[catagits/Catalyst-Authentication-Store-DBIx-Class.git] / lib / Catalyst / Authentication / Store / DBIx / Class.pm

package Catalyst::Authentication::Store::DBIx::Class;

use strict;
use warnings;
use base qw/Class::Accessor::Fast/;

our $VERSION= "0.108";


BEGIN {
    __PACKAGE__->mk_accessors(qw/config/);
}


sub new {
    my ( $class, $config, $app ) = @_;

    ## figure out if we are overriding the default store user class 
    $config->{'store_user_class'} = (exists($config->{'store_user_class'})) ? $config->{'store_user_class'} :
                                        "Catalyst::Authentication::Store::DBIx::Class::User";

    ## make sure the store class is loaded.
    Catalyst::Utils::ensure_class_loaded( $config->{'store_user_class'} );
    
    ## fields can be specified to be ignored during user location.  This allows
    ## the store to ignore certain fields in the authinfo hash.
    
    $config->{'ignore_fields_in_find'} ||= [ ];

    my $self = {
                    config => $config
               };

    bless $self, $class;

}

## --jk note to self:
## let's use DBIC's get_columns method to return a hash and save / restore that
## from the session.  Then we can respond to get() calls, etc. in most cases without
## resorting to a DB call.  If user_object is called, THEN we can hit the DB and
## return a real object.  
sub from_session {
    my ( $self, $c, $frozenuser ) = @_;

#    return $frozenuser if ref $frozenuser;

    my $user = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
    return $user->from_session($frozenuser, $c);
}

sub for_session {
    my ($self, $c, $user) = @_;
    
    return $user->for_session($c);
}

sub find_user {
    my ( $self, $authinfo, $c ) = @_;
    
    my $user = $self->config->{'store_user_class'}->new($self->{'config'}, $c);

    return $user->load($authinfo, $c);

}

sub user_supports {
    my $self = shift;
    # this can work as a class method on the user class
    $self->config->{'store_user_class'}->supports( @_ );
}

sub auto_create_user {
    my( $self, $authinfo, $c ) = @_;
    my $res = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
    return $res->auto_create( $authinfo, $c );
}

sub auto_update_user {
    my( $self, $authinfo, $c, $res ) = @_;
    $res->auto_update( $authinfo, $c );
    return $res;
}

__PACKAGE__;

__END__

=head1 NAME

Catalyst::Authentication::Store::DBIx::Class - A storage class for Catalyst Authentication using DBIx::Class

=head1 VERSION

This documentation refers to version 0.107.

=head1 SYNOPSIS

    use Catalyst qw/
                    Authentication
                    Authorization::Roles/;

    __PACKAGE__->config->{authentication} = 
                    {  
                        default_realm => 'members',
                        realms => {
                            members => {
                                credential => {
                                    class => 'Password',
                                    password_field => 'password',
                                    password_type => 'clear'
                                },
                                store => {
                                    class => 'DBIx::Class',
            	                    user_model => 'MyApp::User',
            	                    role_relation => 'roles',
            	                    role_field => 'rolename',	                
            	                }
                            }
                    	}
                    };

    # Log a user in:
    
    sub login : Global {
        my ( $self, $c ) = @_;
        
        $c->authenticate({  
                          screen_name => $c->req->params->username,
                          password => $c->req->params->password,
                          status => [ 'registered', 'loggedin', 'active']
                          }))
    }
    
    # verify a role 
    
    if ( $c->check_user_roles( 'editor' ) ) {
        # do editor stuff
    }
    
=head1 DESCRIPTION

The Catalyst::Authentication::Store::DBIx::Class class provides 
access to authentication information stored in a database via DBIx::Class.

=head1 CONFIGURATION

The DBIx::Class authentication store is activated by setting the store
config's B<class> element to DBIx::Class as shown above. See the
L<Catalyst::Plugin::Authentication> documentation for more details on
configuring the store. You can also use
L<Catalyst::Authentication::Realm::SimpleDB> for a simplified setup.

The DBIx::Class storage module has several configuration options


    __PACKAGE__->config->{authentication} = 
                    {  
                        default_realm => 'members',
                        realms => {
                            members => {
                                credential => {
                                    # ...
                                },
                                store => {
                                    class => 'DBIx::Class',
            	                    user_model => 'MyApp::User',
            	                    role_relation => 'roles',
            	                    role_field => 'rolename',
            	                    ignore_fields_in_find => [ 'remote_name' ],
            	                    use_userdata_from_session => 1,          
            	                }
                	        }
                    	}
                    };

=over 4

=item class

Class is part of the core Catalyst::Plugin::Authentication module; it
contains the class name of the store to be used.

