[catagits/Catalyst-Authentication-Store-DBIx-Class.git] / lib / Catalyst / Authentication / Store / DBIx / Class.pm

package Catalyst::Authentication::Store::DBIx::Class;

use strict;
use warnings;
use base qw/Class::Accessor::Fast/;

our $VERSION= "0.101";


BEGIN {
    __PACKAGE__->mk_accessors(qw/config/);
}


sub new {
    my ( $class, $config, $app ) = @_;

    ## figure out if we are overriding the default store user class 
    $config->{'store_user_class'} = (exists($config->{'store_user_class'})) ? $config->{'store_user_class'} :
                                        "Catalyst::Authentication::Store::DBIx::Class::User";

    ## make sure the store class is loaded.
    Catalyst::Utils::ensure_class_loaded( $config->{'store_user_class'} );
    
    ## fields can be specified to be ignored during user location.  This allows
    ## the store to ignore certain fields in the authinfo hash.
    
    $config->{'ignore_fields_in_find'} ||= [ ];

    my $self = {
                    config => $config
               };

    bless $self, $class;

}

## --jk note to self:
## let's use DBICs get_columns method to return a hash and save / restore that
## from the session.  Then we can respond to get() calls, etc. in most cases without
## resorting to a DB call.  If user_object is called, THEN we can hit the DB and
## return a real object.  
sub from_session {
    my ( $self, $c, $frozenuser ) = @_;

    return $frozenuser if ref $frozenuser;
    
    my $user = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
    
    return $user->from_session($frozenuser, $c);
}

sub for_session {
    my ($self, $c, $user) = @_;
    
    return $user->for_session($c);
}

sub find_user {
    my ( $self, $authinfo, $c ) = @_;
    
    my $user = $self->config->{'store_user_class'}->new($self->{'config'}, $c);

    return $user->load($authinfo, $c);

}

sub user_supports {
    my $self = shift;
    # this can work as a class method on the user class
    $self->config->{'store_user_class'}->supports( @_ );
}

sub auto_create_user {
    my( $self, $authinfo, $c ) = @_;
    my $res = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
    return $res->auto_create( $authinfo, $c );
}

sub auto_update_user {
    my( $self, $authinfo, $c, $res ) = @_;
    $res->auto_update( $authinfo, $c );
    return $res;
}

__PACKAGE__;

__END__

=head1 NAME

Catalyst::Authentication::Store::DBIx::Class - A storage class for Catalyst Authentication using DBIx::Class

=head1 VERSION

This documentation refers to version 0.10.

=head1 SYNOPSIS

    use Catalyst qw/
                    Authentication
                    Authorization::Roles/;

    __PACKAGE__->config->{authentication} = 
                    {  
                        default_realm => 'members',
                        realms => {
                            members => {
                                credential => {
                                    class => 'Password',
                                    password_field => 'password',
                                    password_type => 'clear'
                                },
                                store => {
                                    class => 'DBIx::Class',
            	                    user_class => 'MyApp::Users',
            	                    id_field => 'user_id',
            	                    role_relation => 'roles',
            	                    role_field => 'rolename',	                
            	                }
                            }
                    	}
                    };

    # Log a user in:
    
    sub login : Global {
        my ( $self, $c ) = @_;
        
        $c->authenticate({  
                          username => $c->req->params->username,
                          password => $c->req->params->password,
                          status => [ 'registered', 'loggedin', 'active']
                          }))
    }
    
    # verify a role 
    
    if ( $c->check_user_roles( 'editor' ) ) {
        # do editor stuff
    }
    
=head1 DESCRIPTION

The Catalyst::Authentication::Store::DBIx::Class class provides 
access to authentication information stored in a database via DBIx::Class.

=head1 CONFIGURATION

The DBIx::Class authentication store is activated by setting the store
config's B<class> element to DBIx::Class as shown above.  See the 
L<Catalyst::Plugin::Authentication> documentation for more details on 
configuring the store.

