[catagits/Catalyst-Plugin-Authentication.git] / lib / Catalyst / Plugin / Authentication.pm

#!/usr/bin/perl

package Catalyst::Plugin::Authentication;

use base qw/Class::Accessor::Fast Class::Data::Inheritable/;

BEGIN {
    __PACKAGE__->mk_accessors(qw/_user/);
    __PACKAGE__->mk_classdata($_) for qw/_auth_stores _auth_store_names/;
}

use strict;
use warnings;

use Tie::RefHash;
use Class::Inspector;

#BEGIN {
#	require constant;
#	constant->import(have_want => eval { require Want });
#}

our $VERSION = "0.02";

sub set_authenticated {
    my ( $c, $user ) = @_;

    $c->user($user);
    $c->request->{user} = $user;    # compatibility kludge

    if (    $c->isa("Catalyst::Plugin::Session")
        and $c->config->{authentication}{use_session}
        and $user->supports("session") )
    {
        $c->save_user_in_session($user);
    }

    $c->NEXT::set_authenticated($user);
}

sub user {
    my $c = shift;

    if (@_) {
        return $c->_user(@_);
    }

    my $user = $c->_user;

    if ( $user and !Scalar::Util::blessed($user) ) {
#		return 1 if have_want() && Want::want("BOOL");
        return $c->auth_restore_user($user);
    }

    return $user;
}

sub user_exists {
	my $c = shift;
	return defined($c->_user);
}

sub save_user_in_session {
    my ( $c, $user ) = @_;

    my $store = $user->store || ref $user;
    $c->session->{__user_store} = $c->get_auth_store_name($store) || $store;
    $c->session->{__user} = $user->for_session;
}

sub logout {
    my $c = shift;

    $c->user(undef);

    if (    $c->isa("Catalyst::Plugin::Session")
        and $c->config->{authentication}{use_session} )
    {
        delete @{ $c->session }{qw/__user __user_store/};
    }
}

sub get_user {
    my ( $c, $uid ) = @_;

    if ( my $store = $c->default_auth_store ) {
        return $store->get_user($uid);
    }
    else {
        Catalyst::Exception->throw(
                "The user id $uid was passed to an authentication "
              . "plugin, but no default store was specified" );
    }
}

sub prepare {
    my $c = shift->NEXT::prepare(@_);

    if ( $c->isa("Catalyst::Plugin::Session")
        and !$c->user )
    {
        if ( $c->sessionid and my $frozen_user = $c->session->{__user} ) {
            $c->_user($frozen_user);
        }
    }

    return $c;
}

sub auth_restore_user {
    my ( $c, $frozen_user, $store_name ) = @_;

    return
      unless $c->isa("Catalyst::Plugin::Session")
      and $c->config->{authentication}{use_session}
      and $c->sessionid;

    $store_name  ||= $c->session->{__user_store};
    $frozen_user ||= $c->session->{__user};

    my $store = $c->get_auth_store($store_name);
    $c->_user( my $user = $store->from_session( $c, $frozen_user ) );

    return $user;

}

sub setup {
    my $c = shift;

    my $cfg = $c->config->{authentication} || {};

    %$cfg = (
        use_session => 1,
        %$cfg,
    );

    $c->register_auth_stores(
        default => $cfg->{store},
        %{ $cfg->{stores} || {} },
    );

    $c->NEXT::setup(@_);
}

sub get_auth_store {
    my ( $self, $name ) = @_;
    $self->auth_stores->{$name} || ( Class::Inspector->loaded($name) && $name );
}

sub get_auth_store_name {
    my ( $self, $store ) = @_;
    $self->auth_store_names->{$store};
}

sub register_auth_stores {
    my ( $self, %new ) = @_;

    foreach my $name ( keys %new ) {
        my $store = $new{$name} or next;
        $self->auth_stores->{$name}       = $store;
        $self->auth_store_names->{$store} = $name;
    }
}

sub auth_stores {
    my $self = shift;
    $self->_auth_stores(@_) || $self->_auth_stores( {} );
}

sub auth_store_names {
    my $self = shift;

    $self->_auth_store_names || do {
        tie my %hash, 'Tie::RefHash';
        $self->_auth_store_names( \%hash );
      }
}

sub default_auth_store {
    my $self = shift;

    if ( my $new = shift ) {
        $self->register_auth_stores( default => $new );
    }

    $self->get_auth_store("default");
}

__PACKAGE__;

__END__

=pod

=head1 NAME

Catalyst::Plugin::Authentication - Infrastructure plugin for the Catalyst
authentication framework.