=item user_model

Contains the model name (as passed to $c->model()) of the DBIx::Class schema
to use as the source for user information. This config item is B<REQUIRED>.
(Note that this option used to be called user_class. user_class is still
functional, but should be used only for compatibility with previous configs.)

=item role_column

If your role information is stored in the same table as the rest of your user
information, this item tells the module which field contains your role
information.  The DBIx::Class authentication store expects the data in this
field to be a series of role names separated by some combination of spaces, 
commas, or pipe characters.  

=item role_relation

If your role information is stored in a separate table, this is the name of
the relation that will lead to the roles the user is in.  If this is 
specified, then a role_field is also required.  Also when using this method
it is expected that your role table will return one row for each role 
the user is in.

=item role_field

This is the name of the field in the role table that contains the string 
identifying the role.  

=item ignore_fields_in_find

This item is an array containing fields that may be passed to the
$c->authenticate() routine (and therefore find_user in the storage class), but
which should be ignored when creating the DBIx::Class search to retrieve a
user. This makes it possible to avoid problems when a credential requires an
authinfo element whose name overlaps with a column name in your users table.
If this doesn't make sense to you, you probably don't need it.

=item use_userdata_from_session

Under normal circumstances, on each request the user's data is re-retrieved 
from the database using the primary key for the user table.  When this flag 
is set in the configuration, it causes the DBIx::Class store to avoid this
database hit on session restore.  Instead, the user object's column data 
is retrieved from the session and used as-is.  

B<NOTE>: Since the user object's column
data is only stored in the session during the initial authentication of 
the user, turning this on can potentially lead to a situation where the data
in $c->user is different from what is stored the database.  You can force
a reload of the data from the database at any time by calling $c->user->get_object(1);
Note that this will update $c->user for the remainder of this request.  
It will NOT update the session.  If you need to update the session
you should call $c->update_user_in_session() as well.  

=item store_user_class

This allows you to override the authentication user class that the 
DBIx::Class store module uses to perform its work.  Most of the
work done in this module is actually done by the user class, 
L<Catalyst::Authentication::Store::DBIx::Class::User>, so
overriding this doesn't make much sense unless you are using your
own class to extend the functionality of the existing class.  
Chances are you do not want to set this.

=item id_field

In most cases, this config variable does not need to be set, as
Catalyst::Authentication::Store::DBIx::Class will determine the primary
key of the user table on its own.  If you need to override the default, 
or your user table has multiple primary keys, then id_field
should contain the column name that should be used to restore the user.
A given value in this column should correspond to a single user in the database.
Note that this is used B<ONLY> when restoring a user from the session and 
has no bearing whatsoever in the initial authentication process.  Note also
that if use_userdata_from_session is enabled, this config parameter
is not used at all.

=back

=head1 USAGE 

The L<Catalyst::Authentication::Store::DBIx::Class> storage module
is not called directly from application code.  You interface with it 
through the $c->authenticate() call.  

There are three methods you can use to retrieve information from the DBIx::Class
storage module.  They are Simple retrieval, and the advanced retrieval methods
Searchargs and Resultset.

=head2 Simple Retrieval 

The first, and most common, method is simple retrieval. As its name implies
simple retrieval allows you to simply to provide the column => value pairs
that should be used to locate the user in question. An example of this usage
is below:

    if ($c->authenticate({  
                          screen_name => $c->req->params->{'username'},
                          password => $c->req->params->{'password'},
                          status => [ 'registered', 'active', 'loggedin']
                         })) {

        # ... authenticated user code here
    }

The above example would attempt to retrieve a user whose username column (here, 
screen_name) matched the username provided, and whose status column matched one of the
values provided. These name => value pairs are used more or less directly in
the DBIx::Class search() routine, so in most cases, you can use DBIx::Class
syntax to retrieve the user according to whatever rules you have.

NOTE: Because the password in most cases is encrypted - it is not used
directly but its encryption and comparison with the value provided is usually
handled by the Password Credential. Part of the Password Credential's behavior
is to remove the password argument from the authinfo that is passed to the
storage module. See L<Catalyst::Authentication::Credential::Password>.

