Home · Authors · Recent · News · Mirrors · FAQ · Feedback

in  
Jean-Michel Hiver > MKDoc-Auth-0.5 > MKDoc::Auth

Download:
MKDoc-Auth-0.5.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
Report a bug
Module Version: 0.5   Source  

NAME ^

MKDoc::Auth - Authentication framework for MKDoc::Core

INSTALLATION ^

See MKDoc::Setup::Auth.

Once you're done with the install go to http://<yoursite>/.signup.html to see how it works.

INTERFACE ^

Whenever a user authenticates, the framework will set a user object which can be accessed in $::MKD_USER.

The $::MKD_USER object MUST have the following methods:

$object->login() - the login of the user.
$object->email() - the email address of the user.
$object->full_name() - the full name of the user.

The $::MKD_USER variable can be undefined.

That's it. MKDoc::Auth does not make any other guarantees. Any piece of code which uses MKDoc::Auth through this interface should be able to use any other authentication layer provided they implement the simple $::MKD_USER object described above.

FUNCTIONALITY ^

Installing this product on an MKDoc::Core site will provide the following services:

/.signup.html

Open a new account - send a confirmation email

/.confirm.html?<confirm_id>

Activate / confirm a new account.

/.login.html

Login / logout / log as someone else.

/~<login>/.edit.html

Edit user account information.

/~<login>/.remove.html

Remove user account.

/.login-recover.html

Recover lost login information - sends an email

/.password-recover.html

Recover lost password for a given login - sends an email.

SPECIAL TRICKS ^

MKDoc::Auth does not use sessions or cookies. It uses plain simple HTTP authentication.

MKDoc::Auth implement a few tricks to make HTTP authentication possible, including optional authentication and logout mechanisms. Those tricks are explained in this paper:

    http://wiki.slugbug.org.uk/HTTP_Authentication

ADMINISTATION & SECURITY ^

I have plans to build an autorization framework, MKDoc::Authz, which will be working independently of MKDoc::Auth.

Since there is no autorization mechanisms in place at the moment, there is currently no administration interface to manage users. Admin interface would mean user privileges, user privileges would mean authorization layer.

However, once MKDoc::Authz is done, I plan to release MKDoc::Auth::Admin which will depend on MKDoc::Authz for privileges management.

Meanwhile, MKDoc::Auth implements a very, very simple policy: a given user can only modify or delete his own account.

AUTHOR ^

Copyright 2003 - MKDoc Holdings Ltd.

Author: Jean-Michel Hiver <jhiver@mkdoc.com>

This module is free software and is distributed under the same license as Perl itself. Use it at your own risk.

SEE ALSO ^

MKDoc::Auth::User, MKDoc::Auth::TempUser, MKDoc::Auth::Handler::AuthenticateOpt, MKDoc::Auth::Handler::Authenticate, MKDoc::Auth::Plugin::Signup, MKDoc::Auth::Plugin::Confirm, MKDoc::Auth::Plugin::Login, MKDoc::Auth::Plugin::Edit, MKDoc::Auth::Plugin::Recover_Login, MKDoc::Auth::Plugin::Recover_Password, MKDoc::Auth::Plugin::Delete, MKDoc::Core

Help us open-source MKDoc. Join the mkdoc-modules mailing list:

  mkdoc-modules@lists.webarch.co.uk
60410 Uploads, 19285 Distributions 77084 Modules, 7872 Uploaders
hosted by YellowBot
do. tag. write. share.