X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP%2FUser.pm;h=636728e4d6497fc4d70efcbcb3c4562a1b33bde4;hb=8fe890e686a125fbb6f70afd6d95a9c6fe00b210;hp=ac193cab2290a2d24474cbb7557352b3f8716bec;hpb=1f800a61d6c9bc955ebf578cd8fbf1059f6896bc;p=catagits%2FCatalyst-Authentication-Store-LDAP.git diff --git a/lib/Catalyst/Authentication/Store/LDAP/User.pm b/lib/Catalyst/Authentication/Store/LDAP/User.pm index ac193ca..636728e 100644 --- a/lib/Catalyst/Authentication/Store/LDAP/User.pm +++ b/lib/Catalyst/Authentication/Store/LDAP/User.pm @@ -8,12 +8,15 @@ Catalyst::Authentication::Store::LDAP::User =head1 SYNOPSIS -You should be creating these objects through L's "get_user" method, or just letting $c->login do +You should be creating these objects through L's "get_user" method, or just letting $c->authenticate do it for you. sub action : Local { my ( $self, $c ) = @_; - $c->login($c->req->param(username), $c->req->param(password)); + $c->authenticate({ + id => $c->req->param(username), + password => $c->req->param(password) + ); $c->log->debug($c->user->username . "is really neat!"); } @@ -45,27 +48,33 @@ use base qw( Catalyst::Authentication::User Class::Accessor::Fast ); use strict; use warnings; +use Scalar::Util qw/refaddr/; -our $VERSION = '0.1003'; +our $VERSION = '1.006'; BEGIN { __PACKAGE__->mk_accessors(qw/user store/) } use overload '""' => sub { shift->stringify }, fallback => 1; +my %_ldap_connection_passwords; # Store inside-out so that they don't show up + # in dumps.. + =head1 METHODS -=head2 new($store, $user) +=head2 new($store, $user, $c) Takes a L object as $store, and the data structure returned by that class's "get_user" -method as $user. +method as $user. The final argument is an instance of your application, +which is passed along for those wanting to subclass User and perhaps use +models for fetching data. Returns a L object. =cut sub new { - my ( $class, $store, $user ) = @_; + my ( $class, $store, $user, $c ) = @_; return unless $user; @@ -135,6 +144,14 @@ sub check_password { = $self->store->ldap_bind( undef, $self->ldap_entry->dn, $password, 'forauth' ); if ( defined($ldap) ) { + if ($self->store->role_search_as_user) { + # FIXME - This can be removed and made to use the code below.. + # Have to do the role lookup _now_, as this is the only time + # that we have the user's password/ldap bind.. + $self->roles($ldap); + } + # Stash a closure which can be used to retrieve the connection in the users context later. + $_ldap_connection_passwords{refaddr($self)} = $password; return 1; } else { @@ -150,7 +167,9 @@ Returns the results of L's "look sub roles { my $self = shift; - return $self->store->lookup_roles($self); + my $ldap = shift; + $self->{_roles} ||= [$self->store->lookup_roles($self, $ldap)]; + return @{$self->{_roles}}; } =head2 for_session @@ -217,6 +236,19 @@ sub has_attribute { } } +=head2 ldap_connection + +Re-binds to the auth store with the credentials of the user you logged in +as, and returns a L object which you can use to do further queries. + +=cut + +sub ldap_connection { + my $self = shift; + $self->store->ldap_bind( undef, $self->ldap_entry->dn, + $_ldap_connection_passwords{refaddr($self)} ); +} + =head2 AUTOLOADed methods We automatically map the attributes of the underlying L @@ -256,6 +288,12 @@ value of user_field (uid by default.) =cut +sub DESTROY { + my $self = shift; + # Don't leak passwords.. + delete $_ldap_connection_passwords{refaddr($self)}; +} + sub AUTOLOAD { my $self = shift;