=head1 SYNOPSIS

    use Catalyst qw/
        Authentication
        Authentication::Store::Foo
        Authentication::Credential::Password
    /;

    # later on ...
    # ->login is provided by the Credential::Password module
    $c->login('myusername', 'mypassword');
    my $age = $c->user->age;
    $c->logout;

=head1 DESCRIPTION

The authentication plugin provides generic user support. It is the basis 
for both authentication (checking the user is who they claim to be), and 
authorization (allowing the user to do what the system authorises them to do).

Using authentication is split into two parts. A Store is used to actually 
store the user information, and can store any amount of data related to 
the user. Multiple stores can be accessed from within one application. 
Credentials are used to verify users, using the store, given data from 
the frontend.

To implement authentication in a catalyst application you need to add this 
module, plus at least one store and one credential module.

Authentication data can also be stored in a session, if the application 
is using the L<Catalyst::Plugin::Session> module.

=head1 METHODS

=over 4 

=item user

Returns the currently logged in user or undef if there is none.

=item user_exists

Whether or not a user is logged in right now.

The reason this method exists is that C<<$c->user>> may needlessly load the
user from the auth store.

If you're just going to say

	if ( $c->user_user ) {
		# foo
	} else {
		$c->forward("login");
	}

it should be more efficient than C<<$c->user>> when a user is marked in the session
but C<< $c->user >> hasn't been called yet.

=item logout

Delete the currently logged in user from C<user> and the session.

=item get_user $uid

Fetch a particular users details, defined by the given ID, via the default store.

=back

=head1 CONFIGURATION

=over 4

=item use_session

Whether or not to store the user's logged in state in the session, if the
application is also using the L<Catalyst::Plugin::Session> plugin. This 
value is set to true per default.

=item store

If multiple stores are being used, set the module you want as default here.

=back

=item stores

If multiple stores are being used, you need to provide a name for each store
here, as a hash, the keys are the names you wish to use, and the values are
the the names of the plugins.

 # example
 __PACKAGE__->config( authentication => {
                        store => 'Catalyst::Plugin::Authentication::Store::HtPasswd',
                        stores => { 
                           'dbic' => 'Catalyst::Plugin::Authentication::Store::DBIC'
                                  }
                                         });


=head1 METHODS FOR STORE MANAGEMENT

=over 4

=item default_auth_store

Return the store whose name is 'default'.

This is set to C<< $c->config->{authentication}{store} >> if that value exists,
or by using a Store plugin:

	use Catalyst qw/Authentication Authentication::Store::Minimal/;

Sets the default store to
L<Catalyst::Plugin::Authentication::Store::Minimal::Backend>.


=item get_auth_store $name

Return the store whose name is $name.

=item get_auth_store_name $store

Return the name of the store $store.

=item auth_stores

A hash keyed by name, with the stores registered in the app.

=item auth_store_names

A ref-hash keyed by store, which contains the names of the stores.

=item register_auth_stores %stores_by_name

Register stores into the application.

=back

=head1 INTERNAL METHODS

=over 4

=item set_authenticated $user

Marks a user as authenticated. Should be called from a
C<Catalyst::Plugin::Authentication::Credential> plugin after successful
authentication.

This involves setting C<user> and the internal data in C<session> if
L<Catalyst::Plugin::Session> is loaded.

=item auth_restore_user $user

Used to restore a user from the session, by C<user> only when it's actually
needed.

=item save_user_in_session $user

Used to save the user in a session.

=item prepare

Revives a user from the session object if there is one.

=item setup

Sets the default configuration parameters.

=item 

=back

=head1 SEE ALSO

L<Catalyst::Plugin::Authentication::Credential::Password>,
L<Catalyst::Plugin::Authentication::Store::Minimal>,
L<Catalyst::Plugin::Authorization::ACL>,
L<Catalyst::Plugin::Authorization::Roles>.

=head1 AUTHOR

Yuval Kogman, C<nothingmuch@woobling.org>
Jess Robinson
David Kamholz

=head1 COPYRIGHT & LICNESE

        Copyright (c) 2005 the aforementioned authors. All rights
        reserved. This program is free software; you can redistribute
        it and/or modify it under the same terms as Perl itself.

