--- /dev/null
+.*
+!.gitignore
+Makefile*
+!Makefile.PL
+META.yml
+blib
+build
+inc
+pm_to_blib
+MANIFEST*
+!MANIFEST.SKIP
+Debian*
+README
+Catalyst-Plugin-Authentication-*
+*.bs
--- /dev/null
+# auto-generated shipit config file.
+steps = FindVersion, ChangeVersion, CheckChangeLog, DistTest, Commit, Tag, MakeDist
+
+svn.tagpattern = http://dev.catalyst.perl.org/repos/Catalyst/Catalyst-Plugin-Authentication/0.10000/tags/%v
+
+CheckChangeLog.files = Changes
+
Revision history for Perl extension Catalyst::Plugin::Authentication
+0.10016 22 Jan 2010
+ - Move root actions out of applcation class in tests to remove
+ warnings in the latest Catalyst.
+ - Add AUTOLOAD method to the default user class so that methods are
+ delegated down onto the underlieing user object retrieved from
+ the store (if present)
+ - Fix typos in documentation (RT#49476)
+ - Fix compatibilty with Catalyst 5.70 (RT#50466)
+ - Various documentation improvements
+ - Fix Realm::Processive's authinfo_mungle option (RT#47106)
+
+0.10015 Tue Sep 1 01:40:36 BST 2009
+
+ - Remove (undeclared) dependency on Class::Data::Inhertiable (RT#49086)
+ - Remove dependency on Test::MockObject
+ - Fix repository metadata in META.yml / Makefile.PL
+ - Make POD tests author side only.
+
+0.10014 Tue Aug 25 15:42:57 BST 2009
+
+ - Don't always supply an "id" column in the authinfo passed to the store
+ class in ::Credential::Remote. This means that it works better with
+ the DBIC store. (t0m)
+
+ - Make auth_realms method ensure authentication is initialized
+ before calling methods which get created during auth initialization.
+ Fixes back compat cases where auth store is in the plugin list
+ before the authentication plugin. (t0m)
+
+0.10013 Fri Jun 19 16:08:00 BST 2009
+ - Add a username_field config item to ::Credential::Remote
+ (Nigel Metheringham)
+ - Die with a useful error message if we are about to try to restore
+ a user from a realm which does not exist. (t0m)
+
0.10012 Sat Jun 6 10:58:43 BST 2009
- Add Catalyst::Authentication::Credential::Remote which authenticates you
directly from environment variables passed by your web server. This
\bCVS\b
,v$
\B\.svn\b
+\B\.git\b
# Avoid Makemaker generated and utility files.
\bMakefile$
# ShipIt config
.shipit
+# Ignore build dirs..
+^Catalyst-Plugin-Authentication
use inc::Module::Install 0.87;
-if( -e 'MANIFEST.SKIP' ) {
- system( 'pod2text lib/Catalyst/Plugin/Authentication.pm > README' );
+if ( $Module::Install::AUTHOR ) {
+ system( 'pod2text lib/Catalyst/Plugin/Authentication.pm > README' )
+ and die;
+ require Module::Install::AuthorTests;
}
perl_version '5.008001';
requires 'MRO::Compat';
requires 'Catalyst::Plugin::Session' => '0.10';
-test_requires 'Test::More';
+test_requires 'Test::More' => '0.88';
test_requires 'Test::Exception';
-test_requires 'Test::MockObject';
+test_requires 'Class::MOP';
+test_requires 'Moose';
+
+author_tests 't/author';
auto_install;
-resources repository => 'http://dev.catalyst.perl.org/repos/Catalyst/trunk/Catalyst-Plugin-Authentication/';
+resources repository => 'http://dev.catalyst.perl.org/repos/Catalyst/Catalyst-Plugin-Authentication/0.10000/trunk';
WriteAll;
sub BUILDARGS {
my ($class, $config, $app, $realm) = @_;
-
+
+ # Note _config is horrible back compat hackery!
{ realm => $realm, _config => $config };
}
return $user_obj;
}
} else {
- $c->log->debug("Unable to locate user matching user info provided") if $c->debug;
+ $c->log->debug(
+ 'Unable to locate user matching user info provided in realm: '
+ . $realm->name
+ ) if $c->debug;
return;
}
}
=head1 CONFIGURATION
# example
- __PACKAGE__->config->{'Plugin::Authentication'} =
+ __PACKAGE__->config('Plugin::Authentication' =>
{
default_realm => 'members',
realms => {
use base 'Class::Accessor::Fast';
BEGIN {
- __PACKAGE__->mk_accessors(qw/allow_re deny_re cutname_re source realm/);
+ __PACKAGE__->mk_accessors(
+ qw/allow_re deny_re cutname_re source realm username_field/);
}
sub new {
my $self = { };
bless $self, $class;
-
+
# we are gonna compile regular expresions defined in config parameters
# and explicitly throw an exception saying what parameter was invalid
if (defined($config->{allow_regexp}) && ($config->{allow_regexp} ne "")) {
}
$self->source($config->{source} || 'REMOTE_USER');
$self->realm($realm);
+ $self->username_field($config->{username_field} || 'username');
return $self;
}
my $remuser;
if ($self->source eq "REMOTE_USER") {
# compatibility hack:
- if (defined($c->engine->env)) {
+ if ($c->engine->can('env') && defined($c->engine->env)) {
# BEWARE: $c->engine->env was broken prior 5.80005
$remuser = $c->engine->env->{REMOTE_USER};
}
$usr = $1;
}
}
-
- $authinfo->{id} = $authinfo->{username} = $usr;
- $authinfo->{remote_user} = $remuser; # just to keep the original value
+
+ $authinfo->{ $self->username_field } = $usr;
my $user_obj = $realm->find_user( $authinfo, $c );
return ref($user_obj) ? $user_obj : undef;
}
Besides the common methods like HTTP Basic and Digest authentication you can
also use sophisticated ones like so called "integrated authentication" via
NTLM or Kerberos (popular in corporate intranet applications running in Windows
-Active Directory enviroment) or even the SSL authentication when users
+Active Directory environment) or even the SSL authentication when users
authenticate themself using their client SSL certificates.
The main idea of this module is based on a fact that webserver passes the name
This config item is B<OPTIONAL> - no default value.
If param B<cutname_regexp> is specified we try to cut the final usename passed to
-Catalyst application as a substring from WEBUSER. This is usefull for
+Catalyst application as a substring from WEBUSER. This is useful for
example in case of SSL authentication when WEBUSER looks like this
'CN=john, OU=Unit Name, O=Company, C=CZ' - from this format we can simply cut
pure usename by cutname_regexp set to 'CN=(.*), OU=Unit Name, O=Company, C=CZ'.
match cutname_regexp at all or if '$1' regexp substring is empty we pass the
original WEBUSER value (without cutting) to Catalyst application.
+=head2 username_field
+
+This config item is B<OPTIONAL> - default is I<username>
+
+The key name in the authinfo hash that the user's username is mapped into.
+This is useful for using a store which requires a specific unusual field name
+for the username. The username is additionally mapped onto the I<id> key.
+
=head1 METHODS
=head2 new ( $config, $app, $realm )
=head1 SYNOPSIS
This Realm allows an application to use a single authenticate() call during
-which multiple realms are used and tried incrementally until one performs
-a successful authentication is accomplished.
+which multiple realms are used and tried incrementally until one performs
+a successful authentication is accomplished.
A simple use case is a Temporary Password that looks and acts exactly as a
regular password. Without changing the authentication code, you can
# Modify the authinfo passed into authenticate by merging
# these hashes into the realm's authenticate call:
authinfo_munge => {
- 'local' => { 'type' => 'normal' },
- 'temp' => { 'type' => 'temporary' },
+ normal => { 'type' => 'normal' },
+ temp => { 'type' => 'temporary' },
}
},
- 'normal' => {
+ normal => {
credential => {
class => 'Password',
password_field => 'secret',
},
store => {
class => 'DBIx::Class',
- user_class => 'Schema::Person::Identity',
+ user_model => 'Schema::Person::Identity',
id_field => 'id',
}
},
},
store => {
class => 'DBIx::Class',
- user_class => 'Schema::Person::Identity',
+ user_model => 'Schema::Person::Identity',
id_field => 'id',
}
},
}
}
- );
+ );
Then, in your controller code, to attempt authentication against both realms
you just have to do a simple authenticate call:
=item realms
-An array reference consisting of each realm to attempt authentication against,
+An array reference consisting of each realm to attempt authentication against,
in the order listed. If the realm does not exist, calling authenticate will
die.