The DBIx::Class storage module has several configuration options


    __PACKAGE__->config->{authentication} = 
                    {  
                        default_realm => 'members',
                        realms => {
                            members => {
                                credential => {
                                    # ...
                                },
                                store => {
                                    class => 'DBIx::Class',
            	                    user_class => 'MyApp::Users',
            	                    id_field => 'user_id',
            	                    role_relation => 'roles',
            	                    role_field => 'rolename',
            	                    ignore_fields_in_find => [ 'remote_name' ]          
            	                }
                	        }
                    	}
                    };

=over 4

=item class

Class is part of the core Catalyst::Plugin::Authentication module, it
contains the class name of the store to be used.

=item user_class

Contains the class name (as passed to $c->model()) of the DBIx::Class schema
to use as the source for user information.  This config item is B<REQUIRED>.

=item id_field

Contains the field name containing the unique identifier for a user.  This is 
used when storing and retrieving a user from the session.  The value in this
field should correspond to a single user in the database.  Defaults to 'id'.

=item role_column

If your role information is stored in the same table as the rest of your user
information, this item tells the module which field contains your role
information.  The DBIx::Class authentication store expects the data in this
field to be a series of role names separated by some combination of spaces, 
commas or pipe characters.  

=item role_relation

If your role information is stored in a separate table, this is the name of
the relation that will lead to the roles the user is in.  If this is 
specified then a role_field is also required.  Also when using this method
it is expected that your role table will return one row for each role 
the user is in.

=item role_field

This is the name of the field in the role table that contains the string 
identifying the role.  

=item ignore_fields_in_find

This item is an array containing fields that may be passed to the
$c->authenticate() routine (and therefore find_user in the storage class), but
which should be ignored when creating the DBIx::Class search to retrieve a
user. This makes it possible to avoid problems when a credential requires an
authinfo element whose name overlaps with a column name in your users table.
If this doesn't make sense to you, you probably don't need it.

=item store_user_class

This allows you to override the authentication user class that the 
DBIx::Class store module uses to perform it's work.  Most of the
work done in this module is actually done by the user class, 
L<Catalyst::Authentication::Store::DBIx::Class::User>, so
overriding this doesn't make much sense unless you are using your
own class to extend the functionality of the existing class.  
Chances are you do not want to set this.

=back

=head1 USAGE 

The L<Catalyst::Authentication::Store::DBIx::Class> storage module
is not called directly from application code.  You interface with it 
through the $c->authenticate() call.  

There are three methods you can use to retrieve information from the DBIx::Class
storage module.  They are Simple retrieval, and the advanced retrieval methods
Searchargs and Resultset.

=head2 Simple Retrieval 

The first, and most common, method is simple retrieval. As it's name implies
simple retrieval allows you to simply to provide the column => value pairs
that should be used to locate the user in question. An example of this usage
is below:

    if ($c->authenticate({  
                          username => $c->req->params->{'username'},
                          password => $c->req->params->{'password'},
                          status => [ 'registered', 'active', 'loggedin']
                         })) {

        # ... authenticated user code here
    }

The above example would attempt to retrieve a user whose username column
matched the username provided, and whose status column matched one of the
values provided. These name => value pairs are used more or less directly in
the DBIx::Class' search() routine, so in most cases, you can use DBIx::Class
syntax to retrieve the user according to whatever rules you have.

NOTE: Because the password in most cases is encrypted - it is not used
directly but it's encryption and comparison with the value provided is usually
handled by the Password Credential. Part of the Password Credential's behavior
is to remove the password argument from the authinfo that is passed to the
storage module. See L<Catalyst::Authentication::Credential::Password>.

One thing you need to know about this retrieval method is that the name
portion of the pair is checked against the user class' column list. Pairs are
only used if a matching column is found. Other pairs will be ignored. This
means that you can only provide simple name-value pairs, and that some more
advanced DBIx::Class constructs, such as '-or', '-and', etc. are in most cases
not possible using this method. For queries that require this level of
functionality, see the 'searchargs' method below.