=cut
Commit	Line	Data
07e49bc7	1	#!/usr/bin/perl
	2
	3	package Catalyst::Plugin::Authentication;
	4
dde93f12	5	use base qw/Class::Accessor::Fast Class::Data::Inheritable/;
07e49bc7	6
dde93f12	7	BEGIN {
2e3b369c	8	__PACKAGE__->mk_accessors(qw/_user/);
8b52f75e	9	__PACKAGE__->mk_classdata($_) for qw/_auth_stores _auth_store_names/;
dde93f12	10	}
07e49bc7	11
	12	use strict;
	13	use warnings;
	14
8b52f75e	15	use Tie::RefHash;
f2fee7ad	16	use Class::Inspector;
8b52f75e	17
c8c961f5	18	#BEGIN {
	19	# require constant;
	20	# constant->import(have_want => eval { require Want });
	21	#}
816e5745	22
f7f9859a	23	our $VERSION = "0.02";
49bd39d0	24
07e49bc7	25	sub set_authenticated {
	26	my ( $c, $user ) = @_;
	27
	28	$c->user($user);
f0348b1d	29	$c->request->{user} = $user; # compatibility kludge
07e49bc7	30
07e49bc7	31	if ( $c->isa("Catalyst::Plugin::Session")
8b52f75e	32	and $c->config->{authentication}{use_session}
f2fee7ad	33	and $user->supports("session") )
07e49bc7	34	{
f2fee7ad	35	$c->save_user_in_session($user);
07e49bc7	36	}
033d2c24	37
b260654c	38	$c->NEXT::set_authenticated($user);
07e49bc7	39	}
07e49bc7	40
2e3b369c	41	sub user {
f0348b1d	42	my $c = shift;
2e3b369c	43
f0348b1d	44	if (@_) {
	45	return $c->_user(@_);
	46	}
2e3b369c	47
f0348b1d	48	my $user = $c->_user;
2e3b369c	49
f0348b1d	50	if ( $user and !Scalar::Util::blessed($user) ) {
7800e80c	51	# return 1 if have_want() && Want::want("BOOL");
f0348b1d	52	return $c->auth_restore_user($user);
f0348b1d	53	}
2e3b369c	54
f0348b1d	55	return $user;
2e3b369c	56	}
2e3b369c	57
1a2be169	58	sub user_exists {
	59	my $c = shift;
	60	return defined($c->_user);
	61	}
	62
f2fee7ad	63	sub save_user_in_session {
f0348b1d	64	my ( $c, $user ) = @_;
f2fee7ad	65
	66	my $store = $user->store \|\| ref $user;
	67	$c->session->{__user_store} = $c->get_auth_store_name($store) \|\| $store;
	68	$c->session->{__user} = $user->for_session;
	69	}
	70
07e49bc7	71	sub logout {
	72	my $c = shift;
	73
	74	$c->user(undef);
dde93f12	75
	76	if ( $c->isa("Catalyst::Plugin::Session")
	77	and $c->config->{authentication}{use_session} )
	78	{
8b52f75e	79	delete @{ $c->session }{qw/__user __user_store/};
dde93f12	80	}
07e49bc7	81	}
07e49bc7	82
5435c348	83	sub get_user {
	84	my ( $c, $uid ) = @_;
	85
	86	if ( my $store = $c->default_auth_store ) {
	87	return $store->get_user($uid);
	88	}
	89	else {
	90	Catalyst::Exception->throw(
	91	"The user id $uid was passed to an authentication "
	92	. "plugin, but no default store was specified" );
	93	}
	94	}
	95
07e49bc7	96	sub prepare {
	97	my $c = shift->NEXT::prepare(@_);
	98
b260654c	99	if ( $c->isa("Catalyst::Plugin::Session")
07e49bc7	100	and !$c->user )
07e49bc7	101	{
2e3b369c	102	if ( $c->sessionid and my $frozen_user = $c->session->{__user} ) {
f0348b1d	103	$c->_user($frozen_user);
07e49bc7	104	}
	105	}
	106
	107	return $c;
	108	}
	109
2e3b369c	110	sub auth_restore_user {
f0348b1d	111	my ( $c, $frozen_user, $store_name ) = @_;
2e3b369c	112
b260654c	113	return
7800e80c	114	unless $c->isa("Catalyst::Plugin::Session")
b260654c	115	and $c->config->{authentication}{use_session}
b260654c	116	and $c->sessionid;
b7a0db6d	117
f0348b1d	118	$store_name \|\|= $c->session->{__user_store};
f0348b1d	119	$frozen_user \|\|= $c->session->{__user};
2e3b369c	120
f0348b1d	121	my $store = $c->get_auth_store($store_name);
f0348b1d	122	$c->_user( my $user = $store->from_session( $c, $frozen_user ) );
2e3b369c	123
f0348b1d	124	return $user;
2e3b369c	125
	126	}
	127
07e49bc7	128	sub setup {
	129	my $c = shift;
	130
bfeb91b4	131	my $cfg = $c->config->{authentication} \|\| {};
07e49bc7	132
	133	%$cfg = (
	134	use_session => 1,
	135	%$cfg,
	136	);
dde93f12	137
f2fee7ad	138	$c->register_auth_stores(
