[catagits/Catalyst-Plugin-Authentication.git] / lib / Catalyst / Plugin / Authentication.pm

#!/usr/bin/perl

package Catalyst::Plugin::Authentication;

use base qw/Class::Accessor::Fast Class::Data::Inheritable/;

BEGIN {
    __PACKAGE__->mk_accessors(qw/_user/);
    __PACKAGE__->mk_classdata($_) for qw/_auth_stores _auth_store_names/;
}

use strict;
use warnings;

use Tie::RefHash;
use Class::Inspector;

# this optimization breaks under Template::Toolkit
# use user_exists instead
#BEGIN {
#	require constant;
#	constant->import(have_want => eval { require Want });
#}

our $VERSION = "0.04";

sub set_authenticated {
    my ( $c, $user ) = @_;

    $c->user($user);
    $c->request->{user} = $user;    # compatibility kludge

    if (    $c->isa("Catalyst::Plugin::Session")
        and $c->config->{authentication}{use_session}
        and $user->supports("session") )
    {
        $c->save_user_in_session($user);
    }

    $c->NEXT::set_authenticated($user);
}

sub user {
    my $c = shift;

    if (@_) {
        return $c->_user(@_);
    }

    my $user = $c->_user;

    if ( $user and !Scalar::Util::blessed($user) ) {
#		return 1 if have_want() && Want::want("BOOL");
        return $c->auth_restore_user($user);
    }

    return $user;
}

sub user_exists {
	my $c = shift;
	return defined($c->_user);
}

sub save_user_in_session {
    my ( $c, $user ) = @_;

    my $store = $user->store || ref $user;
    $c->session->{__user_store} = $c->get_auth_store_name($store) || $store;
    $c->session->{__user} = $user->for_session;
}

sub logout {
    my $c = shift;

    $c->user(undef);

    if (    $c->isa("Catalyst::Plugin::Session")
        and $c->config->{authentication}{use_session} )
    {
        delete @{ $c->session }{qw/__user __user_store/};
    }
    
    $c->NEXT::logout(@_);
}

sub get_user {
    my ( $c, $uid ) = @_;

    if ( my $store = $c->default_auth_store ) {
        return $store->get_user($uid);
    }
    else {
        Catalyst::Exception->throw(
                "The user id $uid was passed to an authentication "
              . "plugin, but no default store was specified" );
    }
}

sub prepare {
    my $c = shift->NEXT::prepare(@_);

    if ( $c->isa("Catalyst::Plugin::Session")
        and !$c->user )
    {
        if ( $c->sessionid and my $frozen_user = $c->session->{__user} ) {
            $c->_user($frozen_user);
        }
    }

    return $c;
}

sub auth_restore_user {
    my ( $c, $frozen_user, $store_name ) = @_;

    return
      unless $c->isa("Catalyst::Plugin::Session")
      and $c->config->{authentication}{use_session}
      and $c->sessionid;

    $store_name  ||= $c->session->{__user_store};
    $frozen_user ||= $c->session->{__user};

    my $store = $c->get_auth_store($store_name);
    $c->_user( my $user = $store->from_session( $c, $frozen_user ) );

    return $user;

}

sub setup {
    my $c = shift;

    my $cfg = $c->config->{authentication} || {};

    %$cfg = (
        use_session => 1,
        %$cfg,
    );

    $c->register_auth_stores(
        default => $cfg->{store},
        %{ $cfg->{stores} || {} },
    );

    $c->NEXT::setup(@_);
}

sub get_auth_store {
    my ( $self, $name ) = @_;
    $self->auth_stores->{$name} || ( Class::Inspector->loaded($name) && $name );
}

sub get_auth_store_name {
    my ( $self, $store ) = @_;
    $self->auth_store_names->{$store};
}

sub register_auth_stores {
    my ( $self, %new ) = @_;

    foreach my $name ( keys %new ) {
        my $store = $new{$name} or next;
        $self->auth_stores->{$name}       = $store;
        $self->auth_store_names->{$store} = $name;
    }
}

sub auth_stores {
    my $self = shift;
    $self->_auth_stores(@_) || $self->_auth_stores( {} );
}

sub auth_store_names {
    my $self = shift;

    $self->_auth_store_names || do {
        tie my %hash, 'Tie::RefHash';
        $self->_auth_store_names( \%hash );
      }
}

sub default_auth_store {
    my $self = shift;

    if ( my $new = shift ) {
        $self->register_auth_stores( default => $new );
    }

    $self->get_auth_store("default");
}

__PACKAGE__;

__END__

=pod

=head1 NAME

Catalyst::Plugin::Authentication - Infrastructure plugin for the Catalyst
authentication framework.

