[Catalyst-commits] r11225 - in
Catalyst-Authentication-Credential-OpenID/trunk: .
lib/Catalyst/Authentication/Credential
apv at dev.catalyst.perl.org
apv at dev.catalyst.perl.org
Mon Aug 24 00:47:23 GMT 2009
Author: apv
Date: 2009-08-24 00:47:22 +0000 (Mon, 24 Aug 2009)
New Revision: 11225
Modified:
Catalyst-Authentication-Credential-OpenID/trunk/Changes
Catalyst-Authentication-Credential-OpenID/trunk/README
Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm
Log:
Fix for CPAN ticket #48952.
Modified: Catalyst-Authentication-Credential-OpenID/trunk/Changes
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/Changes 2009-08-23 22:03:59 UTC (rev 11224)
+++ Catalyst-Authentication-Credential-OpenID/trunk/Changes 2009-08-24 00:47:22 UTC (rev 11225)
@@ -1,5 +1,8 @@
Revision history for Catalyst::Authentication::Credential::OpenID
+0.14_02 Sun Aug 23 17:43:46 PDT 2009
+ - Fixed #48952.
+
0.14_01 Thu Aug 20 21:30:32 PDT 2009
- I had an old Test::Pod that didn't catch unsupported L<>
usage; CPAN testers found it.
Modified: Catalyst-Authentication-Credential-OpenID/trunk/README
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/README 2009-08-23 22:03:59 UTC (rev 11224)
+++ Catalyst-Authentication-Credential-OpenID/trunk/README 2009-08-24 00:47:22 UTC (rev 11225)
@@ -1,32 +1,377 @@
-Catalyst::Authentication::Credential::OpenID
+NAME
+ Catalyst::Authentication::Credential::OpenID - OpenID credential for
+ Catalyst::Plugin::Authentication framework.
-Just say "no" to document drift. See the POD for any details,
-including copyright and licence, beyond installation.
+VERSION
+ 0.14_02
+BACKWARDS COMPATIBILITY CHANGE
+ NB: The extenstions were previously configured under the key
+ "extension_args". They are now configured under "extensions". This
+ prevents the need for double configuration but it breaks extensions in
+ your application if you do not change the name. The old version is
+ supported for now but may be phased out at any time.
-INSTALLATION
+ As previously noted, "EXTENSIONS TO OPENID", I have not tested the
+ extensions. I would be grateful for any feedback or, better, tests.
-To install this module, run the following commands:
+SYNOPSIS
+ In MyApp.pm-
- perl Makefile.PL
- make
- # See below for TEST_HTTP info
- make test
- make install
+ use Catalyst qw/
+ Authentication
+ Session
+ Session::Store::FastMmap
+ Session::State::Cookie
+ /;
-Catalyst::Authentication::Credential::OpenID
+ Somewhere in myapp.conf-
-Just say "no" to document drift. See the POD for any details,
-including copyright and licence, beyond installation.
+ <Plugin::Authentication>
+ default_realm openid
+ <realms>
+ <openid>
+ <credential>
+ class OpenID
+ </credential>
+ ua_class LWP::UserAgent
+ </openid>
+ </realms>
+ </Plugin::Authentication>
+ Or in your myapp.yml if you're using YAML instead-
-INSTALLATION
+ Plugin::Authentication:
+ default_realm: openid
+ realms:
+ openid:
+ credential:
+ class: OpenID
+ ua_class: LWP::UserAgent
-To install this module, run the following commands:
+ In a controller, perhaps "Root::openid"-
- perl Makefile.PL
- make
- # See below for TEST_HTTP info
- make test
- make install
+ sub openid : Local {
+ my($self, $c) = @_;
+ if ( $c->authenticate() )
+ {
+ $c->flash(message => "You signed in with OpenID!");
+ $c->res->redirect( $c->uri_for('/') );
+ }
+ else
+ {
+ # Present OpenID form.
