X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP%2FUser.pm;h=42e44174dc575a6bd6ff66f4c1bef8add8a28018;hb=57d476f11c5e55a1d39c6f5b5ac56ab31e2d9226;hp=69d2c33e79263780ba084467b4141936ec7154cd;hpb=baf99620bce87348b86c56eb46edef9395eb7ebe;p=catagits%2FCatalyst-Authentication-Store-LDAP.git diff --git a/lib/Catalyst/Authentication/Store/LDAP/User.pm b/lib/Catalyst/Authentication/Store/LDAP/User.pm index 69d2c33..42e4417 100644 --- a/lib/Catalyst/Authentication/Store/LDAP/User.pm +++ b/lib/Catalyst/Authentication/Store/LDAP/User.pm @@ -48,13 +48,17 @@ use base qw( Catalyst::Authentication::User Class::Accessor::Fast ); use strict; use warnings; +use Scalar::Util qw/refaddr/; -our $VERSION = '0.1005'; +our $VERSION = '1.012'; -BEGIN { __PACKAGE__->mk_accessors(qw/user store _ldap_connection/) } +BEGIN { __PACKAGE__->mk_accessors(qw/user store/) } use overload '""' => sub { shift->stringify }, fallback => 1; +my %_ldap_connection_passwords; # Store inside-out so that they don't show up + # in dumps.. + =head1 METHODS =head2 new($store, $user, $c) @@ -107,8 +111,8 @@ sub stringify { return $string; } else { - my ($string) = $self->$userfield; - return $string; + my $val = $self->$userfield; + return ref($val) eq 'ARRAY' ? $val->[0] : $val; } } @@ -147,9 +151,7 @@ sub check_password { $self->roles($ldap); } # Stash a closure which can be used to retrieve the connection in the users context later. - $self->_ldap_connection( sub { - $self->store->ldap_bind( undef, $self->ldap_entry->dn, $password ) - }); + $_ldap_connection_passwords{refaddr($self)} = $password; return 1; } else { @@ -226,6 +228,9 @@ sub has_attribute { if ( $attribute eq "dn" ) { return $self->ldap_entry->dn; } + elsif ( $attribute eq "username" ) { + return $self->user->{'attributes'}->{$self->store->user_field}; + } elsif ( exists( $self->user->{'attributes'}->{$attribute} ) ) { return $self->user->{'attributes'}->{$attribute}; } @@ -234,6 +239,36 @@ sub has_attribute { } } +=head2 get + +A simple wrapper around has_attribute() to satisfy the Catalyst::Authentication::User API. + +=cut + +sub get { return shift->has_attribute(@_) } + +=head2 get_object + +Satisfies the Catalyst::Authentication::User API and returns the contents of the user() +attribute. + +=cut + +sub get_object { return shift->user } + +=head2 ldap_connection + +Re-binds to the auth store with the credentials of the user you logged in +as, and returns a L object which you can use to do further queries. + +=cut + +sub ldap_connection { + my $self = shift; + $self->store->ldap_bind( undef, $self->ldap_entry->dn, + $_ldap_connection_passwords{refaddr($self)} ); +} + =head2 AUTOLOADed methods We automatically map the attributes of the underlying L @@ -273,6 +308,12 @@ value of user_field (uid by default.) =cut +sub DESTROY { + my $self = shift; + # Don't leak passwords.. + delete $_ldap_connection_passwords{refaddr($self)}; +} + sub AUTOLOAD { my $self = shift; @@ -281,20 +322,9 @@ sub AUTOLOAD { if ( $method eq "DESTROY" ) { return; } - if ( exists( $self->user->{'attributes'}->{$method} ) ) { - return $self->user->{'attributes'}->{$method}; - } - elsif ( $method eq "username" ) { - my $userfield = $self->store->user_field; - my $username = $self->has_attribute($userfield); - if ($username) { - return $username; - } - else { - Catalyst::Exception->throw( "User is missing the " - . $userfield - . " attribute, which should not be possible!" ); - } + + if ( my $attribute = $self->has_attribute($method) ) { + return $attribute; } else { Catalyst::Exception->throw(