NAME
Web::Authenticate - Allows web authentication using cookies and a storage engine.
VERSION
version 0.009
SYNOPSIS
my $dbix_raw = DBIx::Raw->new(dsn => 'dbi:mysql:test:127.0.0.1:3306', user => 'user', password => 'password');
my $user_storage_handler = Web::Authenticate::User::Storage::Handler::SQL->new(dbix_raw => $dbix_raw);
my $storage_handler = Web::Authenticate::Session::Storage::Handler::SQL->new(dbix_raw => $dbix_raw, user_storage_handler => $user_storage_handler);
my $session_handler = Web::Authenticate::Session::Handler->new(session_storage_handler => $storage_handler);
my $web_authenticate = Web::Authenticate->new(
user_storage_handler => $user_storage_handler,
session_handler => $session_handler,
after_login_url => 'http://www.google.com/account.cgi',
after_logout_url => 'http://www.google.com/',
login_url => 'http://www.google.com/login.cgi',
);
# login user
my $login_result = $web_authenticate->login(login_args => [$username, $password]);
if ($login_result->success) {
# success!
}
# authenticate a user to be on a page just with their session
my $authenticate_result = $web_authenticate->authenticate;
if ($authenticate_result->succes) {
# success! allowed to access page
}
# authenticate user with authenticators
my $authenticate_result = $web_authenticate->authenticate(authenticators => $authenticators);
if ($authenticate_result->succes) {
# success! allowed to access page
}
# create a user
my $create_user_result = $web_authenticate->create_user(username => $username, password => $password);
if ($create_user_result->success) {
print "Created user " . $create_user_result->user->id . "\n";
}
# create a user and verify username and password meet requirements
my $create_user_result = $web_authenticate->create_user(username => $username, password => $password, username_verifiers => $username_verifiers, password_verifiers => $password_verifiers);
if ($create_user_result->success) {
print "Created user " . $create_user_result->user->id . "\n";
} else {
print "username errors: \n";
for my $verifier (@{$create_user_result->failed_username_verifiers}) {
print "\t" . $verifier->error_msg . "\n";
}
print "password errors: \n";
for my $verifier (@{$create_user_result->failed_password_verifiers}) {
print "\t" . $verifier->error_msg . "\n";
}
}
# create a user with additional values
my $user_values => {
age => 22,
address => '123 Hopper Ln, Austin TX 78705',
};
my $create_user_result = $web_authenticate->create_user(username => $username, password => $password, user_values => $user_values);
if ($create_user_result->success) {
print "Created user " . $create_user_result->user->id . "\n";
print "user age " . $create_user_result->user->row->{age} . "\n";
print "user address " . $create_user_result->user->row->{address} . "\n";
}
DESCRIPTION
This modules allows easy management of user authentication via cookies, redirects, a storage engine, a session handler, and cookie handler. It is flexible so you can rewrite any of those pieces for your applications' needs.
METHODS
user_storage_handler
Sets the Web::Authenticate::User::Storage::Handler::Role to be used. This is required with no default.
session_handler
Sets the Web::Authenticate::Session::Handler::Role to be used. This is required with no default.
cookie_handler
Sets the object that does Web::Authenticate::Cookie::Handler::Role to be used. The default is the default Web::Authenticate::Cookie::Handler.
redirect_handler
Sets the object that does Web::Authenticate::RedirectHandler::Role to be used. The default is the default Web::Authenticate::RedirectHandler.
request_url_provider
Sets the object that does Web::Authenticate::RequestUrlProvider::Role to get the url for the current request (used to store the current url if "allow_after_login_redirect_override" is set to true and "authenticate" fails). Default is Web::Authenticate::RequestUrlProvider::CgiRequestUrlProvider.
login_url
Sets the login url that a user will be redirected to if they need to login. This is required with no default.
my $web_auth = Web::Authenticate->new(login_url => "http://www.google.com/login");
OR
$web_auth->login_url("http://www.google.com/login");
after_login_url
The url the user will be redirected to after a successful login.
after_logout_url
The url the user will be redirected to after a successful logout. This is required with no default.
authenticate_fail_url
The url the user will be redirected to if they are logged in, but fail to pass all authenticators in the authenticators arrayref for "authenticate".
update_expires_on_authenticate
If set to true (1), updates the expires time for the session upon successful authentication. Default is true.
allow_after_login_redirect_override
If a user requests a page that requires authentication and is redirected to login, if allow_after_login_redirect_override is set to true (1), then the user will be redirected to that url after a successful login. If set to false, then the user will be redirected to "after_login_url".
allow_after_login_redirect_time_seconds
The url of the page the user tried to load is set to a cookie if they are redirected to login from "authenticate". This sets the amount of time (in seconds) for the cookie to be valid. Default is 5 minutes.
allow_multiple_sessions_per_user
A bool (1 or undef) whether or not to allow multiple sessions per user. If set to true, when "invalidate_user_sessions" in Web::Authenticate::Session::Handler::Role will not be called. Default is false.
login
login_args (required) - the arguments that the Web::Authenticate::User::Storage::Handler::Role requires for "load_user" in Web::Authenticate::User::Storage::Handler::Role.
authenticators (optional) - An arrayref of Web::Authenticate::Authenticator::Role. If any of the authenticators does not authenticate, then login will fail.
auth_redirects (optional) - An arrayref of Web::Authenticate::Authenticator::Redirect::Role. If the user logins successfully, the user will be redirected to the "url" in Web::Authenticate::Authenticator::Redirect::Role of the first "authenticator" in Web::Authenticate::Authenticator::Redirect::Role that authenticates. If none of the auth_redirects authenticate, then the user will be redirected to "after_login_url".