One thing you need to know about this retrieval method is that the name
portion of the pair is checked against the user class's column list. Pairs are
only used if a matching column is found. Other pairs will be ignored. This
means that you can only provide simple name-value pairs, and that some more
advanced DBIx::Class constructs, such as '-or', '-and', etc. are in most cases
not possible using this method. For queries that require this level of
functionality, see the 'searchargs' method below.

=head2 Advanced Retrieval

The Searchargs and Resultset retrieval methods are used when more advanced
features of the underlying L<DBIx::Class> schema are required. These methods
provide a direct interface with the DBIx::Class schema and therefore
require a better understanding of the DBIx::Class module.  

=head3 The dbix_class key

Since the format of these arguments are often complex, they are not keys in
the base authinfo hash.  Instead, both of these arguments are placed within 
a hash attached to the store-specific 'dbix_class' key in the base $authinfo 
hash.  When the DBIx::Class authentication store sees the 'dbix_class' key
in the passed authinfo hash, all the other information in the authinfo hash
is ignored and only the values within the 'dbix_class' hash are used as 
though they were passed directly within the authinfo hash.  In other words, if
'dbix_class' is present, it replaces the authinfo hash for processing purposes.

The 'dbix_class' hash can be used to directly pass arguments to the
DBIx::Class authentication store. Reasons to do this are to avoid credential
modification of the authinfo hash, or to avoid overlap between credential and
store key names. It's a good idea to avoid using it in this way unless you are
sure you have an overlap/modification issue. However, the two advanced
retrieval methods, B<searchargs> and B<resultset>, require its use, as they 
are only processed as part of the 'dbix_class' hash.

=over 4

=item Searchargs

The B<searchargs> method of retrieval allows you to specify an arrayref containing
the two arguments to the search() method from L<DBIx::Class::ResultSet>.  If provided,
all other args are ignored, and the search args provided are used directly to locate
the user.  An example will probably make more sense:

    if ($c->authenticate(
        { 
            password => $password,
            'dbix_class' => 
                {
                    searchargs => [ { -or => [ username => $username,
                                              email => $email,
                                              clientid => $clientid ] 
                                   },
                                   { prefetch => qw/ preferences / } 
                                 ]
                }
        } ) ) 
    {
        # do successful authentication actions here.
    }

The above would allow authentication based on any of the three items -
username, email, or clientid - and would prefetch the data related to that user
from the preferences table. The searchargs array is passed directly to the
search() method associated with the user_model.

=item Resultset

The B<resultset> method of retrieval allows you to directly specify a
resultset to be used for user retrieval. This allows you to create a resultset
within your login action and use it for retrieving the user. A simple example:

    my $rs = $c->model('MyApp::User')->search({ email => $c->request->params->{'email'} });
       ... # further $rs adjustments
       
    if ($c->authenticate({ 
                           password => $password,
                           'dbix_class' => { resultset => $rs }
                         })) {
       # do successful authentication actions here.
    } 

Be aware that the resultset method will not verify that you are passing a
resultset that is attached to the same user_model as specified in the config.

NOTE: All of these methods of user retrieval, including the resultset method,
consider the first row returned to be the matching user. In most cases there
will be only one matching row, but it is easy to produce multiple rows,
especially when using the advanced retrieval methods. Remember, what you get
when you use this module is what you would get when calling
search(...)->first;

NOTE ALSO:  The user info used to save the user to the session and to retrieve
it is the same regardless of what method of retrieval was used.  In short,
the value in the id field (see 'id_field' config item) is used to retrieve the 
user from the database upon restoring from the session.  When the DBIx::Class storage
module does this, it does so by doing a simple search using the id field.  In other
words, it will not use the same arguments you used to request the user initially. 
This is especially important to those using the advanced methods of user retrieval. 
If you need more complicated logic when reviving the user from the session, you will
most likely want to subclass the L<Catalyst::Authentication::Store::DBIx::Class::User> class 
and provide your own for_session and from_session routines.

=back


=head1 METHODS

There are no publicly exported routines in the DBIx::Class authentication 
store (or indeed in most authentication stores). However, below is a 
description of the routines required by L<Catalyst::Plugin::Authentication> 
for all authentication stores.  Please see the documentation for 
L<Catalyst::Plugin::Authentication::Internals> for more information.


=head2 new ( $config, $app )

Constructs a new store object.