=head1 SYNOPSIS

    use Catalyst qw/
        Authentication
        Authentication::Store::Foo
        Authentication::Credential::Password
    /;

    # later on ...
    # ->login is provided by the Credential::Password module
    $c->login('myusername', 'mypassword');
    my $age = $c->user->age;
    $c->logout;

=head1 DESCRIPTION

The authentication plugin provides generic user support. It is the basis 
for both authentication (checking the user is who they claim to be), and 
authorization (allowing the user to do what the system authorises them to do).

Using authentication is split into two parts. A Store is used to actually 
store the user information, and can store any amount of data related to 
the user. Multiple stores can be accessed from within one application. 
Credentials are used to verify users, using the store, given data from 
the frontend.

To implement authentication in a catalyst application you need to add this 
module, plus at least one store and one credential module.

Authentication data can also be stored in a session, if the application 
is using the L<Catalyst::Plugin::Session> module.

=head1 METHODS

=over 4 

=item user

Returns the currently logged in user or undef if there is none.

=item user_exists

Whether or not a user is logged in right now.

The reason this method exists is that C<<$c->user>> may needlessly load the
user from the auth store.

If you're just going to say

	if ( $c->user_user ) {
		# foo
	} else {
		$c->forward("login");
	}

it should be more efficient than C<<$c->user>> when a user is marked in the session
but C<< $c->user >> hasn't been called yet.

=item logout

Delete the currently logged in user from C<user> and the session.

=item get_user $uid

Fetch a particular users details, defined by the given ID, via the default store.

=back

=head1 CONFIGURATION

=over 4

=item use_session

Whether or not to store the user's logged in state in the session, if the
application is also using the L<Catalyst::Plugin::Session> plugin. This 
value is set to true per default.

=item store

If multiple stores are being used, set the module you want as default here.

=item stores

If multiple stores are being used, you need to provide a name for each store
here, as a hash, the keys are the names you wish to use, and the values are
the the names of the plugins.

 # example
 __PACKAGE__->config( authentication => {
                        store => 'Catalyst::Plugin::Authentication::Store::HtPasswd',
                        stores => { 
                           'dbic' => 'Catalyst::Plugin::Authentication::Store::DBIC'
                                  }
                                         });

=back

=head1 METHODS FOR STORE MANAGEMENT

=over 4

=item default_auth_store

Return the store whose name is 'default'.

This is set to C<< $c->config->{authentication}{store} >> if that value exists,
or by using a Store plugin:

	use Catalyst qw/Authentication Authentication::Store::Minimal/;

Sets the default store to
L<Catalyst::Plugin::Authentication::Store::Minimal::Backend>.


=item get_auth_store $name

Return the store whose name is $name.

=item get_auth_store_name $store

Return the name of the store $store.

=item auth_stores

A hash keyed by name, with the stores registered in the app.

=item auth_store_names

A ref-hash keyed by store, which contains the names of the stores.

=item register_auth_stores %stores_by_name

Register stores into the application.

=back

=head1 INTERNAL METHODS

=over 4

=item set_authenticated $user

Marks a user as authenticated. Should be called from a
C<Catalyst::Plugin::Authentication::Credential> plugin after successful
authentication.

This involves setting C<user> and the internal data in C<session> if
L<Catalyst::Plugin::Session> is loaded.

=item auth_restore_user $user

Used to restore a user from the session, by C<user> only when it's actually
needed.

=item save_user_in_session $user

Used to save the user in a session.

=item prepare

Revives a user from the session object if there is one.

=item setup

Sets the default configuration parameters.

=item 

=back

=head1 SEE ALSO

L<Catalyst::Plugin::Authentication::Credential::Password>,
L<Catalyst::Plugin::Authentication::Store::Minimal>,
L<Catalyst::Plugin::Authorization::ACL>,
L<Catalyst::Plugin::Authorization::Roles>.

=head1 AUTHORS

Yuval Kogman, C<nothingmuch@woobling.org>

Jess Robinson

David Kamholz

=head1 COPYRIGHT & LICNESE

        Copyright (c) 2005 the aforementioned authors. All rights
        reserved. This program is free software; you can redistribute
        it and/or modify it under the same terms as Perl itself.

