From 3575243b49923894bea86f74f5c4ae31793b8479 Mon Sep 17 00:00:00 2001 From: Jan Pazdziora Date: Sun, 23 Jan 2022 09:04:21 +0100 Subject: Change default redirect status for AuthPAMExpiredRedirect to 303 See Other, make it configurable. Redirect to reset password typically goes to different system, so repeating for example POST which 307 Temporary Redirect does is not that useful; the 303 See Other will do plain GET. The redirect status can be overriden with an optional second parameter to AuthPAMExpiredRedirect. --- tests/auth.conf | 10 ++++++++++ tests/run.sh | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/auth.conf b/tests/auth.conf index 2ee519e..c728d91 100644 --- a/tests/auth.conf +++ b/tests/auth.conf @@ -54,3 +54,13 @@ ScriptAlias /authnp4 /var/www/cgi-bin/auth.cgi AuthPAMExpiredRedirect http://localhost/fix-password?return=%s&percent=%%&user=%u Require pam-account webl + +ScriptAlias /authnp5 /var/www/cgi-bin/auth.cgi + + AuthType Basic + AuthName "private area" + AuthBasicProvider PAM + AuthPAMService webl + AuthPAMExpiredRedirect http://localhost/login?realm=ježek&return=%s 307 + Require pam-account webl + diff --git a/tests/run.sh b/tests/run.sh index 28235f8..3b24f9b 100755 --- a/tests/run.sh +++ b/tests/run.sh @@ -55,7 +55,8 @@ curl -u user1:heslo1 -s http://localhost/authnp3 | tee /dev/stderr | grep 'User curl -u user1:heslo1 -s http://localhost/authnp4 | tee /dev/stderr | grep 'User user1' chage -d $(date -d -2days +%Y-%m-%d) -M 1 user1 curl -u user1:heslo1 -s http://localhost/authnp3 | tee /dev/stderr | grep 401 -curl -i -u user1:heslo1 -s 'http://localhost/authnp4?id=123&data=M%26M' | tee /dev/stderr | grep -F -e 'Location: http://localhost/fix-password?return=http%3a%2f%2flocalhost%2fauthnp4%3fid%3d123%26data%3dM%2526M&percent=%25&user=user1' -e 'HTTP/1.1 307 Temporary Redirect' | wc -l | grep 2 +curl -i -u user1:heslo1 -s 'http://localhost/authnp4?id=123&data=M%26M' | tee /dev/stderr | grep -F -e 'Location: http://localhost/fix-password?return=http%3a%2f%2flocalhost%2fauthnp4%3fid%3d123%26data%3dM%2526M&percent=%25&user=user1' -e 'HTTP/1.1 303 See Other' | wc -l | grep 2 +curl -i -u user1:heslo1 -s 'http://localhost/authnp5?data=křížala' | tee /dev/stderr | grep -F -e 'Location: http://localhost/login?realm=ježek&return=http%3a%2f%2flocalhost%2fauthnp5%3fdata%3dk%c5%99%c3%ad%c5%beala' -e 'HTTP/1.1 307 Temporary Redirect' | wc -l | grep 2 chage -d $(date -d -2days +%Y-%m-%d) -M 3 user1 curl -u user1:heslo1 -s http://localhost/authnp3 | tee /dev/stderr | grep 'User user1' curl -u user1:heslo1 -s http://localhost/authnp4 | tee /dev/stderr | grep 'User user1' -- cgit