=head2 find_user ( $authinfo, $c ) 

Finds a user using the information provided in the $authinfo hashref and
returns the user, or undef on failure. This is usually called from the
Credential. This translates directly to a call to
L<Catalyst::Authentication::Store::DBIx::Class::User>'s load() method.

=head2 for_session ( $c, $user )

Prepares a user to be stored in the session. Currently returns the value of
the user's id field (as indicated by the 'id_field' config element)

=head2 from_session ( $c, $frozenuser)

Revives a user from the session based on the info provided in $frozenuser.
Currently treats $frozenuser as an id and retrieves a user with a matching id.

=head2 user_supports

Provides information about what the user object supports.  

=head2 auto_update_user( $authinfo, $c, $res )

This method is called if the realm's auto_update_user setting is true. It
will delegate to the user object's C<auto_update> method.

=head2 auto_create_user( $authinfo, $c )

This method is called if the realm's auto_create_user setting is true. It
will delegate to the user class's (resultset) C<auto_create> method.

=head1 NOTES

As of the current release, session storage consists of simply storing the user's
id in the session, and then using that same id to re-retrieve the user's information
from the database upon restoration from the session.  More dynamic storage of
user information in the session is intended for a future release.

=head1 BUGS AND LIMITATIONS

None known currently; please email the author if you find any.

=head1 SEE ALSO

L<Catalyst::Plugin::Authentication>, L<Catalyst::Plugin::Authentication::Internals>,
and L<Catalyst::Plugin::Authorization::Roles>

=head1 AUTHOR

Jason Kuri (jayk@cpan.org)

=head1 LICENSE

Copyright (c) 2007 the aforementioned authors. All rights
reserved. This program is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.

