=head1 NAME
-Catalyst::Authentication::Store::LDAP::Backend
+Catalyst::Authentication::Store::LDAP::Backend
- LDAP authentication storage backend.
=head1 SYNOPSIS
'deref' => 'always',
},
'role_search_as_user' => 0,
+ 'persist_in_session' => 'all',
);
-
+
our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config);
=head1 DESCRIPTION
use strict;
use warnings;
-our $VERSION = '1.015';
+our $VERSION = '1.017';
use Catalyst::Authentication::Store::LDAP::User;
use Net::LDAP;
use Catalyst::Utils ();
+use Catalyst::Exception;
BEGIN {
__PACKAGE__->mk_accessors(
role_filter role_scope role_field role_value
role_search_options start_tls start_tls_options
user_results_filter user_class role_search_as_user
+ persist_in_session
)
);
}
$config_hash{'role_filter'} ||= '(memberUid=%s)';
$config_hash{'role_scope'} ||= 'sub';
$config_hash{'role_field'} ||= 'cn';
- $config_hash{'use_roles'} ||= '1';
+ $config_hash{'use_roles'} = '1'
+ unless exists $config_hash{use_roles};
$config_hash{'start_tls'} ||= '0';
$config_hash{'entry_class'} ||= 'Catalyst::Model::LDAP::Entry';
$config_hash{'user_class'}
||= 'Catalyst::Authentication::Store::LDAP::User';
$config_hash{'role_search_as_user'} ||= 0;
+ $config_hash{'persist_in_session'} ||= 'username';
+ Catalyst::Exception->throw('persist_in_session must be either username or all')
+ unless $config_hash{'persist_in_session'} =~ /\A(?:username|all)\z/;
Catalyst::Utils::ensure_class_loaded( $config_hash{'user_class'} );
my $self = \%config_hash;
=head2 find_user( I<authinfo>, $c )
Creates a L<Catalyst::Authentication::Store::LDAP::User> object
-for the given User ID. This is the preferred mechanism for getting a
+for the given User ID. This is the preferred mechanism for getting a
given User out of the Store.
I<authinfo> should be a hashref with a key of either C<id> or
A) Bind to the directory using the configured binddn and bindpw
B) Perform a search for the User Object in the directory, using
user_basedn, user_filter, and user_scope.
- C) Assuming we found the object, we will walk it's attributes
+ C) Assuming we found the object, we will walk its attributes
using L<Net::LDAP::Entry>'s get_value method. We store the
results in a hashref. If we do not find the object, then
undef is returned.
=head2 lookup_roles($userobj, [$ldap])
-This method looks up the roles for a given user. It takes a
+This method looks up the roles for a given user. It takes a
L<Catalyst::Authentication::Store::LDAP::User> object
-as it's first argument, and can optionally take a I<Net::LDAP> object which
+as its first argument, and can optionally take a I<Net::LDAP> object which
is used rather than the default binding if supplied.
It returns an array containing the role_field attribute from all the
-objects that match it's criteria.
+objects that match its criteria.
=cut
sub lookup_roles {
my ( $self, $userobj, $ldap ) = @_;
if ( $self->use_roles == 0 || $self->use_roles =~ /^false$/i ) {
- return undef;
+ return ();
}
$ldap ||= $self->role_search_as_user
? $userobj->ldap_connection : $self->ldap_bind;
. $userobj->username
. " has no "
. $self->role_value
- . " attribute, so I can't look up it's roles!" );
+ . " attribute, so I can't look up its roles!" );
}
my $filter = $self->_replace_filter( $self->role_filter, $filter_value );
push( @searchopts, 'filter' => $filter );
=head2 user_supports
-Returns the value of
+Returns the value of
Catalyst::Authentication::Store::LDAP::User->supports(@_).
=cut
Catalyst::Authentication::Store::LDAP::User->supports(@_);
}
-=head2 from_session( I<id>, I<$c> )
+=head2 from_session( I<id>, I<$c>, $frozenuser )
+
+Revives a serialized user from storage in the session.
-Returns get_user() for I<id>.
+Supports users stored with a different persist_in_session setting.
=cut
sub from_session {
- my ( $self, $c, $id ) = @_;
- $self->get_user( $id, $c );
+ my ( $self, $c, $frozenuser ) = @_;
+
+ # we need to restore the user depending on the current storage of the
+ # user in the session store which might differ from what
+ # persist_in_session is set to now
+ if ( ref $frozenuser eq 'HASH' ) {
+ # we can rely on the existance of this key if the user is a hashref
+ if ( $frozenuser->{persist_in_session} eq 'all' ) {
+ return $self->user_class->new( $self, $frozenuser->{user}, $c, $frozenuser->{_roles} );
+ }
+ }
+
+ return $self->get_user( $frozenuser, $c );
}
1;