package Template::Plugin::GantryAuthCookie;
use strict;
use base 'Template::Plugin';
use Gantry::Plugins::AuthCookie (); # no imports, we don't want auth_secret
use Gantry::Conf;
sub new {
my $class = shift;
shift; # discard context;
my $arg_hash = shift;
my $cookie = delete $arg_hash->{ cookie };
my $self = $arg_hash;
bless $self, $class;
# If the cookie has anything in it, get user name, but not password.
if ( $cookie ) {
( $self->{ user_name }, undef ) =
Gantry::Plugins::AuthCookie::decrypt_cookie( $self, $cookie );
}
return $self;
}
sub user_name {
my $self = shift;
return $self->{ user_name };
}
sub auth_secret {
my $self = shift;
# use value passed to constructor first
return $self->{ auth_secret } if defined $self->{ auth_secret };
# use value in conf second
return $self->_conf()->{ auth_secret };
}
sub _conf {
my $self = shift;
return $self->{ conf } if defined $self->{ conf };
my $conf = Gantry::Conf->retrieve( {
instance => $self->{ conf_instance },
config_file => $self->{ conf_file },
} );
$self->{ conf } = $conf;
return $conf;
}
1;
__END__
=head1 NAME
Template::Plugin::GantryAuthCookie - decrypter for AuthCookie plugin
=head1 SYNOPSIS
In a Template Toolkit:
[% USE decrypter = GantryAuthCookie( {
cookie = cookies.cookie_name,
conf_instance = 'gantry_conf_instance',
conf_file = '/etc/strange.gantry.conf',
} ) %]
[% user_name = decrypter.user_name %]
conf_file is optional and defaults to /etc/gantry.conf
Alternatively, you could omit conf_instance and conf and directly supply
the auth_secret key:
[% USE decrypter = GantryAuthCookie( {
cookie = cookies.cookie_name,
auth_secret = env.auth_secret
} ) %]
In httpd.conf (or something it includes):
PerlModule Apache::Template
PerlSetEnv auth_secret '$ecr3t'
TT2Params cookies env
SetHandler perl-script
PerlHandler Apache::Template
=head1 DESCRIPTION
You don't need this module if your page is generated by a Gantry controller.
In that case, you can use Gantry::Plugins::AuthCookie and call its
validate_user function directly. Use this when you need to display user
information on a page which is generated by Apache::Template.
This module is a Template Toolkit plugin for decrypting
Gantry::Plugins::AuthCookie cookies. In the USE statement in
your template, pass at least the contents of the cookie and either the
name of your Gantry::Conf instance or your auth_secret. If your
master Gantry::Conf file is not /etc/gantry.conf, it as well.
You must define auth_secret in Gantry::Conf, or pass it directly.
If you pass it directly, you probably want to use PerlSetEnv to keep
it out of the template. That's what I did in the SYNOPSIS above.
=head1 METHODS
=over 4
=item new
Called for you by TT when you USE the plugin. There are four parameters:
cookie - the auth cookie content
conf_instance - your Gantry::Conf instance
conf_file - your master Gantry::Conf file (optional)
auth_secret - the compression secret key
Usually you get the cookie contents from the Apache::Template module's
TT2Params cookies parameter. If you pass the secret directly, you
should get it by these commands in httpd.conf:
PerlSetEnv auth_secret '4our$ecr3t1ssaf3'
TT2Params cookie env
Then fish it out of the env hash in your template. See the SYNOPSIS above.
=item user_name
Returns the name of the user from the cookie, if there is one.
=item auth_secret
Used by Gantry::Plugins::CRUD to retrieve the decryption key. This
is taken from the Gantry::Conf variable or constructor argument of
the same name. Precendence is given to the constructor argument if
both are suppied.
=back
=head1 SEE ALSO
Gantry::Plutings::AuthCookie, Gantry::Conf
=head1 AUTHOR
Phil Crow Ephilcrow2000@yahoo.comE
=head1 COPYRIGHT and LICENSE
Copyright (c) 2006, Phil Crow
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.6 or,
at your option, any later version of Perl 5 you may have available.
=cut