=head2 Advanced Retrieval

The Searchargs and Resultset retrieval methods are used when more advanced
features of the underlying L<DBIx::Class> schema are required. These methods
provide a direct interface with the DBIx::Class schema and therefore
require a better understanding of the DBIx::Class module.  

=head3 The dbix_class key

Since the format of these arguments are often complex, they are not keys in
the base authinfo hash.  Instead, both of these arguments are placed within 
a hash attached to the store-specific 'dbix_class' key in the base $authinfo 
hash.  When the DBIx::Class authentication store sees the 'dbix_class' key
in the passed authinfo hash, all the other information in the authinfo hash
is ignored and only the values within the 'dbix_class' hash are used as 
though they were passed directly within the authinfo hash.  In other words, if
'dbix_class' is present, it replaces the authinfo hash for processing purposes.

The 'dbix_class' hash can be used to directly pass arguments to the
DBIx::Class authentication store. Reasons to do this are to avoid credential
modification of the authinfo hash, or to avoid overlap between credential and
store key names. It's a good idea to avoid using it in this way unless you are
sure you have an overlap/modification issue. However, the two advanced
retrieval methods, B<searchargs> and B<resultset>, require it's use, as they 
are only processed as part of the 'dbix_class' hash

=over 4

=item Searchargs

The B<searchargs> method of retrieval allows you to specify an arrayref containing
the two arguments to the search() method from L<DBIx::Class::ResultSet>.  If provided,
all other args are ignored, and the search args provided are used directly to locate
the user.  An example will probably make more sense:

    if ($c->authenticate(
        { 
            password => $password,
            'dbix_class' => 
                {
                    searchargs = [ { -or => [ username => $username,
                                              email => $email,
                                              clientid => $clientid ] 
                                   },
                                   { prefetch => qw/ preferences / } 
                                 ]
                }
        } ) ) 
    {
        # do successful authentication actions here.
    }

The above would allow authentication based on any of the three items -
username, email or clientid and would prefetch the data related to that user
from the preferences table. The searchargs array is passed directly to the
search() method associated with the user_class.

=item Resultset

The B<resultset> method of retrieval allows you to directly specify a
resultset to be used for user retrieval. This allows you to create a resultset
within your login action and use it for retrieving the user. A simple example:

    my $rs = $c->model('MyApp::User')->search({ email => $c->request->params->{'email'} });
       ... # further $rs adjustments
       
    if ($c->authenticate({ 
                           password => $password,
                           'dbix_class' => {  resultset = $rs }
                         })) {
       # do successful authentication actions here.
    } 

Be aware that the resultset method will not verify that you are passing a
resultset that is attached to the same user_class as specified in the config.

NOTE: All of these methods of user retrieval, including the resultset method,
consider the first row returned to be the matching user. In most cases there
will be only one matching row, but it is easy to produce multiple rows,
especially when using the advanced retrieval methods. Remember, what you get
when you use this module is what you would get when calling
search(...)->first;

NOTE ALSO:  The user info used to save the user to the session and to retrieve
it is the same regardless of what method of retrieval was used.  In short,
the value in the id field (see 'id_field' config item) is used to retrieve the 
user from the database upon restoring from the session.  When the DBIx::Class storage
module does this, it does so by doing a simple search using the id field.  In other
words, it will not use the same arguments you used to request the user initially. 
This is especially important to those using the advanced methods of user retrieval. 
If you need more complicated logic when reviving the user from the session, you will
most likely want to subclass the L<Catalyst::Authentication::Store::DBIx::Class::User> class 
and provide your own for_session and from_session routines.

=back


=head1 METHODS

There are no publicly exported routines in the DBIx::Class authentication 
store (or indeed in most authentication stores)  However, below is a 
description of the routines required by L<Catalyst::Plugin::Authentication> 
for all authentication stores.  Please see the documentation for 
L<Catalyst::Plugin::Authentication::Internals> for more information.


=head2 new ( $config, $app )

Constructs a new store object.