=cut
Commit	Line	Data
06675d2e	1	#!/usr/bin/perl
	2
	3	package Catalyst::Plugin::Authentication;
	4
b003080b	5	use base qw/Class::Accessor::Fast Class::Data::Inheritable/;
06675d2e	6
b003080b	7	BEGIN {
7bb06c91	8	__PACKAGE__->mk_accessors(qw/_user/);
96777f3a	9	__PACKAGE__->mk_classdata($_) for qw/_auth_stores _auth_store_names/;
b003080b	10	}
06675d2e	11
	12	use strict;
	13	use warnings;
	14
96777f3a	15	use Tie::RefHash;
12dae309	16	use Class::Inspector;
96777f3a	17
bbf1cb39	18	# this optimization breaks under Template::Toolkit
bbf1cb39	19	# use user_exists instead
e145babc	20	#BEGIN {
	21	# require constant;
	22	# constant->import(have_want => eval { require Want });
	23	#}
a1e5bd36	24
bbf1cb39	25	our $VERSION = "0.04";
c7c003d3	26
06675d2e	27	sub set_authenticated {
	28	my ( $c, $user ) = @_;
	29
	30	$c->user($user);
e300c5b6	31	$c->request->{user} = $user; # compatibility kludge
06675d2e	32
06675d2e	33	if ( $c->isa("Catalyst::Plugin::Session")
96777f3a	34	and $c->config->{authentication}{use_session}
12dae309	35	and $user->supports("session") )
06675d2e	36	{
12dae309	37	$c->save_user_in_session($user);
06675d2e	38	}
55395841	39
4fbe2e14	40	$c->NEXT::set_authenticated($user);
06675d2e	41	}
06675d2e	42
7bb06c91	43	sub user {
e300c5b6	44	my $c = shift;
7bb06c91	45
e300c5b6	46	if (@_) {
	47	return $c->_user(@_);
	48	}
7bb06c91	49
e300c5b6	50	my $user = $c->_user;
7bb06c91	51
e300c5b6	52	if ( $user and !Scalar::Util::blessed($user) ) {
cde43a59	53	# return 1 if have_want() && Want::want("BOOL");
e300c5b6	54	return $c->auth_restore_user($user);
e300c5b6	55	}
7bb06c91	56
e300c5b6	57	return $user;
7bb06c91	58	}
7bb06c91	59
ce0b058d	60	sub user_exists {
	61	my $c = shift;
	62	return defined($c->_user);
	63	}
	64
12dae309	65	sub save_user_in_session {
e300c5b6	66	my ( $c, $user ) = @_;
12dae309	67
	68	my $store = $user->store \|\| ref $user;
	69	$c->session->{__user_store} = $c->get_auth_store_name($store) \|\| $store;
	70	$c->session->{__user} = $user->for_session;
	71	}
	72
06675d2e	73	sub logout {
	74	my $c = shift;
	75
	76	$c->user(undef);
b003080b	77
	78	if ( $c->isa("Catalyst::Plugin::Session")
	79	and $c->config->{authentication}{use_session} )
	80	{
96777f3a	81	delete @{ $c->session }{qw/__user __user_store/};
b003080b	82	}
351e2a82	83
351e2a82	84	$c->NEXT::logout(@_);
06675d2e	85	}
06675d2e	86
7d0922d8	87	sub get_user {
	88	my ( $c, $uid ) = @_;
	89
	90	if ( my $store = $c->default_auth_store ) {
	91	return $store->get_user($uid);
	92	}
	93	else {
	94	Catalyst::Exception->throw(
	95	"The user id $uid was passed to an authentication "
	96	. "plugin, but no default store was specified" );
	97	}
	98	}
	99
06675d2e	100	sub prepare {
	101	my $c = shift->NEXT::prepare(@_);
	102
4fbe2e14	103	if ( $c->isa("Catalyst::Plugin::Session")
06675d2e	104	and !$c->user )
06675d2e	105	{
7bb06c91	106	if ( $c->sessionid and my $frozen_user = $c->session->{__user} ) {
e300c5b6	107	$c->_user($frozen_user);
06675d2e	108	}
	109	}
	110
	111	return $c;
	112	}
	113
7bb06c91	114	sub auth_restore_user {
e300c5b6	115	my ( $c, $frozen_user, $store_name ) = @_;
7bb06c91	116
4fbe2e14	117	return
cde43a59	118	unless $c->isa("Catalyst::Plugin::Session")
4fbe2e14	119	and $c->config->{authentication}{use_session}
4fbe2e14	120	and $c->sessionid;
4402d92d	121
e300c5b6	122	$store_name \|\|= $c->session->{__user_store};
e300c5b6	123	$frozen_user \|\|= $c->session->{__user};
7bb06c91	124
e300c5b6	125	my $store = $c->get_auth_store($store_name);
e300c5b6	126	$c->_user( my $user = $store->from_session( $c, $frozen_user ) );
7bb06c91	127
e300c5b6	128	return $user;
7bb06c91	129
	130	}
	131
06675d2e	132	sub setup {
	133	my $c = shift;
	134
712a35bf	135	my $cfg = $c->config->{authentication} \|\| {};
06675d2e	136
	137	%$cfg = (
