codenotifier - Catalyst: revision 8503

Project: Catalyst

Revision: 8503

Author: apv

Date: 02 Oct 2008 22:55:51

Changes:

This is 0.10 on CPAN. Updated test server script and fixed test call
to use -fork instead of -f. Updated reqs to have => undef or version
numbers where possible.

Files:
copied: from /Catalyst-Authentication-Credential-OpenID/0.09 (r8473) to /Catalyst-Authentication-Credential-OpenID/0.10 (try)
modified: /Catalyst-Authentication-Credential-OpenID/0.10/t/TestApp/lib/TestApp.pm (try)
modified: /Catalyst-Authentication-Credential-OpenID/0.10/t/live_app.t (try)
modified: /Catalyst-Authentication-Credential-OpenID/0.10/Makefile.PL (try)
modified: /Catalyst-Authentication-Credential-OpenID/0.10/t/TestApp/script/testapp_server.pl (try)
modified: /Catalyst-Authentication-Credential-OpenID/0.10/Changes (try)
modified: /Catalyst-Authentication-Credential-OpenID/0.10/lib/Catalyst/Authentication/Credential/OpenID.pm (try)

Diff:

......	@@ -0,0 +1,68 @@
	1	package TestApp;
	2
	3	use strict;
	4	use warnings;
	5
	6	use Catalyst::Runtime '5.70';
	7
	8	use Catalyst qw(
	9	-Debug
	10	ConfigLoader
	11	Authentication
	12	Session
	13	Session::Store::FastMmap
	14	Session::State::Cookie
	15	);
	16
	17	our $VERSION = '0.02';
	18
	19	__PACKAGE__->config
	20	( name => "TestApp",
	21	session => {
	22	storage => "/tmp/" . __PACKAGE__ . "-" . $VERSION,
	23	},
	24	startup_time => time(),
	25	"Plugin::Authentication" => {
	26	default_realm => "members",
	27	realms => {
	28	members => {
	29	credential => {
	30	class => "Password",
	31	password_field => "password",
	32	password_type => "clear"
	33	},
	34	store => {
	35	class => "Minimal",
	36	users => {
	37	paco => {
	38	password => "l4s4v3n7ur45",
	39	},
	40	}
	41	}
	42	},
	43	openid => {
	44	ua_class => "LWPx::ParanoidAgent",
	45	# ua_class => "LWP::UserAgent",
	46	ua_args => {
	47	whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
	48	timeout => 10,
	49	},
	50	debug => 1,
	51	credential => {
	52	class => "OpenID",
	53	#DOES NOTHING use_session => 1
	54	store => {
	55	class => "OpenID",
	56	},
	57	},
	58	},
	59	},
	60	},
	61	);
	62
	63	# Start the application
	64	__PACKAGE__->setup;
	65
	66	1;
	67
	68	__END__

......	@@ -0,0 +1,136 @@
	1	#!perl
	2
	3	use strict;
	4	use warnings;
	5
	6	use FindBin;
	7	use IO::Socket;
	8	use Test::More;
	9	use Test::WWW::Mechanize;
	10
	11	# plan skip_all => 'set TEST_HTTP to enable this test' unless $ENV{TEST_HTTP};
	12	eval "use Catalyst::Devel 1.0";
	13	plan skip_all => 'Catalyst::Devel required' if $@;
	14
	15	plan tests => 17;
	16
	17	# How long to wait for test server to start and timeout for UA.
	18	my $seconds = 30;
	19
	20	# Spawn the standalone HTTP server.
