view release on metacpan or  search on metacpan

lib/CGI/Application/Plugin/Authentication.pm  view on Meta::CPAN

Time values are specified in seconds. You can also specify the time by using a number with the
following suffixes (m h d w), which represent minutes, hours, days and weeks.  The default
is 0 which means the login will never timeout.

Note that the login is also dependent on the type of STORE that is used.  If the Session store is used,
and the session expires, then the login will also automatically expire.  The same goes for the Cookie
store.

For backwards compatibility, if you set LOGIN_SESSION_TIMEOUT to a time value instead of a hashref,
it will be treated as an IDLE_FOR time out.

  # force re-authentication if idle for more than 15 minutes
  LOGIN_SESSION_TIMEOUT => '15m'

  # Everyone must re-authentication if idle for more than 30 minutes
  # also, everyone must re-authentication at least once a day
  # and root must re-authentication if idle for more than 5 minutes
  LOGIN_SESSION_TIMEOUT => {
        IDLE_FOR => '30m',
        EVERY    => '1d',
        CUSTOM   => sub {
          my $authen = shift;
          return ($authen->username eq 'root' && (time() - $authen->last_access) > 300) ? 1 : 0;
        }
  }

=item RENDER_LOGIN

This value can be set to a subroutine reference that returns the HTML of a login
form. The subroutine reference overrides the default call to login_box.
The subroutine is normally a method in your CGI::Application application and as such the 
CGI::Application object is passed as the first parameter. 

  RENDER_LOGIN => \&login_form

and later in your code:

  sub login_form {
    my $self = shift;

    ...
    return $html
  }

=item LOGIN_FORM

You can set this option to customize the login form that is created when a user
needs to be authenticated.  If you wish to replace the entire login form with a
completely custom version, then just set LOGIN_RUNMODE to point to your custom
runmode.

All of the parameters listed below are optional, and a reasonable default will
be used if left blank:

=over 4

=item DISPLAY_CLASS (default: Classic)

the class used to display the login form. The alternative is C<Basic>
which aims for XHTML compliance and leaving style to CSS. See
L<CGI::Application::Plugin::Authentication::Display> for more details.

=item TITLE (default: Sign In)

the heading at the top of the login box 

=item USERNAME_LABEL (default: User Name)

the label for the user name input

=item PASSWORD_LABEL (default: Password)

the label for the password input

=item SUBMIT_LABEL (default: Sign In)

the label for the submit button

=item COMMENT (default: Please enter your username and password in the fields below.)

a message provided on the first login attempt

=item REMEMBERUSER_OPTION (default: 1)

provide a checkbox to offer to remember the users name in a cookie so that
their user name will be pre-filled the next time they log in

=item REMEMBERUSER_LABEL (default: Remember User Name)

the label for the remember user name checkbox

=item REMEMBERUSER_COOKIENAME (default: CAPAUTHTOKEN)

the name of the cookie where the user name will be saved

=item REGISTER_URL (default: <none>)

the URL for the register new account link

=item REGISTER_LABEL (default: Register Now!)

the label for the register new account link

=item FORGOTPASSWORD_URL (default: <none>)

the URL for the forgot password link

=item FORGOTPASSWORD_LABEL (default: Forgot Password?)

the label for the forgot password link

=item INVALIDPASSWORD_MESSAGE (default: Invalid username or password<br />(login attempt %d)

a message given when a login failed

=item INCLUDE_STYLESHEET (default: 1)

use this to disable the built in style-sheet for the login box so you can provide your own custom styles

=item FORM_SUBMIT_METHOD (default: post)