A hash reference keyed by realm names, with values being hash references to
merge into the authinfo call that is subsequently passed into the realm's
authenticate method. This is useful if your store uses the same class for each
-realm, separated by some other token (in the L<EXAMPLE> authinfo_mungesection,
+realm, separated by some other token (in the L<EXAMPLE> authinfo_mungesection,
the 'realm' is a column on C<Schema::Person::Identity> that will be either
'temp' or 'local', to ensure the query to fetch the user finds the right
Identity record for that realm.
unless ref $realms eq 'ARRAY';
foreach my $realm_name ( @$realms ) {
my $realm = $c->get_auth_realm( $realm_name );
- carp "Unable to find realm: $realm_name, check configuration"
+ carp "Unable to find realm: $realm_name, check configuration"
unless $realm;
my $auth = { %$authinfo };
$auth->{realm} ||= $realm->name;
- if ( my $info = $realm->config->{authinfo_munge}->{$realm->name} ) {
+ if ( my $info = $self->config->{authinfo_munge}->{$realm->name} ) {
$auth = Catalyst::Utils::merge_hashes($auth, $info);
}
if ( my $obj = $realm->authenticate( $c, $auth ) ) {
return;
}
-## we can not rely on inheriting new() because in this case we do not
-## load a credential or store, which is what new() sets up in the
+## we can not rely on inheriting new() because in this case we do not
+## load a credential or store, which is what new() sets up in the
## standard realm. So we have to create our realm object, set our name
## and return $self in order to avoid nasty warnings.
}
sub from_session {
- my ( $self, $c, $id ) = @_;
+ my ( $self, $c, $id ) = @_;
- return $id if ref $id;
+ return $id if ref $id;
- $self->find_user( { id => $id } );
+ $self->find_user( { id => $id } );
}
-## this is not necessarily a good example of what find_user can do, since all we do is
-## look up with the id anyway. find_user can be used to locate a user based on other
+## this is not necessarily a good example of what find_user can do, since all we do is
+## look up with the id anyway. find_user can be used to locate a user based on other
## combinations of data. See C::P::Authentication::Store::DBIx::Class for a better example
sub find_user {
my ( $self, $userinfo, $c ) = @_;
my $id = $userinfo->{'id'};
-
+
$id ||= $userinfo->{'username'};
-
+
return unless exists $self->userhash->{$id};
my $user = $self->userhash->{$id};
## Backwards compatibility
#
# This is a backwards compatible routine. get_user is specifically for loading a user by it's unique id
-# find_user is capable of doing the same by simply passing { id => $id }
+# find_user is capable of doing the same by simply passing { id => $id }
# no new code should be written using get_user as it is deprecated.
sub get_user {
my ( $self, $id ) = @_;
Authentication
/;
- __PACKAGE__->config( 'Plugin::Authentication' =>
- {
+ __PACKAGE__->config( 'Plugin::Authentication' =>
+ {
default_realm => 'members',
realms => {
members => {
},
store => {
class => 'Minimal',
- users = {
- bob => {
- password => "s00p3r",
- editor => 'yes',
- roles => [qw/edit delete/],
- },
- william => {
- password => "s3cr3t",
- roles => [qw/comment/],
- }
- }
- }
- }
- }
+ users => {
+ bob => {
+ password => "s00p3r",
+ editor => 'yes',
+ roles => [qw/edit delete/],
+ },
+ william => {
+ password => "s3cr3t",
+ roles => [qw/comment/],
+ }
+ }
+ }
+ }
+ }
}
);
-
+
=head1 DESCRIPTION
This authentication store lets you create a very quick and dirty user
=over 4
-=item class
+=item class
The classname used for the store. This is part of
L<Catalyst::Plugin::Authentication> and is the method by which
=item users
This is a simple hash of users, the keys are the usenames, and the values are
-hashrefs containing a password key/value pair, and optionally, a roles/list
-of role-names pair. If using roles, you will also need to add the
+hashrefs containing a password key/value pair, and optionally, a roles/list
+of role-names pair. If using roles, you will also need to add the
Authorization::Roles plugin.
See the SYNOPSIS for an example.
=head1 METHODS
There are no publicly exported routines in the Minimal store (or indeed in
-most authentication stores) However, below is a description of the routines
+most authentication stores) However, below is a description of the routines
required by L<Catalyst::Plugin::Authentication> for all authentication stores.
=head2 new( $config, $app, $realm )
-Constructs a new store object, which uses the user element of the supplied config
+Constructs a new store object, which uses the user element of the supplied config
hash ref as it's backing structure.
-=head2 find_user( $authinfo, $c )
+=head2 find_user( $authinfo, $c )
Keys the hash by the 'id' or 'username' element in the authinfo hash and returns the user.
package Catalyst::Authentication::User;
use Moose;
+use Scalar::Util qw/refaddr/;
use namespace::autoclean;
## auth_realm is the realm this user came from.
## you most likely want to write this yourself.
sub get {
my ($self, $field) = @_;
-
+
my $object;
if ($object = $self->get_object and $object->can($field)) {
return $object->$field();
return $self->get_object(@_);
}
-## Backwards Compatibility
-## you probably want auth_realm, in fact. but this does work for backwards compatibility.
-## store should be a read-write accessor - so it was moved to mk_accessors
-##sub store {
-## my ($self) = @_;
-## return $self->auth_realm->{store};
-##}
+sub AUTOLOAD {
+ my $self = shift;
+ (my $method) = (our $AUTOLOAD =~ /([^:]+)$/);
+ return if $method eq "DESTROY";
__PACKAGE__->meta->make_immutable;
+__PACKAGE__;
__END__
=head1 DESCRIPTION
-This is the base class for authenticated
+This is the base class for authentication user objects.
+
+THIS IS NOT A COMPLETE CLASS! it is intended to provide base functionality only.
+
+It provides the base methods listed below, and any additional methods
+are proxied onto the user object fetched from the underlieing store.
+
+=head1 NOTES TO STORE IMPLEMENTORS
+
+Please read the comments in the source code of this class to work out
+which methods you should override.
=head1 METHODS
=head2 get_object( )
-Returns the underlying object storing the user data. The return value of this function will vary depending
+Returns the underlying object storing the user data. The return value of this
+method will vary depending
on the storage module used.
=head2 obj( )
Shorthand for get_object( )
+=head2 AUTOLOAD
+
+Delegates any unknown methods onto the user object returned by ->obj
+
=cut
has _user => ( is => 'rw' );
-our $VERSION = "0.10012";
+our $VERSION = "0.10016";
sub set_authenticated {
my ( $c, $user, $realmname ) = @_;
$realmname = 'default';
}
my $realm = $c->get_auth_realm($realmname);
-
+
if (!$realm) {
Catalyst::Exception->throw(
"set_authenticated called with nonexistant realm: '$realmname'.");
}
$user->auth_realm($realm->name);
- $c->persist_user();
-
+ $c->persist_user();
+
$c->maybe::next::method($user, $realmname);
}
# change this to allow specification of a realm - to verify the user is part of that realm
# in addition to verifying that they exist.
sub user_exists {
- my $c = shift;
- return defined($c->_user) || defined($c->find_realm_for_persisted_user);
+ my $c = shift;
+ return defined($c->_user) || defined($c->find_realm_for_persisted_user);
}
-# works like user_exists - except only returns true if user
+# works like user_exists - except only returns true if user
# exists AND is in the realm requested.
sub user_in_realm {
my ($c, $realmname) = @_;
my ( $c, $user, $realmname ) = @_;
$c->session->{__user_realm} = $realmname;
-
+
# we want to ask the store for a user prepared for the session.
# but older modules split this functionality between the user and the
# store. We try the store first. If not, we use the old method.
my $c = shift;
