Adding Wrapper class, missed in the last one
[catagits/Catalyst-Plugin-Authentication.git] / lib / Catalyst / Plugin / Authentication.pm
CommitLineData
06675d2e 1#!/usr/bin/perl
2
3package Catalyst::Plugin::Authentication;
4
b003080b 5use base qw/Class::Accessor::Fast Class::Data::Inheritable/;
06675d2e 6
b003080b 7BEGIN {
7bb06c91 8 __PACKAGE__->mk_accessors(qw/_user/);
54c8dc06 9 __PACKAGE__->mk_classdata($_) for qw/_auth_realms/;
b003080b 10}
06675d2e 11
12use strict;
13use warnings;
14
96777f3a 15use Tie::RefHash;
12dae309 16use Class::Inspector;
96777f3a 17
bbf1cb39 18# this optimization breaks under Template::Toolkit
19# use user_exists instead
e145babc 20#BEGIN {
21# require constant;
22# constant->import(have_want => eval { require Want });
23#}
a1e5bd36 24
54c8dc06 25our $VERSION = "0.10";
c7c003d3 26
06675d2e 27sub set_authenticated {
54c8dc06 28 my ( $c, $user, $realmname ) = @_;
06675d2e 29
30 $c->user($user);
e300c5b6 31 $c->request->{user} = $user; # compatibility kludge
06675d2e 32
54c8dc06 33 if (!$realmname) {
34 $realmname = 'default';
06675d2e 35 }
54c8dc06 36
37 if ( $c->isa("Catalyst::Plugin::Session")
38 and $c->config->{authentication}{use_session}
39 and $user->supports("session") )
40 {
41 $c->save_user_in_session($realmname, $user);
42 }
43 $user->_set_auth_realm($realmname);
44
45 $c->NEXT::set_authenticated($user, $realmname);
06675d2e 46}
47
488433fd 48sub _should_save_user_in_session {
49 my ( $c, $user ) = @_;
50
51 $c->_auth_sessions_supported
52 and $c->config->{authentication}{use_session}
53 and $user->supports("session");
54}
55
56sub _should_load_user_from_session {
57 my ( $c, $user ) = @_;
58
59 $c->_auth_sessions_supported
60 and $c->config->{authentication}{use_session}
61 and $c->session_is_valid;
62}
63
64sub _auth_sessions_supported {
65 my $c = shift;
66 $c->isa("Catalyst::Plugin::Session");
67}
68
7bb06c91 69sub user {
e300c5b6 70 my $c = shift;
7bb06c91 71
e300c5b6 72 if (@_) {
73 return $c->_user(@_);
74 }
7bb06c91 75
56e23e7a 76 if ( defined(my $user = $c->_user) ) {
77 return $user;
78 } else {
47c6643f 79 return $c->auth_restore_user;
e300c5b6 80 }
7bb06c91 81}
82
54c8dc06 83# change this to allow specification of a realm - to verify the user is part of that realm
84# in addition to verifying that they exist.
ce0b058d 85sub user_exists {
86 my $c = shift;
9deccb83 87 return defined($c->_user) || defined($c->_user_in_session);
56e23e7a 88}
89
54c8dc06 90
12dae309 91sub save_user_in_session {
54c8dc06 92 my ( $c, $realmname, $user ) = @_;
12dae309 93
54c8dc06 94 $c->session->{__user_realm} = $realmname;
95
96 # we want to ask the backend for a user prepared for the session.
97 # but older modules split this functionality between the user and the
98 # backend. We try the store first. If not, we use the old method.
