diff options
Diffstat (limited to 'perllib/Catalyst/Authentication/Credential/AccessToken.pm')
| -rw-r--r-- | perllib/Catalyst/Authentication/Credential/AccessToken.pm | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/perllib/Catalyst/Authentication/Credential/AccessToken.pm b/perllib/Catalyst/Authentication/Credential/AccessToken.pm new file mode 100644 index 000000000..7827c936d --- /dev/null +++ b/perllib/Catalyst/Authentication/Credential/AccessToken.pm @@ -0,0 +1,144 @@ +package Catalyst::Authentication::Credential::AccessToken; + +use strict; +use warnings; +use base 'Class::Accessor::Fast'; + +__PACKAGE__->mk_accessors(qw(token_field token_lookup)); + +our $VERSION = "0.01"; + +sub new { + my ($class, $config, $c, $realm) = @_; + my $self = { %$config }; + bless $self, $class; + return $self; +} + +sub authenticate { + my ( $self, $c, $realm, $authinfo_ignored ) = @_; + + my $auth_header = $c->req->header('Authorization') || ''; + my ($token) = $auth_header =~ /^Bearer (.*)/i; + $token ||= $c->get_param('access_token'); + return unless $token; + + my $field = $self->token_field || 'access_token'; + + my $value = $token; + if (my $lookup = $self->token_lookup) { + $value = {}; + foreach (keys %$lookup) { + my $v = $lookup->{$_}; + $v =~ s/TOKEN/$token/; + $value->{$_} = $v; + } + } + my $user_obj = $realm->find_user({ $field => $value }, $c); + if (ref $user_obj) { + return $user_obj; + } +} + +__PACKAGE__; + +__END__ + +=pod + +=head1 NAME + +Catalyst::Authentication::Credential::AccessToken - Authenticate a user +with an access token. + +=head1 SYNOPSIS + + use Catalyst qw/ + Authentication + /; + + package MyApp::Controller::Auth; + + sub login : Local { + my ( $self, $c ) = @_; + $c->authenticate(undef, "access_token"); + } + +=head1 DESCRIPTION + +This authentication credential checker takes authentication information +(most often a username) and a password, and attempts to validate the password +provided against the user retrieved from the store. + +=head1 CONFIGURATION + + # example + __PACKAGE__->config('Plugin::Authentication' => + { + default_realm => 'members', + realms => { + access_token => { + credential => { + class => 'AccessToken', + token_field => 'access_token', + }, + ... + + +=over 4 + +=item class + +The classname used for Credential. This is part of +L<Catalyst::Plugin::Authentication> and is the method by which +Catalyst::Authentication::Credential::AccessToken is loaded as the +credential validator. For this module to be used, this must be set to +'AccessToken'. + +=item token_field + +The field in the user object that contains the access token. This will vary +depending on the storage class used, but is most likely something like +'access_token'. In fact, this is so common that if this is left out of the +config, it defaults to 'access_token'. + +=item token_lookup + +If the token isn't a field on its own, but contained within another field, you +can provide a custom lookup here, where the string TOKEN in a value will be +replaced by the access token. + +=back + +=head1 USAGE + +The AccessToken credential module is very simple to use. Once configured as +indicated above, authenticating using this module is simply a matter of calling +$c->authenticate(). + + if ($c->authenticate(undef, "access_token")) { + # authentication successful + } else { + # authentication failed + } + +=head1 METHODS + +There are no publicly exported routines in the AccessToken module (or indeed in +most credential modules.) However, below is a description of the routines +required by L<Catalyst::Plugin::Authentication> for all credential modules. + +=head2 new( $config, $app, $realm ) + +Instantiate a new AccessToken object using the configuration hash provided in +$config. A reference to the application is provided as the second argument. +Note to credential module authors: new() is called during the application's +plugin setup phase, which is before the application specific controllers are +loaded. The practical upshot of this is that things like $c->model(...) will +not function as expected. + +=head2 authenticate + +Tries to log a user in. + +=cut |