if ($c->user_exists) {
-
- ## if we have a valid session handler - we store the
- ## realm in the session. If not - we have to hope that
+
+ ## if we have a valid session handler - we store the
+ ## realm in the session. If not - we have to hope that
## the realm can recognize its frozen user somehow.
- if ($c->can('session') &&
- $c->config->{'Plugin::Authentication'}{'use_session'} &&
+ if ($c->can('session') &&
+ $c->config->{'Plugin::Authentication'}{'use_session'} &&
$c->session_is_valid) {
-
- $c->session->{'__user_realm'} = $c->_user->auth_realm;
+
+ $c->session->{'__user_realm'} = $c->_user->auth_realm;
}
-
+
my $realm = $c->get_auth_realm($c->_user->auth_realm);
-
+
# used to call $realm->save_user_in_session
$realm->persist_user($c, $c->user);
}
}
-## this was a short lived method to update user information -
+## this was a short lived method to update user information -
## you should use persist_user instead.
sub update_user_in_session {
my $c = shift;
if ($realm) {
$realm->remove_persisted_user($c);
}
-
+
$c->maybe::next::method(@_);
}
sub find_user {
my ( $c, $userinfo, $realmname ) = @_;
-
+
$realmname ||= 'default';
my $realm = $c->get_auth_realm($realmname);
-
+
if (!$realm) {
Catalyst::Exception->throw(
"find_user called with nonexistant realm: '$realmname'.");
return $realm->find_user($userinfo, $c);
}
-## Consider making this a public method. - would make certain things easier when
+## Consider making this a public method. - would make certain things easier when
## dealing with things pre-auth restore.
sub find_realm_for_persisted_user {
my $c = shift;
-
+
my $realm;
if ($c->can('session')
and $c->config->{'Plugin::Authentication'}{'use_session'}
- and $c->session_is_valid
+ and $c->session_is_valid
and exists($c->session->{'__user_realm'})) {
-
+
$realm = $c->auth_realms->{$c->session->{'__user_realm'}};
if ($realm->user_is_restorable($c)) {
- return $realm;
+ return $realm;
}
} else {
## we have no choice but to ask each realm whether it has a persisted user.
foreach my $realmname (@{$c->_auth_realm_restore_order}) {
- my $ret = $c->auth_realms->{$realmname}->user_is_restorable($c);
- if ($ret) {
- return $c->auth_realms->{$realmname};
- }
+ my $realm = $c->auth_realms->{$realmname}
+ || Catalyst::Exception->throw("Could not find authentication realm '$realmname'");
+ return $realm
+ if $realm->user_is_restorable($c);
}
}
return undef;
my $realm;
if (defined($realmname)) {
- $realm = $c->get_auth_realm($realmname);
+ $realm = $c->get_auth_realm($realmname);
} else {
$realm = $c->find_realm_for_persisted_user;
}
return undef unless $realm; # FIXME die unless? This is an internal inconsistency
-
+
$c->_user( my $user = $realm->restore_user( $c, $frozen_user ) );
-
+
# this sets the realm the user originated in.
$user->auth_realm($realm->name) if $user;
-
+
return $user;
}
## let's avoid recreating / configuring everything if we have already done it, eh?
if ($app->can('_auth_realms')) { return };
- ## make classdata where it is used.
+ ## make classdata where it is used.
$app->mk_classdata( '_auth_realms' => {});
-
- ## the order to attempt restore in - If we don't have session - we have
- ## no way to be sure where a frozen user came from - so we have to
- ## ask each realm if it can restore the user. Unfortunately it is possible
- ## that multiple realms could restore the user from the data we have -
- ## So we have to determine at setup time what order to ask the realms in.
+
+ ## the order to attempt restore in - If we don't have session - we have
+ ## no way to be sure where a frozen user came from - so we have to
+ ## ask each realm if it can restore the user. Unfortunately it is possible
+ ## that multiple realms could restore the user from the data we have -
+ ## So we have to determine at setup time what order to ask the realms in.
## The default is to use the user_restore_priority values defined in the realm
- ## config. if they are not defined - we go by alphabetical order. Note that
+ ## config. if they are not defined - we go by alphabetical order. Note that
## the 'default' realm always gets first chance at it unless it is explicitly
## placed elsewhere by user_restore_priority. Remember this only comes
- ## into play if session is disabled.
-
+ ## into play if session is disabled.
+
$app->mk_classdata( '_auth_realm_restore_order' => []);
my $cfg = $app->config->{'Plugin::Authentication'};
- my $realmshash;
+ my $realmshash;
if (!defined($cfg)) {
if (exists($app->config->{'authentication'})) {
$cfg = $app->config->{'authentication'};
$cfg = {};
}
} else {
- # the realmshash contains the various configured realms. By default this is
- # the main $app->config->{'Plugin::Authentication'} hash - but if that is
- # not defined, or there is a subkey {'realms'} then we use that.
- $realmshash = $cfg;
- }
-
- ## If we have a sub-key of {'realms'} then we use that for realm configuration
- if (exists($cfg->{'realms'})) {
- $realmshash = $cfg->{'realms'};
- }
+ # the realmshash contains the various configured realms. By default this is
+ # the main $app->config->{'Plugin::Authentication'} hash - but if that is
+ # not defined, or there is a subkey {'realms'} then we use that.
+ $realmshash = $cfg;
+ }
+
+ ## If we have a sub-key of {'realms'} then we use that for realm configuration
+ if (exists($cfg->{'realms'})) {
+ $realmshash = $cfg->{'realms'};
+ }
# old default was to force use_session on. This must remain for that
# reason - but if use_session is already in the config, we respect its setting.
if (!exists($cfg->{'use_session'})) {
$cfg->{'use_session'} = 1;
}
-
- ## if we have a realms hash
+
+ ## if we have a realms hash
if (ref($realmshash) eq 'HASH') {
-
+
my %auth_restore_order;
my $authcount = 2;
my $defaultrealm = 'default';
-
+
foreach my $realm (sort keys %{$realmshash}) {
if (ref($realmshash->{$realm}) eq 'HASH' &&
- (exists($realmshash->{$realm}{credential}) || exists($realmshash->{$realm}{class}))) {
-
- $app->setup_auth_realm($realm, $realmshash->{$realm});
-
- if (exists($realmshash->{$realm}{'user_restore_priority'})) {
- $auth_restore_order{$realm} = $realmshash->{$realm}{'user_restore_priority'};
- } else {
- $auth_restore_order{$realm} = $authcount++;
- }
- }
+ (exists($realmshash->{$realm}{credential}) || exists($realmshash->{$realm}{class}))) {
+
+ $app->setup_auth_realm($realm, $realmshash->{$realm});
+
+ if (exists($realmshash->{$realm}{'user_restore_priority'})) {
+ $auth_restore_order{$realm} = $realmshash->{$realm}{'user_restore_priority'};
+ } else {
+ $auth_restore_order{$realm} = $authcount++;
+ }
+ }
}
-
- # if we have a 'default_realm' in the config hash and we don't already
+
+ # if we have a 'default_realm' in the config hash and we don't already
# have a realm called 'default', we point default at the realm specified
if (exists($cfg->{'default_realm'}) && !$app->get_auth_realm('default')) {
if ($app->_set_default_auth_realm($cfg->{'default_realm'})) {
delete($auth_restore_order{$cfg->{'default_realm'}});
}
}
-
+
## if the default realm did not have a defined priority in its config - we put it at the front.
if (!exists($realmshash->{$defaultrealm}{'user_restore_priority'})) {
$auth_restore_order{'default'} = 1;
}
-
+
@{$app->_auth_realm_restore_order} = sort { $auth_restore_order{$a} <=> $auth_restore_order{$b} } keys %auth_restore_order;
-
+
} else {
-
+
## BACKWARDS COMPATIBILITY - if realms is not defined - then we are probably dealing
## with an old-school config. The only caveat here is that we must add a classname
-
- ## also - we have to treat {store} as {stores}{default} - because
- ## while it is not a clear as a valid config in the docs, it
+
+ ## also - we have to treat {store} as {stores}{default} - because
+ ## while it is not a clear as a valid config in the docs, it
## is functional with the old api. Whee!
if (exists($cfg->{'store'}) && !exists($cfg->{'stores'}{'default'})) {
$cfg->{'stores'}{'default'} = $cfg->{'store'};
my $realmcfg = {
store => { class => $cfg->{'stores'}{$storename} },
};
- print STDERR "Foo, ok?\n";
$app->setup_auth_realm($storename, $realmcfg);
}
- }
-
+ }
+
}
# set up realmname.
sub setup_auth_realm {
my ($app, $realmname, $config) = @_;
-
+
my $realmclass = $config->{class};
if( !$realmclass ) {
sub auth_realms {
my $self = shift;
+ $self->_authentication_initialize(); # Ensure _auth_realms created!
return($self->_auth_realms);
}
sub get_auth_realm {
my ($app, $realmname) = @_;
-
return $app->auth_realms->{$realmname};
-
}
# Very internal method. Vital Valuable Urgent, Do not touch on pain of death.
# Using this method just assigns the default realm to be the value associated
# with the realmname provided. It WILL overwrite any real realm called 'default'
-# so can be very confusing if used improperly. It's used properly already.
+# so can be very confusing if used improperly. It's used properly already.
