1CGI::Application::PlugiUns:e:rAuCCtoGhnIet:nr:tiAibpcupatlteiidcoanPt:ei:roDlnr:iD:voPeclruu(mg3ei)nnt:a:tAiuotnhentication::Driver(3)
2
3
4
6 CGI::Application::Plugin::Authentication::Driver - Base module for
7 building driver classes for CGI::Application::Plugin::Authentication
8
10 package CGI::Application::Plugin::Authentication::Driver::MyDriver;
11 use base qw(CGI::Application::Plugin::Authentication::Driver);
12
13 sub verify_credentials {
14 my $self = shift;
15 my @credentials = @_;
16
17 if ( >>> Validate Credentials <<< ) {
18 return $credentials[0];
19 }
20 return;
21 }
22
24 This module is a base class for all driver classes for the
25 CGI::Application::Plugin::Authentication plugin. Each driver class is
26 required to provide only one method to validate the given credentials.
27 Normally only two credentials will be passed in (username and
28 password), but you can configure the plugin to handle any number of
29 credentials (for example you may require the user to enter a group
30 name, or domain name as well as a username and password).
31
33 It is quite common for passwords to be stored using some form of one
34 way encryption. Unix crypt being the old standard in the Unix
35 community, however MD5 or SHA1 hashes are more popular today. In order
36 to simplify the validation routines some methods have been provided to
37 help test these passwords. When configuring a Driver (and if the
38 driver supports it), you can specify which fields are encoded, and
39 which method is used for the encoding by specifying a filter on the
40 field in question.
41
42 CREDENTIALS => ['authen_username', 'authen_password'],
43 DRIVERS => [ 'DBI',
44 DSN => '...',
45 TABLE => 'users',
46 CONSTRAINTS => {
47 username => '__CREDENTIAL_1__',
48 'MD5:password' => '__CREDENTIAL_2__',
49 }
50 ],
51
52 Here we are saying that the password field is encoded using an MD5
53 hash, and should be checked accordingly.
54
55 Filter options
56 Some of the filters may have multiple forms. For example there are
57 three forms of MD5 hashes: binary, base64 and hex. You can specify
58 these extra options by using an underscore to separate it from the
59 filter name.
60
61 'MD5_base64:password'
62
63 Chained Filters
64 it is possible to chain multiple filters. This can be useful if your
65 MD5 strings are stored in hex format. Hex numbers are case
66 insensitive, so the may be stored in either upper or lower case. To
67 make this consistent, you can MD5 encode the password first, and then
68 upper case the results. The filters are applied from the inside out:
69
70 'uc:MD5_hex:password'
71
72 Custom Filters
73 If your field is encoded using a custom technique, then you can provide
74 a custom filter function. This can be be done by providing a FILTERS
75 option that contains a hash of filter subroutines that are keyed by
76 their name. You can then use the filter name on any of the fields as
77 if it was a builtin filter.
78
79 CREDENTIALS => ['authen_username', 'authen_password'],
80 DRIVERS => [ 'DBI',
81 DSN => '...',
82 TABLE => 'users',
83 CONSTRAINTS => {
84 username => '__CREDENTIAL_1__',
85 'rot13:password' => '__CREDENTIAL_2__',
86 }
87 FILTERS => { rot13 => \&rot13_filter },
88 ],
89
90 sub rot13_filter {
91 my $param = shift;
92 my $value = shift;
93 $value =~ tr/A-Za-z/N-ZA-Mn-za-m/;
94 return $value;
95 }
96
97 Please see the documentation for the driver that you are using to make
98 sure that it supports encoded fields.
