X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP%2FBackend.pm;h=d372b4b7b3cf39d26e9b72122327f948e714772f;hb=2690c1e351ec34f25c67ceae98ce025ad86f3fb1;hp=e23c77fe70420f735ae2089f80a6661d5eb68553;hpb=439924cb60130b112899c2eb54a665ef615d5093;p=catagits%2FCatalyst-Authentication-Store-LDAP.git diff --git a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm index e23c77f..d372b4b 100644 --- a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm +++ b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm @@ -74,11 +74,12 @@ use base qw( Class::Accessor::Fast ); use strict; use warnings; -our $VERSION = '1.015'; +our $VERSION = '1.017'; use Catalyst::Authentication::Store::LDAP::User; use Net::LDAP; use Catalyst::Utils (); +use Catalyst::Exception; BEGIN { __PACKAGE__->mk_accessors( @@ -120,12 +121,16 @@ sub new { $config_hash{'role_filter'} ||= '(memberUid=%s)'; $config_hash{'role_scope'} ||= 'sub'; $config_hash{'role_field'} ||= 'cn'; - $config_hash{'use_roles'} ||= '1'; + $config_hash{'use_roles'} = '1' + unless exists $config_hash{use_roles}; $config_hash{'start_tls'} ||= '0'; $config_hash{'entry_class'} ||= 'Catalyst::Model::LDAP::Entry'; $config_hash{'user_class'} ||= 'Catalyst::Authentication::Store::LDAP::User'; $config_hash{'role_search_as_user'} ||= 0; + $config_hash{'persist_in_session'} ||= 'username'; + Catalyst::Exception->throw('persist_in_session must be either username or all') + unless $config_hash{'persist_in_session'} =~ /\A(?:username|all)\z/; Catalyst::Utils::ensure_class_loaded( $config_hash{'user_class'} ); my $self = \%config_hash; @@ -275,7 +280,7 @@ Given a User ID, this method will: A) Bind to the directory using the configured binddn and bindpw B) Perform a search for the User Object in the directory, using user_basedn, user_filter, and user_scope. - C) Assuming we found the object, we will walk it's attributes + C) Assuming we found the object, we will walk its attributes using L's get_value method. We store the results in a hashref. If we do not find the object, then undef is returned. @@ -376,18 +381,18 @@ sub lookup_user { This method looks up the roles for a given user. It takes a L object -as it's first argument, and can optionally take a I object which +as its first argument, and can optionally take a I object which is used rather than the default binding if supplied. It returns an array containing the role_field attribute from all the -objects that match it's criteria. +objects that match its criteria. =cut sub lookup_roles { my ( $self, $userobj, $ldap ) = @_; if ( $self->use_roles == 0 || $self->use_roles =~ /^false$/i ) { - return undef; + return (); } $ldap ||= $self->role_search_as_user ? $userobj->ldap_connection : $self->ldap_bind; @@ -405,7 +410,7 @@ sub lookup_roles { . $userobj->username . " has no " . $self->role_value - . " attribute, so I can't look up it's roles!" ); + . " attribute, so I can't look up its roles!" ); } my $filter = $self->_replace_filter( $self->role_filter, $filter_value ); push( @searchopts, 'filter' => $filter ); @@ -445,17 +450,25 @@ sub user_supports { Catalyst::Authentication::Store::LDAP::User->supports(@_); } -=head2 from_session( I, I<$c> ) +=head2 from_session( I, I<$c>, $frozenuser ) + +Revives a serialized user from storage in the session. -Returns get_user() for I. +Supports users stored with a different persist_in_session setting. =cut sub from_session { my ( $self, $c, $frozenuser ) = @_; - if ( $self->persist_in_session eq 'all' ) { - return $self->user_class->new( $self, $frozenuser->{user}, $c, $frozenuser->{_roles} ); + # we need to restore the user depending on the current storage of the + # user in the session store which might differ from what + # persist_in_session is set to now + if ( ref $frozenuser eq 'HASH' ) { + # we can rely on the existance of this key if the user is a hashref + if ( $frozenuser->{persist_in_session} eq 'all' ) { + return $self->user_class->new( $self, $frozenuser->{user}, $c, $frozenuser->{_roles} ); + } } return $self->get_user( $frozenuser, $c );