[Bps-public-commit] r20252 - in RT-Authen-Bitcard: html/Callbacks/Bitcard/Elements/Header html/Callbacks/Bitcard/Elements/Login html/Callbacks/Bitcard/NoAuth/Logout.html lib/RT/Authen

ruz at bestpractical.com ruz at bestpractical.com
Tue Mar 2 20:41:46 EST 2010 

Author: ruz
Date: Tue Mar  2 20:41:44 2010
New Revision: 20252

Modified:
   RT-Authen-Bitcard/html/Callbacks/Bitcard/Elements/Header/Default
   RT-Authen-Bitcard/html/Callbacks/Bitcard/Elements/Login/Default
   RT-Authen-Bitcard/html/Callbacks/Bitcard/NoAuth/Logout.html/AfterSessionDelete
   RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth
   RT-Authen-Bitcard/lib/RT/Authen/Bitcard.pm

Log:
refactor this whole module

use CamelCase
use 3.8 API
more config options

Modified: RT-Authen-Bitcard/html/Callbacks/Bitcard/Elements/Header/Default
==============================================================================
--- RT-Authen-Bitcard/html/Callbacks/Bitcard/Elements/Header/Default	(original)
+++ RT-Authen-Bitcard/html/Callbacks/Bitcard/Elements/Header/Default	Tue Mar  2 20:41:44 2010
@@ -2,7 +2,7 @@
 return unless $session{'BitcardUser'};
 
 use RT::Authen::Bitcard;
-my $bc = RT::Authen::Bitcard->handler;
+my $bc = RT::Authen::Bitcard->Handler;
 my $account_url = $bc->account_url( r => $RT::WebURL . 'index.html' );
 </%INIT>
 | <a href="<% $account_url %>"><&|/l&>Manage Bitcard account</&></a>

Modified: RT-Authen-Bitcard/html/Callbacks/Bitcard/Elements/Login/Default
==============================================================================
--- RT-Authen-Bitcard/html/Callbacks/Bitcard/Elements/Login/Default	(original)
+++ RT-Authen-Bitcard/html/Callbacks/Bitcard/Elements/Login/Default	Tue Mar  2 20:41:44 2010
@@ -1,6 +1,6 @@
 <%INIT>
   use RT::Authen::Bitcard;
-  my $bc = RT::Authen::Bitcard->handler;
+  my $bc = RT::Authen::Bitcard->Handler;
   my $return_to = $RT::WebURL . 'index.html';
   my $login_url = $m->interp->apply_escapes( $bc->login_url( r => $return_to ), 'h' );
   my $register_url = $m->interp->apply_escapes( $bc->register_url( r => $return_to ), 'h' );

Modified: RT-Authen-Bitcard/html/Callbacks/Bitcard/NoAuth/Logout.html/AfterSessionDelete
==============================================================================
--- RT-Authen-Bitcard/html/Callbacks/Bitcard/NoAuth/Logout.html/AfterSessionDelete	(original)
+++ RT-Authen-Bitcard/html/Callbacks/Bitcard/NoAuth/Logout.html/AfterSessionDelete	Tue Mar  2 20:41:44 2010
@@ -2,7 +2,7 @@
 return unless $m->notes('isBitcardUser');
 
 use RT::Authen::Bitcard;
-my $bc = RT::Authen::Bitcard->handler;
+my $bc = RT::Authen::Bitcard->Handler;
 my $return_url = $RT::WebURL . 'index.html';
 $m->redirect( $bc->logout_url( r => $return_url ) );
 $m->abort;

Modified: RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth
==============================================================================
--- RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth	(original)
+++ RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth	Tue Mar  2 20:41:44 2010
@@ -14,7 +14,7 @@
   %session = (_session_id => $session{'_session_id'});
 
   use RT::Authen::Bitcard;
-  my $bc = RT::Authen::Bitcard->handler;
+  my $bc = RT::Authen::Bitcard->Handler;
 
   # We have to use octets as Authen::Bitcard doesn't support perl strings
   # to avoid converting back from perl string to octets we use request_args
@@ -35,10 +35,15 @@
   ### fsck.com #7277 exploit, if you've saved the 'Manage your Bitcard account'
   ### URL from a previous successful Bitcard login.
 
-  # if the user isn't logged in and we got credentials from Bitcard, load the user
-  unless ( defined $user->{'email'} && defined $user->{'username'} ) {
-      $RT::Logger->error("Bitcard server didn't provided email and user name, but signature is correct");
-      $error_cb->( Error => loc("Couldn't login using Bitcard. Contact system administrator") );
+  my $required = RT::Authen::Bitcard->RequiredFields;
+  if ( grep !defined $user->{$_}, @$required  ) {
+      $RT::Logger->error(
+        "Bitcard server didn't provided ". join(", ", @$required)
+        .", but signature is correct"
+      );
+      $error_cb->(
+        Error => loc("Couldn't login using Bitcard. Contact system administrator")
+      );
   }
 
