1CGI::Application::PlugiUns:e:rAuCCtoGhnIet:nr:tiAibpcupatlteiidcoanPt:ei:roDlnr:iD:voPeclruu(mg3ei)nnt:a:tAiuotnhentication::Driver(3)
2
3
4

NAME

6       CGI::Application::Plugin::Authentication::Driver - Base module for
7       building driver classes for CGI::Application::Plugin::Authentication
8

SYNOPSIS

10        package CGI::Application::Plugin::Authentication::Driver::MyDriver;
11        use base qw(CGI::Application::Plugin::Authentication::Driver);
12
13         sub verify_credentials {
14             my $self = shift;
15             my @credentials = @_;
16
17             if ( >>> Validate Credentials <<< ) {
18                 return $credentials[0];
19             }
20             return;
21         }
22

DESCRIPTION

24       This module is a base class for all driver classes for the
25       CGI::Application::Plugin::Authentication plugin.  Each driver class is
26       required to provide only one method to validate the given credentials.
27       Normally only two credentials will be passed in (username and
28       password), but you can configure the plugin to handle any number of
29       credentials (for example you may require the user to enter a group
30       name, or domain name as well as a username and password).
31

FIELD FILTERS

33       It is quite common for passwords to be stored using some form of one
34       way encryption.  Unix crypt being the old standard in the Unix
35       community, however MD5 or SHA1 hashes are more popular today.  In order
36       to simplify the validation routines some methods have been provided to
37       help test these passwords.  When configuring a Driver (and if the
38       driver supports it), you can specify which fields are encoded, and
39       which method is used for the encoding by specifying a filter on the
40       field in question.
41
42        CREDENTIALS => ['authen_username', 'authen_password'],
43        DRIVERS     => [ 'DBI',
44                           DSN         => '...',
45                           TABLE       => 'users',
46                           CONSTRAINTS => {
47                               username       => '__CREDENTIAL_1__',
48                               'MD5:password' => '__CREDENTIAL_2__',
49                           }
50                       ],
51
52       Here we are saying that the password field is encoded using an MD5
53       hash, and should be checked accordingly.
54
55   Filter options
56       Some of the filters may have multiple forms.  For example there are
57       three forms of MD5 hashes:  binary, base64 and hex.  You can specify
58       these extra options by using an underscore to separate it from the
59       filter name.
60
61        'MD5_base64:password'
62
63   Chained Filters
64       it is possible to chain multiple filters.  This can be useful if your
65       MD5 strings are stored in hex format.  Hex numbers are case
66       insensitive, so the may be stored in either upper or lower case.  To
67       make this consistent, you can MD5 encode the password first, and then
68       upper case the results.  The filters are applied from the inside out:
69
70        'uc:MD5_hex:password'
71
72   Custom Filters
73       If your field is encoded using a custom technique, then you can provide
74       a custom filter function.  This can be be done by providing a FILTERS
75       option that contains a hash of filter subroutines that are keyed by
76       their name.  You can then use the filter name on any of the fields as
77       if it was a builtin filter.
78
79        CREDENTIALS => ['authen_username', 'authen_password'],
80        DRIVERS     => [ 'DBI',
81                           DSN      => '...',
82                           TABLE    => 'users',
83                           CONSTRAINTS => {
84                               username         => '__CREDENTIAL_1__',
85                               'rot13:password' => '__CREDENTIAL_2__',
86                           }
87                           FILTERS => { rot13 => \&rot13_filter },
88                       ],
89
90        sub rot13_filter {
91            my $value = shift;
92            $value =~ tr/A-Za-z/N-ZA-Mn-za-m/;
93            return $value;
94        }
95
96       Please see the documentation for the driver that you are using to make
97       sure that it supports encoded fields.
98
99   Builtin Filters
100       Here is a list of the filters that are provided with this module:
101
102       crypt - provided by perl "crypt" function
103       MD5 - requires Digest::MD5
104       SHA1 - requires Digest::SHA1
105       uc - provided by the perl "uc" function
106       lc - provided by the perl "lc" function
107       trim - removed whitespace from the start and end of the field
108

