[scpubgit/stemmaweb.git] / lib / stemmaweb / Controller / Users.pm

package stemmaweb::Controller::Users;
use Moose;
use namespace::autoclean;

use Google::JWT;

use JSON::MaybeXS;
use JSON::WebToken;

use MIME::Base64;

BEGIN {extends 'CatalystX::Controller::Auth'; }
with 'Catalyst::TraitFor::Controller::reCAPTCHA';

=head1 NAME

stemmaweb::Controller::Users - Catalyst Controller

=head1 DESCRIPTION

The Users controller is based on L<CatalystX::Controller::Auth>, see
there for most of the functionality. Any localised parts are described
below.

This controller uses L<Catalyst::TraitFor::Controller::reCAPTCHA> to
create and check a reCaptcha form shown on the C<register> form to
help prevent spam signups.

=head1 METHODS

=cut

sub base :Chained('/') :PathPart('') :CaptureArgs(0)
{
        my ( $self, $c ) = @_;

        $self->next::method( $c );
}

=head2 index

The index action is not currently used.

=cut

sub index :Path :Args(0) {
    my ( $self, $c ) = @_;

    $c->response->body('Matched stemmaweb::Controller::Users in Users.');
}

=head2 login with openid

Logging in with openid/google requires two passes through the login
action, on the 2nd pass the C<openid-check> value is passed in when
the openid providing webserver links the user back to the stemmaweb
site. This adaptation to the C<login> action sets the realm we are
authenticating against to be C<openid> in this case.

=cut

before login => sub {
  my($self, $c) = @_;
  $c->req->param( realm => 'openid')
    if $c->req->param('openid-check');

  if ($c->req->params->{email} && $c->req->params->{id_token}) {
    $c->req->param( realm => 'google');
  }
};

=head2 register with recaptcha

This adapts the C<register> action to add the recaptcha HTML to the
page, and verify the recaptcha info entered is correct when the form
is submitted. If the recaptcha is not correct, we just redisplay the
form with an error message.

=cut

before register => sub {
    my ($self, $c) = @_;

    ## Puts HTML into stash in "recaptcha" key.
    $c->forward('captcha_get');

    ## When submitting, check recaptcha passes, else re-draw form
    if($c->req->method eq 'POST') {
        if(!$c->forward('captcha_check') || 0 ) {
            ## Need these two lines to detach, so end can draw the correct template again:
            my $form = $self->form_handler->new( active => [ $self->login_id_field, 'password', 'confirm_password' ] );
            $c->stash( template => $self->register_template, form => $form );

            $c->detach();
        }
    }
};

=head2 success

A stub page returned on login / registration success.

=cut

sub success :Local :Args(0) {
    my ( $self, $c ) = @_;

	$c->load_status_msgs;
    $c->stash->{template} = 'auth/success.tt';
}

=head2 post_logout

Return to the index page, not to the login page.

=cut

sub post_logout {
	my( $self, $c ) = @_;
	$c->response->redirect( $c->uri_for_action( '/index' ) );
	$c->detach;
}

=head1 AUTHOR

A clever guy

=head1 LICENSE

This library is free software. You can redistribute it and/or modify
it under the same terms as Perl itself.

=cut

__PACKAGE__->meta->make_immutable;

1;
Commit	Line	Data
19262e3d	1	package stemmaweb::Controller::Users;
	2	use Moose;
	3	use namespace::autoclean;
	4
85990daf	5	use Google::JWT;
	6
	7	use JSON::MaybeXS;
	8	use JSON::WebToken;
	9
	10	use MIME::Base64;
	11
19262e3d	12	BEGIN {extends 'CatalystX::Controller::Auth'; }
b74843e5	13	with 'Catalyst::TraitFor::Controller::reCAPTCHA';
19262e3d	14
	15	=head1 NAME
	16
	17	stemmaweb::Controller::Users - Catalyst Controller
	18
	19	=head1 DESCRIPTION
	20
b74843e5	21	The Users controller is based on L<CatalystX::Controller::Auth>, see
	22	there for most of the functionality. Any localised parts are described
	23	below.
	24
	25	This controller uses L<Catalyst::TraitFor::Controller::reCAPTCHA> to
	26	create and check a reCaptcha form shown on the C<register> form to
	27	help prevent spam signups.
19262e3d	28
	29	=head1 METHODS
	30
	31	=cut
	32
	33	sub base :Chained('/') :PathPart('') :CaptureArgs(0)
	34	{
	35	my ( $self, $c ) = @_;
1628e97a	36
19262e3d	37	$self->next::method( $c );
	38	}
	39
	40	=head2 index
	41
b74843e5	42	The index action is not currently used.
b74843e5	43
19262e3d	44	=cut
	45
	46	sub index :Path :Args(0) {
	47	my ( $self, $c ) = @_;
	48
	49	$c->response->body('Matched stemmaweb::Controller::Users in Users.');
	50	}
	51
b74843e5	52	=head2 login with openid
	53
	54	Logging in with openid/google requires two passes through the login
	55	action, on the 2nd pass the C<openid-check> value is passed in when
	56	the openid providing webserver links the user back to the stemmaweb
eb38afbc	57	site. This adaptation to the C<login> action sets the realm we are
b74843e5	58	authenticating against to be C<openid> in this case.
	59
	60	=cut
	61
b600c671	62	before login => sub {
	63	my($self, $c) = @_;
	64	$c->req->param( realm => 'openid')
	65	if $c->req->param('openid-check');
83ed6665	66
	67	if ($c->req->params->{email} && $c->req->params->{id_token}) {
	68	$c->req->param( realm => 'google');
	69	}
b600c671	70	};
19262e3d	71
b74843e5	72	=head2 register with recaptcha
	73
	74	This adapts the C<register> action to add the recaptcha HTML to the
	75	page, and verify the recaptcha info entered is correct when the form
	76	is submitted. If the recaptcha is not correct, we just redisplay the
	77	form with an error message.
	78
	79	=cut
	80
	81	before register => sub {
	82	my ($self, $c) = @_;
	83
	84	## Puts HTML into stash in "recaptcha" key.
	85	$c->forward('captcha_get');
	86
	87	## When submitting, check recaptcha passes, else re-draw form
	88	if($c->req->method eq 'POST') {
85990daf	89	if(!$c->forward('captcha_check') \|\| 0 ) {
b74843e5	90	## Need these two lines to detach, so end can draw the correct template again:
	91	my $form = $self->form_handler->new( active => [ $self->login_id_field, 'password', 'confirm_password' ] );
	92	$c->stash( template => $self->register_template, form => $form );
	93
	94	$c->detach();
	95	}
	96	}
	97	};
	98
eb38afbc	99	=head2 success
	100
	101	A stub page returned on login / registration success.
	102
	103	=cut
	104
	105	sub success :Local :Args(0) {
	106	my ( $self, $c ) = @_;
	107
	108	$c->load_status_msgs;
	109	$c->stash->{template} = 'auth/success.tt';
	110	}
	111
	112	=head2 post_logout
	113
	114	Return to the index page, not to the login page.
	115
	116	=cut
	117
	118	sub post_logout {
	119	my( $self, $c ) = @_;
	120	$c->response->redirect( $c->uri_for_action( '/index' ) );
	121	$c->detach;
	122	}
	123
19262e3d	124	=head1 AUTHOR
	125
	126	A clever guy
	127
	128	=head1 LICENSE
	129
	130	This library is free software. You can redistribute it and/or modify
	131	it under the same terms as Perl itself.
	132
	133	=cut
	134
	135	__PACKAGE__->meta->make_immutable;
	136
	137	1;