# Translation: don't use it.
sub _set_default_auth_realm {
my ($app, $realmname) = @_;
-
+
if (exists($app->auth_realms->{$realmname})) {
$app->auth_realms->{'default'} = $app->auth_realms->{$realmname};
}
sub authenticate {
my ($app, $userinfo, $realmname) = @_;
-
+
if (!$realmname) {
$realmname = 'default';
}
-
+
my $realm = $app->get_auth_realm($realmname);
-
+
## note to self - make authenticate throw an exception if realm is invalid.
-
+
if ($realm) {
return $realm->authenticate($app, $userinfo);
} else {
## BACKWARDS COMPATIBILITY -- Warning: Here be monsters!
#
# What follows are backwards compatibility routines - for use with Stores and Credentials
-# that have not been updated to work with C::P::Authentication v0.10.
+# that have not been updated to work with C::P::Authentication v0.10.
# These are here so as to not break people's existing installations, but will go away
# in a future version.
#
# The old style of configuration only supports a single store, as each store module
-# sets itself as the default store upon being loaded. This is the only supported
-# 'compatibility' mode.
+# sets itself as the default store upon being loaded. This is the only supported
+# 'compatibility' mode.
#
sub get_user {
}
if ( my $new = shift ) {
$realm->store($new);
-
+
my $storeclass;
if (ref($new)) {
$storeclass = ref($new);
} else {
$storeclass = $new;
}
-
- # BACKWARDS COMPATIBILITY - if the store class does not define find_user, we define it in terms
- # of get_user and add it to the class. this is because the auth routines use find_user,
+
+ # BACKWARDS COMPATIBILITY - if the store class does not define find_user, we define it in terms
+ # of get_user and add it to the class. this is because the auth routines use find_user,
# and rely on it being present. (this avoids per-call checks)
if (!$storeclass->can('find_user')) {
no strict 'refs';
sub get_auth_store {
my ( $self, $name ) = @_;
-
+
if ($name ne 'default') {
- Carp::croak "get_auth_store called on non-default realm '$name'. Only default supported in compatibility mode";
+ Carp::croak "get_auth_store called on non-default realm '$name'. Only default supported in compatibility mode";
} else {
$self->default_auth_store();
}
/;
# later on ...
- $c->authenticate({ username => 'myusername',
+ $c->authenticate({ username => 'myusername',
password => 'mypassword' });
my $age = $c->user->get('age');
$c->logout;
'Realm'. A Catalyst application using the authentication framework must have
at least one realm, and may have several.
-To implement authentication in a Catalyst application you need to add this
-module, and specify at least one realm in the configuration.
+To implement authentication in a Catalyst application you need to add this
+module, and specify at least one realm in the configuration.
-Authentication data can also be stored in a session, if the application
+Authentication data can also be stored in a session, if the application
is using the L<Catalyst::Plugin::Session> module.
B<NOTE> in version 0.10 of this module, the interface to this module changed.
By this time you know exactly who the user is - the user's identity is
B<authenticated>. This is where this module's job stops, and your application
-or other plugins step in.
+or other plugins step in.
The next logical step is B<authorization>, the process of deciding what a user
is (or isn't) allowed to do. For example, say your users are split into two
currently logged in user is indeed an administrator before performing the
actions in an administrative part of your application. These decisions may be
made within your application code using just the information available after
-authentication, or it may be facilitated by a number of plugins.
+authentication, or it may be facilitated by a number of plugins.
=head2 The Components In This Framework
Authentication
/;
- __PACKAGE__->config( 'Plugin::Authentication' =>
- {
+ __PACKAGE__->config( 'Plugin::Authentication' =>
+ {
default => {
credential => {
class => 'Password',
},
store => {
class => 'Minimal',
- users => {
- bob => {
- password => "s00p3r",
- editor => 'yes',
- roles => [qw/edit delete/],
- },
- william => {
- password => "s3cr3t",
- roles => [qw/comment/],
- }
- }
- }
- }
+ users => {
+ bob => {
+ password => "s00p3r",
+ editor => 'yes',
+ roles => [qw/edit delete/],
+ },
+ william => {
+ password => "s3cr3t",
+ roles => [qw/comment/],
+ }
+ }
+ }
+ }
}
);
if ( my $user = $c->req->params->{user}
and my $password = $c->req->params->{password} )
{
- if ( $c->authenticate( { username => $user,
+ if ( $c->authenticate( { username => $user,
password => $password } ) ) {
$c->res->body( "hello " . $c->user->get("name") );
} else {
}
This code should be self-explanatory. If all the necessary fields are supplied,
-call the C<authenticate> method on the context object. If it succeeds the
+call the C<authenticate> method on the context object. If it succeeds the
user is logged in.
The credential verifier will attempt to retrieve the user whose
authenticate on the admin realm by simply changing the C<< $c->authenticate() >>
call:
- if ( $c->authenticate( { username => $user,
+ if ( $c->authenticate( { username => $user,
password => $password }, 'admin' ) ) {
$c->res->body( "hello " . $c->user->get("name") );
} ...
-Now suppose we want to restrict the ability to edit to a user with an
+Now suppose we want to restrict the ability to edit to a user with an
'editor' value of yes.
The restricted action might look like this:
verification as user_exists, with the added requirement that if there
is a user, it must have come from the realm specified.)
-The above example is somewhat similar to role based access control.
+The above example is somewhat similar to role based access control.
L<Catalyst::Authentication::Store::Minimal> treats the roles field as
an array of role names. Let's leverage this. Add the role authorization
plugin:
You can accomplish this simply by installing the L<DBIx::Class|Catalyst::Authentication::Store::DBIx::Class> Store and
changing your config:
- __PACKAGE__->config( 'Plugin::Authentication'} =>
- {
+ __PACKAGE__->config( 'Plugin::Authentication' =>
+ {
default_realm => 'members',
members => {
credential => {
},
store => {
class => 'DBIx::Class',
- user_class => 'MyApp::Users',
- role_column => 'roles'
- }
- }
+ user_model => 'MyApp::Users',
+ role_column => 'roles',
+ }
+ }
}
);
=head1 CONFIGURATION
# example
- __PACKAGE__->config( 'Plugin::Authentication' =>
- {
+ __PACKAGE__->config( 'Plugin::Authentication' =>
+ {
default_realm => 'members',
members => {
},
store => {
class => 'DBIx::Class',
- user_class => 'MyApp::Users',
- role_column => 'roles'
- }
- },
- admins => {
- credential => {
- class => 'Password',
- password_field => 'password',
+ user_model => 'MyApp::Users',
+ role_column => 'roles',
+ }
+ },
+ admins => {
+ credential => {
+ class => 'Password',
+ password_field => 'password',
password_type => 'clear'
- },
- store => {
- class => '+MyApp::Authentication::Store::NetAuth',
- authserver => '192.168.10.17'
- }
- }
+ },
+ store => {
+ class => '+MyApp::Authentication::Store::NetAuth',
+ authserver => '192.168.10.17'
+ }
+ }
}
);
NOTE: Until version 0.10008 of this module, you would need to put all the
-realms inside a "realms" key in the configuration. Please see
+realms inside a "realms" key in the configuration. Please see
L</COMPATIBILITY CONFIGURATION> for more information
=over 4
=item realm refs
-The Plugin::Authentication config hash contains the series of realm
-configurations you want to use for your app. The only rule here is
-that there must be at least one. A realm consists of a name, which is used
-to reference the realm, a credential and a store. You may also put your
-realm configurations within a subelement called 'realms' if you desire to
+The Plugin::Authentication config hash contains the series of realm
+configurations you want to use for your app. The only rule here is
+that there must be at least one. A realm consists of a name, which is used
+to reference the realm, a credential and a store. You may also put your
+realm configurations within a subelement called 'realms' if you desire to
separate them from the remainder of your configuration. Note that if you use
-a 'realms' subelement, you must put ALL of your realms within it.
+a 'realms' subelement, you must put ALL of your realms within it.
You can also specify a realm class to instantiate instead of the default
L<Catalyst::Authentication::Realm> class using the 'class' element within the
realm config.
-Each realm config contains two hashes, one called 'credential' and one called
+Each realm config contains two hashes, one called 'credential' and one called
'store', each of which provide configuration details to the respective modules.
-The contents of these hashes is specific to the module being used, with the
+The contents of these hashes is specific to the module being used, with the
exception of the 'class' element, which tells the core Authentication module the
-classname to instantiate.
+classname to instantiate.
The 'class' element follows the standard Catalyst mechanism of class
specification. If a class is prefixed with a +, it is assumed to be a complete
=head2 $c->user_in_realm( $realm )
-Works like user_exists, except that it only returns true if a user is both
-logged in right now and was retrieved from the realm provided.