	139	default => $cfg->{store},
	140	%{ $cfg->{stores} \|\| {} },
	141	);
8b52f75e	142
dde93f12	143	$c->NEXT::setup(@_);
07e49bc7	144	}
07e49bc7	145
8b52f75e	146	sub get_auth_store {
f2fee7ad	147	my ( $self, $name ) = @_;
f2fee7ad	148	$self->auth_stores->{$name} \|\| ( Class::Inspector->loaded($name) && $name );
8b52f75e	149	}
	150
	151	sub get_auth_store_name {
f2fee7ad	152	my ( $self, $store ) = @_;
f2fee7ad	153	$self->auth_store_names->{$store};
8b52f75e	154	}
	155
	156	sub register_auth_stores {
f2fee7ad	157	my ( $self, %new ) = @_;
8b52f75e	158
f2fee7ad	159	foreach my $name ( keys %new ) {
	160	my $store = $new{$name} or next;
	161	$self->auth_stores->{$name} = $store;
	162	$self->auth_store_names->{$store} = $name;
	163	}
8b52f75e	164	}
	165
	166	sub auth_stores {
f2fee7ad	167	my $self = shift;
f2fee7ad	168	$self->_auth_stores(@_) \|\| $self->_auth_stores( {} );
8b52f75e	169	}
	170
	171	sub auth_store_names {
f2fee7ad	172	my $self = shift;
8b52f75e	173
b7a0db6d	174	$self->_auth_store_names \|\| do {
f2fee7ad	175	tie my %hash, 'Tie::RefHash';
f2fee7ad	176	$self->_auth_store_names( \%hash );
b260654c	177	}
8b52f75e	178	}
	179
	180	sub default_auth_store {
f2fee7ad	181	my $self = shift;
8b52f75e	182
f2fee7ad	183	if ( my $new = shift ) {
	184	$self->register_auth_stores( default => $new );
	185	}
8b52f75e	186
f2fee7ad	187	$self->get_auth_store("default");
8b52f75e	188	}
8b52f75e	189
07e49bc7	190	__PACKAGE__;
	191
	192	__END__
	193
	194	=pod
	195
	196	=head1 NAME
	197
033d2c24	198	Catalyst::Plugin::Authentication - Infrastructure plugin for the Catalyst
033d2c24	199	authentication framework.
07e49bc7	200
	201	=head1 SYNOPSIS
	202
18a3c897	203	use Catalyst qw/
	204	Authentication
	205	Authentication::Store::Foo
	206	Authentication::Credential::Password
	207	/;
	208
	209	# later on ...
	210	# ->login is provided by the Credential::Password module
	211	$c->login('myusername', 'mypassword');
	212	my $age = $c->user->age;
	213	$c->logout;
07e49bc7	214
	215	=head1 DESCRIPTION
	216
14929a35	217	The authentication plugin provides generic user support. It is the basis
	218	for both authentication (checking the user is who they claim to be), and
	219	authorization (allowing the user to do what the system authorises them to do).
07e49bc7	220
14929a35	221	Using authentication is split into two parts. A Store is used to actually
	222	store the user information, and can store any amount of data related to
	223	the user. Multiple stores can be accessed from within one application.
	224	Credentials are used to verify users, using the store, given data from
	225	the frontend.
18a3c897	226
14929a35	227	To implement authentication in a catalyst application you need to add this
14929a35	228	module, plus at least one store and one credential module.
18a3c897	229
14929a35	230	Authentication data can also be stored in a session, if the application
14929a35	231	is using the L<Catalyst::Plugin::Session> module.
07e49bc7	232
	233	=head1 METHODS
	234
	235	=over 4
	236
07e49bc7	237	=item user
07e49bc7	238
18a3c897	239	Returns the currently logged in user or undef if there is none.
07e49bc7	240
1a2be169	241	=item user_exists
	242
	243	Whether or not a user is logged in right now.
	244
	245	The reason this method exists is that C<<$c->user>> may needlessly load the
	246	user from the auth store.
	247
	248	If you're just going to say
	249
	250	if ( $c->user_user ) {
	251	# foo
	252	} else {
	253	$c->forward("login");
	254	}
	255
	256	it should be more efficient than C<<$c->user>> when a user is marked in the session
d61933f6	257	but C<< $c->user >> hasn't been called yet.
1a2be169	258
b7a0db6d	259	=item logout
	260
