package Apache::AuthCookie;

use strict;

use Carp;
use mod_perl qw(1.07 StackedHandlers MethodHandlers Authen Authz);
use Apache qw(unescape_url_info);   #  XXX New
use Apache::Const qw(:common M_GET FORBIDDEN REDIRECT);
use Apache::AuthCookie::Util;
use Apache::Util qw(escape_uri);
use vars qw($VERSION);

# $Id: AuthCookie.pm,v 2.39 2002/09/25 16:44:31 mschout Exp $
$VERSION = '3.04';

sub recognize_user ($$) {
  my ($self, $r) = @_;
  my $debug = $r->dir_config("AuthCookieDebug") || 0;
  my ($auth_type, $auth_name) = ($r->auth_type, $r->auth_name);
  return unless $auth_type && $auth_name;
  return unless $r->header_in('Cookie');

  my ($cookie) = 
    $r->header_in('Cookie') =~ /${auth_type}_${auth_name}=([^;]+)/;
  $r->log_error(
    "cookie ${auth_type}_${auth_name} is $cookie") if $debug >= 2;

  return unless $cookie;

  my ($user,@args) = $auth_type->authen_ses_key($r, $cookie);
  if ($user and scalar @args == 0) {
    $r->log_error("user is $user") if $debug >= 2;
    $r->user($user);
  } elsif (scalar @args > 0 and $auth_type->can('custom_errors')) {
    return $auth_type->custom_errors($r, $user, @args);
  }

  return OK;
}

# convert current request to GET
sub _convert_to_get {
    my ($self, $r, $args) = @_;

    return unless $r->method eq 'POST';

    my $debug = $r->dir_config("AuthCookieDebug") || 0;

    $r->log_error("Converting POST -> GET") if $debug >= 2;

    my @pairs =();
    while (my ($name, $value) = each %$args) {
      # we dont want to copy login data, only extra data
      next if $name eq 'destination'
           or $name =~ /^credential_\d+$/;

      $value = '' unless defined $value;
      push @pairs, escape_uri($name) . '=' . escape_uri($value);