99 my $realm = $c->get_auth_realm($realmname);
100 if ($realm->{'store'}->can('for_session')) {
101 $c->session->{__user} = $realm->{'store'}->for_session($c, $user);
102 } else {
103 $c->session->{__user} = $user->for_session;
104 }
12dae309 105}
106
06675d2e 107sub logout {
108 my $c = shift;
109
110 $c->user(undef);
b003080b 111
54c8dc06 112 if (
113 $c->isa("Catalyst::Plugin::Session")
114 and $c->config->{authentication}{use_session}
115 and $c->session_is_valid
116 ) {
117 delete @{ $c->session }{qw/__user __user_realm/};
b003080b 118 }
351e2a82 119
120 $c->NEXT::logout(@_);
06675d2e 121}
122
54c8dc06 123sub find_user {
124 my ( $c, $userinfo, $realmname ) = @_;
125
126 $realmname ||= 'default';
127 my $realm = $c->get_auth_realm($realmname);
128 if ( $realm->{'store'} ) {
129 return $realm->{'store'}->find_user($userinfo, $c);
130 } else {
131 $c->log->debug('find_user: unable to locate a store matching the requested realm');
7d0922d8 132 }
133}
134
54c8dc06 135
47c6643f 136sub _user_in_session {
137 my $c = shift;
138
488433fd 139 return unless $c->_should_load_user_from_session;
47c6643f 140
141 return $c->session->{__user};
488433fd 142}
47c6643f 143
488433fd 144sub _store_in_session {
145 my $c = shift;
146
147 # we don't need verification, it's only called if _user_in_session returned something useful
148
149 return $c->session->{__user_store};
47c6643f 150}
151
7bb06c91 152sub auth_restore_user {
54c8dc06 153 my ( $c, $frozen_user, $realmname ) = @_;
7bb06c91 154
47c6643f 155 $frozen_user ||= $c->_user_in_session;
156 return unless defined($frozen_user);
4402d92d 157
54c8dc06 158 $realmname ||= $c->session->{__user_realm};
159 return unless $realmname; # FIXME die unless? This is an internal inconsistency
7bb06c91 160
54c8dc06 161 my $realm = $c->get_auth_realm($realmname);
162 $c->_user( my $user = $realm->{'store'}->from_session( $c, $frozen_user ) );
163
164 # this sets the realm the user originated in.
165 $user->_set_auth_realm($realmname);
e300c5b6 166 return $user;
7bb06c91 167
168}
169
54c8dc06 170# we can't actually do our setup in setup because the model has not yet been loaded.
171# So we have to trigger off of setup_finished. :-(
06675d2e 172sub setup {
173 my $c = shift;
174
54c8dc06 175 $c->_authentication_initialize();
176 $c->NEXT::setup(@_);
177}
178
179## the actual initialization routine. whee.
180sub _authentication_initialize {
181 my $c = shift;
182
183 if ($c->_auth_realms) { return };
184
185 my $cfg = $c->config->{'authentication'} || {};
06675d2e 186
187 %$cfg = (
188 use_session => 1,
189 %$cfg,
190 );
b003080b 191
54c8dc06 192 my $realmhash = {};
193 $c->_auth_realms($realmhash);
194
195 ## BACKWARDS COMPATIBILITY - if realm is not defined - then we are probably dealing
196 ## with an old-school config. The only caveat here is that we must add a classname
197 if (exists($cfg->{'realms'})) {
198
199 foreach my $realm (keys %{$cfg->{'realms'}}) {
200 $c->setup_auth_realm($realm, $cfg->{'realms'}{$realm});
201 }
202
203 # if we have a 'default-realm' in the config hash and we don't already
204 # have a realm called 'default', we point default at the realm specified
205 if (exists($cfg->{'default_realm'}) && !$c->get_auth_realm('default')) {
206 $c->set_default_auth_realm($cfg->{'default_realm'});
207 }
208 } else {
209 foreach my $storename (keys %{$cfg->{'stores'}}) {
210 my $realmcfg = {
211 store => $cfg->{'stores'}{$storename},
212 };
213 $c->setup_auth_realm($storename, $realmcfg);
214 }
215 }
216
06675d2e 217}
218
54c8dc06 219
220# set up realmname.
221sub setup_auth_realm {
222 my ($app, $realmname, $config) = @_;
223
224 $app->log->debug("Setting up $realmname");
225 if (!exists($config->{'store'}{'class'})) {
226 Carp::croak "Couldn't setup the authentication realm named '$realmname', no class defined";
227 }
228
229 # use the
230 my $storeclass = $config->{'store'}{'class'};
231
232 ## follow catalyst class naming - a + prefix means a fully qualified class, otherwise it's
233 ## taken to mean C::P::A::Store::(specifiedclass)::Backend
234 if ($storeclass !~ /^\+(.*)$/ ) {
235 $storeclass = "Catalyst::Plugin::Authentication::Store::${storeclass}::Backend";
236 } else {
237 $storeclass = $1;
238 }
239
240
241 # a little niceness - since most systems seem to use the password credential class,
242 # if no credential class is specified we use password.
