Skip Menu |

This queue is for tickets about the Catalyst-Authentication-Store-LDAP CPAN distribution.

Report information
The Basics
Id: 60793
Status: resolved
Priority: 0/
Queue: Catalyst-Authentication-Store-LDAP
People
Owner: karman [...] cpan.org
Requestors: stuckdownawell [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Fri Aug 27 06:45:51 2010 http://www.google.com/profiles/stuckdownawell - Ticket created
Subject: Add get function to User class
Hi, I just started to use this distribution for authentication. I'm currently using multiple realms with different Stores. The initial store I used had the $user->get($attribute) function. You have implemented this as has_attribute. It would be good if you could just wrap the has_attribute with a function get, so it has a common interface. The get function is shown in pod for C::P::Authentication, so I hope it is a standard; I haven't looked at too many Auth modules. I have implemented this myself, for use in my current project. I also added some code to cache the password, as I use it to authenticate against other systems. Probably not very secure holding the password in the session, but it will suit my needs. I have attached a patch for the changes. Feel free to ignore;) I bumped the version in the patch, not sure if thats rude, just needed a different version to work with. Anyway Thanks for the Modules, they work great. Alex
Subject: get_accessor_password.patch
diff -r -u a/META.yml b/META.yml --- a/META.yml 2010-07-07 21:40:08.000000000 +0100 +++ b/META.yml 2010-08-27 09:33:57.000000000 +0100 @@ -27,4 +27,4 @@ resources: license: http://dev.perl.org/licenses/ repository: http://dev.catalyst.perl.org/repos/Catalyst/Catalyst-Authentication-Store-LDAP/trunk/ -version: 1.011 +version: 1.012 diff -r -u a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm --- a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm 2010-07-07 21:34:02.000000000 +0100 +++ b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm 2010-08-27 11:10:19.000000000 +0100 @@ -72,7 +72,7 @@ use strict; use warnings; -our $VERSION = '1.011'; +our $VERSION = '1.012'; use Catalyst::Authentication::Store::LDAP::User; use Net::LDAP; @@ -122,6 +122,7 @@ $config_hash{'entry_class'} ||= 'Catalyst::Model::LDAP::Entry'; $config_hash{'user_class'} ||= 'Catalyst::Authentication::Store::LDAP::User'; $config_hash{'role_search_as_user'} ||= 0; + $config_hash{'cache_passwords'} ||=0; Catalyst::Utils::ensure_class_loaded($config_hash{'user_class'}); my $self = \%config_hash; @@ -437,7 +438,7 @@ sub from_session { my ( $self, $c, $id ) = @_; - $self->get_user($id, $c); + $self->get_user(ref $id ? $id->{id}:$id, $c); } 1; diff -r -u a/lib/Catalyst/Authentication/Store/LDAP/User.pm b/lib/Catalyst/Authentication/Store/LDAP/User.pm --- a/lib/Catalyst/Authentication/Store/LDAP/User.pm 2010-07-07 21:34:02.000000000 +0100 +++ b/lib/Catalyst/Authentication/Store/LDAP/User.pm 2010-08-27 11:13:17.000000000 +0100 @@ -50,7 +50,7 @@ use warnings; use Scalar::Util qw/refaddr/; -our $VERSION = '1.011'; +our $VERSION = '1.012'; BEGIN { __PACKAGE__->mk_accessors(qw/user store/) } @@ -78,7 +78,12 @@ return unless $user; - bless { store => $store, user => $user, }, $class; + my $self = { store => $store, user => $user, }; + bless $self,$class; + $_ldap_connection_passwords{refaddr($self)} = $c->session->{__user}->{password} + if $store->{cache_passwords}; + + return $self; } =head2 id @@ -180,7 +185,7 @@ sub for_session { my $self = shift; - return $self->stringify; + return $self->store->{cache_passwords}?{id=>$self->stringify,password=>$_ldap_connection_passwords{refaddr($self)}}:$self->stringify; } =head2 ldap_entry @@ -212,6 +217,24 @@ } } + +=head2 get + +Wrapper around has_attribute for common Catalyst attribute accessor + +=cut + +sub get{ + my ($self,$attribute) = @_; + + if($attribute eq "password"){ + return $_ldap_connection_passwords{refaddr($self)}; + }else{ + return $self->has_attribute($attribute); + } +} + + =head2 has_attribute Returns the values for an attribute, or undef if that attribute is not present. diff -r -u a/lib/Catalyst/Authentication/Store/LDAP.pm b/lib/Catalyst/Authentication/Store/LDAP.pm --- a/lib/Catalyst/Authentication/Store/LDAP.pm 2010-07-07 21:34:02.000000000 +0100 +++ b/lib/Catalyst/Authentication/Store/LDAP.pm 2010-08-27 09:34:22.000000000 +0100 @@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = '1.011'; +our $VERSION = '1.012'; use Catalyst::Authentication::Store::LDAP::Backend;
  Sat Aug 28 00:48:34 2010 karman [...] cpan.org - Taken
  Sat Aug 28 00:50:42 2010 karman [...] cpan.org - Correspondence added
Thanks for the patch. I have added the required get() (and get_object()) methods per the User API docs. http://dev.catalystframework.org/svnweb/Catalyst/revision?rev=13556 I am very uncomfortable with the idea of storing passwords in the session. The current method of caching them internally as class data in an inside-out pattern is the most secure (though obviously not as secure as not storing them at all). t0m, feel free to push a 1.012 release if the mod above looks ok to you.
  Sat Aug 28 00:50:45 2010 The RT System itself - Status changed from 'new' to 'open'
  Tue Aug 31 07:07:17 2010 stuckdownawell [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #60793] Add get function to User class
Date: Tue, 31 Aug 2010 12:06:10 +0100
To: bug-Catalyst-Authentication-Store-LDAP [...] rt.cpan.org
From: Alex Hole <stuckdownawell [...] gmail.com>
Thank for the speedy response. All looks good in the mod. I don't blame you for not liking the passwords in the session. I just require the passwords in a later request, to authenticate against subversion. The password isn't available after then end of the login request as the password is deleted from class data in the DESTROY sub. My solution is very quick and dirty!!!. I think I might look at ticket based auth for the subversion server and create a ticket on login. Again thanks for the response. Alex On 28 August 2010 05:50, Peter Karman via RT < bug-Catalyst-Authentication-Store-LDAP@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=60793 > > > Thanks for the patch. > > I have added the required get() (and get_object()) methods per the User > API docs. > > http://dev.catalystframework.org/svnweb/Catalyst/revision?rev=13556 > > I am very uncomfortable with the idea of storing passwords in the > session. The current method of caching them internally as class data in > an inside-out pattern is the most secure (though obviously not as secure > as not storing them at all). > > t0m, feel free to push a 1.012 release if the mod above looks ok to you. >
  Fri Oct 22 10:46:25 2010 karman [...] cpan.org - Correspondence added
Looks like this is now on CPAN: 1.012 5 October 2010 - add methods conforming to the Catalyst::Authentication::User API as required here: http://search.cpan.org/dist/Catalyst-Plugin-Authentication/lib/Catalyst/Plugin/Authentication/Internals.pod#USER_METHODS Nudging provided via RT https://rt.cpan.org/Ticket/Display.html?id=60793 - add documentation for Active Directory at suggestion of Adam Wohld
  Fri Oct 22 10:46:26 2010 karman [...] cpan.org - Status changed from 'open' to 'resolved'