=cut
Commit	Line	Data
6727afe2	1	package Catalyst::Authentication::Store::DBIx::Class;
5000f545	2
	3	use strict;
	4	use warnings;
	5	use base qw/Class::Accessor::Fast/;
	6
f55cb81e	7	our $VERSION= "0.108";
6727afe2	8
b33ee900	9
	10	BEGIN {
	11	__PACKAGE__->mk_accessors(qw/config/);
	12	}
	13
6727afe2	14
5000f545	15	sub new {
	16	my ( $class, $config, $app ) = @_;
	17
b33ee900	18	## figure out if we are overriding the default store user class
b33ee900	19	$config->{'store_user_class'} = (exists($config->{'store_user_class'})) ? $config->{'store_user_class'} :
6727afe2	20	"Catalyst::Authentication::Store::DBIx::Class::User";
b33ee900	21
5000f545	22	## make sure the store class is loaded.
b33ee900	23	Catalyst::Utils::ensure_class_loaded( $config->{'store_user_class'} );
5000f545	24
b33ee900	25	## fields can be specified to be ignored during user location. This allows
ff7203cb	26	## the store to ignore certain fields in the authinfo hash.
5000f545	27
b33ee900	28	$config->{'ignore_fields_in_find'} \|\|= [ ];
	29
	30	my $self = {
	31	config => $config
	32	};
5000f545	33
5000f545	34	bless $self, $class;
b33ee900	35
5000f545	36	}
5000f545	37
ba48c9c3	38	## --jk note to self:
fff51ece	39	## let's use DBIC's get_columns method to return a hash and save / restore that
ba48c9c3	40	## from the session. Then we can respond to get() calls, etc. in most cases without
	41	## resorting to a DB call. If user_object is called, THEN we can hit the DB and
	42	## return a real object.
5000f545	43	sub from_session {
	44	my ( $self, $c, $frozenuser ) = @_;
	45
f26005a7	46	# return $frozenuser if ref $frozenuser;
f26005a7	47
b33ee900	48	my $user = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
b33ee900	49	return $user->from_session($frozenuser, $c);
5000f545	50	}
	51
	52	sub for_session {
	53	my ($self, $c, $user) = @_;
	54
	55	return $user->for_session($c);
	56	}
	57
	58	sub find_user {
	59	my ( $self, $authinfo, $c ) = @_;
	60
b33ee900	61	my $user = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
5000f545	62
b33ee900	63	return $user->load($authinfo, $c);
	64
	65	}
5000f545	66
5000f545	67	sub user_supports {
b33ee900	68	my $self = shift;
	69	# this can work as a class method on the user class
	70	$self->config->{'store_user_class'}->supports( @_ );
5000f545	71	}
5000f545	72
67f6319b	73	sub auto_create_user {
fb689852	74	my( $self, $authinfo, $c ) = @_;
	75	my $res = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
	76	return $res->auto_create( $authinfo, $c );
	77	}
	78
67f6319b	79	sub auto_update_user {
fb689852	80	my( $self, $authinfo, $c, $res ) = @_;
	81	$res->auto_update( $authinfo, $c );
	82	return $res;
	83	}
	84
5000f545	85	__PACKAGE__;
	86
	87	__END__
	88
	89	=head1 NAME
	90
6727afe2	91	Catalyst::Authentication::Store::DBIx::Class - A storage class for Catalyst Authentication using DBIx::Class
5000f545	92
	93	=head1 VERSION
	94
bf76ff13	95	This documentation refers to version 0.107.
5000f545	96
	97	=head1 SYNOPSIS
	98
93102ff5	99	use Catalyst qw/
	100	Authentication
	101	Authorization::Roles/;
	102
	103	__PACKAGE__->config->{authentication} =
	104	{
	105	default_realm => 'members',
	106	realms => {
	107	members => {
	108	credential => {
	109	class => 'Password',
	110	password_field => 'password',
	111	password_type => 'clear'
	112	},
	113	store => {
	114	class => 'DBIx::Class',
f55cb81e	115	user_model => 'MyApp::User',
93102ff5	116	role_relation => 'roles',
	117	role_field => 'rolename',
	118	}
c1d29ab7	119	}
93102ff5	120	}
	121	};
	122
	123	# Log a user in:
	124
	125	sub login : Global {
	126	my ( $self, $c ) = @_;
	127
	128	$c->authenticate({
f7e6d29f	129	screen_name => $c->req->params->username,
c1d29ab7	130	password => $c->req->params->password,
	131	status => [ 'registered', 'loggedin', 'active']
	132	}))
93102ff5	133	}
	134
	135	# verify a role
	136
	137	if ( $c->check_user_roles( 'editor' ) ) {
	138	# do editor stuff
	139	}
	140
5000f545	141	=head1 DESCRIPTION
5000f545	142
6727afe2	143	The Catalyst::Authentication::Store::DBIx::Class class provides
93102ff5	144	access to authentication information stored in a database via DBIx::Class.
	145
	146	=head1 CONFIGURATION
	147
	148	The DBIx::Class authentication store is activated by setting the store
f55cb81e	149	config's B<class> element to DBIx::Class as shown above. See the
	150	L<Catalyst::Plugin::Authentication> documentation for more details on
	151	configuring the store. You can also use
	152	L<Catalyst::Authentication::Realm::SimpleDB> for a simplified setup.
93102ff5	153
	154	The DBIx::Class storage module has several configuration options
	155
93102ff5	156
	157	__PACKAGE__->config->{authentication} =
	158	{
	159	default_realm => 'members',
	160	realms => {
	161	members => {
	162	credential => {
	163	# ...
	164	},
	165	store => {
	166	class => 'DBIx::Class',
f55cb81e	167	user_model => 'MyApp::User',
93102ff5	168	role_relation => 'roles',
93102ff5	169	role_field => 'rolename',
f26005a7	170	ignore_fields_in_find => [ 'remote_name' ],
f26005a7	171	use_userdata_from_session => 1,