243 $config->{credential}{class} ||= "Catalyst::Plugin::Authentication::Credential::Password";
244
245 my $credentialclass = $config->{'credential'}{'class'};
246
247 ## follow catalyst class naming - a + prefix means a fully qualified class, otherwise it's
248 ## taken to mean C::P::A::Credential::(specifiedclass)
249 if ($credentialclass !~ /^\+(.*)$/ ) {
250 $credentialclass = "Catalyst::Plugin::Authentication::Credential::${credentialclass}";
251 } else {
252 $credentialclass = $1;
253 }
254
255 # if we made it here - we have what we need to load the classes;
256 Catalyst::Utils::ensure_class_loaded( $credentialclass );
257 Catalyst::Utils::ensure_class_loaded( $storeclass );
258
259 # BACKWARDS COMPATIBILITY - if the store class does not define find_user, we define it in terms
260 # of get_user and add it to the class. this is because the auth routines use find_user,
261 # and rely on it being present. (this avoids per-call checks)
262 if (!$storeclass->can('find_user')) {
263 no strict 'refs';
264 *{"${storeclass}::find_user"} = sub {
265 my ($self, $info) = @_;
266 my @rest = @{$info->{rest}} if exists($info->{rest});
267 $self->get_user($info->{id}, @rest);
268 };
269 }
270
271 $app->auth_realms->{$realmname}{'store'} = $storeclass->new($config->{'store'}, $app);
272 if ($credentialclass->can('new')) {
273 $app->auth_realms->{$realmname}{'credential'} = $credentialclass->new($config->{'credential'}, $app);
274 } else {
275 # if the credential class is not actually a class - has no 'new' operator, we wrap it,
276 # once again - to allow our code to be simple at runtime and allow non-OO packages to function.
277 my $wrapperclass = 'Catalyst::Plugin::Authentication::Credential::Wrapper';
278 Catalyst::Utils::ensure_class_loaded( $wrapperclass );
279 $app->auth_realms->{$realmname}{'credential'} = $wrapperclass->new($config->{'credential'}, $app);
280 }
96777f3a 281}
282
54c8dc06 283sub auth_realms {
284 my $self = shift;
285 return($self->_auth_realms);
96777f3a 286}
287
54c8dc06 288sub get_auth_realm {
289 my ($app, $realmname) = @_;
290 return $app->auth_realms->{$realmname};
291}
96777f3a 292
54c8dc06 293sub set_default_auth_realm {
294 my ($app, $realmname) = @_;
295
296 if (exists($app->auth_realms->{$realmname})) {
297 $app->auth_realms->{'default'} = $app->auth_realms->{$realmname};
12dae309 298 }
54c8dc06 299 return $app->get_auth_realm('default');
96777f3a 300}
301
54c8dc06 302sub authenticate {
303 my ($app, $userinfo, $realmname) = @_;
304
305 if (!$realmname) {
306 $realmname = 'default';
307 }
308
309 my $realm = $app->get_auth_realm($realmname);
310
311 if ($realm && exists($realm->{'credential'})) {
312 my $user = $realm->{'credential'}->authenticate($app, $realm->{store}, $userinfo);
313 if ($user) {
314 $app->set_authenticated($user, $realmname);
315 return $user;
316 }
317 } else {
318 $app->log->debug("The realm requested, '$realmname' does not exist," .
319 " or there is no credential associated with it.")
320 }
321 return 0;
96777f3a 322}
323
54c8dc06 324## BACKWARDS COMPATIBILITY -- Warning: Here be monsters!
325#
326# What follows are backwards compatibility routines - for use with Stores and Credentials
327# that have not been updated to work with C::P::Authentication v0.10.
328# These are here so as to not break people's existing installations, but will go away
329# in a future version.
330#
331# The old style of configuration only supports a single store, as each store module
332# sets itself as the default store upon being loaded. This is the only supported
333# 'compatibility' mode.
