view release on metacpan or  search on metacpan

lib/Authen/SASL/SCRAM.pm  view on Meta::CPAN

use strict;
use warnings;

use Feature::Compat::Try;

package Authen::SASL::SCRAM;

=head1 NAME

Authen::SASL::SCRAM - SCRAM support for Authen::SASL

=head1 VERSION

0.04

=head1 SYNOPSIS

   # with Authen::SASL::SCRAM installed
   use Authen::SASL;

   my $client = Authen::SASL->new(
        username => 'user',
        password => 'pass',
        mechanism => 'SCRAM-SHA-512 SCRAM-SHA-256 SCRAM-SHA-1 PLAIN'
   );
   # authenticates using SCRAM SHA hash or PLAIN


   my $salt = 'your-precious-salt';
   # $server_key and $stored_key need to be looked up from a user store
   my $server_key = 'server-key-stored-for-this-user';
   my $stored_key = 'key-stored-for-this-user';
   my $server => Authen::SASL->new(
       mechanism => 'SCRAM-SHA-1', # selected mechanism
       callback => {
            getsecret => sub {
                 my $username = shift;
                 return ($salt, $stored_key, $server_key, $iterations);
            },
       }
   );


=head1 DESCRIPTION

The C<Authen::SASL::SCRAM> distribution adds L<Authen::SASL> support for
SCRAM authentication using the mechanisms listed below by wrapping
L<Authen::SCRAM>.

=over

=item SHA-1 (SCRAM-SHA-1)

=item SHA-256 (SCRAM-SHA-256)

=item SHA-512 (SCRAM-SHA-512)

=back

The *-PLUS variants are not supported at this time.

=cut

use Authen::SASL;

use parent qw(Authen::SASL::Perl);

use Authen::SCRAM::Client;
use Authen::SCRAM::Server;


our @VERSION = '0.04';

my %secflags = (
  noplaintext => 1,
  noanonymous => 1,
);

sub _secflags {
  shift;
  scalar grep { $secflags{$_} } @_;
}


sub client_start {
    my $self = shift;

    $self->{need_step} = 2;
    $self->{error}     = undef;

    my $user = $self->_call('user');
    return $self->set_error( 'Username is required' )
        unless defined $user;

    my $pass = $self->_call('pass');
    return $self->set_error( 'Password is required' )
        unless defined $pass;