view release on metacpan or  search on metacpan

lib/Catalyst/Authentication/Credential/Upstream/Headers.pm  view on Meta::CPAN

package Catalyst::Authentication::Credential::Upstream::Headers;
{
  $Catalyst::Authentication::Credential::Upstream::Headers::VERSION = '0.02';
}

# ABSTRACT: Catalyst authentication credentials from HTTP headers

use Moose;

has user_header =>
	isa			=> 'Str',
	is			=> 'ro',
	default		=> 'X-Catalyst-Credential-Upstream-User';

has role_header =>
	isa			=> 'Str',
	is			=> 'ro',
	default		=> 'X-Catalyst-Credential-Upstream-Roles';

has role_delimiter =>
	isa			=> 'Str',
	is			=> 'ro',
	default		=> '|';

has use_x500_cn =>
	isa			=> 'Bool',
	is			=> 'ro',
	default		=> 1;

has realm =>
	isa			=> 'Catalyst::Authentication::Realm',
	is			=> 'ro',
	required	=> 1;

sub BUILDARGS
{
	my $class	= shift;
	my $config	= shift;
	my $app		= shift;
	my $realm	= shift;

	return { %$config, realm => $realm };
}

sub authenticate
{
	my $self	= shift;
	my $c		= shift;

	# This method is a no-op for the most part.  The work that is done
	# here is mostly marshalling the request headers into user objects
	# that fit the authentication plugin's interface.

	my $user		= undef;
	my $delimiter	= $self->role_delimiter;

	if (my $username = $c->req->headers->header($self->user_header)) {
		my @roles = split /\Q$delimiter\E */, $c->req->headers->header($self->role_header) || '';

		# attempt to extract the cn (common name) component of anything
		# that looks like it might be an X.501 distinguished name

		@roles = map { { split /[;,= ]+/ }->{cn} || $_ } @roles
			if $self->use_x500_cn;

		$user = { id => $username, roles => \@roles };