|
Arnar Birgisson
arnarbi at gmail.com
Mon Sep 24 06:52:39 EDT 2007
On 9/24/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote: > On 24/09/2007, Arnar Birgisson <arnarbi at gmail.com> wrote: > > Can I return apache.HTTP_UNAUTHORIZED from a fixup-handler to make the > > browser request username/passwd? > > Technically you can. The issue will be that if you have defined > AuthType etc then the earlier auth handler phase may result in it not > getting that far. Would I perform the authentication in the fixup handler as well? Basically just do it all there? 1. find project name 2. lookup project in db 3. if anon access allowed - apache.OK 4. call req.get_basic_auth_pw() 5. lookup user - apache.HTTP_UNAUTHORIZED if not found 6. check passwd - apache.HTTP_UNAUTHORIZED if no match 7. check for user access - apache.OK if allowed 8. apache.HTTP_UNAUTHORIZED otherwise Arnar
|