334#
335
336sub get_user {
337 my ( $c, $uid, @rest ) = @_;
96777f3a 338
54c8dc06 339 return $c->find_user( {'id' => $uid, 'rest'=>\@rest }, 'default' );
96777f3a 340}
341
54c8dc06 342##
343## this should only be called when using old-style authentication plugins. IF this gets
344## called in a new-style config - it will OVERWRITE the store of your default realm. Don't do it.
345## also - this is a partial setup - because no credential is instantiated... in other words it ONLY
346## works with old-style auth plugins and C::P::Authentication in compatibility mode. Trying to combine
347## this with a realm-type config will probably crash your app.
96777f3a 348sub default_auth_store {
12dae309 349 my $self = shift;
96777f3a 350
12dae309 351 if ( my $new = shift ) {
54c8dc06 352 $self->auth_realms->{'default'}{'store'} = $new;
353 my $storeclass = ref($new);
354
355 # BACKWARDS COMPATIBILITY - if the store class does not define find_user, we define it in terms
356 # of get_user and add it to the class. this is because the auth routines use find_user,
357 # and rely on it being present. (this avoids per-call checks)
358 if (!$storeclass->can('find_user')) {
359 no strict 'refs';
360 *{"${storeclass}::find_user"} = sub {
361 my ($self, $info) = @_;
362 my @rest = @{$info->{rest}} if exists($info->{rest});
363 $self->get_user($info->{id}, @rest);
364 };
365 }
12dae309 366 }
96777f3a 367
54c8dc06 368 return $self->get_auth_realm('default')->{'store'};
96777f3a 369}
370
54c8dc06 371## BACKWARDS COMPATIBILITY
372## this only ever returns a hash containing 'default' - as that is the only
373## supported mode of calling this.
374sub auth_store_names {
375 my $self = shift;
376
377 my %hash = ( $self->get_auth_realm('default')->{'store'} => 'default' );
378}
379
380sub get_auth_store {
381 my ( $self, $name ) = @_;
382
383 if ($name ne 'default') {
384 Carp::croak "get_auth_store called on non-default realm '$name'. Only default supported in compatibility mode";
385 } else {
386 $self->default_auth_store();
387 }
388}
389
390sub get_auth_store_name {
391 my ( $self, $store ) = @_;
392 return 'default';
393}
394
395# sub auth_stores is only used internally - here for completeness
396sub auth_stores {
397 my $self = shift;
398
399 my %hash = ( 'default' => $self->get_auth_realm('default')->{'store'});
400}
401
402
403
404
405
406
06675d2e 407__PACKAGE__;
408
409__END__
410
411=pod
412
413=head1 NAME
414
55395841 415Catalyst::Plugin::Authentication - Infrastructure plugin for the Catalyst
416authentication framework.
06675d2e 417
418=head1 SYNOPSIS
419
189b5b0c 420 use Catalyst qw/
421 Authentication
189b5b0c 422 /;
423
424 # later on ...
54c8dc06 425 $c->authenticate({ username => 'myusername', password => 'mypassword' });
426 my $age = $c->user->get('age');
189b5b0c 427 $c->logout;
06675d2e 428
429=head1 DESCRIPTION
430
e7522758 431The authentication plugin provides generic user support. It is the basis
432for both authentication (checking the user is who they claim to be), and
433authorization (allowing the user to do what the system authorises them to do).
06675d2e 434
e7522758 435Using authentication is split into two parts. A Store is used to actually
436store the user information, and can store any amount of data related to
437the user. Multiple stores can be accessed from within one application.
438Credentials are used to verify users, using the store, given data from
439the frontend.
189b5b0c 440
6a36933d 441To implement authentication in a Catalyst application you need to add this
e7522758 442module, plus at least one store and one credential module.
189b5b0c 443
e7522758 444Authentication data can also be stored in a session, if the application
445is using the L<Catalyst::Plugin::Session> module.
06675d2e 446
4bb9b01c 447=head1 INTRODUCTION
448
449=head2 The Authentication/Authorization Process
450
451Web applications typically need to identify a user - to tell the user apart
452from other users. This is usually done in order to display private information
453that is only that user's business, or to limit access to the application so
454that only certain entities can access certain parts.