	21	my $port = 30000 + int rand(1 + 10000);
	22
	23	my $pipe = "perl -I$FindBin::Bin/../lib -I$FindBin::Bin/TestApp/lib $FindBin::Bin/TestApp/script/testapp_server.pl -fork -port $port \|";
	24
	25	# my $pipe = "perl -I$FindBin::Bin/../lib -I$FindBin::Bin/TestApp/lib $FindBin::Bin/TestApp/script/testapp_server.pl -f -port $port 2>&1 \|";
	26
	27	my $pid = open my $server, $pipe
	28	or die "Unable to spawn standalone HTTP server: $!";
	29
	30	diag("Waiting (up to $seconds seconds) for server to start...");
	31
	32	eval {
	33	local $SIG{ALRM} = sub { die "Server took too long to start\n" }; # NB: \n required
	34	alarm($seconds);
	35
	36	while ( check_port( 'localhost', $port ) != 1 ) {
	37	sleep 1;
	38	}
	39	alarm(0)
	40	};
	41
	42	if ( $@ )
	43	{
	44	kill 'INT', $pid;
	45	close $server;
	46	die "Could not run test: $@\n$pipe";
	47	}
	48
	49	my $root = $ENV{CATALYST_SERVER} = "http://localhost:$port";
	50
	51	# Tests start --------------------------------------------
	52	ok("Started");
	53
	54
	55	my $mech = Test::WWW::Mechanize->new(timeout => $seconds);
	56
	57	$mech->get_ok($root, "GET $root");
	58	$mech->content_contains("not signed in", "Content looks right");
	59
	60	$mech->get_ok("$root/login", "GET $root/login");
	61
	62	# diag($mech->content);
	63
	64	$mech->submit_form_ok({ form_name => "login",
	65	fields => { username => "paco",
	66	password => "l4s4v3n7ur45",
	67	},
	68	},
	69	"Trying cleartext login, 'memebers' realm");
	70
	71	$mech->content_contains("signed in", "Signed in successfully");
	72
	73	$mech->get_ok("$root/signin_openid", "GET $root/signin_openid");
	74
	75	$mech->content_contains("Sign in with OpenID", "Content looks right");
	76
	77	my $claimed_uri = "$root/provider/paco";
	78
	79	$mech->submit_form_ok({ form_name => "openid",
	80	fields => { openid_identifier => $claimed_uri,
	81	},
	82	},
	83	"Trying OpenID login, 'openid' realm");
	84
	85	$mech->content_contains("You did it with OpenID!",
	86	"Successfully signed in with OpenID");
	87
	88	$mech->get_ok($root, "GET $root");
	89
	90	$mech->content_contains("provider/paco", "OpenID signed in");
	91	#$mech->content_contains("paco", "OpenID signed in as paco");
	92
	93	# can't be verified
	94
	95	$mech->get_ok("$root/logout", "GET $root/logout");
	96
	97	$mech->get_ok("$root/signin_openid", "GET $root/signin_openid");
	98
	99	$mech->content_contains("Sign in with OpenID", "Content looks right");
	100
	101	$mech->submit_form_ok({ form_name => "openid",
	102	fields => { openid_identifier => $claimed_uri,
	103	},
	104	},
	105	"Trying OpenID login, 'openid' realm");
	106
	107	$mech->content_contains("can't be verified",
	108	"Proper failure for unauthenticated memember.");
	109
	110	# Tests end ----------------------------------------------
	111
	112	# shut it down
	113	kill 'INT', $pid;
	114	close $server;
	115
	116	exit 0;
	117
	118	sub check_port {
	119	my ( $host, $port ) = @_;
	120
	121	my $remote = IO::Socket::INET->new(
	122	Proto => "tcp",
