CGISession
view release on metacpan or search on metacpan
Session/CVS/Base/LDAPSession.pm view on Meta::CPAN
####################################################################
#
# CGI::LDAPSession
#
# A module which makes LDAP authentication and session state
# much easier to manage.
#
####################################################################
#
# Generalized by Jeff Younker
# jyounker@inktomi.com (or jeff@math.uh.edu)
#
# Many thanks for the basic code and idea go to Luke
# Sheneman (sheneman@inktomi.com).
#
####################################################################
package CGI::LDAPSession;
use strict;
use vars qw($VERSION);
$VERSION = '0.9b';
use Mozilla::LDAP::Conn; # Main "OO" layer for LDAP
use Mozilla::LDAP::Utils; # LULU, utilities.
use CGI::Carp;
use CGI;
use Date::Format;
use DBI;
=pod
=head1 NAME
CGI::LDAPSession - CGI cookie authentication against an LDAP database
=head1 ABSTRACT
Provides a simple API authenticate users against an LDAP server, and then
to cache this authentication information between invokations of CGI scripts
without sending passwords subsequent to login.
The state information is maintained in a combination of a cookie, a database,
and a magic passkey which is sent in the contents of the web page. Acquiring
the login thus requires stealing both the cookie and a current copy of the
web page.
CGI::LDAPSession also contains a subclass of CGI which transparently injects
the passkey into forms. It is strongly suggested that you use this class.
=head1 SYNOPSIS
=head2 Setting Things Up
use CGI::LDAPSession;
use CGI;
my $cgi = new CGI::LDAPSession::CGI;
my $session = new CGI::LDAPSession( $cgi );
$cgi->session( $session );
$session->auth_servers(
[ new CGI::LDAPSession::LDAPServer(
'ldap.server.my.domain', # host
389, # port
'ou=my,ou=domain', # root
'ou=people,ou=my,ou=domain' # base
'uid=$username,ou=people,ou=my,ou=domain' # bind
) ] );
$session->cookie_table( 'myCookieTable' );
=head2 Performing the Initial Login
my $action = $cgi->param('action');
my $passkey = $cgi->param('passkey');
if ( defined $action and $action eq 'Log In' )
{
my $username = $cgi->param('username');
my $password = $cgi->param('password');
if ( $session->authenticated( $username, $password ) )
{
$session->set_passkey( $user );
$session->set_login_cookie( $user );
# Notice that we use $session->header and not $cgi->header
#
print $session->header();
print $cgi->start_html( 'Login Succeeded' );
...
# The passkey is sent via the cgi wrapper.
#
my $passkey = $session->passkey;
print $cgi->start_form( -action=>'http://my.stupid/script.cgi' );
print ...your form here...
print $cgi->end_form;
...
print $cgi->end_html;
exit 0;
}
else
{
...
Login Failed
Session/CVS/Base/LDAPSession.pm view on Meta::CPAN
$auth_servers = [ $auth_servers ];
}
foreach my $ldap_server ( @{$self->auth_servers} )
{
my %ld = $self->setup_ldap_auth( $ldap_server, $username, $password );
$ld{conn} = new Mozilla::LDAP::Conn($ld{host}, $ld{port}, $ld{bind}, $ld{pswd});
if ( $ld{conn} )
{
$ld{conn}->close;
$self->register_username($username);
$self->is_authenticated(1);
return 1;
}
}
$self->is_authenticated(undef);
return 0;
}
# For testing at a separate point.
#
# $session->authenticate( $username, $password );
# if ( $session->is_authenticated ) { ... }
#
=item CGI::LDAPSession::authenticate
The preferred method of authenticating a user. Call the method
authenticate with the username and password that you want to check.
Authenticate will check their validity and then set the variable
is_authenticated with the status. For example:
$username = $cgi->param('your_username_field');
$password = $cgi->param('your_password_field');
$session->authenticate( $username, $password );
if ( $session->is_authenticated )
{
Authentication Succeeded
}
else
{
Authentication Failed
}
=cut
sub authenticate($$$)
{
my ( $self, $username, $password ) = @_;
if ( $self->authenticated( $username, $password ) )
{
$self->set_passkey( $username );
$self->set_login_cookie( $username );
}
}
##############################################################
#
# Wrapper for CGI.pm's header function which transparently
# handles creation of the cookie.
#
sub header_args_with_cookie($@)
{
my ($self,%raw_args) = @_;
# Copy the arguments. If we find a cookie argument
# then we add in any cookies that we already know about.
#
my @processed_args ;
my $cookie_is_done = 0;
foreach my $arg (keys %raw_args)
{
push @processed_args, $arg;
my $val = $raw_args{$arg};
if ($arg=~/^-?cookie$/i and $self->cookie )
{
if ( ref($val) eq 'ARRAY' )
{
push @{$val}, $self->cookie;
}
else
{
$val = [ $val, $self->cookie ]
}
$cookie_is_done = 1;
}
push @processed_args, $val;
}
# If no cookies were found in the argument list then
# we create one.
#
if ( $self->cookie and !$cookie_is_done )
{
push @processed_args, '-cookie';
push @processed_args, $self->cookie;
}
carp "Processed args are ".join(',',@processed_args);
return @processed_args;
}
=item CGI::LDAPSession::header
Acts just like CGI.pm's header function, but it injects
the authentication cookie.
If you are using CGI::LDAPSession::CGI then this function will not be
used. If you are using CGI.pm directly then call this function instead
of CGI.pm's header method.
print $session->header;
print $cgi->start_html( 'my html' );
...
=back
( run in 2.221 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )