Provided by: libcgi-application-plugin-authentication-perl_0.20-1_all bug

NAME

       CGI::Application::Plugin::Authentication::Driver - Base module for building driver classes
       for CGI::Application::Plugin::Authentication

VERSION

       This document describes CGI::Application::Plugin::Authentication::Driver version 0.20

SYNOPSIS

        package CGI::Application::Plugin::Authentication::Driver::MyDriver;
        use base qw(CGI::Application::Plugin::Authentication::Driver);

         sub verify_credentials {
             my $self = shift;
             my @credentials = @_;

             if ( >>> Validate Credentials <<< ) {
                 return $credentials[0];
             }
             return;
         }

DESCRIPTION

       This module is a base class for all driver classes for the
       CGI::Application::Plugin::Authentication plugin.  Each driver class is required to provide
       only one method to validate the given credentials.  Normally only two credentials will be
       passed in (username and password), but you can configure the plugin to handle any number
       of credentials (for example you may require the user to enter a group name, or domain name
       as well as a username and password).

FIELD FILTERS

       It is quite common for passwords to be stored using some form of one way encryption.  Unix
       crypt being the old standard in the Unix community, however MD5 or SHA1 hashes are more
       popular today.  In order to simplify the validation routines some methods have been
       provided to help test these passwords.  When configuring a Driver (and if the driver
       supports it), you can specify which fields are encoded, and which method is used for the
       encoding by specifying a filter on the field in question.

        CREDENTIALS => ['authen_username', 'authen_password'],
        DRIVERS     => [ 'DBI',
                           DSN         => '...',
                           TABLE       => 'users',
                           CONSTRAINTS => {
                               username       => '__CREDENTIAL_1__',
                               'MD5:password' => '__CREDENTIAL_2__',
                           }
                       ],

       Here we are saying that the password field is encoded using an MD5 hash, and should be
       checked accordingly.

   Filter options
       Some of the filters may have multiple forms.  For example there are three forms of MD5
       hashes:  binary, base64 and hex.  You can specify these extra options by using an
       underscore to separate it from the filter name.

        'MD5_base64:password'

   Chained Filters
       it is possible to chain multiple filters.  This can be useful if your MD5 strings are
       stored in hex format.  Hex numbers are case insensitive, so the may be stored in either
       upper or lower case.  To make this consistent, you can MD5 encode the password first, and
       then upper case the results.  The filters are applied from the inside out:

        'uc:MD5_hex:password'

   Custom Filters
       If your field is encoded using a custom technique, then you can provide a custom filter
       function.  This can be be done by providing a FILTERS option that contains a hash of
       filter subroutines that are keyed by their name.  You can then use the filter name on any
       of the fields as if it was a builtin filter.

        CREDENTIALS => ['authen_username', 'authen_password'],
        DRIVERS     => [ 'DBI',
                           DSN      => '...',
                           TABLE    => 'users',
                           CONSTRAINTS => {
                               username         => '__CREDENTIAL_1__',
                               'rot13:password' => '__CREDENTIAL_2__',
                           }
                           FILTERS => { rot13 => \&rot13_filter },
                       ],

        sub rot13_filter {
            my $param = shift;
            my $value = shift;
            $value =~ tr/A-Za-z/N-ZA-Mn-za-m/;
            return $value;
        }

       Please see the documentation for the driver that you are using to make sure that it
       supports encoded fields.

   Builtin Filters
       Here is a list of the filters that are provided with this module:

       crypt - provided by perl "crypt" function
       MD5 - requires Digest::MD5
       SHA1 - requires Digest::SHA1
       uc - provided by the perl "uc" function
       lc - provided by the perl "lc" function
       trim - removed whitespace from the start and end of the field

METHODS

   new
       This is a constructor that can create a new Driver object.  It requires an Authentication
       object as its first parameter, and any number of other parameters that will be used as
       options depending on which Driver object is being created.  You shouldn't need to call
       this as the Authentication plugin takes care of creating Driver objects.

   initialize
       This method will be called right after a new Driver object is created.  So any startup
       customizations can be dealt with here.

   options
       This will return a list of options that were provided when this driver was configured by
       the user.

   authen
       This will return the underlying CGI::Application::Plugin::Authentication object.  In most
       cases it will not be necessary to access this.

   find_option
       This method will search the Driver options for a specific key and return the value it
       finds.

   verify_credentials
       This method needs to be provided by the driver class.  It needs to be an object method
       that accepts a list of credentials, and will verify that the credentials are valid, and
       return a username that will be used to identify this login (usually you will just return
       the value of the first credential, however you are not bound to that)..

   filter
       This method can be used to filter a field (usually password fields) using a number of
       standard or custom encoding techniques.  See the section on Builtin Filters above to see
       what filters are available When using a custom filter, you will need to provide a FILTERS
       option in the configuration of the DRIVER (See the section on FIELD FILTERS above for an
       example).  By default, if no filter is specified, it is returned as is.  This means that
       you can run all fields through this function even if they don't have any filters to
       simplify the driver code.

        my $filtered = $self->filter('MD5_hex:password', 'foobar');

        - or -

        # custom filter
        my $filtered = $self->filter('foobar:password', 'foo');

        - or -

        # effectively a noop
        my $filtered = $self->filter('username', 'foo');

   check_filtered
       This method can be used to test filtered fields (usually password fields) against a number
       of standard or custom encoding techniques.  The following encoding techniques are
       provided:  plain, MD5, SHA1, crypt.  When using a custom encoder, you will need to provide
       it in the configuration of the DRIVERS (See the section on ENCODED PASSWORDS above for an
       example).  By default, if no encoding is specified, it is assumed to be 'plain'.  This
       means that you can run all fields through this function even if they don't have any
       encoding to simplify the driver code.

        my $verified = $self->check_filtered('MD5:password', 'foobar', 'OFj2IjCsPJFfMAxmQxLGPw');

        - or -

        # custom encoder
        my $verified = $self->check_filtered('foobar:password', 'foo', 'bar');

        - or -

        # a field that isn't filtered (effectively just checks for equality on second and third args)
        my $verified = $self->check_filtered('username', 'foobar', 'foobar');
        my $verified = $self->check_filtered('plain:username', 'foobar', 'foobar');

   strip_field_names
       This method will take a field name (or list of names) and strip off the leading encoding
       type.  For example if you passed in 'MD5:password' the method would return 'password'.

        my $fieldname = $self->strip_field_names('MD5:password');

SEE ALSO

       CGI::Application::Plugin::Authentication, perl(1)

AUTHOR

       Cees Hek <ceeshek@gmail.com>

LICENCE AND COPYRIGHT

       Copyright (c) 2005, SiteSuite. All rights reserved.

       This module is free software; you can redistribute it and/or modify it under the same
       terms as Perl itself.

DISCLAIMER OF WARRANTY

       BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE,
       TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE
       COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF
       ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO
       THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE
       DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.

       IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT
       HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY
       THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
       INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
       SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
       LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY
       OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
       SUCH DAMAGES.

perl v5.12.3                                CGI::Application::Plugin::Authentication::Driver(3pm)