support check_https and also redirect to https version

diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index 2f4cd83e66e05f6b410e50cc54df15a7ace142b0..4ab430d5f989affb6b080e1efe8401dedd5e518b 100644 (file)
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -207,6 +207,7 @@ sub new_verifier {
            get_path_info => sub { $_[0]->path_info() },
            get_cookie => sub { $_[0]->cookie($_[1]->{S}{cookie_name}) },
            get_method => sub { $_[0]->request_method() },
+           check_https => sub { !!$_[0]->https() },
            get_url => sub { $_[0]->url(); },
             is_login => sub { defined $_[1]->_rp('password_param_name') },
             login_ok => \&login_ok_password,
@@ -503,8 +504,16 @@ my @ca = (-name => $r->{S}{cookie_name},
 sub _check_divert_core ($) {
     my ($r) = @_;
 
-    my $meth = $r->_ch('get_method');
     my $cooks = $r->_ch('get_cookie');
+
+    if (!$r->_ch('check_https')) {
+        return ({ Kind => 'REDIRECT-HTTPS',
+                  Message => $r->_gt("Redirecting to secure server..."),
+                  CookieSecret => undef,
+                  Params => { } });
+    }
+
+    my $meth = $r->_ch('get_method');
     my $parmh = $r->_rp('assoc_param_name');
     my $cookh = defined $cooks ? $r->hash($cooks) : undef;
 
@@ -781,11 +790,17 @@ sub check_ok ($) {
            $params->{$r->{S}{loggedout_param_names}[0]} = [ 1 ];
        } elsif ($kind eq 'REDIRECT-LOGOUT') {
            $params->{$r->{S}{logout_param_names}[0]} = [ 1 ];
-       } elsif ($kind eq 'REDIRECT-LOGGEDIN') {
+       } elsif ($kind =~ m/REDIRECT-(?:LOGGEDIN|HTTPS)/) {
        } else {
            die;
        }
        my $new_url = $r->url_with_query_params($params);
+        if ($kind eq 'REDIRECT-HTTPS') {
+            my $uri = URI->new($new_url);
+            die unless $uri->scheme eq 'http';
+            $uri->scheme('https');
+            $new_url = $uri->as_string();
+        }
        $r->_ch('do_redirect',$new_url, $cookie);
        return 0;
     }