+Works like user_exists, except that it only returns true if a user is both
+logged in right now and was retrieved from the realm provided.
=head2 $c->logout( )
-Logs the user out. Deletes the currently logged in user from C<< $c->user >> and the session.
+Logs the user out. Deletes the currently logged in user from C<< $c->user >>
+and the session. It does not delete the session.
=head2 $c->find_user( $userinfo, $realm )
-Fetch a particular users details, matching the provided user info, from the realm
+Fetch a particular users details, matching the provided user info, from the realm
specified in $realm.
=head2 persist_user()
Under normal circumstances the user data is only saved to the session during
-initial authentication. This call causes the auth system to save the
+initial authentication. This call causes the auth system to save the
currently authenticated user's data across requests. Useful if you have
changed the user data and want to ensure that future requests reflect the
-most current data. Assumes that at the time of this call, $c->user
+most current data. Assumes that at the time of this call, $c->user
contains the most current data.
=head2 find_realm_for_persisted_user()
=head1 SEE ALSO
This list might not be up to date. Below are modules known to work with the updated
-API of 0.10 and are therefore compatible with realms.
+API of 0.10 and are therefore compatible with realms.
=head2 Realms
=head1 INCOMPATABILITIES
-The realms-based configuration and functionality of the 0.10 update
+The realms-based configuration and functionality of the 0.10 update
of L<Catalyst::Plugin::Authentication> required a change in the API used by
credentials and stores. It has a compatibility mode which allows use of
modules that have not yet been updated. This, however, completely mimics the
-older api and disables the new realm-based features. In other words you cannot
+older api and disables the new realm-based features. In other words you cannot
mix the older credential and store modules with realms, or realm-based
configs. The changes required to update modules are relatively minor and are
covered in L<Catalyst::Plugin::Authentication::Internals>. We hope that most
=head1 COMPATIBILITY CONFIGURATION
Until version 0.10008 of this module, you needed to put all the
-realms inside a "realms" key in the configuration.
+realms inside a "realms" key in the configuration.
# example
- __PACKAGE__->config( 'Plugin::Authentication'} =>
- {
+ __PACKAGE__->config( 'Plugin::Authentication' =>
+ {
default_realm => 'members',
realms => {
members => {
In version 0.10 of L<Catalyst::Plugin::Authentication>, the API
changed. For app developers, this change is fairly minor, but for
-Credential and Store authors, the changes are significant.
+Credential and Store authors, the changes are significant.
Please see the documentation in version 0.09 of
Catalyst::Plugin::Authentication for a better understanding of how the old API
The items below are still present in the plugin, though using them is
deprecated. They remain only as a transition tool, for those sites which can
not yet be upgraded to use the new system due to local customizations or use
-of Credential / Store modules that have not yet been updated to work with the
+of Credential / Store modules that have not yet been updated to work with the
new API.
These routines should not be used in any application using realms
or by using a Store plugin:
# load the Minimal authentication store.
- use Catalyst qw/Authentication Authentication::Store::Minimal/;
+ use Catalyst qw/Authentication Authentication::Store::Minimal/;
Sets the default store to
L<Catalyst::Plugin::Authentication::Store::Minimal>.
David Kamholz
-Tomas Doran (t0m), C<bobtfish@bobtfish.net>
+Tomas Doran (t0m), C<bobtfish@bobtfish.net>
+
+kmx
+
+Nigel Metheringham
+
+Florian Ragwitz C<rafl@debian.org>
+
+Stephan Jauernick C<stephanj@cpan.org>
=head1 COPYRIGHT & LICENSE
- Copyright (c) 2005 the aforementioned authors. All rights
- reserved. This program is free software; you can redistribute
- it and/or modify it under the same terms as Perl itself.
+Copyright (c) 2005 - 2009
+the Catalyst::Plugin::Authentication L</AUTHORS>
+as listed above.
+
+This program is free software; you can redistribute
+it and/or modify it under the same terms as Perl itself.
=cut
use strict;
use warnings;
+use MRO::Compat;
use Catalyst::Authentication::Store::Minimal ();
### lib/Catalyst/Authentication/Store/Minimal.pm line 38.
###
### So only do this compatibility call if:
- ### 1) we have a {users} config directive
+ ### 1) we have a {users} config directive
###
### Ideally we could also check for:
### 2) we don't already have a ->userhash
- ### however, that's an attribute of an object we can't
+ ### however, that's an attribute of an object we can't
### access =/ --kane
-
+
my $cfg = $c->config->{'Plugin::Authentication'}->{users}
? $c->config->{'Plugin::Authentication'}
: undef;
$c->default_auth_store( Catalyst::Authentication::Store::Minimal->new( $cfg, $c ) ) if $cfg;
-
- $c->NEXT::setup(@_);
+
+ $c->next::method(@_);
}
foreach my $method (qw/ get_user user_supports find_user from_session /) {
use Test::More tests => 11;
use Test::Exception;
-use Test::MockObject;
+use Class::MOP;
+use Class::MOP::Class;
+use Moose::Object;
# 1,2
my $m; BEGIN { use_ok($m = "Catalyst::Authentication::Credential::Password") }
can_ok($m, "authenticate");
-my $app = Test::MockObject->new;
-my $realm = Test::MockObject->new;
-my $user = Test::MockObject->new;
+my $app_meta = Class::MOP::Class->create_anon_class( superclasses => ['Moose::Object'] );
+my $realm_meta = Class::MOP::Class->create_anon_class( superclasses => ['Moose::Object'] );
+my $user_meta = Class::MOP::Class->create_anon_class( superclasses => ['Moose::Object'] );
our ($user_get_password_field_name, $user_password );
-$user->mock('get' => sub { $user_get_password_field_name = $_[1]; return $user_password });
+$user_meta->add_method('get' => sub { $user_get_password_field_name = $_[1]; return $user_password });
# 3-6 # Test clear passwords if you mess up the password_field
{
- local $user_password = undef; # The user returns an undef password,
+ local $user_password = undef; # The user returns an undef password,
local $user_get_password_field_name; # as there is no field named 'mistyped'
my $config = { password_type => 'clear', password_field => 'mistyped' };
- my $i; lives_ok { $i = $m->new($config, $app, $realm) } 'Construct instance';
+ my $i; lives_ok { $i = $m->new($config, $app_meta->name->new, $realm_meta->name->new) } 'Construct instance';
ok($i, 'Have instance');
- my $r = $i->check_password($user, { username => 'someuser', password => 'password' });
- is($user_get_password_field_name, 'mistyped',
+ my $r = $i->check_password($user_meta->name->new, { username => 'someuser', password => 'password' });
+ is($user_get_password_field_name, 'mistyped',
'(Incorrect) field name from config correctly passed to user');
ok(! $r, 'Authentication unsuccessful' );
}
# 7-11 # Test clear passwords working, and not working
{
- local $user_password = 'mypassword';
+ local $user_password = 'mypassword';
local $user_get_password_field_name;
my $config = { password_type => 'clear', password_field => 'the_password_field' };
- my $i; lives_ok { $i = $m->new($config, $app, $realm) } 'Construct instance';
+ my $i; lives_ok { $i = $m->new($config, $app_meta->name->new, $realm_meta->name->new) } 'Construct instance';
ok($i, 'Have instance');
- my $r = $i->check_password($user, { username => 'someuser', the_password_field => 'mypassword' });
- is($user_get_password_field_name, 'the_password_field',
+ my $r = $i->check_password($user_meta->name->new, { username => 'someuser', the_password_field => 'mypassword' });
+ is($user_get_password_field_name, 'the_password_field',
'Correct field name from config correctly passed to user');
ok( $r, 'Authentication successful with correct password' );
- $r = $i->check_password($user, { username => 'someuser', the_password_field => 'adifferentpassword' });
+ $r = $i->check_password($user_meta->name->new, { username => 'someuser', the_password_field => 'adifferentpassword' });
ok( ! $r, 'Authentication ussuccessful with incorrect password' );
}
use strict;
use warnings;
-use Test::More tests => 6;
+use Test::More;
use Test::Exception;
my $m; BEGIN { use_ok($m = "Catalyst::Authentication::User") }
{
- package SomeUser;
- use base $m;
-
- sub new { bless {}, shift };
-
- sub supported_features {
- {
- feature => {
- subfeature => 1,
