=head1 SYNOPSIS
-You should be creating these objects through L<Catalyst::Authentication::Store::LDAP::Backend>'s "get_user" method, or just letting $c->login do
+You should be creating these objects through L<Catalyst::Authentication::Store::LDAP::Backend>'s "get_user" method, or just letting $c->authenticate do
it for you.
sub action : Local {
my ( $self, $c ) = @_;
- $c->login($c->req->param(username), $c->req->param(password));
+ $c->authenticate({
+ id => $c->req->param(username),
+ password => $c->req->param(password)
+ );
$c->log->debug($c->user->username . "is really neat!");
}
use strict;
use warnings;
+use Scalar::Util qw/refaddr/;
-our $VERSION = '0.1000';
+our $VERSION = '1.009';
BEGIN { __PACKAGE__->mk_accessors(qw/user store/) }
use overload '""' => sub { shift->stringify }, fallback => 1;
+my %_ldap_connection_passwords; # Store inside-out so that they don't show up
+ # in dumps..
+
=head1 METHODS
-=head2 new($store, $user)
+=head2 new($store, $user, $c)
Takes a L<Catalyst::Authentication::Store::LDAP::Backend> object
as $store, and the data structure returned by that class's "get_user"
-method as $user.
+method as $user. The final argument is an instance of your application,
+which is passed along for those wanting to subclass User and perhaps use
+models for fetching data.
Returns a L<Catalyst::Authentication::Store::LDAP::User> object.
=cut
sub new {
- my ( $class, $store, $user ) = @_;
+ my ( $class, $store, $user, $c ) = @_;
return unless $user;
return $string;
}
else {
- my ($string) = $self->$userfield;
- return $string;
+ my $val = $self->$userfield;
+ return ref($val) eq 'ARRAY' ? $val->[0] : $val;
}
}
= $self->store->ldap_bind( undef, $self->ldap_entry->dn, $password,
'forauth' );
if ( defined($ldap) ) {
+ if ($self->store->role_search_as_user) {
+ # FIXME - This can be removed and made to use the code below..
+ # Have to do the role lookup _now_, as this is the only time
+ # that we have the user's password/ldap bind..
+ $self->roles($ldap);
+ }
+ # Stash a closure which can be used to retrieve the connection in the users context later.
+ $_ldap_connection_passwords{refaddr($self)} = $password;
return 1;
}
else {
sub roles {
my $self = shift;
- return $self->store->lookup_roles($self);
+ my $ldap = shift;
+ $self->{_roles} ||= [$self->store->lookup_roles($self, $ldap)];
+ return @{$self->{_roles}};
}
=head2 for_session
}
}
+=head2 ldap_connection
+
+Re-binds to the auth store with the credentials of the user you logged in
+as, and returns a L<Net::LDAP> object which you can use to do further queries.
+
+=cut
+
+sub ldap_connection {
+ my $self = shift;
+ $self->store->ldap_bind( undef, $self->ldap_entry->dn,
+ $_ldap_connection_passwords{refaddr($self)} );
+}
+
=head2 AUTOLOADed methods
We automatically map the attributes of the underlying L<Net::LDAP::Entry>
=cut
+sub DESTROY {
+ my $self = shift;
+ # Don't leak passwords..
+ delete $_ldap_connection_passwords{refaddr($self)};
+}
+
sub AUTOLOAD {
my $self = shift;