[Jifty-commit] r4466 - in
jifty/trunk/lib/Jifty/Plugin/Authentication: . Ldap/Action
Ldap/Mixin Ldap/Mixin/Model Ldap/doc
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Mon Nov 19 12:17:15 EST 2007
Author: yves
Date: Mon Nov 19 12:17:15 2007
New Revision: 4466
Added:
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogout.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/View.pm
jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/doc/
Log:
first release for an experimental mixin ldap release
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap.pm Mon Nov 19 12:17:15 2007
@@ -0,0 +1,117 @@
+use strict;
+use warnings;
+
+package Jifty::Plugin::Authentication::Ldap;
+use base qw/Jifty::Plugin/;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::Ldap - ldap authentication plugin
+
+=head1 DESCRIPTION
+
+B<CAUTION:> This plugin is experimental.
+
+This may be combined with the L<Jifty::Plugin::User> plugin to provide user accounts and ldap password authentication to your application.
+
+in etc/config.yml
+
+ Plugins:
+ - Login: {}
+ - Authentication::Ldap:
+ LDAPhost: ldap.univ.fr # ldap server
+ LDAPbase: ou=people,dc=..... # base ldap
+ LDAPName: displayname # name to be displayed (cn givenname)
+ LDAPMail: mailLocalAddress # email used optionnal
+ LDAPuid: uid # optional
+
+
+
+=head2 METHODS
+
+=head2 prereq_plugins
+
+This plugin depends on the L<User|Jifty::Plugin::User> plugin.
+
+=cut
+
+
+sub prereq_plugins {
+ return ('User');
+}
+
+use Net::LDAP;
+
+
+my ($LDAP, %params);
+
+=head2 init
+
+read etc/config.yml
+
+=cut
+
+sub init {
+ my $self = shift;
+ my %args = @_;
+
+ $params{'Hostname'} = $args{LDAPhost};
+ $params{'base'} = $args{LDAPbase};
+ $params{'uid'} = $args{LDAPuid} || "uid";
+ $params{'email'} = $args{LDAPMail} || "";
+ $params{'name'} = $args{LDAPName} || "cn";
+ $LDAP = Net::LDAP->new($params{Hostname},async=>1,onerror => 'undef', debug => 0);
+}
+
+sub LDAP {
+ return $LDAP;
+}
+
+sub base {
+ return $params{'base'};
+}
+
+sub uid {
+ return $params{'uid'};
+}
+
+sub email {
+ return $params{'email'};
+};
+
+sub name {
+ return $params{'name'};
+};
+
+
+
+sub get_infos {
+ my ($self,$user) = @_;
+
+ my $result = $self->LDAP()->search (
+ base => $self->base(),
+ filter => '(uid= '.$user.')',
+ attrs => [$self->name(),$self->email()],
+ sizelimit => 1
+ );
+ my ($ret) = $result->entries;
+ my $name = $ret->get_value($self->name());
+ my $email = $ret->get_value($self->email());
+
+ return ({ name => $name, email => $email });
+};
+
+
+
+=head1 SEE ALSO
+
+L<Jifty::Manual::AccessControl>, L<Jifty::Plugin::User>, L<Net::LDAP>
+
+=head1 LICENSE
+
+Jifty is Copyright 2005-2007 Best Practical Solutions, LLC.
+Jifty is distributed under the same terms as Perl itself.
+
+=cut
+
+1;
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm Mon Nov 19 12:17:15 2007
@@ -0,0 +1,135 @@
+use warnings;
+use strict;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin;
+
+=cut
+
+package Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin;
+use base qw/Jifty::Action/;
+
+
+=head1 ARGUMENTS
+
+Return the login form field
+
+=cut
+
+use Jifty::Param::Schema;
+use Jifty::Action schema {
+ param ldap_id =>
+ label is _('Login'),
+ is mandatory;
+# is ajax_validates;
+ param password =>
+ type is 'password',
+ label is _('Password'),
+ is mandatory;
+};
+
+=head2 validate_name NAME
+
+For ajax_validates.
+Makes sure that the name submitted is a legal login.
+
+
+=cut
+
+sub validate_ldap_id {
+ my $self = shift;
+ my $name = shift;
+
+ unless ( $name =~ /^[A-Za-z0-9-]+$/ ) {
+ return $self->validation_error(
+ name => _("That doesn't look like a valid login.") );
+ }
+
+
+ return $self->validation_ok('name');
+}
+
+
+=head2 take_action
+
+Bind on ldap to check the user's password. If it's right, log them in.
+Otherwise, throw an error.
+
+
+=cut
+
+sub take_action {
+ my $self = shift;
+ my $username = $self->argument_value('ldap_id');
+ my ($plugin) = Jifty->find_plugin('Jifty::Plugin::Authentication::Ldap');
+ my $dn = $plugin->uid().'='.$username.','.
+ $plugin->base();
+
+
+ # Bind on ldap
+ my $msg = $plugin->LDAP()->bind($dn ,'password' =>$self->argument_value('password'));
+
+
+ unless (not $msg->code) {
+ $self->result->error(
+ _('You may have mistyped your login or password. Give it another shot?')