	261	Delete the currently logged in user from C<user> and the session.
	262
5435c348	263	=item get_user $uid
5435c348	264
18a3c897	265	Fetch a particular users details, defined by the given ID, via the default store.
	266
	267	=back
	268
	269	=head1 CONFIGURATION
	270
	271	=over 4
	272
	273	=item use_session
	274
	275	Whether or not to store the user's logged in state in the session, if the
14929a35	276	application is also using the L<Catalyst::Plugin::Session> plugin. This
	277	value is set to true per default.
	278
	279	=item store
	280
d61933f6	281	If multiple stores are being used, set the module you want as default here.
5435c348	282
b260654c	283	=back
b260654c	284
d61933f6	285	=item stores
	286
	287	If multiple stores are being used, you need to provide a name for each store
	288	here, as a hash, the keys are the names you wish to use, and the values are
	289	the the names of the plugins.
	290
	291	# example
	292	__PACKAGE__->config( authentication => {
	293	store => 'Catalyst::Plugin::Authentication::Store::HtPasswd',
	294	stores => {
	295	'dbic' => 'Catalyst::Plugin::Authentication::Store::DBIC'
	296	}
	297	});
	298
	299
b260654c	300	=head1 METHODS FOR STORE MANAGEMENT
b260654c	301
b12e226d	302	=over 4
b12e226d	303
5435c348	304	=item default_auth_store
5435c348	305
b260654c	306	Return the store whose name is 'default'.
5435c348	307
18a3c897	308	This is set to C<< $c->config->{authentication}{store} >> if that value exists,
b260654c	309	or by using a Store plugin:
	310
	311	use Catalyst qw/Authentication Authentication::Store::Minimal/;
	312
	313	Sets the default store to
	314	L<Catalyst::Plugin::Authentication::Store::Minimal::Backend>.
	315
816e5745	316
b260654c	317	=item get_auth_store $name
	318
	319	Return the store whose name is $name.
	320
	321	=item get_auth_store_name $store
	322
	323	Return the name of the store $store.
	324
	325	=item auth_stores
	326
	327	A hash keyed by name, with the stores registered in the app.
	328
	329	=item auth_store_names
	330
	331	A ref-hash keyed by store, which contains the names of the stores.
	332
	333	=item register_auth_stores %stores_by_name
	334
	335	Register stores into the application.
07e49bc7	336
b12e226d	337	=back
b12e226d	338
07e49bc7	339	=head1 INTERNAL METHODS
	340
	341	=over 4
	342
	343	=item set_authenticated $user
	344
	345	Marks a user as authenticated. Should be called from a
	346	C<Catalyst::Plugin::Authentication::Credential> plugin after successful
	347	authentication.
	348
	349	This involves setting C<user> and the internal data in C<session> if
	350	L<Catalyst::Plugin::Session> is loaded.
	351
f0348b1d	352	=item auth_restore_user $user
	353
	354	Used to restore a user from the session, by C<user> only when it's actually
	355	needed.
	356
	357	=item save_user_in_session $user
	358
	359	Used to save the user in a session.
	360
07e49bc7	361	=item prepare
	362
	363	Revives a user from the session object if there is one.
	364
	365	=item setup
	366
	367	Sets the default configuration parameters.
	368
	369	=item
	370
	371	=back
	372
36fba990	373	=head1 SEE ALSO
	374
	375	L<Catalyst::Plugin::Authentication::Credential::Password>,
	376	L<Catalyst::Plugin::Authentication::Store::Minimal>,
	377	L<Catalyst::Plugin::Authorization::ACL>,
	378	L<Catalyst::Plugin::Authorization::Roles>.
	379
	380	=head1 AUTHOR
	381
	382	Yuval Kogman, C<nothingmuch@woobling.org>
7d4c2ed8	383	Jess Robinson
7d4c2ed8	384	David Kamholz
07e49bc7	385
36fba990	386	=head1 COPYRIGHT & LICNESE
	387
	388	Copyright (c) 2005 the aforementioned authors. All rights
	389	reserved. This program is free software; you can redistribute
	390	it and/or modify it under the same terms as Perl itself.
	391
	392	=cut
07e49bc7	393