X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP%2FUser.pm;h=636728e4d6497fc4d70efcbcb3c4562a1b33bde4;hb=8fe890e686a125fbb6f70afd6d95a9c6fe00b210;hp=559ba164d21b4eb693265ee7dad68446d78334f7;hpb=52a972a4846d22d327aee1ec6c0c5e76e216cb58;p=catagits%2FCatalyst-Authentication-Store-LDAP.git

diff --git a/lib/Catalyst/Authentication/Store/LDAP/User.pm b/lib/Catalyst/Authentication/Store/LDAP/User.pm
index 559ba16..636728e 100644
--- a/lib/Catalyst/Authentication/Store/LDAP/User.pm
+++ b/lib/Catalyst/Authentication/Store/LDAP/User.pm
@@ -48,13 +48,17 @@ use base qw( Catalyst::Authentication::User Class::Accessor::Fast );
 
 use strict;
 use warnings;
+use Scalar::Util qw/refaddr/;
 
-our $VERSION = '0.1005';
+our $VERSION = '1.006';
 
 BEGIN { __PACKAGE__->mk_accessors(qw/user store/) }
 
 use overload '""' => sub { shift->stringify }, fallback => 1;
 
+my %_ldap_connection_passwords; # Store inside-out so that they don't show up
+                                # in dumps..
+
 =head1 METHODS
 
 =head2 new($store, $user, $c)
@@ -141,10 +145,13 @@ sub check_password {
         'forauth' );
     if ( defined($ldap) ) {
         if ($self->store->role_search_as_user) {
+            # FIXME - This can be removed and made to use the code below..
             # Have to do the role lookup _now_, as this is the only time
             # that we have the user's password/ldap bind..
             $self->roles($ldap);
         }
+        # Stash a closure which can be used to retrieve the connection in the users context later.
+        $_ldap_connection_passwords{refaddr($self)} = $password;
         return 1;
     }
     else {
@@ -229,6 +236,19 @@ sub has_attribute {
     }
 }
 
+=head2 ldap_connection
+
+Re-binds to the auth store with the credentials of the user you logged in
+as, and returns a L<Net::LDAP> object which you can use to do further queries.
+
+=cut
+
+sub ldap_connection {
+    my $self = shift;
+    $self->store->ldap_bind( undef, $self->ldap_entry->dn,
+        $_ldap_connection_passwords{refaddr($self)} );
+}
+
 =head2 AUTOLOADed methods
 
 We automatically map the attributes of the underlying L<Net::LDAP::Entry>
@@ -268,6 +288,12 @@ value of user_field (uid by default.)
 
 =cut
 
+sub DESTROY {
+    my $self = shift;
+    # Don't leak passwords..
+    delete $_ldap_connection_passwords{refaddr($self)};
+}
+
 sub AUTOLOAD {
     my $self = shift;