AuthnProviderConf>)dc.apcs)) {
@@ -224,9 +225,17 @@ const failable<int> authenticated(const list<value>& info, request_rec* const r)
     const list<value> id = assoc<value>("id", info);
     if(isNull(id) || isNull(cdr(id)))
         return mkfailure<int>("Couldn't retrieve user id", HTTP_UNAUTHORIZED);
-    r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
+    const string sid = cadr(id);
+    if (find(sid, '@') != length(sid))
+        apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "EMAIL"), apr_pstrdup(r->pool, c_str(sid)));
+    r->user = apr_pstrdup(r->pool, c_str(sid));
 
-    apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "NICKNAME"), apr_pstrdup(r->pool, c_str(cadr(id))));
+    // Update the request user field with the authorized user id returned by the authnz hooks
+    const char* auser = apr_table_get(r->subprocess_env, "AUTHZ_USER");
+    if (auser != NULL)
+        r->user = apr_pstrdup(r->pool, auser);
+
+    apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "NICKNAME"), apr_pstrdup(r->pool, r->user));
     return OK;
 }
 
-- 
cgit v1.2.3