   # Bitcard has verified that the user has control of this e-mail address,
@@ -54,39 +59,23 @@
       return;
   }
 
-  # No user with this email in the DB, let's create it
-
-  # first of all check if username is free then create a new user
-  my $login_is_free = 0;
-  {
-      my $UserObj = RT::User->new( $RT::SystemUser );
-      $UserObj->Load( $user->{'username'} );
-      $login_is_free = $UserObj->id? 0 : 1;
-  }
-
-  my $UserObj = RT::User->new( $RT::SystemUser );
-  my ($id, $msg) = $UserObj->Create(
-      Name         => $login_is_free? $user->{'username'}: $user->{'email'},
-      RealName     => $user->{'name'},
-      EmailAddress => $user->{'email'},
-      Privileged   => 1,
+  my ($user_obj, $msg) = RT::Authen::Bitcard->CreateUser(
+      BitcardUser => $user,
   );
-  if ( $UserObj->id ) {
-      # created the user, now load them as the current user
-      $cu->Load( $UserObj->id );
-
-      # set a global user so we know elsewhere we're using Bitcard for auth
-      $session{'BitcardUser'} = $user;
-      $session{'CurrentUser'} = $cu;
-
-      $m->comp('/Elements/Callback', %ARGS, _CallbackName => 'NewUser');
-
-      # redirect the user to their preference page to add more info
-      $m->redirect($RT::WebPath . '/User/Prefs.html');
-      $m->abort();
-  }
-  else {
-      # we couldn't create the user.  abort abort abort!
+  unless ( $user_obj ) {
       $error_cb->( Error => loc("Cannot create user: [_1]", $msg) );
   }
+
+  # created the user, now load them as the current user
+  $cu->Load( $user_obj->id );
+
+  # set a global user so we know elsewhere we're using Bitcard for auth
+  $session{'BitcardUser'} = $user;
+  $session{'CurrentUser'} = $cu;
+
+  $m->comp('/Elements/Callback', %ARGS, _CallbackName => 'NewUser');
+
+  # redirect the user to their preference page to add more info
+  $m->redirect( $RT::WebPath . '/User/Prefs.html' );
+  $m->abort;
 </%INIT>

Modified: RT-Authen-Bitcard/lib/RT/Authen/Bitcard.pm
==============================================================================
--- RT-Authen-Bitcard/lib/RT/Authen/Bitcard.pm	(original)
+++ RT-Authen-Bitcard/lib/RT/Authen/Bitcard.pm	Tue Mar  2 20:41:44 2010
@@ -1,32 +1,109 @@
+use 5.008003;
+use strict;
+use warnings;
+
+package RT::Authen::Bitcard;
+
+our $VERSION = '0.04';
+
+use Authen::Bitcard 0.86;
+
 =head1 NAME
 
-RT::Authen::Bitcard - Allows RT to do authentication via a service which supports the Bitcard API
+RT::Authen::Bitcard - allows RT to do authentication via a service which supports the Bitcard API
 
-=cut
+=head1 SYNOPSIS
 
-package RT::Authen::Bitcard;
+    # in RT_SiteConfig.pm:
+    Set( @Plugins, qw(
+        RT::Authen::Bitcard
+        ... other plugins ...
+    ) );
+    Set( %Bitcard,
+        Token          => 'you need a token for bitcard authentication to work',
+        Required       => ['email'],
+        Optional       => ['name'],
+        UseUsername    => 0,
+        NewUserOptions => {
+            Privileged => 1,
+        },
+    );
 
-use v5.8.3;
-use strict;
-use warnings;
+=head1 DESCRIPTION
 
-our $VERSION = '0.04';
+Authenticate users in RT using L<Authen::Bitcard>.
 
-use Authen::Bitcard 0.86;
+=head1 CONFIGURATION
+
+=cut
+
+my %RT2BC = (
+    Name         => 'username',
+    EmailAddress => 'email',
+    RealName     => 'name',
+);
+my %BC2RT = reverse %RT2BC;
 
-sub handler {
+sub Handler {
     my $self = shift;
 
-    die 'No Bitcard auth token provided as $BitcardToken in the RT configuration file on this server.'
-        unless $RT::BitcardToken;
+    my $token = RT->Config->Get('Bitcard')->{'Token'};
+    die 'No Bitcard auth token provided as Token key part of %Bitcard option'
+        .' in the RT configuration file on this server.'
+            unless $token;
 
     my $bc = Authen::Bitcard->new;
-    $bc->token( $RT::BitcardToken );
-    $bc->info_required('email,username');
-    $bc->info_optional('name');
+    $bc->token( $token );
+    $bc->info_required( $self->RequiredFields );
+    $bc->info_optional( $self->OptionalFields );
     return $bc;
 }
 
+sub RequiredFields {
+    return RT->Config->Get('Bitcard')->{'Required'} || ['email'];
+}
+
+sub OptionalFields {
+    return RT->Config->Get('Bitcard')->{'Optional'} || ['username', 'name'];
+}
+
+sub CreateUser {
+    my $self = shift;
+    my %args = (@_);
+
+    my $user = $args{'BitcardUser'};
+
+    my $config = RT->Config->Get('Bitcard');
+    my $required = $self->RequiredFields;
+
+    my $use_username = grep $_ eq 'username', @$required;
+    if ( $use_username && !$config->{'UseUsername'} ) {
+        $use_username = 0;
+    }
+  
+    # first of all check if username is free then create a new user
+    my $login_is_free = 0;
+    if ( $use_username ) {
+        my $UserObj = RT::User->new( $RT::SystemUser );
+        $UserObj->Load( $user->{'username'} );
+        $login_is_free = $UserObj->id? 0 : 1;
+    }
+
+    my $additional = $config->{'NewUserOptions'} || { Privileged => 1 };
+
+    my $UserObj = RT::User->new( $RT::SystemUser );
+    my ($id, $msg) = $UserObj->Create(
+        %$additional,
+        Name         => $login_is_free? $user->{'username'}: $user->{'email'},
+        RealName     => $user->{'name'} || (!$use_username? $user->{'username'} : undef),
+        EmailAddress => $user->{'email'},
+    );
+    unless ( $id ) {
+        return (undef, $msg);
+    }
+    return $UserObj;
+}
+
 1;
 
 =head1 AUTHOR

More information about the Bps-public-commit mailing list