+ );
+ return;
+ }
+
+ # Load up the user
+ my $current_user = Jifty->app_class('CurrentUser');
+ my $user = $current_user->new( ldap_id => $username );
+
+ # Autocreate the user if necessary
+ if ( not $user->id ) {
+ my $action = Jifty->web->new_action(
+ class => 'CreateUser',
+ current_user => $current_user->superuser,
+ arguments => {
+ ldap_id => $username
+ }
+ );
+ $action->run;
+
+ if ( not $action->result->success ) {
+ # Should this be less "friendly"?
+ $self->result->error(_("Sorry, something weird happened (we couldn't create a user for you). Try again later."));
+ return;
+ }
+
+ $user = $current_user->new( ldap_id => $username );
+ }
+
+ my $infos = $plugin->get_infos($username);
+ my $name = $infos->{name};
+ my $email = $infos->{email};
+ my $u = $user->user_object;
+
+ # Update, just in case
+ $u->__set( column => 'name', value => $name );
+ $u->__set( column => 'email', value => $email );
+
+
+ # Login!
+ Jifty->web->current_user( $user );
+ Jifty->web->session->set_cookie;
+
+ # Success!
+ $self->report_success;
+
+ return 1;
+};
+
+=head2 report_success
+
+=cut
+
+sub report_success {
+ my $self = shift;
+ $self->result->message(_("Hi %1!", Jifty->web->current_user->user_object->name ));
+};
+
+
+1;
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogout.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogout.pm Mon Nov 19 12:17:15 2007
@@ -0,0 +1,35 @@
+use warnings;
+use strict;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout;
+
+=cut
+
+package Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout;
+use base qw/Jifty::Action/;
+
+=head2 arguments
+
+Return the email and password form fields
+
+=cut
+
+sub arguments {
+ return ( {} );
+}
+
+=head2 take_action
+
+Nuke the current user object
+
+=cut
+
+sub take_action {
+ my $self = shift;
+ Jifty->web->current_user(undef);
+ return 1;
+}
+
+1;
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm Mon Nov 19 12:17:15 2007
@@ -0,0 +1,32 @@
+use strict;
+use warnings;
+
+package Jifty::Plugin::Authentication::Ldap::Dispatcher;
+use Jifty::Dispatcher -base;
+
+# Put any plugin-specific dispatcher rules here.
+
+# Log out
+before 'ldaplogout' => run {
+ Jifty->web->request->add_action(
+ class => 'LDAPLogout',
+ moniker => 'ldaplogout',
+ );
+};
+
+
+# Login
+on 'ldaplogin' => run {
+ set 'action' =>
+ Jifty->web->new_action(
+ class => 'LDAPLogin',
+ moniker => 'ldaploginbox'
+ );
+ set 'next' => Jifty->web->request->continuation
+ || Jifty::Continuation->new(
+ request => Jifty::Request->new( path => "/" ) );
+};
+
+
+
+1;
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm Mon Nov 19 12:17:15 2007
@@ -0,0 +1,36 @@
+package Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
+use strict;
+use warnings;
+use Jifty::DBI::Schema;
+use base 'Jifty::DBI::Record::Plugin';
+use URI;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
+
+=head1 DESCRIPTION
+
+L<Jifty::Plugin::Authentication::Ldap> mixin for the User model. Provides an 'ldap_id' column.
+
+=cut
+
+our @EXPORT = qw(has_alternative_auth);
+
+use Jifty::Plugin::Authentication::Ldap::Record schema {
+
+column ldap_id =>
+ type is 'text',
+ label is 'Ldap ID',
+ is distinct,
+ is immutable;
+
+};
+
+=head2 has_alternative_auth
+
+=cut
+
+sub has_alternative_auth { 1 }
+
+1;
Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/View.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/View.pm Mon Nov 19 12:17:15 2007
@@ -0,0 +1,50 @@
+use utf8;
+use warnings;
+use strict;
+
+=head1 NAME Jifty::Plugin::Authentication::Ldap::View
+
+This provides the templates for the pages and forms used by the ldap authentication plugin.
+
+=cut
+
+package Jifty::Plugin::Authentication::Ldap::View;
+use Jifty::View::Declare -base;
+
+{ no warnings 'redefine';
+sub page (&;$) {
+ no strict 'refs';
+ BEGIN {Jifty::Util->require(Jifty->app_class('View'))};
+ Jifty->app_class('View')->can('page')->(@_);
+}
+}
+
+template ldaplogin => page { title => _('Login!') } content {
+ show('/ldaplogin_widget');
+};
+
+
+template ldaplogin_widget => sub {
+# title is _("Login with your Ldap account")
+
+ my ( $action, $next ) = get( 'action', 'next' );
+ $action ||= new_action( class => 'LDAPLogin' );
+ $next ||= Jifty::Continuation->new(
+ request => Jifty::Request->new( path => "/" ) );
+ unless ( Jifty->web->current_user->id ) {
+ h3 { _('Login with your ldap account') };
+ div {
+ attr { id => 'jifty-login' };
+ Jifty->web->form->start( call => $next );
+ render_param( $action, 'ldap_id', focus => 1 );
+ render_param( $action, 'password' );
+ form_return( label => _(q{Login}), submit => $action );
+ Jifty->web->form->end();
+ };
+ } else {
+ outs( _("You're already logged in.") );
+ }
+};
+
+
+1;
More information about the Jifty-commit
mailing list