X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP%2FBackend.pm;h=75e2a0f6de6efc5768c06ea8e987a8f9bf8ade8e;hb=0d3c4264e91902605a92fc2f3d4c5b76a7f581cd;hp=5942d6d545fd9b75c23a4c2fbcf933273ba8ff15;hpb=dfead577d0091c13ab636431aefca08d0ff7330b;p=catagits%2FCatalyst-Authentication-Store-LDAP.git

diff --git a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
index 5942d6d..75e2a0f 100644
--- a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
+++ b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
@@ -3,7 +3,7 @@
 
 =head1 NAME
 
-Catalyst::Authentication::Store::LDAP::Backend 
+Catalyst::Authentication::Store::LDAP::Backend
   - LDAP authentication storage backend.
 
 =head1 SYNOPSIS
@@ -35,6 +35,7 @@ Catalyst::Authentication::Store::LDAP::Backend
             'user_field' => 'uid',
             'user_search_options' => {
                 'deref' => 'always',
+                'attrs' => [qw( distinguishedname name mail )],
             },
             'user_results_filter' => sub { return shift->pop_entry },
             'entry_class' => 'MyApp::LDAP::Entry',
@@ -49,8 +50,9 @@ Catalyst::Authentication::Store::LDAP::Backend
                 'deref' => 'always',
             },
             'role_search_as_user' => 0,
+            'persist_in_session'  => 'all',
     );
-    
+
     our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config);
 
 =head1 DESCRIPTION
@@ -72,11 +74,12 @@ use base qw( Class::Accessor::Fast );
 use strict;
 use warnings;
 
-our $VERSION = '1.015';
+our $VERSION = '1.016';
 
 use Catalyst::Authentication::Store::LDAP::User;
 use Net::LDAP;
 use Catalyst::Utils ();
+use Catalyst::Exception;
 
 BEGIN {
     __PACKAGE__->mk_accessors(
@@ -87,6 +90,7 @@ BEGIN {
             role_filter role_scope role_field role_value
             role_search_options start_tls start_tls_options
             user_results_filter user_class role_search_as_user
+            persist_in_session
             )
     );
 }
@@ -117,12 +121,16 @@ sub new {
     $config_hash{'role_filter'} ||= '(memberUid=%s)';
     $config_hash{'role_scope'}  ||= 'sub';
     $config_hash{'role_field'}  ||= 'cn';
-    $config_hash{'use_roles'}   ||= '1';
+    $config_hash{'use_roles'}   = '1'
+        unless exists $config_hash{use_roles};
     $config_hash{'start_tls'}   ||= '0';
     $config_hash{'entry_class'} ||= 'Catalyst::Model::LDAP::Entry';
     $config_hash{'user_class'}
         ||= 'Catalyst::Authentication::Store::LDAP::User';
     $config_hash{'role_search_as_user'} ||= 0;
+    $config_hash{'persist_in_session'}  ||= 'username';
+    Catalyst::Exception->throw('persist_in_session must be either username or all')
+        unless $config_hash{'persist_in_session'} =~ /\A(?:username|all)\z/;
 
     Catalyst::Utils::ensure_class_loaded( $config_hash{'user_class'} );
     my $self = \%config_hash;
@@ -133,7 +141,7 @@ sub new {
 =head2 find_user( I<authinfo>, $c )
 
 Creates a L<Catalyst::Authentication::Store::LDAP::User> object
-for the given User ID.  This is the preferred mechanism for getting a 
+for the given User ID.  This is the preferred mechanism for getting a
 given User out of the Store.
 
 I<authinfo> should be a hashref with a key of either C<id> or
@@ -371,7 +379,7 @@ sub lookup_user {
 
 =head2 lookup_roles($userobj, [$ldap])
 
-This method looks up the roles for a given user.  It takes a 
+This method looks up the roles for a given user.  It takes a
 L<Catalyst::Authentication::Store::LDAP::User> object
 as it's first argument, and can optionally take a I<Net::LDAP> object which
 is used rather than the default binding if supplied.
@@ -384,7 +392,7 @@ objects that match it's criteria.
 sub lookup_roles {
     my ( $self, $userobj, $ldap ) = @_;
     if ( $self->use_roles == 0 || $self->use_roles =~ /^false$/i ) {
-        return undef;
+        return ();
     }
     $ldap ||= $self->role_search_as_user
         ? $userobj->ldap_connection : $self->ldap_bind;
@@ -430,7 +438,7 @@ sub _replace_filter {
 
 =head2 user_supports
 
-Returns the value of 
+Returns the value of
 Catalyst::Authentication::Store::LDAP::User->supports(@_).
 
 =cut
@@ -442,15 +450,28 @@ sub user_supports {
     Catalyst::Authentication::Store::LDAP::User->supports(@_);
 }
 
-=head2 from_session( I<id>, I<$c> )
+=head2 from_session( I<id>, I<$c>, $frozenuser )
+
+Revives a serialized user from storage in the session.
 
-Returns get_user() for I<id>.
+Supports users stored with a different persist_in_session setting.
 
 =cut
 
 sub from_session {
-    my ( $self, $c, $id ) = @_;
-    $self->get_user( $id, $c );
+    my ( $self, $c, $frozenuser ) = @_;
+
+    # we need to restore the user depending on the current storage of the
+    # user in the session store which might differ from what
+    # persist_in_session is set to now
+    if ( ref $frozenuser eq 'HASH' ) {
+        # we can rely on the existance of this key if the user is a hashref
+        if ( $frozenuser->{persist_in_session} eq 'all' ) {
+            return $self->user_class->new( $self, $frozenuser->{user}, $c, $frozenuser->{_roles} );
+        }
+    }
+
+    return $self->get_user( $frozenuser, $c );
 }
 
 1;