	123	PeerAddr => $host,
	124	PeerPort => $port
	125	);
	126	if ($remote) {
	127	close $remote;
	128	return 1;
	129	}
	130	else {
	131	return 0;
	132	}
	133	}
	134
	135	__END__
	136

......	@@ -0,0 +1,35 @@
	1	use inc::Module::Install;
	2
	3	name "Catalyst-Authentication-Credential-OpenID";
	4	all_from "lib/Catalyst/Authentication/Credential/OpenID.pm";
	5	author "Ashley Pond V <ashley@cpan.org>";
	6
	7	requires "parent" => "0.2";
	8	requires "Class::Accessor::Fast" => undef;
	9	requires "HTML::Parser" => "3";
	10	requires "LWP::UserAgent" => undef;
	11	requires "Catalyst" => "5.7";
	12	requires "Catalyst::Devel" => "1";
	13	requires "Crypt::DH" => "0.05"; # IIRC OpenID stuff forgets to prereq this
	14	requires "Net::OpenID::Consumer" => "0.14";
	15	requires "Catalyst::Authentication::User::Hash" => undef;
	16	requires "Cache::FastMmap" => "1.28";
	17	requires "Catalyst::Plugin::Session::Store::FastMmap" => "0.05";
	18	requires "Catalyst::Plugin::Session::State::Cookie" => "0.08";
	19	requires "Catalyst::Engine::HTTP" => undef;
	20
	21	recommends "Config::General" => "2";
	22	recommends "YAML" => "0.6";
	23	recommends "LWPx::ParanoidAgent" => "1.03";
	24	recommends "Math::BigInt" => undef;
	25
	26	build_requires "Test::More" => "0.42";
	27	build_requires "Net::OpenID::Server" => undef;
	28	build_requires "Test::WWW::Mechanize" => "1.20";
	29	build_requires "Net::DNS" => undef;
	30	build_requires "IO::Socket::INET" => undef;
	31
	32	auto_install;
	33	WriteAll;
	34
	35	__END__

......	@@ -0,0 +1,115 @@
	1	#!/usr/local/bin/perl -w
	2
	3	BEGIN {
	4	$ENV{CATALYST_ENGINE} \|\|= 'HTTP';
	5	$ENV{CATALYST_SCRIPT_GEN} = 31;
	6	require Catalyst::Engine::HTTP;
	7	}
	8
	9	use strict;
	10	use warnings;
	11	use Getopt::Long;
	12	use Pod::Usage;
	13	use FindBin;
	14	use lib "$FindBin::Bin/../lib";
	15
	16	my $debug = 0;
	17	my $fork = 0;
	18	my $help = 0;
	19	my $host = undef;
	20	my $port = $ENV{TESTAPP_PORT} \|\| $ENV{CATALYST_PORT} \|\| 3000;
	21	my $keepalive = 0;
	22	my $restart = $ENV{TESTAPP_RELOAD} \|\| $ENV{CATALYST_RELOAD} \|\| 0;
	23	my $restart_delay = 1;
	24	my $restart_regex = '(?:/\|^)(?!\.#).+(?:\.yml$\|\.yaml$\|\.conf\|\.pm)$';
	25	my $restart_directory = undef;
	26	my $follow_symlinks = 0;
	27
	28	my @argv = @ARGV;
	29
	30	GetOptions(
	31	'debug\|d' => \$debug,
	32	'fork' => \$fork,
	33	'help\|?' => \$help,
	34	'host=s' => \$host,
	35	'port=s' => \$port,
	36	'keepalive\|k' => \$keepalive,
	37	'restart\|r' => \$restart,
	38	'restartdelay\|rd=s' => \$restart_delay,
	39	'restartregex\|rr=s' => \$restart_regex,
	40	'restartdirectory=s@' => \$restart_directory,
	41	'followsymlinks' => \$follow_symlinks,
	42	);
	43
	44	pod2usage(1) if $help;
	45
	46	if ( $restart && $ENV{CATALYST_ENGINE} eq 'HTTP' ) {
	47	$ENV{CATALYST_ENGINE} = 'HTTP::Restarter';
	48	}
	49	if ( $debug ) {
	50	$ENV{CATALYST_DEBUG} = 1;
	51	}
	52
	53	# This is require instead of use so that the above environment
	54	# variables can be set at runtime.
