CGI-Application-Plugin-Authentication
view release on metacpan or search on metacpan
lib/CGI/Application/Plugin/Authentication/Driver.pm view on Meta::CPAN
package CGI::Application::Plugin::Authentication::Driver;
$CGI::Application::Plugin::Authentication::Driver::VERSION = '0.25';
use strict;
use warnings;
use UNIVERSAL::require;
=head1 NAME
CGI::Application::Plugin::Authentication::Driver - Base module for building driver classes
for CGI::Application::Plugin::Authentication
=head1 SYNOPSIS
package CGI::Application::Plugin::Authentication::Driver::MyDriver;
use base qw(CGI::Application::Plugin::Authentication::Driver);
sub verify_credentials {
my $self = shift;
my @credentials = @_;
if ( >>> Validate Credentials <<< ) {
return $credentials[0];
}
return;
}
=head1 DESCRIPTION
This module is a base class for all driver classes for the L<CGI::Application::Plugin::Authentication>
plugin. Each driver class is required to provide only one method to validate the given credentials.
Normally only two credentials will be passed in (username and password), but you can configure the plugin
to handle any number of credentials (for example you may require the user to enter a group name, or domain name
as well as a username and password).
=head1 FIELD FILTERS
It is quite common for passwords to be stored using some form of one way encryption. Unix crypt being the
old standard in the Unix community, however MD5 or SHA1 hashes are more popular today. In order to
simplify the validation routines some methods have been provided to help test these passwords. When
configuring a Driver (and if the driver supports it), you can specify which fields are encoded, and which
method is used for the encoding by specifying a filter on the field in question.
CREDENTIALS => ['authen_username', 'authen_password'],
DRIVERS => [ 'DBI',
DSN => '...',
TABLE => 'users',
CONSTRAINTS => {
username => '__CREDENTIAL_1__',
'MD5:password' => '__CREDENTIAL_2__',
}
],
Here we are saying that the password field is encoded using an MD5 hash, and should be checked accordingly.
=head2 Filter options
Some of the filters may have multiple forms. For example there are three forms of MD5 hashes: binary, base64 and hex.
You can specify these extra options by using an underscore to separate it from the filter name.
'MD5_base64:password'
=head2 Chained Filters
it is possible to chain multiple filters. This can be useful if your MD5 strings are stored in hex format. Hex numbers are
case insensitive, so the may be stored in either upper or lower case. To make this consistent, you can MD5 encode the
password first, and then upper case the results. The filters are applied from the inside out:
'uc:MD5_hex:password'
=head2 Custom Filters
If your field is encoded using a custom technique, then you can provide a custom filter function. This can be
be done by providing a FILTERS option that contains a hash of filter subroutines that are keyed by their name.
You can then use the filter name on any of the fields as if it was a builtin filter.
CREDENTIALS => ['authen_username', 'authen_password'],
DRIVERS => [ 'DBI',
DSN => '...',
TABLE => 'users',
CONSTRAINTS => {
username => '__CREDENTIAL_1__',
'rot13:password' => '__CREDENTIAL_2__',
}
FILTERS => { rot13 => \&rot13_filter },
],
sub rot13_filter {
my $param = shift;
my $value = shift;
$value =~ tr/A-Za-z/N-ZA-Mn-za-m/;
lib/CGI/Application/Plugin/Authentication/Driver.pm view on Meta::CPAN
$self->{authen} = $authen;
Scalar::Util::weaken($self->{authen}); # weaken circular reference
$self->{options} = \@options;
$self->initialize;
return $self;
}
=head2 initialize
This method will be called right after a new Driver object is created. So any startup customizations
can be dealt with here.
=cut
sub initialize {
my $self = shift;
# override this in the subclass if you need it
return;
}
=head2 options
This will return a list of options that were provided when this driver was configured by the user.
=cut
sub options { return (@{$_[0]->{options}}) }
=head2 authen
This will return the underlying L<CGI::Application::Plugin::Authentication> object. In most cases it will
not be necessary to access this.
=cut
sub authen { return $_[0]->{authen} }
=head2 find_option
This method will search the Driver options for a specific key and return
the value it finds.
=cut
sub find_option {
my $self = shift;
my $key = shift;
my @options = $self->options;
my $marker = 0;
foreach my $option (@options) {
if ($marker) {
return $option;
} elsif ($option eq $key) {
# We need the next element
$marker = 1;
}
}
return;
}
=head2 verify_credentials
This method needs to be provided by the driver class. It needs to be an object method that accepts a list of
credentials, and will verify that the credentials are valid, and return a username that will be used to identify
this login (usually you will just return the value of the first credential, however you are not bound to that)..
=cut
sub verify_credentials {
die "verify_credentials must be implemented in the subclass";
}
=head2 filter
This method can be used to filter a field (usually password fields) using a number of standard or
custom encoding techniques. See the section on Builtin Filters above to see what filters are available
When using a custom filter, you will need to provide a FILTERS option in the configuration of the DRIVER (See the
section on FIELD FILTERS above for an example). By default, if no filter is specified, it is
returned as is. This means that you can run all fields through this function even if they
don't have any filters to simplify the driver code.
my $filtered = $self->filter('MD5_hex:password', 'foobar');
- or -
# custom filter
my $filtered = $self->filter('foobar:password', 'foo');
- or -
# effectively a noop
my $filtered = $self->filter('username', 'foo');
=cut
sub filter {
my $self = shift;
my $field = shift;
my $plain = shift;
my @other = shift;
return unless defined $plain;
my @filters = split /\:/, $field;
my $fieldname = pop @filters;
my $filtered = $plain;
foreach my $filter (reverse @filters) {
my ($filter_name, $param) = split /_/, $filter;
my $class = 'CGI::Application::Plugin::Authentication::Driver::Filter::' . lc $filter_name;
if ( $class->require ) {
# found a filter
$filtered = $class->filter( $param, $filtered, @other );
} else {
# see if the configuration has a custom filter defined
my $custom_filters = $self->find_option('FILTERS');
if ( $custom_filters ) {
die "the FILTERS configuration option must be a hashref"
unless ref( $custom_filters ) eq 'HASH';
if ( $custom_filters->{$filter_name} ) {
die "the '$filter' filter listed in FILTERS must be a subroutine reference"
unless ref( $custom_filters->{$filter_name} ) eq 'CODE';
$filtered = $custom_filters->{$filter_name}->( $param, $filtered, @other );
} else {
die "No filter found for '$filter_name'";
}
} else {
( run in 0.563 second using v1.01-cache-2.11-cpan-39bf76dae61 )