93102ff5	172	}
	173	}
	174	}
	175	};
	176
b81ead77	177	=over 4
b81ead77	178
93102ff5	179	=item class
93102ff5	180
fff51ece	181	Class is part of the core Catalyst::Plugin::Authentication module; it
93102ff5	182	contains the class name of the store to be used.
93102ff5	183
f55cb81e	184	=item user_model
5000f545	185
f55cb81e	186	Contains the model name (as passed to $c->model()) of the DBIx::Class schema
	187	to use as the source for user information. This config item is B<REQUIRED>.
	188	(Note that this option used to be called user_class. user_class is still
	189	functional, but should be used only for compatibility with previous configs.)
5000f545	190
93102ff5	191	=item role_column
5000f545	192
93102ff5	193	If your role information is stored in the same table as the rest of your user
	194	information, this item tells the module which field contains your role
	195	information. The DBIx::Class authentication store expects the data in this
	196	field to be a series of role names separated by some combination of spaces,
fff51ece	197	commas, or pipe characters.
5000f545	198
93102ff5	199	=item role_relation
5000f545	200
93102ff5	201	If your role information is stored in a separate table, this is the name of
93102ff5	202	the relation that will lead to the roles the user is in. If this is
fff51ece	203	specified, then a role_field is also required. Also when using this method
93102ff5	204	it is expected that your role table will return one row for each role
93102ff5	205	the user is in.
5000f545	206
93102ff5	207	=item role_field
5000f545	208
93102ff5	209	This is the name of the field in the role table that contains the string
93102ff5	210	identifying the role.
5000f545	211
93102ff5	212	=item ignore_fields_in_find
5000f545	213
c1d29ab7	214	This item is an array containing fields that may be passed to the
	215	$c->authenticate() routine (and therefore find_user in the storage class), but
	216	which should be ignored when creating the DBIx::Class search to retrieve a
	217	user. This makes it possible to avoid problems when a credential requires an
	218	authinfo element whose name overlaps with a column name in your users table.
	219	If this doesn't make sense to you, you probably don't need it.
5000f545	220
f26005a7	221	=item use_userdata_from_session
	222
	223	Under normal circumstances, on each request the user's data is re-retrieved
	224	from the database using the primary key for the user table. When this flag
	225	is set in the configuration, it causes the DBIx::Class store to avoid this
	226	database hit on session restore. Instead, the user object's column data
	227	is retrieved from the session and used as-is.
	228
	229	B<NOTE>: Since the user object's column
	230	data is only stored in the session during the initial authentication of
	231	the user, turning this on can potentially lead to a situation where the data
	232	in $c->user is different from what is stored the database. You can force
	233	a reload of the data from the database at any time by calling $c->user->get_object(1);
	234	Note that this will update $c->user for the remainder of this request.
	235	It will NOT update the session. If you need to update the session
	236	you should call $c->update_user_in_session() as well.
	237
93102ff5	238	=item store_user_class
5000f545	239
93102ff5	240	This allows you to override the authentication user class that the
28aa2168	241	DBIx::Class store module uses to perform its work. Most of the
93102ff5	242	work done in this module is actually done by the user class,
6727afe2	243	L<Catalyst::Authentication::Store::DBIx::Class::User>, so
93102ff5	244	overriding this doesn't make much sense unless you are using your
	245	own class to extend the functionality of the existing class.
	246	Chances are you do not want to set this.
5000f545	247
f7e6d29f	248	=item id_field
	249
	250	In most cases, this config variable does not need to be set, as
	251	Catalyst::Authentication::Store::DBIx::Class will determine the primary
fff51ece	252	key of the user table on its own. If you need to override the default,
f7e6d29f	253	or your user table has multiple primary keys, then id_field
	254	should contain the column name that should be used to restore the user.
	255	A given value in this column should correspond to a single user in the database.
	256	Note that this is used B<ONLY> when restoring a user from the session and
	257	has no bearing whatsoever in the initial authentication process. Note also
	258	that if use_userdata_from_session is enabled, this config parameter
	259	is not used at all.
	260
93102ff5	261	=back
5000f545	262
93102ff5	263	=head1 USAGE
5000f545	264
6727afe2	265	The L<Catalyst::Authentication::Store::DBIx::Class> storage module
93102ff5	266	is not called directly from application code. You interface with it
93102ff5	267	through the $c->authenticate() call.
5000f545	268
c1d29ab7	269	There are three methods you can use to retrieve information from the DBIx::Class
	270	storage module. They are Simple retrieval, and the advanced retrieval methods