- unsupported_subfeature => 0,
- },
- top_level => 1,
- }
- }
+ package SomeBaseUser;
+ sub other_method { 'FNAR' };
+}
+
+{
+ package SomeUser;
+ use base $m;
+
+ sub new { bless {}, shift };
+
+ sub supported_features {
+ {
+ feature => {
+ subfeature => 1,
+ unsupported_subfeature => 0,
+ },
+ top_level => 1,
+ }
+ }
+ sub get_object {
+ bless {}, 'SomeBaseUser';
+ }
}
my $o = SomeUser->new;
ok( !$o->supports(qw/feature unsupported_subfeature/), "traversal terminating in false");
lives_ok {
- $o->supports("bad_key");
+ $o->supports("bad_key");
} "can check for non existent feature";
#dies_ok {
-# $o->supports(qw/bad_key subfeature/)
+# $o->supports(qw/bad_key subfeature/)
#} "but can't traverse into one";
+lives_ok {
+ is $o->other_method, 'FNAR', 'Delegation onto user object works';
+} 'Delegation lives';
+
+done_testing;
+
--- /dev/null
+use strict;
+use warnings;
+use Test::NoTabs;
+
+all_perl_files_ok;
}
};
-sub moose : Local {
- my ( $self, $c ) = @_;
-
- ok(!$c->user, "no user");
-
- while ( my ($user, $info) = each %$members ) {
-
- ok(
- $c->authenticate(
- { username => $user, password => $info->{password} },
- 'members'
- ),
- "user $user authentication"
- );
-
- # check existing realms
- ok( $c->user_in_realm('members'), "user in members realm");
- ok(!$c->user_in_realm('admins'), "user not in admins realm");
-
- # check an invalid realm
- ok(!$c->user_in_realm('foobar'), "user not in foobar realm");
-
- # check if we've got the right user
- is( $c->user, $info, "user object is in proper place");
-
- $c->logout;
-
- # sanity check
- ok(!$c->user, "no more user after logout");
-
- }
-
- while ( my ($user, $info) = each %$admins ) {
-
- ok(
- $c->authenticate(
- { username => $user, password => $info->{password} },
- 'admins'
- ),
- "user $user authentication"
- );
-
- # check existing realms
- ok(!$c->user_in_realm('members'), "user not in members realm");
- ok( $c->user_in_realm('admins'), "user in admins realm");
-
- # check an invalid realm
- ok(!$c->user_in_realm('foobar'), "user not in foobar realm");
-
- # check if we've got the right user
- is( $c->user, $info, "user object is in proper place");
-
- $c->logout;
-
- # sanity check
- ok(!$c->user, "no more user after logout");
-
- }
-
- $c->res->body( "ok" );
-}
-
-__PACKAGE__->config->{'Plugin::Authentication'} = {
+__PACKAGE__->config('Plugin::Authentication' => {
default_realm => 'members',
realms => {
members => {
},
store => {
class => 'Minimal',
- users => $members
+ users => $members
}
},
admins => {
},
store => {
class => 'Minimal',
- users => $admins
+ users => $admins
}
}
}
-};
+});
__PACKAGE__->setup;
+
+1;
+
--- /dev/null
+package AuthRealmTestApp::Controller::Root;
+use warnings;
+use strict;
+use base qw/Catalyst::Controller/;
+
+__PACKAGE__->config(namespace => '');
+
+use Test::More;
+use Test::Exception;
+
+sub moose : Local {
+ my ( $self, $c ) = @_;
+
+ ok(!$c->user, "no user");
+
+ while ( my ($user, $info) = each %$AuthRealmTestApp::members ) {
+
+ ok(
+ $c->authenticate(
+ { username => $user, password => $info->{password} },
+ 'members'
+ ),
+ "user $user authentication"
+ );
+
+ # check existing realms
+ ok( $c->user_in_realm('members'), "user in members realm");
+ ok(!$c->user_in_realm('admins'), "user not in admins realm");
+
+ # check an invalid realm
+ ok(!$c->user_in_realm('foobar'), "user not in foobar realm");
+
+ # check if we've got the right user
+ is( $c->user, $info, "user object is in proper place");
+
+ $c->logout;
+
+ # sanity check
+ ok(!$c->user, "no more user after logout");
+
+ }
+
+ while ( my ($user, $info) = each %$AuthRealmTestApp::admins ) {
+
+ ok(
+ $c->authenticate(
+ { username => $user, password => $info->{password} },
+ 'admins'
+ ),
+ "user $user authentication"
+ );
+
+ # check existing realms
+ ok(!$c->user_in_realm('members'), "user not in members realm");
+ ok( $c->user_in_realm('admins'), "user in admins realm");
+
+ # check an invalid realm
+ ok(!$c->user_in_realm('foobar'), "user not in foobar realm");
+
+ # check if we've got the right user
+ is( $c->user, $info, "user object is in proper place");
+
+ $c->logout;
+
+ # sanity check
+ ok(!$c->user, "no more user after logout");
+
+ }
+
+ $c->res->body( "ok" );
+}
+
+1;
+
package AuthRealmTestAppCompat;
use warnings;
use strict;
+use base qw/Catalyst/;
### using A::Store::minimal with new style realms
### makes the app blow up, since c::p::a::s::minimal
Authentication::Store::Minimal
/;
-use Test::More;
-use Test::Exception;
-
our $members = {
bob => {
password => "s00p3r"
},
};
-sub moose : Local {
- my ( $self, $c ) = @_;
-
- while ( my ($user, $info) = each %$members ) {
-
- my $ok = eval {
- $c->authenticate(
- { username => $user, password => $info->{password} },
- 'members'
- ),
- };
-
- ok( !$@, "Test did not die: $@" );
- ok( $ok, "user $user authentication" );
- }
-
- $c->res->body( "ok" );
-}
-
-__PACKAGE__->config->{'Plugin::Authentication'} = {
+__PACKAGE__->config('Plugin::Authentication' => {
default_realm => 'members',
members => {
credential => {
users => $members,
}
},
-
-};
+});
__PACKAGE__->setup;
+
+1;
+
--- /dev/null
+package AuthRealmTestAppCompat::Controller::Root;
+use warnings;
+use strict;
+use base qw/Catalyst::Controller/;
+
+__PACKAGE__->config( namespace => '' );
+
+use Test::More;
+use Test::Exception;
+
+sub moose : Local {
+ my ( $self, $c ) = @_;
+
+ while ( my ($user, $info) = each %$AuthRealmTestAppCompat::members ) {
+
+ my $ok = eval {
+ $c->authenticate(
+ { username => $user, password => $info->{password} },
+ 'members'
+ ),
+ };
+
+ ok( !$@, "Test did not die: $@" );
+ ok( $ok, "user $user authentication" );
+ }
+
+ $c->res->body( "ok" );
+}
+
+1;
+
package AuthRealmTestAppProgressive;
use warnings;
use strict;
+use base qw/Catalyst/;
### using A::Store::minimal with new style realms
### makes the app blow up, since c::p::a::s::minimal
Authentication::Store::Minimal
/;
-use Test::More;
-use Test::Exception;
-
our %members = (
'members' => {
bob => { password => "s00p3r" }
},
);
-__PACKAGE__->config->{'Plugin::Authentication'} = {
+__PACKAGE__->config('Plugin::Authentication' => {
default_realm => 'progressive',
progressive => {
class => 'Progressive',
users => $members{members},
}
},
-};
-
-sub progressive : Local {
- my ( $self, $c ) = @_;
-
- foreach my $realm ( keys %members ) {
- while ( my ( $user, $info ) = each %{$members{$realm}} ) {
- my $ok = eval {
- $c->authenticate(
- { username => $user, password => $info->{password} },
- );
- };
- ok( !$@, "authentication passed." );
- ok( $ok, "user authenticated" );
- ok( $c->user_in_realm($realm), "user in proper realm" );
- }
- }
- $c->res->body( "ok" );
-}
+});
__PACKAGE__->setup;
+1;
+
--- /dev/null
+package AuthRealmTestAppProgressive::Controller::Root;
+use warnings;
+use strict;
+use base qw/Catalyst::Controller/;
+
+__PACKAGE__->config(namespace => '');
+
+use Test::More;
+use Test::Exception;
+
+sub progressive : Local {
+ my ( $self, $c ) = @_;
+
+ foreach my $realm ( keys %AuthRealmTestAppProgressive::members ) {
+ while ( my ( $user, $info ) = each %{$AuthRealmTestAppProgressive::members{$realm}} ) {
+ my $ok = eval {
+ $c->authenticate(
+ { username => $user, password => $info->{password} },
+ );
+ };
+ ok( !$@, "authentication passed." );
+ ok( $ok, "user authenticated" );
+ ok( $c->user_in_realm($realm), "user in proper realm" );
+ }
+ }
+ $c->res->body( "ok" );
+}
+
+1;
+
sub store { $_[0]->{store} }
package AuthSessionTestApp;
+use strict;
+use warnings;
+use base qw/Catalyst/;
+
use Catalyst qw/
- Session
- Session::Store::Dummy
- Session::State::Cookie
+ Session
+ Session::Store::Dummy
+ Session::State::Cookie
- Authentication
- Authentication::Store::Minimal
- Authentication::Credential::Password
+ Authentication
+ Authentication::Store::Minimal
+ Authentication::Credential::Password
/;
-use Test::More;
-use Test::Exception;
-
-use Digest::MD5 qw/md5/;
-
-our $users;
-
-sub moose : Local {
- my ( $self, $c ) = @_;
-
- ok(!$c->sessionid, "no session id yet");
- ok(!$c->user_exists, "no user exists");
- ok(!$c->user, "no user yet");
- ok($c->login( "foo", "s3cr3t" ), "can login with clear");
- is( $c->user, $users->{foo}, "user object is in proper place");
-}
-
-sub elk : Local {
- my ( $self, $c ) = @_;
-
- ok( $c->sessionid, "session ID was restored" );
- ok( $c->user_exists, "user exists" );
- ok( $c->user, "a user was also restored");
- is_deeply( $c->user, $users->{foo}, "restored user is the right one (deep test - store might change identity)" );
-
- # Rename the user!
