NAME

Scaffold::Uaf::Authenticate - An Basic Authentication Framework

DESCRIPTION

This mixin is responsible for authenicating, and creating the User object. This module should be overridden and extended as needed by your application.

This module understands the following config settings:

uaf_cookie_path     - The path for the security token, defaults to "/"
uaf_cookie_domain   - The cookie domain, not currently used
uaf_cookie_secure   - Wither the cookie should only be used with SSL

uaf_limit           - the limit on login attempts, defaults to 3
uaf_timeout         - the timeout for the session, defaults to 3600
uaf_secret          - the value to use as a "salt" when encrypting
uaf_filter          - the url filter to use, defaults to /^{app_rootp}\/(login|static).*/

uaf_login_title     - title for the login page, defaults to 'Please Login"
uaf_login_wrapper   - the wrapper for the login page, defaults to "wrapper.tt"
uaf_login_template  - the template for the login page, defaults to "uaf_login.tt"

uaf_denied_title    - title for the denied page, defaults to "Login Denied"
uaf_denied_wrapper  - the wrapper for the denied page, defaults to "wrapper.tt"
uaf_denied_template - the template for the denied page, defaults to "uaf_denied.tt"

uaf_logout_title    - title for the logout page, default to "Logout"
uaf_logout_wrapper  - the wrapper for the logout page, defaults to "wrapper.tt"
uaf_logout_template - the template for the logout page, defaults to "uaf_logout.tt"

METHODS

uaf_is_valid

This method is used to authenticate the current session. The default authentication behaviour is based on security tokens. A token is stored within the session store and a token is retireved from a cookie. If the two match, the session is condsidered autheticate. When the session is authenticated an User object is returned.

uaf_validate

This method handles the validation of the current session. It accepts two parameters. They are a username and password. When the session is validated, an User object is created and returned. The default validate() method only knows about "admin" and "demo" users, with default passwords of "admin" and "demo". This method should be overridden to refelect your applications Users datastore and validation policy.

uaf_invalidate

This method will invalidate the current session. You may wish to override this method. By default it removes the User object form the session store, removes the secuity token from the session store and removes the security cookie.

uaf_set_token

This method creates the security token. It is passed the User object. The default action is to create a token using parts of the User object and random data. This token is then stored in the session store and sent to the browser as a cookie.

uaf_avoid

Some application may wish to implement an avoidence scheme for certain situations. This is a hook to allow that to happen. The default action is to do nothing.

uaf_check_credentials

Check the username and password for validity.

ACCESSORS

These accessors return the corresponding config items.

uaf_filter

uaf_cookie_path

uaf_cookie_domain

uaf_cookie_secure

uaf_limit

uaf_timeout

uaf_secret

uaf_filter

uaf_login_rootp

uaf_denied_rootp

uaf_login_title

uaf_login_wrapper

uaf_login_template

uaf_denied_title

uaf_denied_wrapper

uaf_denied_template

uaf_logout_title

uaf_logout_wrapper

uaf_logout_template

SEE ALSO

Scaffold
Scaffold::Base
Scaffold::Cache
Scaffold::Cache::FastMmap
Scaffold::Cache::Manager
Scaffold::Cache::Memcached
Scaffold::Class
Scaffold::Constants
Scaffold::Engine
Scaffold::Handler
Scaffold::Handler::Default
Scaffold::Handler::Favicon
Scaffold::Handler::Robots
Scaffold::Handler::Static
Scaffold::Lockmgr
Scaffold::Lockmgr::KeyedMutex
Scaffold::Lockmgr::UnixMutex
Scaffold::Plugins
Scaffold::Render
Scaffold::Render::Default
Scaffold::Render::TT
Scaffold::Routes
Scaffold::Server
Scaffold::Session::Manager
Scaffold::Stash
Scaffold::Stash::Controller
Scaffold::Stash::Cookie
Scaffold::Stash::Manager
Scaffold::Stash::View
Scaffold::Uaf::Authenticate
Scaffold::Uaf::AuthorizeFactory
Scaffold::Uaf::Authorize
Scaffold::Uaf::GrantAllRule
Scaffold::Uaf::Login
Scaffold::Uaf::Logout
Scaffold::Uaf::Manager
Scaffold::Uaf::Rule
Scaffold::Uaf::User
Scaffold::Utils

AUTHOR

Kevin L. Esteb <kevin@kesteb.us>

COPYRIGHT AND LICENSE

Copyright (C) 2007 Kevin L. Esteb

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.