	271	Searchargs and Resultset.
	272
	273	=head2 Simple Retrieval
	274
28aa2168	275	The first, and most common, method is simple retrieval. As its name implies
c1d29ab7	276	simple retrieval allows you to simply to provide the column => value pairs
	277	that should be used to locate the user in question. An example of this usage
	278	is below:
	279
	280	if ($c->authenticate({
f7e6d29f	281	screen_name => $c->req->params->{'username'},
c1d29ab7	282	password => $c->req->params->{'password'},
	283	status => [ 'registered', 'active', 'loggedin']
	284	})) {
	285
	286	# ... authenticated user code here
	287	}
	288
f7e6d29f	289	The above example would attempt to retrieve a user whose username column (here,
f7e6d29f	290	screen_name) matched the username provided, and whose status column matched one of the
c1d29ab7	291	values provided. These name => value pairs are used more or less directly in
fff51ece	292	the DBIx::Class search() routine, so in most cases, you can use DBIx::Class
c1d29ab7	293	syntax to retrieve the user according to whatever rules you have.
	294
	295	NOTE: Because the password in most cases is encrypted - it is not used
28aa2168	296	directly but its encryption and comparison with the value provided is usually
c1d29ab7	297	handled by the Password Credential. Part of the Password Credential's behavior
c1d29ab7	298	is to remove the password argument from the authinfo that is passed to the
6727afe2	299	storage module. See L<Catalyst::Authentication::Credential::Password>.
c1d29ab7	300
c1d29ab7	301	One thing you need to know about this retrieval method is that the name
fff51ece	302	portion of the pair is checked against the user class's column list. Pairs are
c1d29ab7	303	only used if a matching column is found. Other pairs will be ignored. This
	304	means that you can only provide simple name-value pairs, and that some more
	305	advanced DBIx::Class constructs, such as '-or', '-and', etc. are in most cases
	306	not possible using this method. For queries that require this level of
	307	functionality, see the 'searchargs' method below.
	308
	309	=head2 Advanced Retrieval
	310
	311	The Searchargs and Resultset retrieval methods are used when more advanced
	312	features of the underlying L<DBIx::Class> schema are required. These methods
	313	provide a direct interface with the DBIx::Class schema and therefore
	314	require a better understanding of the DBIx::Class module.
	315
	316	=head3 The dbix_class key
	317
	318	Since the format of these arguments are often complex, they are not keys in
	319	the base authinfo hash. Instead, both of these arguments are placed within
	320	a hash attached to the store-specific 'dbix_class' key in the base $authinfo
	321	hash. When the DBIx::Class authentication store sees the 'dbix_class' key
	322	in the passed authinfo hash, all the other information in the authinfo hash
	323	is ignored and only the values within the 'dbix_class' hash are used as
	324	though they were passed directly within the authinfo hash. In other words, if
	325	'dbix_class' is present, it replaces the authinfo hash for processing purposes.
	326
	327	The 'dbix_class' hash can be used to directly pass arguments to the
	328	DBIx::Class authentication store. Reasons to do this are to avoid credential
	329	modification of the authinfo hash, or to avoid overlap between credential and
	330	store key names. It's a good idea to avoid using it in this way unless you are
	331	sure you have an overlap/modification issue. However, the two advanced
28aa2168	332	retrieval methods, B<searchargs> and B<resultset>, require its use, as they
28aa2168	333	are only processed as part of the 'dbix_class' hash.
c1d29ab7	334
	335	=over 4
	336
	337	=item Searchargs
	338
	339	The B<searchargs> method of retrieval allows you to specify an arrayref containing
ad93b3e9	340	the two arguments to the search() method from L<DBIx::Class::ResultSet>. If provided,
c1d29ab7	341	all other args are ignored, and the search args provided are used directly to locate
	342	the user. An example will probably make more sense:
	343
	344	if ($c->authenticate(
	345	{
	346	password => $password,
	347	'dbix_class' =>
	348	{
f26005a7	349	searchargs => [ { -or => [ username => $username,
c1d29ab7	350	email => $email,
	351	clientid => $clientid ]
	352	},
	353	{ prefetch => qw/ preferences / }
	354	]
	355	}
	356	} ) )
	357	{
	358	# do successful authentication actions here.
	359	}
	360
	361	The above would allow authentication based on any of the three items -
fff51ece	362	username, email, or clientid - and would prefetch the data related to that user
c1d29ab7	363	from the preferences table. The searchargs array is passed directly to the
f55cb81e	364	search() method associated with the user_model.
c1d29ab7	365
	366	=item Resultset
	367
	368	The B<resultset> method of retrieval allows you to directly specify a
	369	resultset to be used for user retrieval. This allows you to create a resultset