	138	use_session => 1,
	139	%$cfg,
	140	);
b003080b	141
12dae309	142	$c->register_auth_stores(
	143	default => $cfg->{store},
	144	%{ $cfg->{stores} \|\| {} },
	145	);
96777f3a	146
b003080b	147	$c->NEXT::setup(@_);
06675d2e	148	}
06675d2e	149
96777f3a	150	sub get_auth_store {
12dae309	151	my ( $self, $name ) = @_;
12dae309	152	$self->auth_stores->{$name} \|\| ( Class::Inspector->loaded($name) && $name );
96777f3a	153	}
	154
	155	sub get_auth_store_name {
12dae309	156	my ( $self, $store ) = @_;
12dae309	157	$self->auth_store_names->{$store};
96777f3a	158	}
	159
	160	sub register_auth_stores {
12dae309	161	my ( $self, %new ) = @_;
96777f3a	162
12dae309	163	foreach my $name ( keys %new ) {
	164	my $store = $new{$name} or next;
	165	$self->auth_stores->{$name} = $store;
	166	$self->auth_store_names->{$store} = $name;
	167	}
96777f3a	168	}
	169
	170	sub auth_stores {
12dae309	171	my $self = shift;
12dae309	172	$self->_auth_stores(@_) \|\| $self->_auth_stores( {} );
96777f3a	173	}
	174
	175	sub auth_store_names {
12dae309	176	my $self = shift;
96777f3a	177
4402d92d	178	$self->_auth_store_names \|\| do {
12dae309	179	tie my %hash, 'Tie::RefHash';
12dae309	180	$self->_auth_store_names( \%hash );
4fbe2e14	181	}
96777f3a	182	}
	183
	184	sub default_auth_store {
12dae309	185	my $self = shift;
96777f3a	186
12dae309	187	if ( my $new = shift ) {
	188	$self->register_auth_stores( default => $new );
	189	}
96777f3a	190
12dae309	191	$self->get_auth_store("default");
96777f3a	192	}
96777f3a	193
06675d2e	194	__PACKAGE__;
	195
	196	__END__
	197
	198	=pod
	199
	200	=head1 NAME
	201
55395841	202	Catalyst::Plugin::Authentication - Infrastructure plugin for the Catalyst
55395841	203	authentication framework.
06675d2e	204
	205	=head1 SYNOPSIS
	206
189b5b0c	207	use Catalyst qw/
	208	Authentication
	209	Authentication::Store::Foo
	210	Authentication::Credential::Password
	211	/;
	212
	213	# later on ...
	214	# ->login is provided by the Credential::Password module
	215	$c->login('myusername', 'mypassword');
	216	my $age = $c->user->age;
	217	$c->logout;
06675d2e	218
	219	=head1 DESCRIPTION
	220
e7522758	221	The authentication plugin provides generic user support. It is the basis
	222	for both authentication (checking the user is who they claim to be), and
	223	authorization (allowing the user to do what the system authorises them to do).
06675d2e	224
e7522758	225	Using authentication is split into two parts. A Store is used to actually
	226	store the user information, and can store any amount of data related to
	227	the user. Multiple stores can be accessed from within one application.
	228	Credentials are used to verify users, using the store, given data from
	229	the frontend.
189b5b0c	230
e7522758	231	To implement authentication in a catalyst application you need to add this
e7522758	232	module, plus at least one store and one credential module.
189b5b0c	233
e7522758	234	Authentication data can also be stored in a session, if the application
e7522758	235	is using the L<Catalyst::Plugin::Session> module.
06675d2e	236
	237	=head1 METHODS
	238
	239	=over 4
	240
06675d2e	241	=item user
06675d2e	242
189b5b0c	243	Returns the currently logged in user or undef if there is none.
06675d2e	244
ce0b058d	245	=item user_exists
	246
	247	Whether or not a user is logged in right now.
	248
	249	The reason this method exists is that C<<$c->user>> may needlessly load the
	250	user from the auth store.
	251
	252	If you're just going to say
	253
	254	if ( $c->user_user ) {
	255	# foo
	256	} else {
	257	$c->forward("login");
	258	}
	259
	260	it should be more efficient than C<<$c->user>> when a user is marked in the session
1e055395	261	but C<< $c->user >> hasn't been called yet.
ce0b058d	262
4402d92d	263	=item logout
	264