- $users->{bar} = delete $users->{foo};
-}
-
-sub yak : Local {
- my ( $self, $c ) = @_;
- ok( $c->sessionid, "session ID was restored after user renamed" );
- ok( $c->user_exists, "user appears to exist" );
- ok( !$c->user, "user was not restored");
- ok(scalar(@{ $c->error }), 'Error recorded');
- ok( !$c->user_exists, "user no longer appears to exist" );
-}
-
-sub goat : Local {
- my ( $self, $c ) = @_;
- ok($c->login( "bar", "s3cr3t" ), "can login with clear (new username)");
- is( $c->user, $users->{bar}, "user object is in proper place");
- $c->logout;
-}
-
-sub fluffy_bunny : Local {
- my ( $self, $c ) = @_;
-
- ok( $c->session_is_valid, "session ID is restored after logout");
- ok( !$c->user, "no user was restored after logout");
-
- $c->delete_session("bah");
-}
-
-sub possum : Local {
- my ( $self, $c ) = @_;
-
- ok( !$c->session_is_valid, "no session ID was restored");
- $c->session->{definitely_not_a_user} = "moose";
-
-}
-
-sub butterfly : Local {
- my ( $self, $c ) = @_;
-
- ok( $c->session_is_valid, "valid session" );
- ok( !$c->user_exists, "but no user exists" );
- ok( !$c->user, "no user object either" );
-}
-
-__PACKAGE__->config->{'authentication'}{users} = $users = {
- foo => User::SessionRestoring->new(
- id => 'foo',
- password => "s3cr3t",
- ),
+our $users = {
+ foo => User::SessionRestoring->new(
+ id => 'foo',
+ password => "s3cr3t",
+ ),
};
+__PACKAGE__->config(authentication => {users => $users});
+
__PACKAGE__->setup;
$users->{foo}{store} = __PACKAGE__->default_auth_store;
+
+1;
+
--- /dev/null
+package AuthSessionTestApp::Controller::Root;
+use strict;
+use warnings;
+use base qw/Catalyst::Controller/;
+
+__PACKAGE__->config(namespace => '');
+
+use Test::More;
+use Test::Exception;
+
+use Digest::MD5 qw/md5/;
+
+sub moose : Local {
+ my ( $self, $c ) = @_;
+
+ ok(!$c->sessionid, "no session id yet");
+ ok(!$c->user_exists, "no user exists");
+ ok(!$c->user, "no user yet");
+ ok($c->login( "foo", "s3cr3t" ), "can login with clear");
+ is( $c->user, $AuthSessionTestApp::users->{foo}, "user object is in proper place");
+}
+
+sub elk : Local {
+ my ( $self, $c ) = @_;
+
+ ok( $c->sessionid, "session ID was restored" );
+ ok( $c->user_exists, "user exists" );
+ ok( $c->user, "a user was also restored");
+ is_deeply( $c->user, $AuthSessionTestApp::users->{foo}, "restored user is the right one (deep test - store might change identity)" );
+
+ # Rename the user!
+ $AuthSessionTestApp::users->{bar} = delete $AuthSessionTestApp::users->{foo};
+}
+
+sub yak : Local {
+ my ( $self, $c ) = @_;
+ ok( $c->sessionid, "session ID was restored after user renamed" );
+ ok( $c->user_exists, "user appears to exist" );
+ ok( !$c->user, "user was not restored");
+ ok(scalar(@{ $c->error }), 'Error recorded');
+ ok( !$c->user_exists, "user no longer appears to exist" );
+}
+
+sub goat : Local {
+ my ( $self, $c ) = @_;
+ ok($c->login( "bar", "s3cr3t" ), "can login with clear (new username)");
+ is( $c->user, $AuthSessionTestApp::users->{bar}, "user object is in proper place");
+ $c->logout;
+}
+
+sub fluffy_bunny : Local {
+ my ( $self, $c ) = @_;
+
+ ok( $c->session_is_valid, "session ID is restored after logout");
+ ok( !$c->user, "no user was restored after logout");
+
+ $c->delete_session("bah");
+}
+
+sub possum : Local {
+ my ( $self, $c ) = @_;
+
+ ok( !$c->session_is_valid, "no session ID was restored");
+ $c->session->{definitely_not_a_user} = "moose";
+
+}
+
+sub butterfly : Local {
+ my ( $self, $c ) = @_;
+
+ ok( $c->session_is_valid, "valid session" );
+ ok( !$c->user_exists, "but no user exists" );
+ ok( !$c->user, "no user object either" );
+}
+
+1;
+
package AuthTestApp;
+use strict;
+use warnings;
+use base qw/Catalyst/;
use Catalyst qw/
- Authentication
- Authentication::Store::Minimal
- Authentication::Credential::Password
+ Authentication
+ Authentication::Store::Minimal
+ Authentication::Credential::Password
/;
-use Test::More;
-use Test::Exception;
-
use Digest::MD5 qw/md5/;
use Digest::SHA1 qw/sha1_base64/;
-our $users;
-
-sub number_of_elements { return scalar @_ }
-
-sub moose : Local {
- my ( $self, $c ) = @_;
-
- is(number_of_elements($c->user), 1, "Array undef");
- is($c->user, undef, "no user, returns undef");
- ok(!$c->user, "no user");
- ok($c->login( "foo", "s3cr3t" ), "can login with clear");
- is( $c->user, $users->{foo}, "user object is in proper place");
-
- ok( !$c->user->roles, "no roles for foo" );
- my @new = qw/foo bar gorch/;
- $c->user->roles( @new );
- is_deeply( [ $c->user->roles ], \@new, "roles set as array");
-
- $c->logout;
- ok(!$c->user, "no more user, after logout");
-
- ok($c->login( "bar", "s3cr3t" ), "can login with crypted");
- is( $c->user, $users->{bar}, "user object is in proper place");
- $c->logout;
-
- ok($c->login("gorch", "s3cr3t"), "can login with hashed");
- is( $c->user, $users->{gorch}, "user object is in proper place");
- $c->logout;
-
- ok($c->login("shabaz", "s3cr3t"), "can login with base64 hashed");
- is( $c->user, $users->{shabaz}, "user object is in proper place");
- $c->logout;
-
- ok($c->login("sadeek", "s3cr3t"), "can login with padded base64 hashed");
- is( $c->user, $users->{sadeek}, "user object is in proper place");
- $c->logout;
-
- ok(!$c->login( "bar", "bad pass" ), "can't login with bad password");
- ok(!$c->user, "no user");
+our $users = {
+ foo => {
+ password => "s3cr3t",
+ },
+ bar => {
+ crypted_password => crypt("s3cr3t", "x8"),
+ },
+ gorch => {
+ hashed_password => md5("s3cr3t"),
+ hash_algorithm => "MD5",
+ },
+ shabaz => {
+ hashed_password => sha1_base64("s3cr3t"),
+ hash_algorithm => "SHA-1"
+ },
+ sadeek => {
+ hashed_password => sha1_base64("s3cr3t").'=',
+ hash_algorithm => "SHA-1"
+ },
+ baz => {},
+};
- throws_ok { $c->login( "baz", "foo" ) } qr/support.*mechanism/, "can't login without any supported mech";
+__PACKAGE__->config('Plugin::Authentication' =>{users => $users});
- $c->res->body( "ok" );
-}
+__PACKAGE__->setup;
-__PACKAGE__->config->{'Plugin::Authentication'}{users} = $users = {
- foo => {
- password => "s3cr3t",
- },
- bar => {
- crypted_password => crypt("s3cr3t", "x8"),
- },
- gorch => {
- hashed_password => md5("s3cr3t"),
- hash_algorithm => "MD5",
- },
- shabaz => {
- hashed_password => sha1_base64("s3cr3t"),
- hash_algorithm => "SHA-1"