+ }
+ }
+
+ And a Template to match in "openid.tt"-
+
+ <form action="[% c.uri_for('/openid') %]" method="GET" name="openid">
+ <input type="text" name="openid_identifier" class="openid" />
+ <input type="submit" value="Sign in with OpenID" />
+ </form>
+
+DESCRIPTION
+ This is the third OpenID related authentication piece for Catalyst. The
+ first — Catalyst::Plugin::Authentication::OpenID by Benjamin Trott — was
+ deprecated by the second —
+ Catalyst::Plugin::Authentication::Credential::OpenID by Tatsuhiko
+ Miyagawa — and this is an attempt to deprecate both by conforming to the
+ newish, at the time of this module's inception, realm-based
+ authentication in Catalyst::Plugin::Authentication.
+
+ 1. Catalyst::Plugin::Authentication::OpenID
+ 2. Catalyst::Plugin::Authentication::Credential::OpenID
+ 3. Catalyst::Authentication::Credential::OpenID
+
+ The benefit of this version is that you can use an arbitrary number of
+ authentication systems in your Catalyst application and configure and
+ call all of them in the same way.
+
+ Note that both earlier versions of OpenID authentication use the method
+ "authenticate_openid()". This module uses "authenticate()" and relies on
+ you to specify the realm. You can specify the realm as the default in
+ the configuration or inline with each "authenticate()" call; more below.
+
+ This module functions quite differently internally from the others. See
+ Catalyst::Plugin::Authentication::Internals for more about this
+ implementation.
+
+METHODS
+ $c->authenticate({},"your_openid_realm");
+ Call to authenticate the user via OpenID. Returns false if
+ authorization is unsuccessful. Sets the user into the session and
+ returns the user object if authentication succeeds.
+
+ You can see in the call above that the authentication hash is empty.
+ The implicit OpenID parameter is, as the 2.0 specification says it
+ SHOULD be, openid_identifier. You can set it anything you like in
+ your realm configuration, though, under the key "openid_field". If
+ you call "authenticate()" with the empty info hash and no configured
+ "openid_field" then only "openid_identifier" is checked.
+
+ It implicitly does this (sort of, it checks the request method too)-
+
+ my $claimed_uri = $c->req->params->{openid_identifier};
+ $c->authenticate({openid_identifier => $claimed_uri});
+
+ Catalyst::Authentication::Credential::OpenID->new()
+ You will never call this. Catalyst does it for you. The only
+ important thing you might like to know about it is that it merges
+ its realm configuration with its configuration proper. If this
+ doesn't mean anything to you, don't worry.
+
+ USER METHODS
+ Currently the only supported user class is
+ Catalyst::Plugin::Authentication::User::Hash.
+
+ $c->user->url
+ $c->user->display
+ $c->user->rss
+ $c->user->atom
+ $c->user->foaf
+ $c->user->declared_rss
+ $c->user->declared_atom
+ $c->user->declared_foaf
+ $c->user->foafmaker
+
+ See Net::OpenID::VerifiedIdentity for details.
+
+CONFIGURATION
+ Catalyst authentication is now configured entirely from your
+ application's configuration. Do not, for example, put
+ "Credential::OpenID" into your "use Catalyst ..." statement. Instead,
+ tell your application that in one of your authentication realms you will
+ use the credential.
+
+ In your application the following will give you two different
+ authentication realms. One called "members" which authenticates with
+ clear text passwords and one called "openid" which uses... uh, OpenID.
