/ 
Catalyst-Plugin-Authentication-Store-DBIC-0.01
River stage zero No dependents
/ Catalyst::Plugin::Authentication::Store::DBIC

NAME

Catalyst::Plugin::Authentication::Store::DBIC - Authentication and authorization against a DBIx::Class or Class::DBI model.

SYNOPSIS

use Catalyst qw/
    Authentication
    Authentication::Store::DBIC
    Authentication::Credential::Password
    Authorization::Roles                                # if using roles
    /;

# Authentication
__PACKAGE__->config->{authentication}->{dbic} = {
    user_class         => 'MyApp::Model::User',
    user_field         => 'username',
    password_field     => 'password',
    password_type      => 'hashed',
    password_hash_type => 'SHA-1',
};

# Authorization using a many-to-many role relationship
# For more detailed instructions on setting up role-based auth, please
# see the section below titled L<"Roles">.
__PACKAGE__->config->{authorization}->{dbic} = {
    role_class           => 'MyApp::Model::Role',
    role_field           => 'role',
    role_rel             => 'map_user_role',            # DBIx::Class only        
    user_role_user_field => 'user',
    user_role_class      => 'MyApp::Model::UserRole',   # Class::DBI only        
    user_role_role_field => 'role',                     # Class::DBI only
};

# log a user in
sub login : Global {
    my ( $self, $c ) = @_;

    $c->login( $c->req->param("email"), $c->req->param("password"), );
}

# verify a role
if ( $c->check_user_roles( 'admin' ) ) {
    $model->delete_everything;
}

DESCRIPTION

This plugin uses a DBIx::Class (or Class::DBI) object to authenticate a user.

AUTHENTICATION CONFIGURATION

Authentication is configured by setting an authentication->{dbic} hash reference in your application's config method. The following configuration options are supported.

user_class

The name of the class that represents a user object.

user_field

The name of the column holding the user identifier (defaults to "user")

password_field

The name of the column holding the user's password (defaults to "password")

password_type

The type of password your user object stores. One of: clear, crypted, or hashed. Defaults to clear.

password_hash_type

If using a password_type of hashed, this option specifies the hashing method being used. Any hashing method supported by the Digest module may be used.

password_pre_salt

Use this option if your passwords are hashed with a prefix salt value.

password_post_salt

Use this option if your passwords are hashed with a postfix salt value.

AUTHORIZATION CONFIGURATION

Role-based authorization is configured by setting an authorization->{dbic} hash reference in your application's config method. The following options are supported. For more detailed instructions on setting up roles, please see the section below titled "Roles".

role_class

The name of the class that contains the list of roles.

role_field

The name of the field in "role_class" that contains the role name.

role_rel

DBIx::Class models only. This field specifies the name of the relationship in "role_class" that refers to the mapping table between users and roles. Using this relationship, DBIx::Class models can retrieve the list of roles for a user in a single SQL statement using a join.

user_role_class

Class::DBI models only. The name of the class that contains the many-to-many linking data between users and roles.

user_role_user_field

The name of the field in "user_role_class" that contains the user ID. This is required for both DBIx::Class and Class::DBI.

user_role_role_field

Class::DBI models only. The name of the field in "user_role_class" that contains the role ID.

METHODS

user_object

Returns the DBIx::Class or Class::DBI object representing the user in the database.

INTERNAL METHODS

setup

ROLES

This section will attempt to provide detailed instructions for configuring role-based authorization in your application.

Database Schema

The basic database structure for roles consists of the following 3 tables. This syntax is for SQLite, but can be easily adapted to other databases.

CREATE TABLE user (
    id       INTEGER PRIMARY KEY,
    username TEXT,
    password TEXT
);

CREATE TABLE role (
    id   INTEGER PRIMARY KEY,
    role TEXT
);

# DBIx::Class can handle multiple primary keys
CREATE TABLE user_role (
    user INTEGER,
    role INTEGER,
    PRIMARY KEY (user, role)
);

# Class::DBI may need the following user_role table
CREATE TABLE user_role (
    id   INTEGER PRIMARY KEY,
    user INTEGER,
    role INTEGER,
    UNIQUE (user, role)
);

DBIx::Class

For best performance when using roles, DBIx::Class models are recommended. By using DBIx::Class you will benefit from optimized SQL using joins that can retrieve roles for a user with a single SQL statement.

The steps for setting up roles with DBIx::Class are:

1. Create Model classes and define relationships

# Example User Model
package MyApp::Model::User;

use strict;
use warnings;
use base 'MyApp::Model::DBIC';

__PACKAGE__->table( 'user' );
__PACKAGE__->add_columns( qw/id username password/ );
__PACKAGE__->set_primary_key( 'id' );

__PACKAGE__->has_many(
    map_user_role => 'MyApp::Model::UserRole' => 'user' ); 

1;

# Example Role Model
package MyApp::Model::Role;

use strict;
use warnings;
use base 'MyApp::Model::DBIC';

__PACKAGE__->table( 'role' );
__PACKAGE__->add_columns( qw/id role/ );    
__PACKAGE__->set_primary_key( 'id' );

__PACKAGE__->has_many(
    map_user_role => 'MyApp::Model::UserRole' => 'role' );

1;

# Example UserRole Model
package MyApp::Model::UserRole;

use strict;
use warnings;
use base 'MyApp::Model::DBIC';

__PACKAGE__->table( 'user_role' );
__PACKAGE__->add_columns( qw/user role/ );                                 
__PACKAGE__->set_primary_key( qw/user role/ );

1;

2. Specify authorization configuration settings

For the above DBIx::Class model classes, the configuration would look like this:

__PACKAGE__->config->{authorization}->{dbic} = {
    role_class           => 'MyApp::Model::Role',
    role_field           => 'role',
    role_rel             => 'map_user_role',    
    user_role_user_field => 'user',
};

Class::DBI

Class::DBI models are also supported but require slightly more configuration. Performance will also suffer as more SQL statements must be run to retrieve all roles for a user.

The steps for setting up roles with Class::DBI are:

1. Create Model classes

# Example User Model
package MyApp::Model::User;

use strict;
use warnings;
use base 'MyApp::Model::CDBI';

__PACKAGE__->table  ( 'user' );
__PACKAGE__->columns( Primary   => qw/id/ );
__PACKAGE__->columns( Essential => qw/username password/ );

1;

# Example Role Model
package MyApp::Model::Role;

use strict;
use warnings;
use base 'MyApp::Model::CDBI';

__PACKAGE__->table  ( 'role' );
__PACKAGE__->columns( Primary   => qw/id/ );
__PACKAGE__->columns( Essential => qw/role/ );

1;

# Example UserRole Model
package MyApp::Model::UserRole;

use strict;
use warnings;
use base 'MyApp::Model::CDBI';

__PACKAGE__->table  ( 'user_role' );
__PACKAGE__->columns( Primary   => qw/id/ );
__PACKAGE__->columns( Essential => qw/user role/ );

1;

2. Specify authorization configuration settings

For the above Class::DBI model classes, the configuration would look like this:

__PACKAGE__->config->{authorization}->{dbic} = {
    role_class           => 'MyApp::Model::Role',
    role_field           => 'role',
    user_role_class      => 'MyApp::Model::UserRole',
    user_role_user_field => 'user',        
    user_role_role_field => 'role',
};

SEE ALSO

Catalyst::Plugin::Authentication, Catalyst::Plugin::Authorization::Roles

AUTHOR

Andy Grundman, <andy@hybridized.org>

COPYRIGHT

This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.