=head2 find_user ( $authinfo, $c ) 

Finds a user using the information provided in the $authinfo hashref and
returns the user, or undef on failure; This is usually called from the
Credential. This translates directly to a call to
L<Catalyst::Authentication::Store::DBIx::Class::User>'s load() method.

=head2 for_session ( $c, $user )

Prepares a user to be stored in the session. Currently returns the value of
the user's id field - (as indicated by the 'id_field' config element)

=head2 from_session ( $c, $frozenuser)

Revives a user from the session based on the info provided in $frozenuser.
Currently treats $frozenuser as an id and retrieves a user with a matching id.

=head2 user_supports

Provides information about what the user object supports.  

=head2 auto_update_user( $authinfo, $c, $res )

This method is called if the realm's auto_update_user setting is true. It
will delegate to the user object's C<auto_update> method.

=head2 auto_create_user( $authinfo, $c )

This method is called if the realm's auto_create_user setting is true. It
will delegate to the user class' (resultset) C<auto_create> method.

=head1 NOTES

As of the current release, session storage consists of simply storing the user's
id in the session, and then using that same id to re-retrieve the users information
from the database upon restoration from the session.  More dynamic storage of
user information in the session is intended for a future release.

=head1 BUGS AND LIMITATIONS

None known currently, please email the author if you find any.

=head1 SEE ALSO

L<Catalyst::Plugin::Authentication>, L<Catalyst::Plugin::Authentication::Internals>,
and L<Catalyst::Plugin::Authorization::Roles>

=head1 AUTHOR

Jason Kuri (jayk@cpan.org)

=head1 LICENSE

Copyright (c) 2007 the aforementioned authors. All rights
reserved. This program is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.