	55	require TestApp;
	56
	57	TestApp->run( $port, $host, {
	58	argv => \@argv,
	59	'fork' => $fork,
	60	keepalive => $keepalive,
	61	restart => $restart,
	62	restart_delay => $restart_delay,
	63	restart_regex => qr/$restart_regex/,
	64	restart_directory => $restart_directory,
	65	follow_symlinks => $follow_symlinks,
	66	} );
	67
	68	1;
	69
	70	=head1 NAME
	71
	72	testapp_server.pl - Catalyst Testserver
	73
	74	=head1 SYNOPSIS
	75
	76	testapp_server.pl [options]
	77
	78	Options:
	79	-d -debug force debug mode
	80	-f -fork handle each request in a new process
	81	(defaults to false)
	82	-? -help display this help and exits
	83	-host host (defaults to all)
	84	-p -port port (defaults to 3000)
	85	-k -keepalive enable keep-alive connections
	86	-r -restart restart when files get modified
	87	(defaults to false)
	88	-rd -restartdelay delay between file checks
	89	-rr -restartregex regex match files that trigger
	90	a restart when modified
	91	(defaults to '\.yml$\|\.yaml$\|\.conf\|\.pm$')
	92	-restartdirectory the directory to search for
	93	modified files, can be set mulitple times
	94	(defaults to '[SCRIPT_DIR]/..')
	95	-follow_symlinks follow symlinks in search directories
	96	(defaults to false. this is a no-op on Win32)
	97	See also:
	98	perldoc Catalyst::Manual
	99	perldoc Catalyst::Manual::Intro
	100
	101	=head1 DESCRIPTION
	102
	103	Run a Catalyst Testserver for this application.
	104
	105	=head1 AUTHOR
	106
	107	Sebastian Riedel, C<sri@oook.de>
	108	Maintained by the Catalyst Core Team.
	109
	110	=head1 COPYRIGHT
	111
	112	This library is free software, you can redistribute it and/or modify
	113	it under the same terms as Perl itself.
	114
	115	=cut

......	@@ -0,0 +1,55 @@
	1	Revision history for Catalyst::Authentication::Credential::OpenID
	2
	3	0.10 Thu Oct 2 19:13:42 PDT 2008
	4	- Just twiddled the requirements calls in the Makefile. I can't
	5	figure out why testers are failing it for prereqs it is
	6	listing. Someone recently mentioned this same problem on
	7	use.perl so I'm giving this a shot.
	8	- Spelling fix in Pod.
	9	- Updated tests and test server script too.
	10
	11	0.09 Mon Sep 29 18:29:59 PDT 2008
	12	- Bug patch for boneheaded return v detach bug given by M. Blom.
	13
	14	0.08 Sat Jul 5 13:13:14 PDT 2008
	15	- Again, only change is to Makefile.PL reqs.
	16
	17	0.07 Thu Jul 3 21:26:12 PDT 2008
	18	- Only changes are to Makefile for prereqs. The failures on CPAN
	19	testers are really weird. I think I misunderstood
	20	build_requires() in ModInst.
	21
	22	0.06 Thu Jul 3 17:20:39 PDT 2008
	23	- All CPAN reports for 0.05 are failing. Added Catalyst::Devel and
	24	Catalyst to prereqs. It was just Catalyst::Runtime before.
	25	- Also changed around Test App storage a bit to avoid permission
	26	errors on tmp cache file from different user runs.
	27
	28	0.05 Wed Jul 2 20:17:21 PDT 2008
	29	- Removed UNIVERSAL::require to shrink prereqs and protect
	30	namespaces.
	31	- Turned on test app tests. I want to know if it's failing for
	32	others.
	33	- Swapped LWPx::ParanoidAgent for LWP::UA in the test.
	34
	35	0.04 Thu Jun 19 23:20:00 PDT 2008
	36	- Fixed some of the .conf example. Sigh.
	37	- Other minor Pod tweaks.
	38
	39	0.03 Thu Jun 19 20:48:04 PDT 2008
	40	- Updated config information with Config::General examples.
	41	- Cleaned up TestApp a little.
	42	- Swapped some code order around to make Perl::Critic my friend.
	43	- Extended SEE ALSO.
	44	- Updated Makefile a bit.
	45
	46	0.02 Tue Apr 8 22:18:22 PDT 2008
	47	- Changed "use base" to "use parent."
	48	- Moved SVN to Catalyst dev box.
	49	- Took out left over toss copy of earlier Credential module.
	50	- Took out weird closure over secret; not just sets it plainly.
	51	- Put config stuff in POD a bit differently and added info on consumer_secret.