	370	within your login action and use it for retrieving the user. A simple example:
	371
	372	my $rs = $c->model('MyApp::User')->search({ email => $c->request->params->{'email'} });
	373	... # further $rs adjustments
	374
	375	if ($c->authenticate({
	376	password => $password,
fff51ece	377	'dbix_class' => { resultset => $rs }
c1d29ab7	378	})) {
	379	# do successful authentication actions here.
	380	}
	381
	382	Be aware that the resultset method will not verify that you are passing a
f55cb81e	383	resultset that is attached to the same user_model as specified in the config.
c1d29ab7	384
	385	NOTE: All of these methods of user retrieval, including the resultset method,
	386	consider the first row returned to be the matching user. In most cases there
	387	will be only one matching row, but it is easy to produce multiple rows,
	388	especially when using the advanced retrieval methods. Remember, what you get
	389	when you use this module is what you would get when calling
	390	search(...)->first;
	391
	392	NOTE ALSO: The user info used to save the user to the session and to retrieve
	393	it is the same regardless of what method of retrieval was used. In short,
	394	the value in the id field (see 'id_field' config item) is used to retrieve the
	395	user from the database upon restoring from the session. When the DBIx::Class storage
	396	module does this, it does so by doing a simple search using the id field. In other
	397	words, it will not use the same arguments you used to request the user initially.
	398	This is especially important to those using the advanced methods of user retrieval.
	399	If you need more complicated logic when reviving the user from the session, you will
6727afe2	400	most likely want to subclass the L<Catalyst::Authentication::Store::DBIx::Class::User> class
c1d29ab7	401	and provide your own for_session and from_session routines.
	402
	403	=back
5000f545	404
6727afe2	405
93102ff5	406	=head1 METHODS
5000f545	407
93102ff5	408	There are no publicly exported routines in the DBIx::Class authentication
fff51ece	409	store (or indeed in most authentication stores). However, below is a
93102ff5	410	description of the routines required by L<Catalyst::Plugin::Authentication>
	411	for all authentication stores. Please see the documentation for
	412	L<Catalyst::Plugin::Authentication::Internals> for more information.
	413
6727afe2	414
6727afe2	415	=head2 new ( $config, $app )
93102ff5	416
c1d29ab7	417	Constructs a new store object.
93102ff5	418
6727afe2	419	=head2 find_user ( $authinfo, $c )
93102ff5	420
c1d29ab7	421	Finds a user using the information provided in the $authinfo hashref and
fff51ece	422	returns the user, or undef on failure. This is usually called from the
c1d29ab7	423	Credential. This translates directly to a call to
6727afe2	424	L<Catalyst::Authentication::Store::DBIx::Class::User>'s load() method.
93102ff5	425
6727afe2	426	=head2 for_session ( $c, $user )
93102ff5	427
c1d29ab7	428	Prepares a user to be stored in the session. Currently returns the value of
fff51ece	429	the user's id field (as indicated by the 'id_field' config element)
93102ff5	430
6727afe2	431	=head2 from_session ( $c, $frozenuser)
93102ff5	432
c1d29ab7	433	Revives a user from the session based on the info provided in $frozenuser.
93102ff5	434	Currently treats $frozenuser as an id and retrieves a user with a matching id.
93102ff5	435
6727afe2	436	=head2 user_supports
93102ff5	437
	438	Provides information about what the user object supports.
	439
76e7a763	440	=head2 auto_update_user( $authinfo, $c, $res )
	441
	442	This method is called if the realm's auto_update_user setting is true. It
	443	will delegate to the user object's C<auto_update> method.
67f6319b	444
76e7a763	445	=head2 auto_create_user( $authinfo, $c )
67f6319b	446
76e7a763	447	This method is called if the realm's auto_create_user setting is true. It
fff51ece	448	will delegate to the user class's (resultset) C<auto_create> method.
5000f545	449
	450	=head1 NOTES
	451
93102ff5	452	As of the current release, session storage consists of simply storing the user's
fff51ece	453	id in the session, and then using that same id to re-retrieve the user's information
93102ff5	454	from the database upon restoration from the session. More dynamic storage of
93102ff5	455	user information in the session is intended for a future release.
5000f545	456
	457	=head1 BUGS AND LIMITATIONS
	458
fff51ece	459	None known currently; please email the author if you find any.
5000f545	460
	461	=head1 SEE ALSO
	462
93102ff5	463	L<Catalyst::Plugin::Authentication>, L<Catalyst::Plugin::Authentication::Internals>,
93102ff5	464	and L<Catalyst::Plugin::Authorization::Roles>
5000f545	465
	466	=head1 AUTHOR
	467
b33ee900	468	Jason Kuri (jayk@cpan.org)
5000f545	469
c1d29ab7	470	=head1 LICENSE
5000f545	471
c1d29ab7	472	Copyright (c) 2007 the aforementioned authors. All rights
93102ff5	473	reserved. This program is free software; you can redistribute
93102ff5	474	it and/or modify it under the same terms as Perl itself.
5000f545	475
5000f545	476	=cut