455
456This process is split up into several steps. First you ask the user to identify
457themselves. At this point you can't be sure that the user is really who they
458claim to be.
459
6a36933d 460Then the user tells you who they are, and backs this claim with some piece of
4bb9b01c 461information that only the real user could give you. For example, a password is
462a secret that is known to both the user and you. When the user tells you this
463password you can assume they're in on the secret and can be trusted (ignore
464identity theft for now). Checking the password, or any other proof is called
465B<credential verification>.
466
467By this time you know exactly who the user is - the user's identity is
468B<authenticated>. This is where this module's job stops, and other plugins step
469in. The next logical step is B<authorization>, the process of deciding what a
470user is (or isn't) allowed to do. For example, say your users are split into
471two main groups - regular users and administrators. You should verify that the
472currently logged in user is indeed an administrator before performing the
6a36933d 473actions of an administrative part of your application. One way to do this is
4bb9b01c 474with role based access control.
475
476=head2 The Components In This Framework
477
478=head3 Credential Verifiers
479
480When user input is transferred to the L<Catalyst> application (typically via
481form inputs) this data then enters the authentication framework through these
482plugins.
483
484These plugins check the data, and ensure that it really proves the user is who
485they claim to be.
486
487=head3 Storage Backends
488
489The credentials also identify a user, and this family of modules is supposed to
490take this identification data and return a standardized object oriented
491representation of users.
492
493When a user is retrieved from a store it is not necessarily authenticated.
494Credential verifiers can either accept a user object, or fetch the object
495themselves from the default store.
496
497=head3 The Core Plugin
498
6a36933d 499This plugin on its own is the glue, providing store registration, session
4bb9b01c 500integration, and other goodness for the other plugins.
501
502=head3 Other Plugins
503
504More layers of plugins can be stacked on top of the authentication code. For
505example, L<Catalyst::Plugin::Session::PerUser> provides an abstraction of
506browser sessions that is more persistent per users.
507L<Catalyst::Plugin::Authorization::Roles> provides an accepted way to separate
508and group users into categories, and then check which categories the current
509user belongs to.
510
5e91c057 511=head1 EXAMPLE
512
6a36933d 513Let's say we were storing users in an Apache style htpasswd file. Users are
514stored in that file, with a hashed password and some extra comments. Users are
515verified by supplying a password which is matched with the file.
5e91c057 516
517This means that our application will begin like this:
518
519 package MyApp;
520
521 use Catalyst qw/
522 Authentication
523 Authentication::Credential::Password
524 Authentication::Store::Htpasswd
525 /;
526
527 __PACKAGE__->config->{authentication}{htpasswd} = "passwdfile";
528
529This loads the appropriate methods and also sets the htpasswd store as the
530default store.
531
532So, now that we have the code loaded we need to get data from the user into the
533credential verifier.
534
535Let's create an authentication controller:
536
537 package MyApp::Controller::Auth;
538
539 sub login : Local {
540 my ( $self, $c ) = @_;
541
542 if ( my $user = $c->req->param("user")
543 and my $password = $c->req->param("password") )
544 {
545 if ( $c->login( $user, $password ) ) {
546 $c->res->body( "hello " . $c->user->name );
547 } else {
548 # login incorrect
549 }
550 }
551 else {
552 # invalid form input
553 }
554 }
555
556This code should be very readable. If all the necessary fields are supplied,
557call the L<Authentication::Credential::Password/login> method on the
558controller. If that succeeds the user is logged in.
559
560It could be simplified though:
561
562 sub login : Local {
563 my ( $self, $c ) = @_;
564
565 if ( $c->login ) {
566 ...
567 }
568 }
569
b840d11c 570Since the C<login> method knows how to find logically named parameters on its
5e91c057 571own.
572
573The credential verifier will ask the default store to get the user whose ID is
574the user parameter. In this case the default store is the htpasswd one. Once it
575fetches the user from the store the password is checked and if it's OK
576C<< $c->user >> will contain the user object returned from the htpasswd store.
577
578We can also pass a user object to the credential verifier manually, if we have
579several stores per app. This is discussed in
580L<Catalyst::Plugin::Authentication::Store>.
581
582Now imagine each admin user has a comment set in the htpasswd file saying
583"admin".