	52	- POD tweaks.
	53
	54	0.01 Sat Apr 5 21:35:25 PDT 2008
	55	- Initial release.

......	@@ -0,0 +1,494 @@
	1	package Catalyst::Authentication::Credential::OpenID;
	2	use strict;
	3	use warnings;
	4	no warnings "uninitialized";
	5	use parent "Class::Accessor::Fast";
	6
	7	BEGIN {
	8	__PACKAGE__->mk_accessors(qw/ _config realm debug secret /);
	9	}
	10
	11	our $VERSION = "0.10";
	12
	13	use Net::OpenID::Consumer;
	14	use Catalyst::Exception ();
	15
	16	sub new : method {
	17	my ( $class, $config, $c, $realm ) = @_;
	18	my $self = { _config => { %{ $config },
	19	%{ $realm->{config} }
	20	}
	21	};
	22	bless $self, $class;
	23
	24	# 2.0 spec says "SHOULD" be named "openid_identifier."
	25	$self->_config->{openid_field} \|\|= "openid_identifier";
	26
	27	$self->debug( $self->_config->{debug} );
	28
	29	my $secret = $self->_config->{consumer_secret} \|\|= join("+",
	30	__PACKAGE__,
	31	$VERSION,
	32	sort keys %{ $c->config }
	33	);
	34
	35	$secret = substr($secret,0,255) if length $secret > 255;
	36	$self->secret( $secret );
	37	$self->_config->{ua_class} \|\|= "LWPx::ParanoidAgent";
	38
	39	my $agent_class = $self->_config->{ua_class};
	40	eval "require $agent_class"
	41	or Catalyst::Exception->throw("Could not 'require' user agent class " .
	42	$self->_config->{ua_class});
	43
	44	$c->log->debug("Setting consumer secret: " . $secret) if $self->debug;
	45
	46	return $self;
	47	}
	48
	49	sub authenticate : method {
	50	my ( $self, $c, $realm, $authinfo ) = @_;
	51
	52	$c->log->debug("authenticate() called from " . $c->request->uri) if $self->debug;
	53
	54	my $field = $self->{_config}->{openid_field};
	55
	56	my $claimed_uri = $authinfo->{ $field };
	57
	58	# Its security related so we want to be explicit about GET/POST param retrieval.
	59	$claimed_uri \|\|= $c->req->method eq 'GET' ?
	60	$c->req->query_params->{ $field } : $c->req->body_params->{ $field };
	61
	62	my $csr = Net::OpenID::Consumer->new(
	63	ua => $self->_config->{ua_class}->new(%{$self->_config->{ua_args} \|\| {}}),
	64	args => $c->req->params,
	65	consumer_secret => $self->secret,
	66	);
	67
	68	if ( $claimed_uri )
	69	{
	70	my $current = $c->uri_for($c->req->uri->path); # clear query/fragment...
	71
	72	my $identity = $csr->claimed_identity($claimed_uri)
	73	or Catalyst::Exception->throw($csr->err);
	74
	75	my $check_url = $identity->check_url(
	76	return_to => $current . '?openid-check=1',
	77	trust_root => $current,
	78	delayed_return => 1,
	79	);
	80	$c->res->redirect($check_url);
	81	$c->detach();
	82	}
	83	elsif ( $c->req->params->{'openid-check'} )
	84	{
	85	if ( my $setup_url = $csr->user_setup_url )
	86	{
	87	$c->res->redirect($setup_url);
	88	return;
	89	}
	90	elsif ( $csr->user_cancel )
	91	{
	92	return;
	93	}
	94	elsif ( my $identity = $csr->verified_identity )
	95	{
	96	# This is where we ought to build an OpenID user and verify against the spec.