+
+ __PACKAGE__->config
+ ( name => "MyApp",
+ "Plugin::Authentication" => {
+ default_realm => "members",
+ realms => {
+ members => {
+ credential => {
+ class => "Password",
+ password_field => "password",
+ password_type => "clear"
+ },
+ store => {
+ class => "Minimal",
+ users => {
+ paco => {
+ password => "l4s4v3n7ur45",
+ },
+ }
+ }
+ },
+ openid => {
+ consumer_secret => "Don't bother setting",
+ ua_class => "LWP::UserAgent",
+ ua_args => {
+ whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
+ },
+ credential => {
+ class => "OpenID",
+ store => {
+ class => "OpenID",
+ },
+ },
+ extensions => [
+ 'http://openid.net/extensions/sreg/1.1',
+ {
+ required => 'email',
+ optional => 'fullname,nickname,timezone',
+ },
+ ],
+ },
+ },
+ }
+ );
+
+ This is the same configuration in the default Catalyst configuration
+ format from Config::General.
+
+ name MyApp
+ <Plugin::Authentication>
+ default_realm members
+ <realms>
+ <members>
+ <store>
+ class Minimal
+ <users>
+ <paco>
+ password l4s4v3n7ur45
+ </paco>
+ </users>
+ </store>
+ <credential>
+ password_field password
+ password_type clear
+ class Password
+ </credential>
+ </members>
+ <openid>
+ <ua_args>
+ whitelisted_hosts 127.0.0.1
+ whitelisted_hosts localhost
+ </ua_args>
+ consumer_secret Don't bother setting
+ ua_class LWP::UserAgent
+ <credential>
+ <store>
+ class OpenID
+ </store>
+ class OpenID
+ </credential>
+ <extensions>
+ http://openid.net/extensions/sreg/1.1
+ required email
+ optional fullname,nickname,timezone
+ </extensions>
+ </openid>
+ </realms>
+ </Plugin::Authentication>
+
+ And now, the same configuration in YAML. NB: YAML is whitespace
+ sensitive.
+
+ name: MyApp
+ Plugin::Authentication:
+ default_realm: members
+ realms:
+ members:
+ credential:
+ class: Password
+ password_field: password
+ password_type: clear
+ store:
+ class: Minimal
+ users:
+ paco:
+ password: l4s4v3n7ur45
+ openid:
+ credential:
+ class: OpenID
+ store:
+ class: OpenID
+ consumer_secret: Don't bother setting
+ ua_class: LWP::UserAgent
+ ua_args:
+ whitelisted_hosts:
+ - 127.0.0.1
+ - localhost
+ extensions:
+ - http://openid.net/extensions/sreg/1.1
+ - required: email
+ optional: fullname,nickname,timezone
+
+ NB: There is no OpenID store yet.
+
+ EXTENSIONS TO OPENID
+ The Simple Registration--<http://openid.net/extensions/sreg/1.1>--(SREG)
+ extension to OpenID is supported in the Net::OpenID family now.
+ Experimental support for it is included here as of v0.12. SREG is the
+ only supported extension in OpenID 1.1. It's experimental in the sense
+ it's a new interface and barely tested. Support for OpenID extensions is
+ here to stay.
+
+ MORE ON CONFIGURATION
+ These are set in your realm. See above.
+
+ ua_args and ua_class
+ LWPx::ParanoidAgent is the default agent — "ua_class" — if it's
+ available, LWP::UserAgent if not. You don't have to set it. I
+ recommend that you do not override it. You can with any well behaved
+ LWP::UserAgent. You probably should not. LWPx::ParanoidAgent buys
+ you many defenses and extra security checks. When you allow your
+ application users freedom to initiate external requests, you open an
+ avenue for DoS (denial of service) attacks. LWPx::ParanoidAgent
+ defends against this. LWP::UserAgent and any regular subclass of it
+ will not.
+
+ consumer_secret
+ The underlying Net::OpenID::Consumer object is seeded with a secret.
+ If it's important to you to set your own, you can. The default uses
+ this package name + its version + the sorted configuration keys of
+ your Catalyst application (chopped at 255 characters if it's
+ longer). This should generally be superior to any fixed string.
+
+TODO
+ Option to suppress fatals.
+
+ Support more of the new methods in the Net::OpenID kit.