Verifies the arguments required by Web::Authenticate::User::Storage::Handler::Role in "user_storage_handler". If they are correct, if "allow_after_login_redirect_override" is set to 1 and the user has a cookie set for this, the user will be redirected to that url. If not, the user is redirected to the first the "url" in Web::Authenticate::Authenticator::Redirect::Role of the first succesful Web::Authenticate::Authenticator::Redirect::Role in auth_redirects. If auth_redirects is empty or none authenticate, then the user is redirected to "after_login_url" Returns a Web::Authenticate::Result::Login object.
my $login_result = $web_auth->login(login_args => [$username, $password]);
if ($login_result->success) {
log("user id is " . $login_result->user->id);
exit; # already set to redirect to appropriate page
} else {
# handle login failure
if ($login_result->authenticator) {
# this authenticator caused the failure
}
}
logout
Logs a user out of their current session by deleting their session cookie and their storage-backed session.
$web_authenticate->logout;
authenticate
authenticators (optional) - An arrayref of Web::Authenticate::Authenticator::Role. If any of the authenticators does not authenticate, then the user will be redirected to "authenticate_fail_url".
auth_redirects (optional) - An arrayref of Web::Authenticate::Authenticator::Redirect::Role. The user will be redirected to the "url" in Web::Authenticate::Authenticator::Redirect::Role of the first "authenticator" in Web::Authenticate::Authenticator::Redirect::Role that fails to authenticates. If none of the auth_redirects fail to authenticate, then the user will not be redirected.
First makes sure that the user authenticates as being logged in with a session. If the user is not, the user is redirected to "login_url". Then, the method tries to authenticate all authenticators. If any authenticator fails, the user is redirected to "authenticate_fail_url". Then, all auth_redirects are checked. If any auth_redirect fails to authenticate, the user will be redirected to the "url" in Web::Authenticate::Authenticator::Redirect::Role for that auth_redirect. auth_redirects are processed in order. This method returns a Web::Authenticate::Result::Authenticate object.
my $authenticate_result = $web_auth->authenticate;
# OR
my $authenticate_result = $web_auth->authenticate(authenticators => $authenticators, auth_redirects => $auth_redirects);
if ($authenticate_result->success) {
print "User " . $authenticate_result->user->id . " successfully authenticated\n";
} else {
# failed to authenticate user.
if ($authenticate_result->failed_authenticator) {
# this authenticator caused the failure
}
}
is_authenticated
authenticators (optional) - An arrayref of Web::Authenticate::Authenticator::Role. If any of the authenticators does not authenticate, then the user will be redirected to "authenticate_fail_url".
redirect (optional) - If set to true, this method will redirect appropriately if the user does not authenticate.
First makes sure that the user authenticates as being logged in with a session. If the user is not, the user is redirected to "login_url" if redirect is set to 1. Then, the method tries to authenticate all authenticators. If any authenticator fails, the user is redirected to "authenticate_fail_url" if redirect is set to 1. This method returns a Web::Authenticate::Result::IsAuthenticated object.
my $is_authenticated_result = $web_auth->is_authenticated;
# OR
my $is_authenticated_result = $web_auth->is_authenticated(authenticators => $authenticators);
if ($is_authenticated_result->success) {
print "User " . $is_authenticated_result->user->id . " successfully authenticated\n";
} else {
# failed to authenticate user.
if ($is_authenticated_result->failed_authenticator) {
# this authenticator caused the failure
}
}
This method does not update the expires time for the session. It does however respect "allow_after_login_redirect_override".
check_for_session
auth_redirects (optional) - An arrayref of Web::Authenticate::Authenticator::Redirect::Role. If the user is authenticated successfully with a session, they will be redirected to the "url" in Web::Authenticate::Authenticator::Redirect::Role of the first "authenticator" in Web::Authenticate::Authenticator::Redirect::Role that authenticates. If none of the auth_redirects authenticate, then the user will be redirected to "after_login_url".
This is meant to be used on the login page if you do not want users to be able to login if they are already authenticated.
$web_authenticate->check_for_session;
# or with auth redirects
$web_authenticate->check_for_session(auth_redirects => $auth_redirects);
Returns Web::Authenticate::Result::CheckForSession.
create_user
username (required) - The username for the user to create.
password (required) - The password for the user to create.
username_verifiers (optional) - optional arrayref of Web::Authenticate::User::CredentialVerifier to verify if an entered username is correct.
password_verifiers (optional) - optional arrayref of Web::Authenticate::User::CredentialVerifier to verify if an entered password is correct.
user_values (optional) - optional hashref where column names are the keys and the values for those columns are the values. These values will be passed on to Web::Authenticate::User::Storage::Handler::Role when creating the user.
This is a convenience method that can be used if the Web::Authenticate::User::Storage::Handler::Role you are using accepts its "store_user" in Web::Authenticate::User::Storage::Handler::Role arguments as:
store_user($username, $password, $user_values)
Such as Web::Authenticate::User::Storage::Handler::SQL.
my $create_user_result = $web_authenticate->create_user(
username => $username,
password => $password,
username_verifiers => $username_verifiers,
password_verifiers => $password_verifiers,
user_values => {
age => $age,
insert_time => \'NOW()',
},
);
if ($create_user_result->success) {
print "User " . $create_user_result->user->id . " created\n";
} else {
print "username errors: \n";
for my $verifier (@{$create_user_result->failed_username_verifiers}) {
print "\t" . $verifier->error_msg . "\n";
}
print "password errors: \n";
for my $verifier (@{$create_user_result->failed_password_verifiers}) {
print "\t" . $verifier->error_msg . "\n";
}
}
AUTHOR
Adam Hopkins <srchulo@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2017 by Adam Hopkins.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.