=cut
Commit	Line	Data
6727afe2	1	package Catalyst::Authentication::Store::DBIx::Class;
5000f545	2
	3	use strict;
	4	use warnings;
	5	use base qw/Class::Accessor::Fast/;
	6
a58978c0	7	our $VERSION= "0.101";
6727afe2	8
b33ee900	9
	10	BEGIN {
	11	__PACKAGE__->mk_accessors(qw/config/);
	12	}
	13
6727afe2	14
5000f545	15	sub new {
	16	my ( $class, $config, $app ) = @_;
	17
b33ee900	18	## figure out if we are overriding the default store user class
b33ee900	19	$config->{'store_user_class'} = (exists($config->{'store_user_class'})) ? $config->{'store_user_class'} :
6727afe2	20	"Catalyst::Authentication::Store::DBIx::Class::User";
b33ee900	21
5000f545	22	## make sure the store class is loaded.
b33ee900	23	Catalyst::Utils::ensure_class_loaded( $config->{'store_user_class'} );
5000f545	24
b33ee900	25	## fields can be specified to be ignored during user location. This allows
ff7203cb	26	## the store to ignore certain fields in the authinfo hash.
5000f545	27
b33ee900	28	$config->{'ignore_fields_in_find'} \|\|= [ ];
	29
	30	my $self = {
	31	config => $config
	32	};
5000f545	33
5000f545	34	bless $self, $class;
b33ee900	35
5000f545	36	}
5000f545	37
ba48c9c3	38	## --jk note to self:
	39	## let's use DBICs get_columns method to return a hash and save / restore that
	40	## from the session. Then we can respond to get() calls, etc. in most cases without
	41	## resorting to a DB call. If user_object is called, THEN we can hit the DB and
	42	## return a real object.
5000f545	43	sub from_session {
	44	my ( $self, $c, $frozenuser ) = @_;
	45
	46	return $frozenuser if ref $frozenuser;
b33ee900	47
	48	my $user = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
	49
	50	return $user->from_session($frozenuser, $c);
5000f545	51	}
	52
	53	sub for_session {
	54	my ($self, $c, $user) = @_;
	55
	56	return $user->for_session($c);
	57	}
	58
	59	sub find_user {
	60	my ( $self, $authinfo, $c ) = @_;
	61
b33ee900	62	my $user = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
5000f545	63
b33ee900	64	return $user->load($authinfo, $c);
	65
	66	}
5000f545	67
5000f545	68	sub user_supports {
b33ee900	69	my $self = shift;
	70	# this can work as a class method on the user class
	71	$self->config->{'store_user_class'}->supports( @_ );
5000f545	72	}
5000f545	73
67f6319b	74	sub auto_create_user {
fb689852	75	my( $self, $authinfo, $c ) = @_;
	76	my $res = $self->config->{'store_user_class'}->new($self->{'config'}, $c);
	77	return $res->auto_create( $authinfo, $c );
	78	}
	79
67f6319b	80	sub auto_update_user {
fb689852	81	my( $self, $authinfo, $c, $res ) = @_;
	82	$res->auto_update( $authinfo, $c );
	83	return $res;
	84	}
	85
5000f545	86	__PACKAGE__;
	87
	88	__END__
	89
	90	=head1 NAME
	91
6727afe2	92	Catalyst::Authentication::Store::DBIx::Class - A storage class for Catalyst Authentication using DBIx::Class
5000f545	93
	94	=head1 VERSION
	95
ad93b3e9	96	This documentation refers to version 0.10.
5000f545	97
	98	=head1 SYNOPSIS
	99
93102ff5	100	use Catalyst qw/
	101	Authentication
	102	Authorization::Roles/;
	103
	104	__PACKAGE__->config->{authentication} =
	105	{
	106	default_realm => 'members',
	107	realms => {
	108	members => {
	109	credential => {
	110	class => 'Password',
	111	password_field => 'password',
	112	password_type => 'clear'
	113	},
	114	store => {
	115	class => 'DBIx::Class',
	116	user_class => 'MyApp::Users',
	117	id_field => 'user_id',
	118	role_relation => 'roles',
	119	role_field => 'rolename',
	120	}
c1d29ab7	121	}
93102ff5	122	}
	123	};
	124
	125	# Log a user in:
	126
	127	sub login : Global {
	128	my ( $self, $c ) = @_;
	129
	130	$c->authenticate({
c1d29ab7	131	username => $c->req->params->username,
	132	password => $c->req->params->password,
	133	status => [ 'registered', 'loggedin', 'active']
	134	}))
93102ff5	135	}
	136
	137	# verify a role
	138
	139	if ( $c->check_user_roles( 'editor' ) ) {
	140	# do editor stuff
	141	}
	142
5000f545	143	=head1 DESCRIPTION
5000f545	144
6727afe2	145	The Catalyst::Authentication::Store::DBIx::Class class provides
93102ff5	146	access to authentication information stored in a database via DBIx::Class.
	147
	148	=head1 CONFIGURATION
	149
	150	The DBIx::Class authentication store is activated by setting the store
c1d29ab7	151	config's B<class> element to DBIx::Class as shown above. See the
93102ff5	152	L<Catalyst::Plugin::Authentication> documentation for more details on
	153	configuring the store.
	154
	155	The DBIx::Class storage module has several configuration options