	97	my $user = +{ map { $_ => scalar $identity->$_ }
	98	qw( url display rss atom foaf declared_rss declared_atom declared_foaf foafmaker ) };
	99
	100	my $user_obj = $realm->find_user($user, $c);
	101
	102	if ( ref $user_obj )
	103	{
	104	return $user_obj;
	105	}
	106	else
	107	{
	108	$c->log->debug("Verified OpenID identity failed to load with find_user; bad user_class? Try 'Null.'") if $c->debug;
	109	return;
	110	}
	111	}
	112	else
	113	{
	114	Catalyst::Exception->throw("Error validating identity: " .
	115	$csr->err);
	116	}
	117	}
	118	return;
	119	}
	120
	121	1;
	122
	123	__END__
	124
	125	=head1 NAME
	126
	127	Catalyst::Authentication::Credential::OpenID - OpenID credential for Catalyst::Plugin::Authentication framework.
	128
	129	=head1 VERSION
	130
	131	0.10
	132
	133	=head1 SYNOPSIS
	134
	135	In MyApp.pm-
	136
	137	use Catalyst qw/
	138	Authentication
	139	Session
	140	Session::Store::FastMmap
	141	Session::State::Cookie
	142	/;
	143
	144	Somewhere in myapp.conf-
	145
	146	<Plugin::Authentication>
	147	default_realm openid
	148	<realms>
	149	<openid>
	150	<credential>
	151	class OpenID
	152	</credential>
	153	ua_class LWPx::ParanoidAgent
	154	</openid>
	155	</realms>
	156	</Plugin::Authentication>
	157
	158	Or in your myapp.yml if you're using L<YAML> instead-
	159
	160	Plugin::Authentication:
	161	default_realm: openid
	162	realms:
	163	openid:
	164	credential:
	165	class: OpenID
	166	ua_class: LWPx::ParanoidAgent
	167
	168	In a controller, perhaps C<Root::openid>-
	169
	170	sub openid : Local {
	171	my($self, $c) = @_;
	172
	173	if ( $c->authenticate() )
	174	{
	175	$c->flash(message => "You signed in with OpenID!");
	176	$c->res->redirect( $c->uri_for('/') );
	177	}
	178	else
	179	{
	180	# Present OpenID form.
	181	}
	182	}
	183
	184	And a L<Template> to match in C<openid.tt>-
	185
	186	<form action="[% c.uri_for('/openid') %]" method="GET" name="openid">
	187	<input type="text" name="openid_identifier" class="openid" />
	188	<input type="submit" value="Sign in with OpenID" />
	189	</form>
	190
	191	=head1 DESCRIPTION
	192
	193	This is the B<third> OpenID related authentication piece for
	194	L<Catalyst>. The first -- L<Catalyst::Plugin::Authentication::OpenID>
	195	by Benjamin Trott -- was deprecated by the second --
	196	L<Catalyst::Plugin::Authentication::Credential::OpenID> by Tatsuhiko
	197	Miyagawa -- and this is an attempt to deprecate both by conforming to
	198	the newish, at the time of this module's inception, realm-based
	199	authentication in L<Catalyst::Plugin::Authentication>.
	200
	201	1. Catalyst::Plugin::Authentication::OpenID
	202	2. Catalyst::Plugin::Authentication::Credential::OpenID
	203	3. Catalyst::Authentication::Credential::OpenID
	204
	205	The benefit of this version is that you can use an arbitrary number of
	206	authentication systems in your L<Catalyst> application and configure
	207	and call all of them in the same way.
	208
	209	Note that both earlier versions of OpenID authentication use the method
	210	C<authenticate_openid()>. This module uses C<authenticate()> and
	211	relies on you to specify the realm. You can specify the realm as the
	212	default in the configuration or inline with each
	213	C<authenticate()> call; more below.
	214
	215	This module functions quite differently internally from the others.
	216	See L<Catalyst::Plugin::Authentication::Internals> for more about this
	217	implementation.
	218
	219	=head1 METHOD
	220
	221	=over 4
	222
	223	=item $c->authenticate({},"your_openid_realm");
	224
	225	Call to authenticate the user via OpenID. Returns false if
	226	authorization is unsuccessful. Sets the user into the session and
	227	returns the user object if authentication succeeds.
