X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP%2FUser.pm;h=e0b6e7f9b70fa7cebdacf7afd8654b767c654a85;hb=HEAD;hp=ec3fa254549ebc7ef92df03bc80e6cb27a450879;hpb=62534b1b4eb2c8f2ab4208768f6924c25eb80e7b;p=catagits%2FCatalyst-Authentication-Store-LDAP.git

diff --git a/lib/Catalyst/Authentication/Store/LDAP/User.pm b/lib/Catalyst/Authentication/Store/LDAP/User.pm
index ec3fa25..e0b6e7f 100644
--- a/lib/Catalyst/Authentication/Store/LDAP/User.pm
+++ b/lib/Catalyst/Authentication/Store/LDAP/User.pm
@@ -4,7 +4,7 @@
 =head1 NAME
 
 Catalyst::Authentication::Store::LDAP::User
- - A User object representing an LDAP object. 
+ - A User object representing an LDAP object.
 
 =head1 SYNOPSIS
 
@@ -25,13 +25,13 @@ username.
 
 =head1 DESCRIPTION
 
-This wraps up an LDAP object and presents a simplified interface to it's
+This wraps up an LDAP object and presents a simplified interface to its
 contents.  It uses some AUTOLOAD magic to pass method calls it doesn't
 understand through as simple read only accessors for the LDAP entries
-various attributes.  
+various attributes.
 
 It gets grumpy if you ask for an attribute via the AUTOLOAD mechanism
-that it doesn't know about.  Avoid that with using "has_attribute", 
+that it doesn't know about.  Avoid that with using "has_attribute",
 discussed in more detail below.
 
 You can skip all that and just go straight to the L<Net::LDAP::Entry>
@@ -49,8 +49,9 @@ use base qw( Catalyst::Authentication::User Class::Accessor::Fast );
 use strict;
 use warnings;
 use Scalar::Util qw/refaddr/;
+use Net::LDAP::Entry;
 
-our $VERSION = '1.014';
+our $VERSION = '1.017';
 
 BEGIN { __PACKAGE__->mk_accessors(qw/user store/) }
 
@@ -74,11 +75,11 @@ Returns a L<Catalyst::Authentication::Store::LDAP::User> object.
 =cut
 
 sub new {
-    my ( $class, $store, $user, $c ) = @_;
+    my ( $class, $store, $user, $c, $roles ) = @_;
 
     return unless $user;
 
-    bless { store => $store, user => $user, }, $class;
+    bless { store => $store, user => $user, _roles => $roles }, $class;
 }
 
 =head2 id
@@ -140,16 +141,7 @@ bind, 0 on failure.
 
 sub check_password {
     my ( $self, $password ) = @_;
-    my $ldap
-        = $self->store->ldap_bind( undef, $self->ldap_entry->dn, $password,
-        'forauth' );
-    if ( defined($ldap) ) {
-        if ($self->store->role_search_as_user) {
-            # FIXME - This can be removed and made to use the code below..
-            # Have to do the role lookup _now_, as this is the only time
-            # that we have the user's password/ldap bind..
-            $self->roles($ldap);
-        }
+    if ( $self->store->ldap_auth($self->ldap_entry->dn, $password) ) {
         # Stash a closure which can be used to retrieve the connection in the users context later.
         $_ldap_connection_passwords{refaddr($self)} = $password;
         return 1;
@@ -167,25 +159,40 @@ Returns the results of L<Catalyst::Authentication::Store::LDAP::Backend>'s "look
 
 sub roles {
     my $self = shift;
-    my $ldap = shift;
-    $self->{_roles} ||= [$self->store->lookup_roles($self, $ldap)];
+    $self->{_roles} ||= [$self->store->lookup_roles($self)];
     return @{$self->{_roles}};
 }
 
 =head2 for_session
 
-Returns the User object, stringified.
+Returns the user for persistence in the session depending on the
+persist_in_session config option.
+
+Stores the persist_in_session setting so it can be used to revive the user
+even if the setting has been changed.
 
 =cut
 
 sub for_session {
     my $self = shift;
+
+    if ( $self->store->persist_in_session eq 'all' ) {
+        # use the roles accessor to ensure the roles are fetched
+        return {
+            # store the persistance setting in the session to know how to
+            # restore the user
+            persist_in_session  => $self->store->persist_in_session,
+            user                => $self->user,
+            _roles              => [ $self->roles ],
+        };
+    }
+
     return $self->stringify;
 }
 
 =head2 ldap_entry
 
-Returns the raw ldap_entry. 
+Returns the raw ldap_entry.
 
 =cut
 
@@ -215,7 +222,7 @@ sub attributes {
 =head2 has_attribute
 
 Returns the values for an attribute, or undef if that attribute is not present.
-The safest way to get at an attribute. 
+The safest way to get at an attribute.
 
 =cut
 
@@ -297,12 +304,12 @@ You can call:
     $c->user->homedirectory
 
 And you'll get the value of the "homeDirectory" attribute.  Note that
-all the AUTOLOADed methods are automatically lower-cased. 
+all the AUTOLOADed methods are automatically lower-cased.
 
 =head2 Special Keywords
 
 The highly useful and common method "username" will map to the configured
-value of user_field (uid by default.) 
+value of user_field (uid by default.)
 
     $c->user->username == $c->user->uid
 
@@ -350,7 +357,7 @@ __END__
 Adam Jacob <holoway@cpan.org>
 
 Some parts stolen shamelessly and entirely from
-L<Catalyst::Plugin::Authentication::Store::Htpasswd>. 
+L<Catalyst::Plugin::Authentication::Store::Htpasswd>.
 
 Currently maintained by Peter Karman <karman@cpan.org>.