+ - Store the user password for the ldap_connection method in an inside
+ out hash rather than a closure so that the user object can be serialized
+ with Storable as people are putting them in the session (RT#53279)
+
0.1006 11 Dec 2009
- Pass $c along to find_user method so overridden user_class users can
get at models (or whatever crazy things they might do) (gphat)
use strict;
use warnings;
+use Scalar::Util qw/refaddr/;
our $VERSION = '1.006';
-BEGIN { __PACKAGE__->mk_accessors(qw/user store _ldap_connection_password/) }
+BEGIN { __PACKAGE__->mk_accessors(qw/user store/) }
use overload '""' => sub { shift->stringify }, fallback => 1;
+my %_ldap_connection_passwords; # Store inside-out so that they don't show up
+ # in dumps..
+
=head1 METHODS
=head2 new($store, $user, $c)
$self->roles($ldap);
}
# Stash a closure which can be used to retrieve the connection in the users context later.
- $self->_ldap_connection_password( sub { $password } ); # Close over
- # password to try to ensure it doesn't come out in debug dumps
- # or get serialized into sessions etc..
+ $_ldap_connection_passwords{refaddr($self)} = $password;
return 1;
}
else {
sub ldap_connection {
my $self = shift;
$self->store->ldap_bind( undef, $self->ldap_entry->dn,
- $self->_ldap_connection_password->() );
+ $_ldap_connection_passwords{refaddr($self)} );
}
=head2 AUTOLOADed methods
=cut
+sub DESTROY {
+ my $self = shift;
+ # Don't leak passwords..
+ delete $_ldap_connection_passwords{refaddr($self)};
+}
+
sub AUTOLOAD {
my $self = shift;
use warnings;
use Catalyst::Exception;
-use Test::More tests => 5;
+use Test::More tests => 8;
use lib 't/lib';
use LDAPTest;
+use Storable qw/ freeze /;
+use Test::Exception;
SKIP: {
eval "use Catalyst::Model::LDAP";
if ($@) {
- skip "Catalyst::Model::LDAP not installed", 5;
+ skip "Catalyst::Model::LDAP not installed", 8;
}
my $server = LDAPTest::spawn_server();
is( $user->my_method, 'frobnitz', "methods on user class work" );
+ $server = LDAPTest::spawn_server();
+ ok $user->check_password('foo'), 'Can check password';
+
+ my $frozen_user;
+ lives_ok { $frozen_user = freeze $user } 'Can freeze user with Storable';
+ ok $frozen_user, 'is frozen';
+
}
+