	228
	229	You can see in the call above that the authentication hash is empty.
	230	The implicit OpenID parameter is, as the 2.0 specification says it
	231	SHOULD be, B<openid_identifier>. You can set it anything you like in
	232	your realm configuration, though, under the key C<openid_field>. If
	233	you call C<authenticate()> with the empty info hash and no configured
	234	C<openid_field> then only C<openid_identifier> is checked.
	235
	236	It implicitly does this (sort of, it checks the request method too)-
	237
	238	my $claimed_uri = $c->req->params->{openid_identifier};
	239	$c->authenticate({openid_identifier => $claimed_uri});
	240
	241	=item Catalyst::Authentication::Credential::OpenID->new()
	242
	243	You will never call this. Catalyst does it for you. The only important
	244	thing you might like to know about it is that it merges its realm
	245	configuration with its configuration proper. If this doesn't mean
	246	anything to you, don't worry.
	247
	248	=back
	249
	250	=head2 USER METHODS
	251
	252	Currently the only supported user class is L<Catalyst::Plugin::Authentication::User::Hash>.
	253
	254	=over 4
	255
	256	=item $c->user->url
	257
	258	=item $c->user->display
	259
	260	=item $c->user->rss
	261
	262	=item $c->user->atom
	263
	264	=item $c->user->foaf
	265
	266	=item $c->user->declared_rss
	267
	268	=item $c->user->declared_atom
	269
	270	=item $c->user->declared_foaf
	271
	272	=item $c->user->foafmaker
	273
	274	=back
	275
	276	See L<Net::OpenID::VerifiedIdentity> for details.
	277
	278	=head1 CONFIGURATION
	279
	280	Catalyst authentication is now configured entirely from your
	281	application's configuration. Do not, for example, put
	282	C<Credential::OpenID> into your C<use Catalyst ...> statement.
	283	Instead, tell your application that in one of your authentication
	284	realms you will use the credential.
	285
	286	In your application the following will give you two different
	287	authentication realms. One called "members" which authenticates with
	288	clear text passwords and one called "openid" which uses... uh, OpenID.
	289
	290	__PACKAGE__->config
	291	( name => "MyApp",
	292	"Plugin::Authentication" => {
	293	default_realm => "members",
	294	realms => {
	295	members => {
	296	credential => {
	297	class => "Password",
	298	password_field => "password",
	299	password_type => "clear"
	300	},
	301	store => {
	302	class => "Minimal",
	303	users => {
	304	paco => {
	305	password => "l4s4v3n7ur45",
	306	},
	307	}
	308	}
	309	},
	310	openid => {
	311	consumer_secret => "Don't bother setting",
	312	ua_class => "LWPx::ParanoidAgent",
	313	ua_args => {
	314	whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
	315	},
	316	credential => {
	317	class => "OpenID",
	318	store => {
	319	class => "OpenID",
	320	},
	321	},
	322	},
	323	},
	324	},
	325	);