	156
93102ff5	157
	158	__PACKAGE__->config->{authentication} =
	159	{
	160	default_realm => 'members',
	161	realms => {
	162	members => {
	163	credential => {
	164	# ...
	165	},
	166	store => {
	167	class => 'DBIx::Class',
	168	user_class => 'MyApp::Users',
	169	id_field => 'user_id',
	170	role_relation => 'roles',
	171	role_field => 'rolename',
	172	ignore_fields_in_find => [ 'remote_name' ]
	173	}
	174	}
	175	}
	176	};
	177
b81ead77	178	=over 4
b81ead77	179
93102ff5	180	=item class
93102ff5	181
6727afe2	182	Class is part of the core Catalyst::Plugin::Authentication module, it
93102ff5	183	contains the class name of the store to be used.
	184
	185	=item user_class
5000f545	186
93102ff5	187	Contains the class name (as passed to $c->model()) of the DBIx::Class schema
93102ff5	188	to use as the source for user information. This config item is B<REQUIRED>.
5000f545	189
93102ff5	190	=item id_field
5000f545	191
93102ff5	192	Contains the field name containing the unique identifier for a user. This is
	193	used when storing and retrieving a user from the session. The value in this
	194	field should correspond to a single user in the database. Defaults to 'id'.
5000f545	195
93102ff5	196	=item role_column
5000f545	197
93102ff5	198	If your role information is stored in the same table as the rest of your user
	199	information, this item tells the module which field contains your role
	200	information. The DBIx::Class authentication store expects the data in this
	201	field to be a series of role names separated by some combination of spaces,
	202	commas or pipe characters.
5000f545	203
93102ff5	204	=item role_relation
5000f545	205
93102ff5	206	If your role information is stored in a separate table, this is the name of
	207	the relation that will lead to the roles the user is in. If this is
	208	specified then a role_field is also required. Also when using this method
	209	it is expected that your role table will return one row for each role
	210	the user is in.
5000f545	211
93102ff5	212	=item role_field
5000f545	213
93102ff5	214	This is the name of the field in the role table that contains the string
93102ff5	215	identifying the role.
5000f545	216
93102ff5	217	=item ignore_fields_in_find
5000f545	218
c1d29ab7	219	This item is an array containing fields that may be passed to the
	220	$c->authenticate() routine (and therefore find_user in the storage class), but
	221	which should be ignored when creating the DBIx::Class search to retrieve a
	222	user. This makes it possible to avoid problems when a credential requires an
	223	authinfo element whose name overlaps with a column name in your users table.
	224	If this doesn't make sense to you, you probably don't need it.
5000f545	225
93102ff5	226	=item store_user_class
5000f545	227
93102ff5	228	This allows you to override the authentication user class that the
	229	DBIx::Class store module uses to perform it's work. Most of the
	230	work done in this module is actually done by the user class,
6727afe2	231	L<Catalyst::Authentication::Store::DBIx::Class::User>, so
93102ff5	232	overriding this doesn't make much sense unless you are using your
	233	own class to extend the functionality of the existing class.
	234	Chances are you do not want to set this.
5000f545	235
93102ff5	236	=back
5000f545	237
93102ff5	238	=head1 USAGE
5000f545	239
6727afe2	240	The L<Catalyst::Authentication::Store::DBIx::Class> storage module
93102ff5	241	is not called directly from application code. You interface with it
93102ff5	242	through the $c->authenticate() call.
5000f545	243
c1d29ab7	244	There are three methods you can use to retrieve information from the DBIx::Class
	245	storage module. They are Simple retrieval, and the advanced retrieval methods
	246	Searchargs and Resultset.
	247
	248	=head2 Simple Retrieval
	249
	250	The first, and most common, method is simple retrieval. As it's name implies
	251	simple retrieval allows you to simply to provide the column => value pairs
	252	that should be used to locate the user in question. An example of this usage
	253	is below:
	254
	255	if ($c->authenticate({
	256	username => $c->req->params->{'username'},
	257	password => $c->req->params->{'password'},
	258	status => [ 'registered', 'active', 'loggedin']
	259	})) {
	260
	261	# ... authenticated user code here
	262	}
	263
	264	The above example would attempt to retrieve a user whose username column
	265	matched the username provided, and whose status column matched one of the
