[Jifty-commit] r4466 - in jifty/trunk/lib/Jifty/Plugin/Authentication: . Ldap/Action Ldap/Mixin Ldap/Mixin/Model Ldap/doc

jifty-commit at lists.jifty.org jifty-commit at lists.jifty.org
Mon Nov 19 12:17:15 EST 2007


Author: yves
Date: Mon Nov 19 12:17:15 2007
New Revision: 4466

Added:
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap.pm
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogout.pm
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/View.pm
   jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/doc/

Log:
first release for an experimental mixin ldap release


Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap.pm	Mon Nov 19 12:17:15 2007
@@ -0,0 +1,117 @@
+use strict;
+use warnings;
+
+package Jifty::Plugin::Authentication::Ldap;
+use base qw/Jifty::Plugin/;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::Ldap - ldap authentication plugin
+
+=head1 DESCRIPTION
+
+B<CAUTION:> This plugin is experimental.
+
+This may be combined with the L<Jifty::Plugin::User> plugin to provide user accounts and ldap password authentication to your application.
+
+in etc/config.yml
+
+  Plugins: 
+    - Login: {}
+    - Authentication::Ldap: 
+       LDAPhost: ldap.univ.fr           # ldap server
+       LDAPbase: ou=people,dc=.....     # base ldap
+       LDAPName: displayname            # name to be displayed (cn givenname)
+       LDAPMail: mailLocalAddress       # email used optionnal
+       LDAPuid: uid                     # optional
+
+
+
+=head2 METHODS
+
+=head2 prereq_plugins
+
+This plugin depends on the L<User|Jifty::Plugin::User> plugin.
+
+=cut
+
+
+sub prereq_plugins {
+    return ('User');
+}
+
+use Net::LDAP;
+
+
+my ($LDAP, %params);
+
+=head2 init
+
+read etc/config.yml
+
+=cut
+
+sub init {
+    my $self = shift;
+    my %args = @_;
+
+    $params{'Hostname'} = $args{LDAPhost};
+    $params{'base'} = $args{LDAPbase};
+    $params{'uid'} = $args{LDAPuid} || "uid";
+    $params{'email'} = $args{LDAPMail} || "";
+    $params{'name'} = $args{LDAPName} || "cn";
+    $LDAP = Net::LDAP->new($params{Hostname},async=>1,onerror => 'undef', debug => 0);
+}
+
+sub LDAP {
+    return $LDAP;
+}
+
+sub base {
+    return $params{'base'};
+}
+
+sub uid {
+    return $params{'uid'};
+}
+
+sub email {
+    return $params{'email'};
+};
+
+sub name {
+    return $params{'name'};
+};
+
+
+
+sub get_infos {
+    my ($self,$user) = @_;
+
+    my $result = $self->LDAP()->search (
+            base   => $self->base(),
+            filter => '(uid= '.$user.')',
+            attrs  =>  [$self->name(),$self->email()],
+            sizelimit => 1
+             );
+    my ($ret) = $result->entries;
+    my $name = $ret->get_value($self->name());
+    my $email = $ret->get_value($self->email());
+
+    return ({ name => $name, email => $email });
+};
+
+
+
+=head1 SEE ALSO
+
+L<Jifty::Manual::AccessControl>, L<Jifty::Plugin::User>, L<Net::LDAP>
+
+=head1 LICENSE
+
+Jifty is Copyright 2005-2007 Best Practical Solutions, LLC.
+Jifty is distributed under the same terms as Perl itself.
+
+=cut
+
+1;

Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm	Mon Nov 19 12:17:15 2007
@@ -0,0 +1,135 @@
+use warnings;
+use strict;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin;
+
+=cut
+
+package Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin;
+use base qw/Jifty::Action/;
+
+
+=head1 ARGUMENTS
+
+Return the login form field
+
+=cut
+
+use Jifty::Param::Schema;
+use Jifty::Action schema {
+    param ldap_id => 
+        label is _('Login'),
+        is mandatory;
+#        is ajax_validates;
+    param password =>
+        type is 'password',
+        label is _('Password'),
+        is mandatory;
+};
+
+=head2 validate_name NAME
+
+For ajax_validates.
+Makes sure that the name submitted is a legal login.
+
+
+=cut
+
+sub validate_ldap_id {
+    my $self  = shift;
+    my $name = shift;
+
+    unless ( $name =~ /^[A-Za-z0-9-]+$/ ) {
+        return $self->validation_error(
+            name => _("That doesn't look like a valid login.") );
+    }
+
+
+    return $self->validation_ok('name');
+}
+
+
+=head2 take_action
+
+Bind on ldap to check the user's password. If it's right, log them in.
+Otherwise, throw an error.
+
+
+=cut
+
+sub take_action {
+    my $self = shift;
+    my $username = $self->argument_value('ldap_id');
+    my ($plugin)  = Jifty->find_plugin('Jifty::Plugin::Authentication::Ldap');
+    my $dn = $plugin->uid().'='.$username.','.
+        $plugin->base();
+
+
+    # Bind on ldap
+    my $msg = $plugin->LDAP()->bind($dn ,'password' =>$self->argument_value('password'));
+
+
+    unless (not $msg->code) {
+        $self->result->error(
+     _('You may have mistyped your login or password. Give it another shot?')
+        );
+        return;
+    }
+
+    # Load up the user
+    my $current_user = Jifty->app_class('CurrentUser');
+    my $user = $current_user->new( ldap_id => $username );
+
+    # Autocreate the user if necessary
+    if ( not $user->id ) {
+        my $action = Jifty->web->new_action(
+            class           => 'CreateUser',
+            current_user    => $current_user->superuser,
+            arguments       => {
+                ldap_id => $username
+            }
+        );
+        $action->run;
+
+        if ( not $action->result->success ) {
+            # Should this be less "friendly"?
+            $self->result->error(_("Sorry, something weird happened (we couldn't create a user for you).  Try again later."));
+            return;
+        }
+
+        $user = $current_user->new( ldap_id => $username );
+    }
+
+    my $infos =  $plugin->get_infos($username);
+    my $name = $infos->{name};
+    my $email = $infos->{email};
+    my $u = $user->user_object;
+
+    # Update, just in case
+    $u->__set( column => 'name', value => $name );
+    $u->__set( column => 'email', value => $email );
+
+
+    # Login!
+    Jifty->web->current_user( $user );
+    Jifty->web->session->set_cookie;
+
+    # Success!
+    $self->report_success;
+
+    return 1;
+};
+
+=head2 report_success
+
+=cut
+
+sub report_success {
+    my $self = shift;
+    $self->result->message(_("Hi %1!", Jifty->web->current_user->user_object->name ));
+};
+
+
+1;

Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogout.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogout.pm	Mon Nov 19 12:17:15 2007
@@ -0,0 +1,35 @@
+use warnings;
+use strict;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout;
+
+=cut
+
+package Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout;
+use base qw/Jifty::Action/;
+
+=head2 arguments
+
+Return the email and password form fields
+
+=cut
+
+sub arguments {
+    return ( {} );
+}
+
+=head2 take_action
+
+Nuke the current user object
+
+=cut
+
+sub take_action {
+    my $self = shift;
+    Jifty->web->current_user(undef);
+    return 1;
+}
+
+1;

Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Dispatcher.pm	Mon Nov 19 12:17:15 2007
@@ -0,0 +1,32 @@
+use strict;
+use warnings;
+
+package Jifty::Plugin::Authentication::Ldap::Dispatcher;
+use Jifty::Dispatcher -base;
+
+# Put any plugin-specific dispatcher rules here.
+
+# Log out
+before 'ldaplogout' => run {
+    Jifty->web->request->add_action(
+        class   => 'LDAPLogout',
+        moniker => 'ldaplogout',
+    );
+};
+
+
+# Login
+on 'ldaplogin' => run {
+    set 'action' =>
+        Jifty->web->new_action(
+        class => 'LDAPLogin',
+        moniker => 'ldaploginbox'
+    );
+    set 'next' => Jifty->web->request->continuation
+        || Jifty::Continuation->new(
+        request => Jifty::Request->new( path => "/" ) );
+};
+
+
+
+1;

Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm	Mon Nov 19 12:17:15 2007
@@ -0,0 +1,36 @@
+package Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
+use strict;
+use warnings;
+use Jifty::DBI::Schema;
+use base 'Jifty::DBI::Record::Plugin';
+use URI;
+
+=head1 NAME
+
+Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
+
+=head1 DESCRIPTION
+
+L<Jifty::Plugin::Authentication::Ldap> mixin for the User model.  Provides an 'ldap_id' column.
+
+=cut
+
+our @EXPORT = qw(has_alternative_auth);
+
+use Jifty::Plugin::Authentication::Ldap::Record schema {
+
+column ldap_id =>
+  type is 'text',
+  label is 'Ldap ID',
+  is distinct,
+  is immutable;
+
+};
+
+=head2 has_alternative_auth
+
+=cut
+
+sub has_alternative_auth { 1 }
+
+1;

Added: jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/View.pm
==============================================================================
--- (empty file)
+++ jifty/trunk/lib/Jifty/Plugin/Authentication/Ldap/View.pm	Mon Nov 19 12:17:15 2007
@@ -0,0 +1,50 @@
+use utf8;
+use warnings;
+use strict;
+
+=head1 NAME Jifty::Plugin::Authentication::Ldap::View
+
+This provides the templates for the pages and forms used by the ldap authentication plugin.
+
+=cut
+
+package Jifty::Plugin::Authentication::Ldap::View;
+use Jifty::View::Declare -base;
+
+{ no warnings 'redefine';
+sub page (&;$) {
+    no strict 'refs';
+    BEGIN {Jifty::Util->require(Jifty->app_class('View'))};
+    Jifty->app_class('View')->can('page')->(@_);
+}
+}
+
+template ldaplogin => page { title => _('Login!') } content {
+    show('/ldaplogin_widget');
+};
+
+
+template ldaplogin_widget => sub {
+#    title is _("Login with your Ldap account") 
+
+    my ( $action, $next ) = get( 'action', 'next' );
+    $action ||= new_action( class => 'LDAPLogin' );
+    $next ||= Jifty::Continuation->new(
+        request => Jifty::Request->new( path => "/" ) );
+    unless ( Jifty->web->current_user->id ) {
+        h3  { _('Login with your ldap account') };
+        div {
+            attr { id => 'jifty-login' };
+            Jifty->web->form->start( call => $next );
+            render_param( $action, 'ldap_id', focus => 1 );
+            render_param( $action, 'password' );
+            form_return( label => _(q{Login}), submit => $action );
+            Jifty->web->form->end();
+        };
+    } else {
+        outs( _("You're already logged in.") );
+    }
+};
+
+
+1;


More information about the Jifty-commit mailing list