584
585A restricted action might look like this:
586
587 sub restricted : Local {
588 my ( $self, $c ) = @_;
589
590 $c->detach("unauthorized")
591 unless $c->user_exists
592 and $c->user->extra_info() eq "admin";
593
594 # do something restricted here
595 }
596
597This is somewhat similar to role based access control.
598L<Catalyst::Plugin::Authentication::Store::Htpasswd> treats the extra info
599field as a comma separated list of roles if it's treated that way. Let's
600leverage this. Add the role authorization plugin:
601
602 use Catalyst qw/
603 ...
604 Authorization::Roles
605 /;
606
607 sub restricted : Local {
608 my ( $self, $c ) = @_;
609
a93f1197 610 $c->detach("unauthorized") unless $c->check_roles("admin");
5e91c057 611
612 # do something restricted here
613 }
614
615This is somewhat simpler and will work if you change your store, too, since the
616role interface is consistent.
617
618Let's say your app grew, and you now have 10000 users. It's no longer efficient
619to maintain an htpasswd file, so you move this data to a database.
620
621 use Catalyst qw/
622 Authentication
623 Authentication::Credential::Password
624 Authentication::Store::DBIC
625 Authorization::Roles
626 /;
627
628 __PACKAGE__->config->{authentication}{dbic} = ...; # see the DBIC store docs
629
630The rest of your code should be unchanged. Now let's say you are integrating
631typekey authentication to your system. For simplicity's sake we'll assume that
632the user's are still keyed in the same way.
633
634 use Catalyst qw/
635 Authentication
636 Authentication::Credential::Password
637 Authentication::Credential::TypeKey
638 Authentication::Store::DBIC
639 Authorization::Roles
640 /;
641
642And in your auth controller add a new action:
643
644 sub typekey : Local {
645 my ( $self, $c ) = @_;
646
647 if ( $c->authenticate_typekey) { # uses $c->req and Authen::TypeKey
648 # same stuff as the $c->login method
649 # ...
650 }
651 }
652
653You've now added a new credential verification mechanizm orthogonally to the
654other components. All you have to do is make sure that the credential verifiers
655pass on the same types of parameters to the store in order to retrieve user
656objects.
657
06675d2e 658=head1 METHODS
659
660=over 4
661
06675d2e 662=item user
663
189b5b0c 664Returns the currently logged in user or undef if there is none.
06675d2e 665
ce0b058d 666=item user_exists
667
668Whether or not a user is logged in right now.
669
8bcb3a4b 670The reason this method exists is that C<< $c->user >> may needlessly load the
ce0b058d 671user from the auth store.
672
673If you're just going to say
674
4359cfe3 675 if ( $c->user_exists ) {
ce0b058d 676 # foo
677 } else {
678 $c->forward("login");
679 }
680
4359cfe3 681it should be more efficient than C<< $c->user >> when a user is marked in the
682session but C<< $c->user >> hasn't been called yet.
ce0b058d 683
4402d92d 684=item logout
685
686Delete the currently logged in user from C<user> and the session.
687
7d0922d8 688=item get_user $uid
689
189b5b0c 690Fetch a particular users details, defined by the given ID, via the default store.
691
692=back
693
694=head1 CONFIGURATION
695
696=over 4
697
698=item use_session
699
700Whether or not to store the user's logged in state in the session, if the
e7522758 701application is also using the L<Catalyst::Plugin::Session> plugin. This
702value is set to true per default.
703
704=item store
705
1e055395 706If multiple stores are being used, set the module you want as default here.
7d0922d8 707
1e055395 708=item stores
709
710If multiple stores are being used, you need to provide a name for each store
711here, as a hash, the keys are the names you wish to use, and the values are
712the the names of the plugins.
713
714 # example
715 __PACKAGE__->config( authentication => {
716 store => 'Catalyst::Plugin::Authentication::Store::HtPasswd',
717 stores => {
718 'dbic' => 'Catalyst::Plugin::Authentication::Store::DBIC'
719 }
720 });
721
2bcde605 722=back
1e055395 723
4fbe2e14 724=head1 METHODS FOR STORE MANAGEMENT
725
fe4cf44a 726=over 4
727
7d0922d8 728=item default_auth_store
729
4fbe2e14 730Return the store whose name is 'default'.