+
+ There are some interesting implications with this sort of setup. Does a
+ user aggregate realms or can a user be signed in under more than one
+ realm? The documents could contain a recipe of the self-answering OpenID
+ end-point that is in the tests.
+
+ Debug statements need to be both expanded and limited via realm
+ configuration.
+
+ Better diagnostics in errors. Debug info at all consumer calls.
+
+ Roles from provider domains? Mapped? Direct? A generic "openid"
+ auto_role?
+
+THANKS
+ To Benjamin Trott (Catalyst::Plugin::Authentication::OpenID), Tatsuhiko
+ Miyagawa (Catalyst::Plugin::Authentication::Credential::OpenID), Brad
+ Fitzpatrick for the great OpenID stuff, Martin Atkins for picking up the
+ code to handle OpenID 2.0, and Jay Kuri and everyone else who has made
+ Catalyst such a wonderful framework.
+
+ Menno Blom provided a bug fix and the hook to use OpenID extensions.
+
+LICENSE AND COPYRIGHT
+ Copyright (c) 2008-2009, Ashley Pond V "<ashley at cpan.org>". Some of
+ Tatsuhiko Miyagawa's work is reused here.
+
+ This module is free software; you can redistribute it and modify it
+ under the same terms as Perl itself. See perlartistic.
+
+DISCLAIMER OF WARRANTY
+ Because this software is licensed free of charge, there is no warranty
+ for the software, to the extent permitted by applicable law. Except when
+ otherwise stated in writing the copyright holders and other parties
+ provide the software "as is" without warranty of any kind, either
+ expressed or implied, including, but not limited to, the implied
+ warranties of merchantability and fitness for a particular purpose. The
+ entire risk as to the quality and performance of the software is with
+ you. Should the software prove defective, you assume the cost of all
+ necessary servicing, repair, or correction.
+
+ In no event unless required by applicable law or agreed to in writing
+ will any copyright holder, or any other party who may modify or
+ redistribute the software as permitted by the above license, be liable
+ to you for damages, including any general, special, incidental, or
+ consequential damages arising out of the use or inability to use the
+ software (including but not limited to loss of data or data being
+ rendered inaccurate or losses sustained by you or third parties or a
+ failure of the software to operate with any other software), even if
+ such holder or other party has been advised of the possibility of such
+ damages.
+
+SEE ALSO
+ OpenID
+ Net::OpenID::Server, Net::OpenID::VerifiedIdentity,
+ Net::OpenID::Consumer, <http://openid.net/>,
+ <http://openid.net/developers/specs/>, and
+ <http://openid.net/extensions/sreg/1.1>.
+
+ Catalyst Authentication
+ Catalyst, Catalyst::Plugin::Authentication,
+ Catalyst::Manual::Tutorial::Authorization, and
+ Catalyst::Manual::Tutorial::Authentication.
+
+ Catalyst Configuration
+ Catalyst::Plugin::ConfigLoader, Config::General, and YAML.
+
+ Miscellaneous
+ Catalyst::Manual::Tutorial, Template, LWPx::ParanoidAgent.
+
Modified: Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm 2009-08-23 22:03:59 UTC (rev 11224)
+++ Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm 2009-08-24 00:47:22 UTC (rev 11225)
@@ -7,7 +7,7 @@
__PACKAGE__->mk_accessors(qw/ _config realm debug secret /);
}
-our $VERSION = "0.14_01";
+our $VERSION = "0.14_02";
use Net::OpenID::Consumer;
use Catalyst::Exception ();
@@ -77,7 +77,7 @@
my $identity = $csr->claimed_identity($claimed_uri)
or Catalyst::Exception->throw($csr->err);
- $identity->set_extension_args(\@extensions)
+ $identity->set_extension_args(@extensions)
if @extensions;
my $check_url = $identity->check_url(
@@ -142,7 +142,7 @@
=head1 VERSION
-0.14_01
+0.14_02
=head1 BACKWARDS COMPATIBILITY CHANGE
More information about the Catalyst-commits
mailing list