	265	Delete the currently logged in user from C<user> and the session.
	266
7d0922d8	267	=item get_user $uid
7d0922d8	268
189b5b0c	269	Fetch a particular users details, defined by the given ID, via the default store.
	270
	271	=back
	272
	273	=head1 CONFIGURATION
	274
	275	=over 4
	276
	277	=item use_session
	278
	279	Whether or not to store the user's logged in state in the session, if the
e7522758	280	application is also using the L<Catalyst::Plugin::Session> plugin. This
	281	value is set to true per default.
	282
	283	=item store
	284
1e055395	285	If multiple stores are being used, set the module you want as default here.
7d0922d8	286
1e055395	287	=item stores
	288
	289	If multiple stores are being used, you need to provide a name for each store
	290	here, as a hash, the keys are the names you wish to use, and the values are
	291	the the names of the plugins.
	292
	293	# example
	294	__PACKAGE__->config( authentication => {
	295	store => 'Catalyst::Plugin::Authentication::Store::HtPasswd',
	296	stores => {
	297	'dbic' => 'Catalyst::Plugin::Authentication::Store::DBIC'
	298	}
	299	});
	300
2bcde605	301	=back
1e055395	302
4fbe2e14	303	=head1 METHODS FOR STORE MANAGEMENT
4fbe2e14	304
fe4cf44a	305	=over 4
fe4cf44a	306
7d0922d8	307	=item default_auth_store
7d0922d8	308
4fbe2e14	309	Return the store whose name is 'default'.
7d0922d8	310
189b5b0c	311	This is set to C<< $c->config->{authentication}{store} >> if that value exists,
4fbe2e14	312	or by using a Store plugin:
	313
	314	use Catalyst qw/Authentication Authentication::Store::Minimal/;
	315
	316	Sets the default store to
	317	L<Catalyst::Plugin::Authentication::Store::Minimal::Backend>.
	318
a1e5bd36	319
4fbe2e14	320	=item get_auth_store $name
	321
	322	Return the store whose name is $name.
	323
	324	=item get_auth_store_name $store
	325
	326	Return the name of the store $store.
	327
	328	=item auth_stores
	329
	330	A hash keyed by name, with the stores registered in the app.
	331
	332	=item auth_store_names
	333
	334	A ref-hash keyed by store, which contains the names of the stores.
	335
	336	=item register_auth_stores %stores_by_name
	337
	338	Register stores into the application.
06675d2e	339
fe4cf44a	340	=back
fe4cf44a	341
06675d2e	342	=head1 INTERNAL METHODS
	343
	344	=over 4
	345
	346	=item set_authenticated $user
	347
	348	Marks a user as authenticated. Should be called from a
	349	C<Catalyst::Plugin::Authentication::Credential> plugin after successful
	350	authentication.
	351
	352	This involves setting C<user> and the internal data in C<session> if
	353	L<Catalyst::Plugin::Session> is loaded.
	354
e300c5b6	355	=item auth_restore_user $user
	356
	357	Used to restore a user from the session, by C<user> only when it's actually
	358	needed.
	359
	360	=item save_user_in_session $user
	361
	362	Used to save the user in a session.
	363
06675d2e	364	=item prepare
	365
	366	Revives a user from the session object if there is one.
	367
	368	=item setup
	369
	370	Sets the default configuration parameters.
	371
	372	=item
	373
	374	=back
	375
fbe577ac	376	=head1 SEE ALSO
	377
	378	L<Catalyst::Plugin::Authentication::Credential::Password>,
	379	L<Catalyst::Plugin::Authentication::Store::Minimal>,
	380	L<Catalyst::Plugin::Authorization::ACL>,
	381	L<Catalyst::Plugin::Authorization::Roles>.
	382
2bcde605	383	=head1 AUTHORS
fbe577ac	384
fbe577ac	385	Yuval Kogman, C<nothingmuch@woobling.org>
2bcde605	386
7d2f34eb	387	Jess Robinson
2bcde605	388
7d2f34eb	389	David Kamholz
06675d2e	390
fbe577ac	391	=head1 COPYRIGHT & LICNESE
	392
	393	Copyright (c) 2005 the aforementioned authors. All rights
	394	reserved. This program is free software; you can redistribute
	395	it and/or modify it under the same terms as Perl itself.
	396
	397	=cut
06675d2e	398