7d0922d8 731
189b5b0c 732This is set to C<< $c->config->{authentication}{store} >> if that value exists,
4fbe2e14 733or by using a Store plugin:
734
735 use Catalyst qw/Authentication Authentication::Store::Minimal/;
736
737Sets the default store to
738L<Catalyst::Plugin::Authentication::Store::Minimal::Backend>.
739
a1e5bd36 740
4fbe2e14 741=item get_auth_store $name
742
743Return the store whose name is $name.
744
745=item get_auth_store_name $store
746
747Return the name of the store $store.
748
749=item auth_stores
750
751A hash keyed by name, with the stores registered in the app.
752
753=item auth_store_names
754
755A ref-hash keyed by store, which contains the names of the stores.
756
757=item register_auth_stores %stores_by_name
758
759Register stores into the application.
06675d2e 760
fe4cf44a 761=back
762
06675d2e 763=head1 INTERNAL METHODS
764
765=over 4
766
767=item set_authenticated $user
768
769Marks a user as authenticated. Should be called from a
770C<Catalyst::Plugin::Authentication::Credential> plugin after successful
771authentication.
772
773This involves setting C<user> and the internal data in C<session> if
774L<Catalyst::Plugin::Session> is loaded.
775
e300c5b6 776=item auth_restore_user $user
777
778Used to restore a user from the session, by C<user> only when it's actually
779needed.
780
781=item save_user_in_session $user
782
783Used to save the user in a session.
784
06675d2e 785=item prepare
786
787Revives a user from the session object if there is one.
788
789=item setup
790
791Sets the default configuration parameters.
792
793=item
794
795=back
796
fbe577ac 797=head1 SEE ALSO
798
4bb9b01c 799This list might not be up to date.
800
801=head2 User Storage Backends
802
fbe577ac 803L<Catalyst::Plugin::Authentication::Store::Minimal>,
4bb9b01c 804L<Catalyst::Plugin::Authentication::Store::Htpasswd>,
805L<Catalyst::Plugin::Authentication::Store::DBIC> (also works with Class::DBI).
806
807=head2 Credential verification
808
809L<Catalyst::Plugin::Authentication::Credential::Password>,
810L<Catalyst::Plugin::Authentication::Credential::HTTP>,
811L<Catalyst::Plugin::Authentication::Credential::TypeKey>
812
813=head2 Authorization
814
fbe577ac 815L<Catalyst::Plugin::Authorization::ACL>,
4bb9b01c 816L<Catalyst::Plugin::Authorization::Roles>
817
5e91c057 818=head2 Internals Documentation
819
820L<Catalyst::Plugin::Authentication::Store>
821
4bb9b01c 822=head2 Misc
823
824L<Catalyst::Plugin::Session>,
825L<Catalyst::Plugin::Session::PerUser>
fbe577ac 826
93f08fb0 827=head1 DON'T SEE ALSO
828
1a05e6ed 829This module along with its sub plugins deprecate a great number of other
830modules. These include L<Catalyst::Plugin::Authentication::Simple>,
831L<Catalyst::Plugin::Authentication::CDBI>.
93f08fb0 832
833At the time of writing these plugins have not yet been replaced or updated, but
1a05e6ed 834should be eventually: L<Catalyst::Plugin::Authentication::OpenID>,
835L<Catalyst::Plugin::Authentication::LDAP>,
836L<Catalyst::Plugin::Authentication::CDBI::Basic>,
837L<Catalyst::Plugin::Authentication::Basic::Remote>.
93f08fb0 838
2bcde605 839=head1 AUTHORS
fbe577ac 840
841Yuval Kogman, C<nothingmuch@woobling.org>
2bcde605 842
7d2f34eb 843Jess Robinson
2bcde605 844
7d2f34eb 845David Kamholz
06675d2e 846
ff46c00b 847=head1 COPYRIGHT & LICENSE
fbe577ac 848
849 Copyright (c) 2005 the aforementioned authors. All rights
850 reserved. This program is free software; you can redistribute
851 it and/or modify it under the same terms as Perl itself.
852
853=cut
06675d2e 854