X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP%2FUser.pm;h=3dc1a78ded3ab31dbdf04015a044f116100cb050;hb=dfead577d0091c13ab636431aefca08d0ff7330b;hp=9f8298024f7998db2e61499518982439a959e983;hpb=da0d62e49deca8780dfaa43aa06dd23036212af2;p=catagits%2FCatalyst-Authentication-Store-LDAP.git

diff --git a/lib/Catalyst/Authentication/Store/LDAP/User.pm b/lib/Catalyst/Authentication/Store/LDAP/User.pm
index 9f82980..3dc1a78 100644
--- a/lib/Catalyst/Authentication/Store/LDAP/User.pm
+++ b/lib/Catalyst/Authentication/Store/LDAP/User.pm
@@ -48,27 +48,33 @@ use base qw( Catalyst::Authentication::User Class::Accessor::Fast );
 
 use strict;
 use warnings;
+use Scalar::Util qw/refaddr/;
 
-our $VERSION = '0.1004';
+our $VERSION = '1.015';
 
-BEGIN { __PACKAGE__->mk_accessors(qw/user store _ldap_connection_password/) }
+BEGIN { __PACKAGE__->mk_accessors(qw/user store/) }
 
 use overload '""' => sub { shift->stringify }, fallback => 1;
 
+my %_ldap_connection_passwords; # Store inside-out so that they don't show up
+                                # in dumps..
+
 =head1 METHODS
 
-=head2 new($store, $user)
+=head2 new($store, $user, $c)
 
 Takes a L<Catalyst::Authentication::Store::LDAP::Backend> object
 as $store, and the data structure returned by that class's "get_user"
-method as $user.
+method as $user.  The final argument is an instance of your application,
+which is passed along for those wanting to subclass User and perhaps use
+models for fetching data.
 
 Returns a L<Catalyst::Authentication::Store::LDAP::User> object.
 
 =cut
 
 sub new {
-    my ( $class, $store, $user ) = @_;
+    my ( $class, $store, $user, $c ) = @_;
 
     return unless $user;
 
@@ -105,8 +111,8 @@ sub stringify {
         return $string;
     }
     else {
-        my ($string) = $self->$userfield;
-        return $string;
+        my $val = $self->$userfield;
+        return ref($val) eq 'ARRAY' ? $val->[0] : $val;
     }
 }
 
@@ -134,20 +140,9 @@ bind, 0 on failure.
 
 sub check_password {
     my ( $self, $password ) = @_;
-    my $ldap
-        = $self->store->ldap_bind( undef, $self->ldap_entry->dn, $password,
-        'forauth' );
-    if ( defined($ldap) ) {
-        if ($self->store->role_search_as_user) {
-            # FIXME - This can be removed and made to use the code below..
-            # Have to do the role lookup _now_, as this is the only time
-            # that we have the user's password/ldap bind..
-            $self->roles($ldap);
-        }
+    if ( $self->store->ldap_auth($self->ldap_entry->dn, $password) ) {
         # Stash a closure which can be used to retrieve the connection in the users context later.
-        $self->_ldap_connection_password( sub { $password } ); # Close over
-            # password to try to ensure it doesn't come out in debug dumps
-            # or get serialized into sessions etc..
+        $_ldap_connection_passwords{refaddr($self)} = $password;
         return 1;
     }
     else {
@@ -163,8 +158,7 @@ Returns the results of L<Catalyst::Authentication::Store::LDAP::Backend>'s "look
 
 sub roles {
     my $self = shift;
-    my $ldap = shift;
-    $self->{_roles} ||= [$self->store->lookup_roles($self, $ldap)];
+    $self->{_roles} ||= [$self->store->lookup_roles($self)];
     return @{$self->{_roles}};
 }
 
@@ -224,6 +218,9 @@ sub has_attribute {
     if ( $attribute eq "dn" ) {
         return $self->ldap_entry->dn;
     }
+    elsif ( $attribute eq "username" ) {
+       return $self->user->{'attributes'}->{$self->store->user_field};
+    }
     elsif ( exists( $self->user->{'attributes'}->{$attribute} ) ) {
         return $self->user->{'attributes'}->{$attribute};
     }
@@ -232,6 +229,23 @@ sub has_attribute {
     }
 }
 
+=head2 get
+
+A simple wrapper around has_attribute() to satisfy the Catalyst::Authentication::User API.
+
+=cut
+
+sub get { return shift->has_attribute(@_) }
+
+=head2 get_object
+
+Satisfies the Catalyst::Authentication::User API and returns the contents of the user()
+attribute.
+
+=cut
+
+sub get_object { return shift->user }
+
 =head2 ldap_connection
 
 Re-binds to the auth store with the credentials of the user you logged in
@@ -241,11 +255,8 @@ as, and returns a L<Net::LDAP> object which you can use to do further queries.
 
 sub ldap_connection {
     my $self = shift;
-    my $msg = $self->store->ldap_bind( undef, $self->ldap_entry->dn,
-        $self->_ldap_connection_password->() );
-    $msg->code && die("Error whilst re-binding as " . $self->ldap_entry->dn
-        . " after auth: " . $msg->error . " (" . $msg->code . ")");
-    return $self->store;
+    $self->store->ldap_bind( undef, $self->ldap_entry->dn,
+        $_ldap_connection_passwords{refaddr($self)} );
 }
 
 =head2 AUTOLOADed methods
@@ -287,6 +298,21 @@ value of user_field (uid by default.)
 
 =cut
 
+sub DESTROY {
+    my $self = shift;
+    # Don't leak passwords..
+    delete $_ldap_connection_passwords{refaddr($self)};
+}
+
+sub can {
+    my ($self, $method) = @_;
+
+    return $self->SUPER::can($method) || do {
+        return unless $self->has_attribute($method);
+        return sub { $_[0]->has_attribute($method) };
+    };
+}
+
 sub AUTOLOAD {
     my $self = shift;
 
@@ -295,20 +321,9 @@ sub AUTOLOAD {
     if ( $method eq "DESTROY" ) {
         return;
     }
-    if ( exists( $self->user->{'attributes'}->{$method} ) ) {
-        return $self->user->{'attributes'}->{$method};
-    }
-    elsif ( $method eq "username" ) {
-        my $userfield = $self->store->user_field;
-        my $username  = $self->has_attribute($userfield);
-        if ($username) {
-            return $username;
-        }
-        else {
-            Catalyst::Exception->throw( "User is missing the "
-                    . $userfield
-                    . " attribute, which should not be possible!" );
-        }
+
+    if ( my $attribute = $self->has_attribute($method) ) {
+        return $attribute;
     }
     else {
         Catalyst::Exception->throw(