99
100 Builtin Filters
101 Here is a list of the filters that are provided with this module:
102
103 crypt - provided by perl "crypt" function
104 MD5 - requires Digest::MD5
105 SHA1 - requires Digest::SHA1
106 uc - provided by the perl "uc" function
107 lc - provided by the perl "lc" function
108 trim - removed whitespace from the start and end of the field
109
111 new
112 This is a constructor that can create a new Driver object. It requires
113 an Authentication object as its first parameter, and any number of
114 other parameters that will be used as options depending on which Driver
115 object is being created. You shouldn't need to call this as the
116 Authentication plugin takes care of creating Driver objects.
117
118 initialize
119 This method will be called right after a new Driver object is created.
120 So any startup customizations can be dealt with here.
121
122 options
123 This will return a list of options that were provided when this driver
124 was configured by the user.
125
126 authen
127 This will return the underlying
128 CGI::Application::Plugin::Authentication object. In most cases it will
129 not be necessary to access this.
130
131 find_option
132 This method will search the Driver options for a specific key and
133 return the value it finds.
134
135 verify_credentials
136 This method needs to be provided by the driver class. It needs to be
137 an object method that accepts a list of credentials, and will verify
138 that the credentials are valid, and return a username that will be used
139 to identify this login (usually you will just return the value of the
140 first credential, however you are not bound to that)..
141
142 filter
143 This method can be used to filter a field (usually password fields)
144 using a number of standard or custom encoding techniques. See the
145 section on Builtin Filters above to see what filters are available When
146 using a custom filter, you will need to provide a FILTERS option in the
147 configuration of the DRIVER (See the section on FIELD FILTERS above for
148 an example). By default, if no filter is specified, it is returned as
149 is. This means that you can run all fields through this function even
150 if they don't have any filters to simplify the driver code.
151
152 my $filtered = $self->filter('MD5_hex:password', 'foobar');
153
154 - or -
155
156 # custom filter
157 my $filtered = $self->filter('foobar:password', 'foo');
158
159 - or -
160
161 # effectively a noop
162 my $filtered = $self->filter('username', 'foo');
163
164 check_filtered
165 This method can be used to test filtered fields (usually password
166 fields) against a number of standard or custom encoding techniques.
167 The following encoding techniques are provided: plain, MD5, SHA1,
168 crypt. When using a custom encoder, you will need to provide it in the
169 configuration of the DRIVERS (See the section on ENCODED PASSWORDS
170 above for an example). By default, if no encoding is specified, it is
171 assumed to be 'plain'. This means that you can run all fields through
172 this function even if they don't have any encoding to simplify the
173 driver code.
174
175 my $verified = $self->check_filtered('MD5:password', 'foobar', 'OFj2IjCsPJFfMAxmQxLGPw');
176
177 - or -
178
179 # custom encoder
180 my $verified = $self->check_filtered('foobar:password', 'foo', 'bar');
181
182 - or -
183
184 # a field that isn't filtered (effectively just checks for equality on second and third args)
185 my $verified = $self->check_filtered('username', 'foobar', 'foobar');
186 my $verified = $self->check_filtered('plain:username', 'foobar', 'foobar');
187
188 strip_field_names
189 This method will take a field name (or list of names) and strip off the
190 leading encoding type. For example if you passed in 'MD5:password' the
191 method would return 'password'.
192
193 my $fieldname = $self->strip_field_names('MD5:password');
194
196 CGI::Application::Plugin::Authentication, perl(1)
197
199 Cees Hek <ceeshek@gmail.com>
200
202 Copyright (c) 2005, SiteSuite. All rights reserved.
203
204 This module is free software; you can redistribute it and/or modify it
205 under the same terms as Perl itself.
206
208 BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
209 FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT
210 WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER
211 PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
212 EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
213 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
214 ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH
215 YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
216 NECESSARY SERVICING, REPAIR, OR CORRECTION.
217
218 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
219 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
220 REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE
221 TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR
222 CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
223 SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
224 RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
225 FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
226 SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
227 DAMAGES.
228
229
230
231perl v5.38.0 CGI::Ap2p0l2i3c-a0t7i-o2n0::Plugin::Authentication::Driver(3)