- },
- sadeek => {
- hashed_password => sha1_base64("s3cr3t").'=',
- hash_algorithm => "SHA-1"
- },
- baz => {},
-};
+1;
-__PACKAGE__->setup;
--- /dev/null
+package AuthTestApp::Controller::Root;
+use strict;
+use warnings;
+use base qw/ Catalyst::Controller /;
+
+__PACKAGE__->config( namespace => '' );
+
+use Test::More;
+use Test::Exception;
+
+use Digest::MD5 qw/md5/;
+use Digest::SHA1 qw/sha1_base64/;
+
+sub number_of_elements { return scalar @_ }
+
+sub moose : Local {
+ my ( $self, $c ) = @_;
+
+ is(number_of_elements($c->user), 1, "Array undef");
+ is($c->user, undef, "no user, returns undef");
+ ok(!$c->user, "no user");
+ ok($c->login( "foo", "s3cr3t" ), "can login with clear");
+ is( $c->user, $AuthTestApp::users->{foo}, "user object is in proper place");
+
+ ok( !$c->user->roles, "no roles for foo" );
+ my @new = qw/foo bar gorch/;
+ $c->user->roles( @new );
+ is_deeply( [ $c->user->roles ], \@new, "roles set as array");
+
+ $c->logout;
+ ok(!$c->user, "no more user, after logout");
+
+ ok($c->login( "bar", "s3cr3t" ), "can login with crypted");
+ is( $c->user, $AuthTestApp::users->{bar}, "user object is in proper place");
+ $c->logout;
+
+ ok($c->login("gorch", "s3cr3t"), "can login with hashed");
+ is( $c->user, $AuthTestApp::users->{gorch}, "user object is in proper place");
+ $c->logout;
+
+ ok($c->login("shabaz", "s3cr3t"), "can login with base64 hashed");
+ is( $c->user, $AuthTestApp::users->{shabaz}, "user object is in proper place");
+ $c->logout;
+
+ ok($c->login("sadeek", "s3cr3t"), "can login with padded base64 hashed");
+ is( $c->user, $AuthTestApp::users->{sadeek}, "user object is in proper place");
+ $c->logout;
+
+ ok(!$c->login( "bar", "bad pass" ), "can't login with bad password");
+ ok(!$c->user, "no user");
+
+ throws_ok { $c->login( "baz", "foo" ) } qr/support.*mechanism/, "can't login without any supported mech";
+
+ $c->res->body( "ok" );
+}
+
+
package RemoteTestApp1;
-
+use strict;
+use warnings;
use Catalyst qw/
Authentication
/;
},
);
-sub default : Local {
- my ( $self, $c ) = @_;
- if ($c->authenticate()) {
- $c->res->body('User:' . $c->user->{id});
- }
- else {
- $c->res->body('FAIL');
- $c->res->status(403);
- }
-}
-
-sub public : Local {
- my ( $self, $c ) = @_;
- $c->res->body('OK');
-}
-
__PACKAGE__->setup;
+1;
+
--- /dev/null
+package RemoteTestApp1::Controller::Root;
+use strict;
+use warnings;
+use base qw/Catalyst::Controller/;
+
+__PACKAGE__->config(namespace => '');
+
+sub default : Local {
+ my ( $self, $c ) = @_;
+ if ($c->authenticate()) {
+ $c->res->body('User:' . $c->user->{username});
+ }
+ else {
+ $c->res->body('FAIL');
+ $c->res->status(403);
+ }
+}
+
+sub public : Local {
+ my ( $self, $c ) = @_;
+ $c->res->body('OK');
+}
+
+1;
+
package RemoteTestApp2;
+use strict;
+use warnings;
use Catalyst qw/
Authentication
deny_regexp=> 'denied',
cutname_regexp=> 'CN=(.*)/OU=Test',
source => 'SSL_CLIENT_S_DN',
+ username_field => 'my_user_name',
},
store => {
class => 'Null',
},
);
-sub default : Local {
- my ( $self, $c ) = @_;
- if ($c->authenticate()) {
- $c->res->body('User:' . $c->user->{id});
- }
- else {
- $c->res->body('FAIL');
- $c->res->status(403);
- }
-}
-
-sub public : Local {
- my ( $self, $c ) = @_;
- $c->res->body('OK');
-}
-
__PACKAGE__->setup;
+1;
+
--- /dev/null
+package RemoteTestApp2::Controller::Root;
+use strict;
+use warnings;
+use base 'Catalyst::Controller';
+
+__PACKAGE__->config(namespace => '');
+
+sub default : Local {
+ my ( $self, $c ) = @_;
+ if ($c->authenticate()) {
+ $c->res->body(
+ 'my_user_name:'
+ . $c->user->{my_user_name}
+ );
+ }
+ else {
+ $c->res->body('FAIL');
+ $c->res->status(403);
+ }
+}
+
+sub public : Local {
+ my ( $self, $c ) = @_;
+ $c->res->body('OK');
+}
+
+1;
+
use strict;
use warnings;
-use Test::More;
+use Test::More;
BEGIN {
plan skip_all => "Digest::SHA1 is required for this test" unless eval { require Digest::SHA1 };
- plan "no_plan";
+ plan "no_plan";
}
use lib 't/lib';
use strict;
use warnings;
-use Test::More tests => 7;
+use Test::More;
use lib 't/lib';
use Catalyst::Test qw/AuthRealmTestAppProgressive/;
ok(get("/progressive"), "get ok");
+
+done_testing;
+
use strict;
use warnings;
-use Test::More tests => 10;
+use Test::More;
use lib 't/lib';
use Catalyst::Test qw/RemoteTestApp1/;
$RemoteTestEngine::REMOTE_USER = 'CN=/OU=Test/C=Company';
is( request('/')->content, 'User:CN=/OU=Test/C=Company', 'testing "cutname" option - empty $1 match' );
+
+done_testing;
+
use strict;
use warnings;
-use Test::More tests => 3;
+use Test::More;
use lib 't/lib';
use Catalyst::Test qw/RemoteTestApp2/;
$RemoteTestEngine::SSL_CLIENT_S_DN = 'CN=namexyz/OU=Test/C=Company';
ok( request('/')->is_success, 'testing "source" + "cutname" 1' );
-is( request('/')->content, 'User:namexyz', 'testing "source" + "cutname" 2' );
+is( request('/')->content, "my_user_name:namexyz",
+ 'testing "source" + "cutname" 2' );
+
+done_testing;
+
use Test::More;
BEGIN {
- eval { require Test::WWW::Mechanize::Catalyst; require Catalyst::Plugin::Session; require Catalyst::Plugin::Session::State::Cookie };
- plan skip_all => "This test needs Test::WWW::Mechanize::Catalyst, Catalyst::Plugin::Session and Catalyst::Plugin::Session::State::Cookie installed" if $@;
+ eval { require Test::WWW::Mechanize::Catalyst; require Catalyst::Plugin::Session; require Catalyst::Plugin::Session::State::Cookie };
+ plan skip_all => "This test needs Test::WWW::Mechanize::Catalyst, Catalyst::Plugin::Session and Catalyst::Plugin::Session::State::Cookie installed" if $@;
plan skip_all => "This test needs Test::WWW::Mechanize::Catalyst >= 0.50, you have only $Test::WWW::Mechanize::Catalyst::VERSION"
unless $Test::WWW::Mechanize::Catalyst::VERSION >= 0.50;
- plan tests => 29;
}
use lib 't/lib';
$m->get("http://localhost/yak");
ok(!$m->success, 'Not ok, user unable to be resotred == nasal demons');
-$m->get_ok("http://localhost/goat", "get ok");
-$m->get_ok("http://localhost/fluffy_bunny", "get ok");
-$m->get_ok("http://localhost/possum", "get ok");
-$m->get_ok("http://localhost/butterfly", "get ok");
+foreach my $type (qw/ goat fluffy_bunny possum butterfly /) {
+ $m->get_ok("http://localhost/$type", "get $type ok");
+}
+
+done_testing;
projects / catagits/Catalyst-Plugin-Authentication.git / commitdiff