view release on metacpan or  search on metacpan

lib/Bio/Das/ProServer/Authenticator/http.pm  view on Meta::CPAN

  my ($self, $params) = @_;

  my $token = $self->parse_token($params);
  if(!$token) {
    return $self->deny($params);
  }

  my $auth_response = $self->_cache()->get($token);

  if (defined $auth_response) {
    $self->{'debug'} && carp q(Authenticator found result in cache);

  } else {
    my $url = $self->{'config'}{'authurl'};
    $url    =~ s/%token/$token/mxsg;
    $self->{'debug'} && carp qq(Authenticator issuing remote authentication request to $url);
    $auth_response = $self->_agent()->get($url);

    if ($auth_response->code() != 500) {
      eval {
        delete $auth_response->{'handlers'};
        $self->_cache()->set($token, $auth_response);
        1;
      } or do {
        carp qq[Failed to cache $token response: $EVAL_ERROR];
      };
    }
  }

  if ($auth_response->code() == 200) {
    return $self->allow($params);
  }

  $self->{'debug'} && carp q(Authenticator denied request);
  return $auth_response;
}

sub _cache {
  my $self = shift;

  if (!defined $self->{'_cache'}) {
    $self->{'_cache'} = Cache::FileCache->new({
      'namespace'           => sprintf('%s_auth_cache', $self->{'dsn'}||'unknown'),
      'default_expires_in'  => 30*60, # 30 minutes
      'auto_purge_interval' => 10*60, # 10 minutes
      'auto_purge_on_set'   => 1,
    });

    $self->{'_cache'}->clear();
  }

  return $self->{'_cache'};
}

sub _agent {
  my $self = shift;

  if (!defined $self->{'_agent'}) {
    $self->{'_agent'} = LWP::UserAgent->new(
      env_proxy  => 1,
      keep_alive => 1,
      timeout    => 10,
      agent      => Bio::Das::ProServer::Config::server_version(),
    );
  }

  return $self->{'_agent'};
}

1;
__END__

=head1 NAME

Bio::Das::ProServer::Authenticator::http - authenticates DAS requests by issuing
requests to a remote authority

=head1 VERSION

$LastChangedRevision: 688 $

=head1 SYNOPSIS

To authenticate a request:

  my $auth = Bio::Das::ProServer::Authenticator::http->new({
    'config' => {
                 'authurl'     => 'http://my.example.com/is_root?query=%token',
                },
  });
  
  my $allow = $auth->authenticate({
    'peer_addr' => $, # packed
    'request'   => $, # HTTP::Request object
    'cgi'       => $, # CGI object
    ...
  });
  
=head1 DESCRIPTION

Authenticates DAS requests by connecting to a remote authentication HTTP server.
An authentication token is parsed from the DAS request. By default this should
be in an 'Authorization' header, but the authenticator can be configured to look
in a cookie, CGI parameter or a header with a different name.

The authentication token is referred to a remote server to ask a yes/no question
(e.g. "Is this user in a certain group of users?"). The server, for which the URL
is configurable, should return a status code of either 200 (OK) or a denial
response that will be forwarded to the client. For example if the remote wishes
to deny the request, it could respond with a status code of 403, textual content
for explanation and any necessary custom headers.

Authentication results are cached for 30 minutes in order to minimise the number
of requests issued to the remote server. Internal Server Error responses (code
500) are not cached.

This module may be easily overridden to parse the authentication token in
different ways.

=head1 SUBROUTINES/METHODS