File Coverage

blib/lib/Dancer2/Plugin/Auth/ActiveDirectory.pm

Criterion	Covered	Total	%
statement	43	43	100.0
branch	10	12	83.3
condition			n/a
subroutine	15	15	100.0
pod			n/a
total	68	70	97.1

line	stmt	bran	sub	time	code
1					package Dancer2::Plugin::Auth::ActiveDirectory;
2
3					=head1 NAME
4
5					Dancer2::Plugin::Auth::ActiveDirectory - Dancer2 plugin for MS ActiveDirectory
6
7					=head1 VERSION
8
9					Version 0.03
10
11					=cut
12
13					our $VERSION = '0.03';
14
15	2		2	360951	use 5.10.0;
	2			6
16	2		2	7	use strict;
	2			2
	2			36
17	2		2	7	use warnings FATAL => 'all';
	2			5
	2			56
18	2		2	963	use Dancer2::Plugin;
	2			61618
	2			12
19	2		2	16068	use Auth::ActiveDirectory;
	2			207182
	2			816
20
21					# -----------------------------------------------
22					# Preloaded methods go here.
23					# -----------------------------------------------
24					# Encapsulated class data.
25					my $_settings = undef;
26
27					=head1 PRIVATE METHODS
28
29					=cut
30
31					{
32
33					=head2 _load_settings
34
35					Load plugin settings from environment.
36
37					=cut
38
39					sub _load_settings() {
40	13	100	13	4114	return $_settings if $_settings;
41	1			3	$_settings = plugin_setting;
42	1			437	return $_settings;
43					}
44
45					=head2 _in_list
46
47					Simple list in list comparision sub.
48
49					=cut
50
51					sub _in_list {
52					!!grep {
53	60			34	exists { map { $_ => 1 } @{ $_[1] } }->{$_}
	80			240
	60			50
54	15		15	11	} @{ $_[0] };
	15			15
55					}
56
57					=head2 _rights
58
59					Get defined rights from environment
60
61					=cut
62
63	6	50	6	5181	sub _rights { _load_settings->{rights} \|\| {} }
64
65					=head2 _connect_to_ad
66
67					Creates a new L object including
68					ldap connection to AD server.
69
70					=cut
71
72					sub _connect_to_ad {
73	6		6	7	return Auth::ActiveDirectory->new( @{ [ %{ _load_settings() } ] } );
	6			3
	6			10
74					}
75
76					=head2 _rights_by_user_groups
77
78					Returns a hashref with the possible rights.
79					Based on the AD groups where the user is included.
80
81					=cut
82
83					sub _rights_by_user {
84	1		1	2	my ( $dsl, $user ) = @_;
85	1			3	return _rights_by_user_groups( $dsl, $user->{groups} );
86					}
87
88					=head2 _rights_by_user_groups
89
90					Returns a hashref with the possible rights.
91					Based on the AD groups where the user is included.
92
93					=cut
94
95					sub _rights_by_user_groups {
96	5		5	35	my ( $dsl, $user_groups ) = @_;
97	5			7	my $rights = _rights($dsl);
98	5	100		5	return { map { _in_list( $user_groups, ( ref $rights->{$_} ne 'ARRAY' ) ? [ $rights->{$_} ] : $rights->{$_} ) ? ( $_ => 1 ) : () } keys %{$rights} };
	15	100		39
	5			9
99					}
100					}
101
102					=head1 SYNOPSIS
103
104					Configuration:
105
106					plugins:
107					Auth::ActiveDirectory:
108					host: 0.0.0.0
109					principal: yourprincpal
110					domain: somedomain
111					rights:
112					definedright1: ad-group
113					definedright2: ad-group
114					definedright3: another-ad-group
115					definedright4: another-ad-group
116
117					Code:
118
119					post '/login' => sub {
120					session 'user' => authenticate( params->{user}, params->{pass} );
121					return template 'index', { html_error => 'Authentication failed!!' }
122					unless ( session('user') );
123					return template 'index', { html_error => 'No right for this page!!' }
124					if( !has_right( session('user'), 'definedright1') );
125					template 'index', { loggedin => 1 };
126					};
127
128					=head1 SUBROUTINES/METHODS
129
130					=head2 authenticate
131
132					Basicaly the subroutine for authentication in the ActiveDirectory
133
134					=cut
135
136					register authenticate => sub {
137	4		4	305658	my ( $dsl, $name, $pass ) = @_;
138	4			21	my $user = _connect_to_ad($dsl)->authenticate( $name, $pass );
139	4	50		9393	return $user if $user->{error};
140	4			5	my $user_groups = [ map { $_->name } @{ $user->groups } ];
	16			50
	4			9
141					return {
142	4			19	uid => $user->uid,
143					firstname => $user->firstname,
144					surname => $user->surname,
145					mail => $user->mail,
146					display_name => $user->display_name,
147					user => $user->user,
148					groups => $user_groups,
149					rights => _rights_by_user_groups( $dsl, $user_groups ),
150					};
151					};
152
153					=head2 authenticate_config
154
155					Subroutine to get configuration for ActiveDirectory
156
157					=cut
158
159					register authenticate_config => \&_load_settings;
160
161					=head2 has_right
162
163					Check if loged in user has one of the configured rights
164
165					=cut
166
167					register has_right => sub {
168	2	100	2	35	return $_[1]->{rights}->{ $_[2] } ? 1:0;
169					};
170
171					=head2 list_users
172
173					=cut
174
175	2		2	14598	register list_users => sub { _connect_to_ad(shift)->list_users(@_) };
176
177					=head2 rights
178
179					Subroutine to get configurated rights
180
181					=cut
182
183					register rights => \&_rights;
184
185					=head2 rights_by_user
186
187					Subroutine to get configurated rights
188
189					=cut
190
191	1		1	6	register rights_by_user => sub { _rights_by_user( $_[0], $_[1] ) };
192
193					=head2 for_versions
194
195					=cut
196
197					register_plugin for_versions => [2];
198
199					1; # Dancer2::Plugin::Auth::ActiveDirectory
200
201					__END__