METHODS

110   new
111       This is a constructor that can create a new Driver object.  It requires
112       an Authentication object as its first parameter, and any number of
113       other parameters that will be used as options depending on which Driver
114       object is being created.  You shouldn't need to call this as the
115       Authentication plugin takes care of creating Driver objects.
116
117   initialize
118       This method will be called right after a new Driver object is created.
119       So any startup customizations can be dealt with here.
120
121   options
122       This will return a list of options that were provided when this driver
123       was configured by the user.
124
125   authen
126       This will return the underlying
127       CGI::Application::Plugin::Authentication object.  In most cases it will
128       not be necessary to access this.
129
130   find_option
131       This method will search the Driver options for a specific key and
132       return the value it finds.
133
134   verify_credentials
135       This method needs to be provided by the driver class.  It needs to be
136       an object method that accepts a list of credentials, and will verify
137       that the credentials are valid, and return a username that will be used
138       to identify this login (usually you will just return the value of the
139       first credential, however you are not bound to that)..
140
141   filter
142       This method can be used to filter a field (usually password fields)
143       using a number of standard or custom encoding techniques.  See the
144       section on Builtin Filters above to see what filters are available When
145       using a custom filter, you will need to provide a FILTERS option in the
146       configuration of the DRIVER (See the section on FIELD FILTERS above for
147       an example).  By default, if no filter is specified, it is returned as
148       is.  This means that you can run all fields through this function even
149       if they don't have any filters to simplify the driver code.
150
151        my $filtered = $self->filter('MD5_hex:password', 'foobar');
152
153        - or -
154
155        # custom filter
156        my $filtered = $self->filter('foobar:password', 'foo');
157
158        - or -
159
160        # effectively a noop
161        my $filtered = $self->filter('username', 'foo');
162
163   check_filtered
164       This method can be used to test filtered fields (usually password
165       fields) against a number of standard or custom encoding techniques.
166       The following encoding techniques are provided:  plain, MD5, SHA1,
167       crypt.  When using a custom encoder, you will need to provide it in the
168       configuration of the DRIVERS (See the section on ENCODED PASSWORDS
169       above for an example).  By default, if no encoding is specified, it is
170       assumed to be 'plain'.  This means that you can run all fields through
171       this function even if they don't have any encoding to simplify the
172       driver code.
173
174        my $verified = $self->check_filtered('MD5:password', 'foobar', 'OFj2IjCsPJFfMAxmQxLGPw');
175
176        - or -
177
178        # custom encoder
179        my $verified = $self->check_filtered('foobar:password', 'foo', 'bar');
180
181        - or -
182
183        # a field that isn't filtered (effectively just checks for equality on second and third args)
184        my $verified = $self->check_filtered('username', 'foobar', 'foobar');
185        my $verified = $self->check_filtered('plain:username', 'foobar', 'foobar');
186
187   strip_field_names
188       This method will take a field name (or list of names) and strip off the
189       leading encoding type.  For example if you passed in 'MD5:password' the
190       method would return 'password'.
191
192        my $fieldname = $self->strip_field_names('MD5:password');
193

SEE ALSO

195       CGI::Application::Plugin::Authentication, perl(1)
196

AUTHOR

198       Cees Hek <ceeshek@gmail.com>
199

LICENCE AND COPYRIGHT

201       Copyright (c) 2005, SiteSuite. All rights reserved.
202
203       This module is free software; you can redistribute it and/or modify it
204       under the same terms as Perl itself.
205

DISCLAIMER OF WARRANTY

207       BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
208       FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT
209       WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER
210       PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
211       EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
212       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
213       ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH
214       YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
215       NECESSARY SERVICING, REPAIR, OR CORRECTION.
216
217       IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
218       WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
219       REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE
220       TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR
221       CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
222       SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
223       RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
224       FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
225       SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
226       DAMAGES.
227
228
229
230perl v5.12.0               CGI::Ap2p0l1i0c-a0t4i-o3n0::Plugin::Authentication::Driver(3)