package Catalyst::Authentication::Credential::OpenID;
use strict;
-# use warnings; no warnings "uninitialized"; # for testing, not production
-use parent "Class::Accessor::Fast";
-
-BEGIN {
- __PACKAGE__->mk_accessors(qw/ _config realm debug secret /);
-}
-
-our $VERSION = "0.14_03";
+use warnings;
+use base "Class::Accessor::Fast";
+
+__PACKAGE__->mk_accessors(qw/
+ realm debug secret
+ openid_field
+ consumer_secret
+ ua_class
+ ua_args
+ extension_args
+ errors_are_fatal
+ extensions
+/);
+
+our $VERSION = "0.16";
use Net::OpenID::Consumer;
use Catalyst::Exception ();
-sub new : method {
+sub new {
my ( $class, $config, $c, $realm ) = @_;
- my $self = { _config => { %{ $config },
- %{ $realm->{config} }
- }
+ my $self = {
+ %{ $config },
+ %{ $realm->{config} }
};
bless $self, $class;
# 2.0 spec says "SHOULD" be named "openid_identifier."
- $self->_config->{openid_field} ||= "openid_identifier";
-
- $self->debug( $self->_config->{debug} );
+ $self->{openid_field} ||= "openid_identifier";
- my $secret = $self->_config->{consumer_secret} ||= join("+",
+ my $secret = $self->{consumer_secret} ||= join("+",
__PACKAGE__,
$VERSION,
sort keys %{ $c->config }
$secret = substr($secret,0,255) if length $secret > 255;
$self->secret($secret);
# If user has no preference we prefer L::PA b/c it can prevent DoS attacks.
- $self->_config->{ua_class} ||= eval "use LWPx::ParanoidAgent" ?
+ my $ua_class = $self->{ua_class} ||= eval "use LWPx::ParanoidAgent" ?
"LWPx::ParanoidAgent" : "LWP::UserAgent";
- my $agent_class = $self->_config->{ua_class};
+ my $agent_class = $self->ua_class;
eval "require $agent_class"
or Catalyst::Exception->throw("Could not 'require' user agent class " .
- $self->_config->{ua_class});
+ $self->ua_class);
$c->log->debug("Setting consumer secret: " . $secret) if $self->debug;
return $self;
}
-sub authenticate : method {
+sub authenticate {
my ( $self, $c, $realm, $authinfo ) = @_;
$c->log->debug("authenticate() called from " . $c->request->uri) if $self->debug;
- my $field = $self->{_config}->{openid_field};
+ my $field = $self->openid_field;
my $claimed_uri = $authinfo->{ $field };
my $csr = Net::OpenID::Consumer->new(
- ua => $self->_config->{ua_class}->new(%{$self->_config->{ua_args} || {}}),
+ ua => $self->ua_class->new(%{$self->ua_args || {}}),
args => $c->req->params,
consumer_secret => $self->secret,
);
- if ( $self->_config->{extension_args} and $self->debug )
+ if ( $self->extension_args and $self->debug )
{
- $c->log->info("The configuration key 'extension_args' is deprecated; use 'extensions'");
+ # FIXME - Only on startup, remove extension_args accessor
+ $c->log->warn("The configuration key 'extension_args' is deprecated; use 'extensions'");
}
- my @extensions = $self->_config->{extensions} ?
- @{ $self->_config->{extensions} } : $self->_config->{extension_args} ?
- @{ $self->_config->{extension_args} } : ();
+ my @extensions = $self->extensions ?
+ @{ $self->extensions } : $self->extension_args ?
+ @{ $self->extension_args } : ();
if ( $claimed_uri )
{
my $identity = $csr->claimed_identity($claimed_uri);
unless ( $identity )
{
- if ( $self->_config->{errors_are_fatal} )
+ if ( $self->errors_are_fatal )
{
Catalyst::Exception->throw($csr->err);
}
}
else
{
- $self->_config->{errors_are_fatal} ?