	326
	327	This is the same configuration in the default L<Catalyst> configuration format from L<Config::General>.
	328
	329	name MyApp
	330	<Plugin::Authentication>
	331	default_realm members
	332	<realms>
	333	<members>
	334	<store>
	335	class Minimal
	336	<users>
	337	<paco>
	338	password l4s4v3n7ur45
	339	</paco>
	340	</users>
	341	</store>
	342	<credential>
	343	password_field password
	344	password_type clear
	345	class Password
	346	</credential>
	347	</members>
	348	<openid>
	349	<ua_args>
	350	whitelisted_hosts 127.0.0.1
	351	whitelisted_hosts localhost
	352	</ua_args>
	353	consumer_secret Don't bother setting
	354	ua_class LWPx::ParanoidAgent
	355	<credential>
	356	<store>
	357	class OpenID
	358	</store>
	359	class OpenID
	360	</credential>
	361	</openid>
	362	</realms>
	363	</Plugin::Authentication>
	364
	365	And now, the same configuration in L<YAML>. B<NB>: L<YAML> is whitespace sensitive.
	366
	367	name: MyApp
	368	Plugin::Authentication:
	369	default_realm: members
	370	realms:
	371	members:
	372	credential:
	373	class: Password
	374	password_field: password
	375	password_type: clear
	376	store:
	377	class: Minimal
	378	users:
	379	paco:
	380	password: l4s4v3n7ur45
	381	openid:
	382	credential:
	383	class: OpenID
	384	store:
	385	class: OpenID
	386	consumer_secret: Don't bother setting
	387	ua_class: LWPx::ParanoidAgent
	388	ua_args:
	389	whitelisted_hosts:
	390	- 127.0.0.1
	391	- localhost
	392
	393	B<NB>: There is no OpenID store yet. Trying for next release.
	394
	395	=head2 MORE ON CONFIGURATION
	396
	397	These are set in your realm. See above.
	398
	399	=over 4
	400
	401	=item ua_args and ua_class
	402
	403	L<LWPx::ParanoidAgent> is the default agent -- C<ua_class>. You don't
	404	have to set it. I recommend that you do B<not> override it. You can
	405	with any well behaved L<LWP::UserAgent>. You probably should not.
	406	L<LWPx::ParanoidAgent> buys you many defenses and extra security
	407	checks. When you allow your application users freedom to initiate
	408	external requests, you open a big avenue for DoS (denial of service)
	409	attacks. L<LWPx::ParanoidAgent> defends against this.
	410	L<LWP::UserAgent> and any regular subclass of it will not.
	411
	412	=item consumer_secret
	413
	414	The underlying L<Net::OpenID::Consumer> object is seeded with a
	415	secret. If it's important to you to set your own, you can. The default
	416	uses this package name + its version + the sorted configuration keys
	417	of your Catalyst application (chopped at 255 characters if it's
	418	longer). This should generally be superior to any fixed string.
	419
	420	=back
	421
	422	=head1 TODO
	423
	424	There are some interesting implications with this sort of setup. Does
	425	a user aggregate realms or can a user be signed in under more than one
	426	realm? The documents could contain a recipe of the self-answering
	427	OpenID end-point that is in the tests.
	428
	429	Debug statements need to be both expanded and limited via realm
	430	configuration.
	431
	432	Better diagnostics in errors. Debug info at all consumer calls.
	433
	434	Roles from provider domains? Mapped? Direct? A generic "openid" auto_role?
	435
	436	=head1 THANKS
	437
	438	To Benjamin Trott (L<Catalyst::Plugin::Authentication::OpenID>), Tatsuhiko Miyagawa (L<Catalyst::Plugin::Authentication::Credential::OpenID>), and Brad Fitzpatrick for the great OpenID stuff and to Jay Kuri and everyone else who has made Catalyst such a wonderful framework.
	439
	440	=head1 LICENSE AND COPYRIGHT
	441
	442	Copyright (c) 2008, Ashley Pond V C<< <ashley@cpan.org> >>. Some of
	443	Tatsuhiko Miyagawa's work is reused here.
	444
	445	This module is free software; you can redistribute it and modify it
	446	under the same terms as Perl itself. See L<perlartistic>.
	447
	448	=head1 DISCLAIMER OF WARRANTY
	449
	450	Because this software is licensed free of charge, there is no warranty
	451	for the software, to the extent permitted by applicable law. Except when
	452	otherwise stated in writing the copyright holders and other parties
	453	provide the software "as is" without warranty of any kind, either
	454	expressed or implied, including, but not limited to, the implied
	455	warranties of merchantability and fitness for a particular purpose. The
	456	entire risk as to the quality and performance of the software is with
	457	you. Should the software prove defective, you assume the cost of all
	458	necessary servicing, repair, or correction.
	459
	460	In no event unless required by applicable law or agreed to in writing
	461	will any copyright holder, or any other party who may modify or
	462	redistribute the software as permitted by the above license, be
	463	liable to you for damages, including any general, special, incidental,
	464	or consequential damages arising out of the use or inability to use
	465	the software (including but not limited to loss of data or data being
	466	rendered inaccurate or losses sustained by you or third parties or a
	467	failure of the software to operate with any other software), even if
	468	such holder or other party has been advised of the possibility of