The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.
 / 
Mojolicious-Plugin-Authentication-v0.03
River stage one • 4 direct dependents • 5 total dependents
/ Mojolicious::Plugin::Authentication

NAME

Mojolicious::Plugin::Authentication - A plugin to make authentication a bit easier

VERSION

Version 0.03

SYNOPSIS

    use Mojolicious::Plugin::Authentication
    use Mojolicious::Plugin::Session;

    $self->plugin('authentication' => {
        session => {
            'stash_key' => 'mojox-session',
        },
        'load_user' => sub { ... },
        'validate_user' => sub { ... },
    });

    if($self->authenticate('username', 'password')) {
        ... 
    }

METHODS

authenticate($username, $password)

    Authenticate will use the supplied load_user and validate_user subroutine refs to see whether a user exists with the given username and password, and will set up the session accordingly.
    Returns true when the user has been successfully authenticated, false otherwise.

user_exists

    Returns true if an authenticated user exists, false otherwise.

user

    Returns the user object as it was returned from the supplied 'load_user' subroutine ref.

logout

    Removes the session data for authentication, and effectively logs a user out.

session

    Returns a hashref containing all session data. Changes made here are automatically committed when the request ends.

CONFIGURATION

You must supply 2 subroutines, namely 'load_user' and 'validate_user'. load_user is called when the plugin needs to load a user from the user store. It's done this way to give you maximum flexibility whilst making life a little easier in the long run. load_user is expected to return a valid user object/hash/array/thingamajig. validate_user is called from the authenticate module and is passed a username and password, and is expected to return either a user id or undef, depending on whether the user is logged in or not.

EXAMPLE

    use Mojolicious::Lite;

    plugin 'session' => { stash_key => 'session', store => 'dbi', expires_delta => 5 };
    plugin 'authentication' => { 
        session_stash_key => 'session', 
        stash_key => 'auth', 
        load_user => sub {
            my $self = shift;
            my $uid = shift;
            # assume we have a db helper that also uses DBI
            my $sth = $self->db->prepare('SELECT * FROM user WHERE user_id = ?');
            $sth->execute($uid);
            if(my $res = $sth->fetchrow_hashref) {
                return $res;
            } else {
                return undef;
            }
        },
        validate_user => sub {
            my $self = shift;
            my $username = shift;
            my $password = shift;

            # assume we have a db helper that also uses DBI
            my $sth = $self->db->prepare('SELECT * FROM user WHERE username = ?');
            if(my $res = $sth->fetchrow_hashref) {
                my $salt = substr($res->{password}, 0, 2);
                if(crypt($password, $salt) eq $res->{password}) {
                    return $res->{user_id};
                } else {
                    return undef;
                }
            } else {
                return undef;
            }
        },
    };

    get '/foo' => sub {
        my $self = shift;

        if(!$self->user_exists) {
            $self->render(template => 'loginform');
        } else {
            $self->render(template => 'loggedin');
        }
    };
    get '/login' => sub {
        my $self = shift;
        my $u    = $self->req->param('username');
        my $p    = $self->req->param('password');

        if($self->authenticate($u, $p)) {
            $self->redirect_to('/foo');
        } else {
            $self->render(text => 'Invalid credentials');
        }
    };

AUTHOR

Ben van Staveren, <madcat at cpan.org>

BUGS

Please report any bugs or feature requests to bug-mojolicious-plugin-authentication at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Mojolicious-Plugin-Authentication. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

CONTRIBUTING

If you want to contribute changes or otherwise involve yourself in development, feel free to fork the Mercurial repository from http://bitbucket.org/xirinet/mojolicious-plugin-authentication/.

SUPPORT

You can find documentation for this module with the perldoc command.

    perldoc Mojolicious::Plugin::Authentication

You can also look for information at:

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

Copyright 2011 Ben van Staveren.

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.