	266	values provided. These name => value pairs are used more or less directly in
	267	the DBIx::Class' search() routine, so in most cases, you can use DBIx::Class
	268	syntax to retrieve the user according to whatever rules you have.
	269
	270	NOTE: Because the password in most cases is encrypted - it is not used
	271	directly but it's encryption and comparison with the value provided is usually
	272	handled by the Password Credential. Part of the Password Credential's behavior
	273	is to remove the password argument from the authinfo that is passed to the
6727afe2	274	storage module. See L<Catalyst::Authentication::Credential::Password>.
c1d29ab7	275
	276	One thing you need to know about this retrieval method is that the name
	277	portion of the pair is checked against the user class' column list. Pairs are
	278	only used if a matching column is found. Other pairs will be ignored. This
	279	means that you can only provide simple name-value pairs, and that some more
	280	advanced DBIx::Class constructs, such as '-or', '-and', etc. are in most cases
	281	not possible using this method. For queries that require this level of
	282	functionality, see the 'searchargs' method below.
	283
	284	=head2 Advanced Retrieval
	285
	286	The Searchargs and Resultset retrieval methods are used when more advanced
	287	features of the underlying L<DBIx::Class> schema are required. These methods
	288	provide a direct interface with the DBIx::Class schema and therefore
	289	require a better understanding of the DBIx::Class module.
	290
	291	=head3 The dbix_class key
	292
	293	Since the format of these arguments are often complex, they are not keys in
	294	the base authinfo hash. Instead, both of these arguments are placed within
	295	a hash attached to the store-specific 'dbix_class' key in the base $authinfo
	296	hash. When the DBIx::Class authentication store sees the 'dbix_class' key
	297	in the passed authinfo hash, all the other information in the authinfo hash
	298	is ignored and only the values within the 'dbix_class' hash are used as
	299	though they were passed directly within the authinfo hash. In other words, if
	300	'dbix_class' is present, it replaces the authinfo hash for processing purposes.
	301
	302	The 'dbix_class' hash can be used to directly pass arguments to the
	303	DBIx::Class authentication store. Reasons to do this are to avoid credential
	304	modification of the authinfo hash, or to avoid overlap between credential and
	305	store key names. It's a good idea to avoid using it in this way unless you are
	306	sure you have an overlap/modification issue. However, the two advanced
	307	retrieval methods, B<searchargs> and B<resultset>, require it's use, as they
	308	are only processed as part of the 'dbix_class' hash
	309
	310	=over 4
	311
	312	=item Searchargs
	313
	314	The B<searchargs> method of retrieval allows you to specify an arrayref containing
ad93b3e9	315	the two arguments to the search() method from L<DBIx::Class::ResultSet>. If provided,
c1d29ab7	316	all other args are ignored, and the search args provided are used directly to locate
	317	the user. An example will probably make more sense:
	318
	319	if ($c->authenticate(
	320	{
	321	password => $password,
	322	'dbix_class' =>
	323	{
	324	searchargs = [ { -or => [ username => $username,
	325	email => $email,
	326	clientid => $clientid ]
	327	},
	328	{ prefetch => qw/ preferences / }
	329	]
	330	}
	331	} ) )
	332	{
	333	# do successful authentication actions here.
	334	}
	335
	336	The above would allow authentication based on any of the three items -
	337	username, email or clientid and would prefetch the data related to that user
	338	from the preferences table. The searchargs array is passed directly to the
	339	search() method associated with the user_class.
	340
	341	=item Resultset
	342
	343	The B<resultset> method of retrieval allows you to directly specify a
	344	resultset to be used for user retrieval. This allows you to create a resultset
	345	within your login action and use it for retrieving the user. A simple example:
	346
	347	my $rs = $c->model('MyApp::User')->search({ email => $c->request->params->{'email'} });
	348	... # further $rs adjustments
	349
	350	if ($c->authenticate({
	351	password => $password,
	352	'dbix_class' => { resultset = $rs }
	353	})) {
	354	# do successful authentication actions here.
	355	}
	356
	357	Be aware that the resultset method will not verify that you are passing a
