File Coverage

blib/lib/PlugAuth/Plugin/DisableGroup.pm
Criterion Covered Total %
statement 25 25 100.0
branch 6 6 100.0
condition 2 2 100.0
subroutine 7 7 100.0
pod 0 2 0.0
total 40 42 95.2


line stmt bran cond sub pod time code
1             package PlugAuth::Plugin::DisableGroup;
2              
3 4     4   2828 use strict;
  4         5  
  4         147  
4 4     4   21 use warnings;
  4         6  
  4         111  
5 4     4   99 use 5.010001;
  4         10  
6 4     4   16 use Role::Tiny::With;
  4         6  
  4         1181  
7              
8             # ABSTRACT: Disable accounts which belong to a group
9             our $VERSION = '0.35'; # VERSION
10              
11              
12             with 'PlugAuth::Role::Plugin';
13             with 'PlugAuth::Role::Auth';
14              
15             sub init
16             {
17 3     3 0 6 my($self) = @_;
18 3   100     11 my $group = $self->{group} = $self->plugin_config->{group} // 'disabled';
19 3 100       12 if($self->plugin_config->{disable_on_create})
20             {
21             $self->app->on(create_user => sub {
22 2     2   52 my($app, $args) = @_;
23 2         6 my $user = $args->{user};
24 2         22 $app->authz->update_group($group, join(',', @{ $app->authz->users_in_group($group) }, $user))
  2         9  
25 1         4 });
26             }
27             }
28              
29             sub check_credentials
30             {
31 9     9 0 24 my($self, $user, $pass) = @_;
32 9         47 my $groups = $self->app->authz->groups_for_user($user);
33 9 100       58 return 0 unless $groups;
34 8 100       21 return 0 if grep { lc($_) eq $self->{group} } @$groups;
  11         74  
35 5         38 $self->deligate_check_credentials($user, $pass);
36             }
37              
38             1;
39              
40             __END__
41              
42             =pod
43              
44             =encoding UTF-8
45              
46             =head1 NAME
47              
48             PlugAuth::Plugin::DisableGroup - Disable accounts which belong to a group
49              
50             =head1 VERSION
51              
52             version 0.35
53              
54             =head1 SYNOPSIS
55              
56             In your PlugAuth.conf:
57              
58             ---
59             plugins:
60             - PlugAuth::Plugin::DisableGroup:
61             # the default is "disabled"
62             group: disabled
63             # the default is to not create users as disabled
64             disable_on_create: 0
65             - PlugAuth::Plugin::FlatAuth: {}
66              
67             =head1 DESCRIPTION
68              
69             This plugin disables the authentication for a user when they are in a
70             specific group (the C<disabled> group if it is not specified in the
71             configuration file).
72              
73             Trap for the unwary:
74              
75             Note that you need to specify a real authentication to chain after
76             this plugin (L<PlugAuth::Plugin::FlatAuth> is a good choice). If
77             you don't then all authentication will fail.
78              
79             =head1 OPTIONS
80              
81             =head2 group
82              
83             The name of the disabled group. Defaults to "disabled".
84              
85             =head2 disable_on_create
86              
87             If set to true, it will disable all new accounts. Defaults to false.
88              
89             =head1 AUTHOR
90              
91             Graham Ollis <gollis@sesda3.com>
92              
93             =head1 COPYRIGHT AND LICENSE
94              
95             This software is copyright (c) 2012 by NASA GSFC.
96              
97             This is free software; you can redistribute it and/or modify it under
98             the same terms as the Perl 5 programming language system itself.
99              
100             =cut