+ $self->errors_are_fatal ?
Catalyst::Exception->throw("Error validating identity: " . $csr->err)
:
$c->log->error( $csr->err);
=head1 VERSION
-0.14_03
+0.16
=head1 BACKWARDS COMPATIBILITY CHANGES
-=head2 EXTENTION_ARGS v EXTENSIONS
+=head2 EXTENSION_ARGS v EXTENSIONS
-B<NB>: The extenstions were previously configured under the key C<extension_args>. They are now configured under C<extensions>. This prevents the need for double configuration but it breaks extensions in your application if you do not change the name. The old version is supported for now but may be phased out at any time.
+B<NB>: The extensions were previously configured under the key C<extension_args>. They are now configured under C<extensions>. This prevents the need for double configuration but it breaks extensions in your application if you do not change the name. The old version is supported for now but may be phased out at any time.
As previously noted, L</EXTENSIONS TO OPENID>, I have not tested the extensions. I would be grateful for any feedback or, better, tests.
<openid>
<credential>
class OpenID
+ ua_class LWP::UserAgent
</credential>
- ua_class LWP::UserAgent
</openid>
</realms>
</Plugin::Authentication>
openid:
credential:
class: OpenID
- ua_class: LWP::UserAgent
+ ua_class: LWP::UserAgent
In a controller, perhaps C<Root::openid>-
}
},
openid => {
- consumer_secret => "Don't bother setting",
- ua_class => "LWP::UserAgent",
- ua_args => {
- whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
- },
credential => {
class => "OpenID",
store => {
class => "OpenID",
},
- },
- extensions => [
- 'http://openid.net/extensions/sreg/1.1',
- {
- required => 'email',
- optional => 'fullname,nickname,timezone',
+ consumer_secret => "Don't bother setting",
+ ua_class => "LWP::UserAgent",
+ # whitelist is only relevant for LWPx::ParanoidAgent
+ ua_args => {
+ whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
},
- ],
+ extensions => [
+ 'http://openid.net/extensions/sreg/1.1',
+ {
+ required => 'email',
+ optional => 'fullname,nickname,timezone',
+ },
+ ],
+ },
},
},
}
</credential>
</members>
<openid>
- <ua_args>
- whitelisted_hosts 127.0.0.1
- whitelisted_hosts localhost
- </ua_args>
- consumer_secret Don't bother setting
- ua_class LWP::UserAgent
<credential>
<store>
class OpenID
</store>
class OpenID
+ <ua_args>
+ whitelisted_hosts 127.0.0.1
+ whitelisted_hosts localhost
+ </ua_args>
+ consumer_secret Don't bother setting
+ ua_class LWP::UserAgent
+ <extensions>
+ http://openid.net/extensions/sreg/1.1
+ required email
+ optional fullname,nickname,timezone
+ </extensions>
</credential>
- <extensions>
- http://openid.net/extensions/sreg/1.1
- required email
- optional fullname,nickname,timezone
- </extensions>
</openid>
</realms>
</Plugin::Authentication>
class: OpenID
store:
class: OpenID
- consumer_secret: Don't bother setting
- ua_class: LWP::UserAgent
- ua_args:
- whitelisted_hosts:
- - 127.0.0.1
- - localhost
- extensions:
- - http://openid.net/extensions/sreg/1.1
- - required: email
- optional: fullname,nickname,timezone
+ consumer_secret: Don't bother setting
+ ua_class: LWP::UserAgent
+ ua_args:
+ # whitelist is only relevant for LWPx::ParanoidAgent
+ whitelisted_hosts:
+ - 127.0.0.1
+ - localhost
+ extensions:
+ - http://openid.net/extensions/sreg/1.1
+ - required: email
+ optional: fullname,nickname,timezone
B<NB>: There is no OpenID store yet.
=head2 MORE ON CONFIGURATION
-These are set in your realm. See above.
-
=over 4
=item ua_args and ua_class