	358	resultset that is attached to the same user_class as specified in the config.
	359
	360	NOTE: All of these methods of user retrieval, including the resultset method,
	361	consider the first row returned to be the matching user. In most cases there
	362	will be only one matching row, but it is easy to produce multiple rows,
	363	especially when using the advanced retrieval methods. Remember, what you get
	364	when you use this module is what you would get when calling
	365	search(...)->first;
	366
	367	NOTE ALSO: The user info used to save the user to the session and to retrieve
	368	it is the same regardless of what method of retrieval was used. In short,
	369	the value in the id field (see 'id_field' config item) is used to retrieve the
	370	user from the database upon restoring from the session. When the DBIx::Class storage
	371	module does this, it does so by doing a simple search using the id field. In other
	372	words, it will not use the same arguments you used to request the user initially.
	373	This is especially important to those using the advanced methods of user retrieval.
	374	If you need more complicated logic when reviving the user from the session, you will
6727afe2	375	most likely want to subclass the L<Catalyst::Authentication::Store::DBIx::Class::User> class
c1d29ab7	376	and provide your own for_session and from_session routines.
	377
	378	=back
5000f545	379
6727afe2	380
93102ff5	381	=head1 METHODS
5000f545	382
93102ff5	383	There are no publicly exported routines in the DBIx::Class authentication
	384	store (or indeed in most authentication stores) However, below is a
	385	description of the routines required by L<Catalyst::Plugin::Authentication>
	386	for all authentication stores. Please see the documentation for
	387	L<Catalyst::Plugin::Authentication::Internals> for more information.
	388
6727afe2	389
6727afe2	390	=head2 new ( $config, $app )
93102ff5	391
c1d29ab7	392	Constructs a new store object.
93102ff5	393
6727afe2	394	=head2 find_user ( $authinfo, $c )
93102ff5	395
c1d29ab7	396	Finds a user using the information provided in the $authinfo hashref and
	397	returns the user, or undef on failure; This is usually called from the
	398	Credential. This translates directly to a call to
6727afe2	399	L<Catalyst::Authentication::Store::DBIx::Class::User>'s load() method.
93102ff5	400
6727afe2	401	=head2 for_session ( $c, $user )
93102ff5	402
c1d29ab7	403	Prepares a user to be stored in the session. Currently returns the value of
c1d29ab7	404	the user's id field - (as indicated by the 'id_field' config element)
93102ff5	405
6727afe2	406	=head2 from_session ( $c, $frozenuser)
93102ff5	407
c1d29ab7	408	Revives a user from the session based on the info provided in $frozenuser.
93102ff5	409	Currently treats $frozenuser as an id and retrieves a user with a matching id.
93102ff5	410
6727afe2	411	=head2 user_supports
93102ff5	412
	413	Provides information about what the user object supports.
	414
76e7a763	415	=head2 auto_update_user( $authinfo, $c, $res )
	416
	417	This method is called if the realm's auto_update_user setting is true. It
	418	will delegate to the user object's C<auto_update> method.
67f6319b	419
76e7a763	420	=head2 auto_create_user( $authinfo, $c )
67f6319b	421
76e7a763	422	This method is called if the realm's auto_create_user setting is true. It
76e7a763	423	will delegate to the user class' (resultset) C<auto_create> method.
5000f545	424
	425	=head1 NOTES
	426
93102ff5	427	As of the current release, session storage consists of simply storing the user's
	428	id in the session, and then using that same id to re-retrieve the users information
	429	from the database upon restoration from the session. More dynamic storage of
	430	user information in the session is intended for a future release.
5000f545	431
	432	=head1 BUGS AND LIMITATIONS
	433
	434	None known currently, please email the author if you find any.
	435
	436	=head1 SEE ALSO
	437
93102ff5	438	L<Catalyst::Plugin::Authentication>, L<Catalyst::Plugin::Authentication::Internals>,
93102ff5	439	and L<Catalyst::Plugin::Authorization::Roles>
5000f545	440
	441	=head1 AUTHOR
	442
b33ee900	443	Jason Kuri (jayk@cpan.org)
5000f545	444
c1d29ab7	445	=head1 LICENSE
5000f545	446
c1d29ab7	447	Copyright (c) 2007 the aforementioned authors. All rights
93102ff5	448	reserved. This program is free software; you can redistribute
93102ff5	449	it and/or modify it under the same terms as Perl itself.
5000f545	450
5000f545	451	=cut