From abdd4eba8b321e66d9a86d2d3592893f69632618 Mon Sep 17 00:00:00 2001 From: "bugreport%peshkin.net" <> Date: Mon, 12 Jul 2004 10:48:45 +0000 Subject: Backing out bug 241900 --- Bugzilla/Auth.pm | 108 +++++++++++++------------------------------------------ 1 file changed, 25 insertions(+), 83 deletions(-) (limited to 'Bugzilla/Auth.pm') diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index e6cf27963..dcea8189a 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -18,7 +18,6 @@ # Rights Reserved. # # Contributor(s): Bradley Baetz -# Erik Stambaugh package Bugzilla::Auth; @@ -27,25 +26,19 @@ use strict; use Bugzilla::Config; use Bugzilla::Constants; -# This is here for lack of a better place for it. I considered making it -# part of the user object, but that object doesn't necessarily point to a -# currently authenticated user. -# -# I'm willing to accept suggestions for somewhere else to put it. -my $current_verify_method = undef; - -# 'inherit' from the main verify method +# 'inherit' from the main loginmethod BEGIN { - for my $verifymethod (split /,\s*/, Param("user_verify_method")) { - if ($verifymethod =~ /^([A-Za-z0-9_\.\-]+)$/) { - $verifymethod = $1; + my $loginmethod = Param("loginmethod"); + if ($loginmethod =~ /^([A-Za-z0-9_\.\-]+)$/) { + $loginmethod = $1; } else { - die "Badly-named user_verify_method '$verifymethod'"; + die "Badly-named loginmethod '$loginmethod'"; } - require "Bugzilla/Auth/Verify/" . $verifymethod . ".pm"; + require "Bugzilla/Auth/" . $loginmethod . ".pm"; - } + our @ISA; + push (@ISA, "Bugzilla::Auth::" . $loginmethod); } # PRIVATE @@ -68,46 +61,6 @@ sub get_netaddr { return join(".", unpack("CCCC", pack("N", $addr))); } -# This is a replacement for the inherited authenticate function -# go through each of the available methods for each function -sub authenticate { - my $self = shift; - my @args = @_; - my @firstresult = (); - my @result = (); - for my $method (split /,\s*/, Param("user_verify_method")) { - $method = "Bugzilla::Auth::Verify::" . $method; - @result = $method->authenticate(@args); - @firstresult = @result unless @firstresult; - - if (($result[0] != AUTH_NODATA)&&($result[0] != AUTH_LOGINFAILED)) { - $current_verify_method = $method; - return @result; - } - } - @result = @firstresult; - # no auth match - - # see if we can set $current to the first verify method that - # will allow a new login - - for my $method (split /,\s*/, Param("user_verify_method")) { - $method = "Bugzilla::Auth::Verify::" . $method; - if ($method::can_edit->{'new'}) { - $current_verify_method = $method; - } - } - - return @result; -} - -sub can_edit { - if ($current_verify_method) { - return $current_verify_method->{'can_edit'}; - } - return {}; -} - 1; __END__ @@ -125,8 +78,16 @@ used to obtain the data (from CGI, email, etc), and the other set uses this data to authenticate against the datasource (the Bugzilla DB, LDAP, cookies, etc). -Modules for obtaining the data are located under L, and -modules for authenticating are located in L. +The handlers for the various types of authentication +(DB/LDAP/cookies/etc) provide the actual code for each specific method +of authentication. + +The source modules (currently, only +L) then use those methods to do +the authentication. + +I itself inherits from the default authentication handler, +identified by the I param. =head1 METHODS @@ -147,9 +108,7 @@ only some addresses. =head1 AUTHENTICATION Authentication modules check a user's credentials (username, password, -etc) to verify who the user is. The methods that C uses for -authentication are wrappers that check all configured modules (via the -C and C) in sequence. +etc) to verify who the user is. =head2 METHODS @@ -216,36 +175,19 @@ Note that this argument is a string, not a tag. =back -=item C - -This scalar gets populated with the full name (eg., -C) of the verification method being used by the -current user. If no user is logged in, it will contain the name of the first -method that allows new users, if any. Otherwise, it carries an undefined -value. - =item C -This determines if the user's account details can be modified. It returns a -reference to a hash with the keys C, C, and C, -which determine whether their respective profile values may be altered, and -C, which determines if new accounts may be created. - -Each user verification method (chosen with C has -its own set of can_edit values. Calls to can_edit return the appropriate -values for the current user's login method. - -If a user is not logged in, C will contain the values of the first -verify method that allows new users to be created, if available. Otherwise it -returns an empty hash. +This determines if the user's account details can be modified. If this +method returns a C value, then accounts can be created and +modified through the Bugzilla user interface. Forgotten passwords can +also be retrieved through the L. =back =head1 LOGINS A login module can be used to try to log in a Bugzilla user in a -particular way. For example, -L +particular way. For example, L logs in users from CGI scripts, first by using form variables, and then by trying cookies as a fallback. @@ -308,5 +250,5 @@ user-performed password changes. =head1 SEE ALSO -L, L, L +L, L, L -- cgit v1.2.3-24-g4f1b