use strict;
use warnings;
+use Scalar::Util qw/refaddr/;
-our $VERSION = '0.1004';
+our $VERSION = '1.015';
-BEGIN { __PACKAGE__->mk_accessors(qw/user store _ldap_connection_password/) }
+BEGIN { __PACKAGE__->mk_accessors(qw/user store/) }
use overload '""' => sub { shift->stringify }, fallback => 1;
+my %_ldap_connection_passwords; # Store inside-out so that they don't show up
+ # in dumps..
+
=head1 METHODS
-=head2 new($store, $user)
+=head2 new($store, $user, $c)
Takes a L<Catalyst::Authentication::Store::LDAP::Backend> object
as $store, and the data structure returned by that class's "get_user"
-method as $user.
+method as $user. The final argument is an instance of your application,
+which is passed along for those wanting to subclass User and perhaps use
+models for fetching data.
Returns a L<Catalyst::Authentication::Store::LDAP::User> object.
=cut
sub new {
- my ( $class, $store, $user ) = @_;
+ my ( $class, $store, $user, $c ) = @_;
return unless $user;
return $string;
}
else {
- my ($string) = $self->$userfield;
- return $string;
+ my $val = $self->$userfield;
+ return ref($val) eq 'ARRAY' ? $val->[0] : $val;
}
}
sub check_password {
my ( $self, $password ) = @_;
- my $ldap
- = $self->store->ldap_bind( undef, $self->ldap_entry->dn, $password,
- 'forauth' );
- if ( defined($ldap) ) {
- if ($self->store->role_search_as_user) {
- # FIXME - This can be removed and made to use the code below..
- # Have to do the role lookup _now_, as this is the only time
- # that we have the user's password/ldap bind..
- $self->roles($ldap);
- }
+ if ( $self->store->ldap_auth($self->ldap_entry->dn, $password) ) {
# Stash a closure which can be used to retrieve the connection in the users context later.
- $self->_ldap_connection_password( sub { $password } ); # Close over
- # password to try to ensure it doesn't come out in debug dumps
- # or get serialized into sessions etc..
+ $_ldap_connection_passwords{refaddr($self)} = $password;
return 1;
}
else {
sub roles {
my $self = shift;
- my $ldap = shift;
- $self->{_roles} ||= [$self->store->lookup_roles($self, $ldap)];
+ $self->{_roles} ||= [$self->store->lookup_roles($self)];
return @{$self->{_roles}};
}
if ( $attribute eq "dn" ) {
return $self->ldap_entry->dn;
}
+ elsif ( $attribute eq "username" ) {
+ return $self->user->{'attributes'}->{$self->store->user_field};
+ }
elsif ( exists( $self->user->{'attributes'}->{$attribute} ) ) {
return $self->user->{'attributes'}->{$attribute};
}
}
}
+=head2 get
+
+A simple wrapper around has_attribute() to satisfy the Catalyst::Authentication::User API.
+
+=cut
+
+sub get { return shift->has_attribute(@_) }
+
+=head2 get_object
+
+Satisfies the Catalyst::Authentication::User API and returns the contents of the user()
+attribute.
+
+=cut
+
+sub get_object { return shift->user }
+
=head2 ldap_connection
Re-binds to the auth store with the credentials of the user you logged in
sub ldap_connection {
my $self = shift;
- my $msg = $self->store->ldap_bind( undef, $self->ldap_entry->dn,
- $self->_ldap_connection_password->() );
- $msg->code && die("Error whilst re-binding as " . $self->ldap_entry->dn
- . " after auth: " . $msg->error . " (" . $msg->code . ")");
- return $self->store;
+ $self->store->ldap_bind( undef, $self->ldap_entry->dn,
+ $_ldap_connection_passwords{refaddr($self)} );
}
=head2 AUTOLOADed methods
=cut
+sub DESTROY {
+ my $self = shift;
+ # Don't leak passwords..
+ delete $_ldap_connection_passwords{refaddr($self)};
+}
+
+sub can {
+ my ($self, $method) = @_;
+
+ return $self->SUPER::can($method) || do {
+ return unless $self->has_attribute($method);
+ return sub { $_[0]->has_attribute($method) };
+ };
+}
+
sub AUTOLOAD {
my $self = shift;
if ( $method eq "DESTROY" ) {
return;
}
- if ( exists( $self->user->{'attributes'}->{$method} ) ) {
- return $self->user->{'attributes'}->{$method};
- }
- elsif ( $method eq "username" ) {
- my $userfield = $self->store->user_field;
- my $username = $self->has_attribute($userfield);
- if ($username) {
- return $username;
- }
- else {
- Catalyst::Exception->throw( "User is missing the "
- . $userfield
- . " attribute, which should not be possible!" );
- }
+
+ if ( my $attribute = $self->has_attribute($method) ) {
+ return $attribute;
}
else {
Catalyst::Exception->throw(
projects / catagits/Catalyst-Authentication-Store-LDAP.git / blobdiff