The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.
 / 
Scaffold-0.10
River stage zero No dependents
++
/ Scaffold::Uaf::Authenticate

NAME

Scaffold::Uaf::Authenticate - An Basic Authentication Framework

DESCRIPTION

This mixin is responsible for authenicating, and creating the User object. This module should be overridden and extended as needed by your application.

This module understands the following config settings:

 uaf_cookie_path     - The path for the security token, defaults to "/"
 uaf_cookie_domain   - The cookie domain, not currently used
 uaf_cookie_secure   - Wither the cookie should only be used with SSL

 uaf_limit           - the limit on login attempts, defaults to 3
 uaf_timeout         - the timeout for the session, defaults to 3600
 uaf_secret          - the value to use as a "salt" when encrypting
 uaf_filter          - the url filter to use, defaults to /^{app_rootp}\/(login|static).*/

 uaf_login_title     - title for the login page, defaults to 'Please Login"
 uaf_login_wrapper   - the wrapper for the login page, defaults to "wrapper.tt"
 uaf_login_template  - the template for the login page, defaults to "uaf_login.tt"

 uaf_denied_title    - title for the denied page, defaults to "Login Denied"
 uaf_denied_wrapper  - the wrapper for the denied page, defaults to "wrapper.tt"
 uaf_denied_template - the template for the denied page, defaults to "uaf_denied.tt"

 uaf_logout_title    - title for the logout page, default to "Logout"
 uaf_logout_wrapper  - the wrapper for the logout page, defaults to "wrapper.tt"
 uaf_logout_template - the template for the logout page, defaults to "uaf_logout.tt"

METHODS

uaf_is_valid

This method is used to authenticate the current session. The default authentication behaviour is based on security tokens. A token is stored within the session store and a token is retireved from a cookie. If the two match, the session is condsidered autheticate. When the session is authenticated an User object is returned.

uaf_validate

This method handles the validation of the current session. It accepts two parameters. They are a username and password. When the session is validated, an User object is created and returned. The default validate() method only knows about "admin" and "demo" users, with default passwords of "admin" and "demo". This method should be overridden to refelect your applications Users datastore and validation policy.

uaf_invalidate

This method will invalidate the current session. You may wish to override this method. By default it removes the User object form the session store, removes the secuity token from the session store and removes the security cookie.

uaf_set_token

This method creates the security token. It is passed the User object. The default action is to create a token using parts of the User object and random data. This token is then stored in the session store and sent to the browser as a cookie.

uaf_avoid

Some application may wish to implement an avoidence scheme for certain situations. This is a hook to allow that to happen. The default action is to do nothing.

uaf_check_credentials

Check the username and password for validity.

ACCESSORS

These accessors return the corresponding config items.

uaf_filter
uaf_limit
uaf_timeout
uaf_secret
uaf_filter
uaf_login_rootp
uaf_denied_rootp
uaf_login_title
uaf_login_wrapper
uaf_login_template
uaf_denied_title
uaf_denied_wrapper
uaf_denied_template
uaf_logout_title
uaf_logout_wrapper
uaf_logout_template

SEE ALSO

 Scaffold
 Scaffold::Base
 Scaffold::Cache
 Scaffold::Cache::FastMmap
 Scaffold::Cache::Manager
 Scaffold::Cache::Memcached
 Scaffold::Class
 Scaffold::Constants
 Scaffold::Engine
 Scaffold::Handler
 Scaffold::Handler::Default
 Scaffold::Handler::Favicon
 Scaffold::Handler::Robots
 Scaffold::Handler::Static
 Scaffold::Lockmgr
 Scaffold::Lockmgr::KeyedMutex
 Scaffold::Lockmgr::UnixMutex
 Scaffold::Plugins
 Scaffold::Render
 Scaffold::Render::Default
 Scaffold::Render::TT
 Scaffold::Routes
 Scaffold::Server
 Scaffold::Session::Manager
 Scaffold::Stash
 Scaffold::Stash::Controller
 Scaffold::Stash::Cookie
 Scaffold::Stash::Manager
 Scaffold::Stash::View
 Scaffold::Uaf::Authenticate
 Scaffold::Uaf::AuthorizeFactory
 Scaffold::Uaf::Authorize
 Scaffold::Uaf::GrantAllRule
 Scaffold::Uaf::Login
 Scaffold::Uaf::Logout
 Scaffold::Uaf::Manager
 Scaffold::Uaf::Rule
 Scaffold::Uaf::User
 Scaffold::Utils

AUTHOR

Kevin L. Esteb <kevin@kesteb.us>

COPYRIGHT AND LICENSE

Copyright (C) 2007 Kevin L. Esteb

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.