File Coverage

blib/lib/PlugAuth/Client.pm

Criterion	Covered	Total	%
statement	45	51	88.2
branch	7	10	70.0
condition	2	3	66.6
subroutine	10	11	90.9
pod	5	5	100.0
total	69	80	86.2

line	stmt	bran	cond	sub	pod	time	code
1							package PlugAuth::Client;
2
3	42			42		2943135	use strict;
	42					134
	42					1528
4	42			42		298	use warnings;
	42					145
	42					1459
5	42			42		859	use 5.010001;
	42					262
6	42			42		1547	use Log::Log4perl qw(:easy);
	42					201387
	42					458
7	42			42		52484	use Clustericious::Client;
	42					23878623
	42					333
8
9							# ABSTRACT: PlugAuth Client
10							our $VERSION = '0.38'; # VERSION
11
12
13							route welcome => 'GET', '/';
14
15
16							route auth => 'GET', '/auth';
17
18
19							route_doc authz => "user action resource";
20							sub authz
21							{
22	7			7	1	46566	my($self, $user, $action, $resource) = @_;
23
24	7					42	my $url = Mojo::URL->new( $self->server_url );
25
26	7	100				2127	$resource = "/$resource" unless $resource =~ m{^/};
27
28	7					50	$url->path("/authz/user/$user/$action$resource");
29
30	7					217	$self->_doit('GET', $url);
31							}
32
33
34							route user => 'GET', '/user';
35
36
37							route create_user => 'POST', '/user', \("--user username --password password");
38							route_args create_user => [
39							{ name => 'user', type => '=s', required => 1, modifies_payload => 'hash' },
40							{ name => 'password', type => '=s', required => 1, modifies_payload => 'hash' },
41							{ name => 'groups', type => '=s', required => 0, modifies_payload => 'hash' },
42							];
43
44
45							route delete_user => 'DELETE', '/user', \("user");
46							route_args delete_user => [
47							{ name => 'user', type => '=s', required => 1, modifies_url => 'append' },
48							];
49
50
51							route groups => 'GET', '/groups', \("user");
52
53
54							route_doc change_password => 'username password';
55							sub change_password
56							{
57	1			1	1	5188	my($self, $user, $password) = @_;
58	1					6	my $url = Mojo::URL->new( $self->server_url );
59	1					285	$url->path("/user/$user");
60	1					27	$self->_doit('POST', $url, { password => $password });
61							}
62
63
64							route group => 'GET', '/group';
65
66
67							route users => 'GET', '/users', \("group");
68
69
70							route create_group => 'POST', '/group', \("--group group --users user1,user2,...");
71							route_args create_group => [
72							{ name => 'group', type => '=s', required => 1, modifies_payload => 'hash' },
73							{ name => 'users', type => '=s', required => 1, modifies_payload => 'hash' },
74							];
75
76
77							route_doc 'update_group' => 'group --users user1,user2,...';
78							route_args update_group => [
79							{ name => 'group', type => '=s', required => 1, modifies_url => 'append', 'positional' => 'one' },
80							{ name => 'users', type => '=s', required => 1 },
81							];
82							sub update_group
83							{
84	2			2	1	18622	my $self = shift;
85	2					8	my $group = shift;
86	2	100				16	my $args = ref($_[0]) eq 'HASH' ? $_[0] : {@_};
87
88	2	50				15	LOGDIE "group needed for update"
89							unless $group;
90
91	2					19	my $url = Mojo::URL->new( $self->server_url );
92	2					854	$url->path("/group/$group");
93
94	2					109	TRACE("updating $group ", $url->to_string);
95
96	2		66			2528	$self->_doit('POST', $url, { users => $args->{users} // $args->{'--users'} });
97							}
98
99
100							route delete_group => 'DELETE', '/group', \("group");
101
102
103							route 'group_add_user' => 'POST' => '/group';
104							route_args 'group_add_user' => [
105							{ name => 'group', type => '=s', modifies_url => 'append', 'positional' => 'one' },
106							{ name => 'user', type => '=s', modifies_url => 'append', 'positional' => 'one' },
107							];
108
109
110							route 'group_delete_user' => 'DELETE' => '/group';
111							route_args 'group_delete_user' => [
112							{ name => 'group', type => '=s', modifies_url => 'append', 'positional' => 'one' },
113							{ name => 'user', type => '=s', modifies_url => 'append', 'positional' => 'one' },
114							];
115
116
117							route 'grant' => 'POST' => '/grant';
118							route_args 'grant' => [
119							{ name => 'user', type => '=s', modifies_url => 'append', positional => 'one' },
120							{ name => 'action', type => '=s', modifies_url => 'append', positional => 'one' },
121							{ name => 'resource', type => '=s', modifies_url => 'append', positional => 'one' },
122							];
123
124
125							route 'revoke' => 'DELETE' => '/grant';
126							route_args 'revoke' => [
127							{ name => 'user', type => '=s', modifies_url => 'append', positional => 'one' },
128							{ name => 'action', type => '=s', modifies_url => 'append', positional => 'one' },
129							{ name => 'resource', type => '=s', modifies_url => 'append', positional => 'one' },
130							];
131
132
133							route granted => 'GET', '/grant';
134
135
136							route actions => 'GET', '/actions';
137
138
139							route host_tag => 'GET', '/host', \("host tag");
140
141
142							route resources => 'GET', '/authz/resources', \("user action resource_regex");
143
144
145							sub _remove_prefixes
146							{
147	4			4		959	my @in = sort @_;
148	4					15	my @out;
149	4					26	while(my $item = shift @in)
150							{
151	5					26	@in = grep { substr($_, 0, length $item) ne $item } @in;
	5					26
152	5					29	push @out, $item;
153							}
154	4					42	@out;
155							}
156
157							route_doc action_resources => "user";
158							sub action_resources
159							{
160	1			1	1	7964	my($self, $user) = @_;
161	1					3	my %table;
162	1					3	foreach my $action (@{ $self->actions })
	1					7
163							{
164	4					7668	my $resources = $self->resources($user, $action, '/');
165	4	100				31002	$table{$action} = [_remove_prefixes(@$resources)] if @$resources > 0;
166							}
167	1					7	\%table;
168							}
169
170
171							route_doc action_resource => 'audit';
172							sub audit
173							{
174	0			0	1		my($self, $year, $month, $day) = @_;
175	0						my $uri;
176	0	0					if(defined $day)
177							{
178	0						$uri = join('/', '', 'audit', $year, sprintf("%02d", $month), sprintf("%02d", $day));
179							}
180							else
181							{
182							# TODO: Clustericious::Client doesn't handle 302 correctly
183	0						$uri = join('/', '', 'audit', 'today');
184							}
185	0						$self->_doit(GET => $uri);
186							}
187
188							1;
189
190							__END__
191
192							=pod
193
194							=encoding UTF-8
195
196							=head1 NAME
197
198							PlugAuth::Client - PlugAuth Client
199
200							=head1 VERSION
201
202							version 0.38
203
204							=head1 SYNOPSIS
205
206							In a perl program :
207
208							my $r = PlugAuth::Client->new;
209
210							# Check auth server status and version
211							my $check = $r->status;
212							my $version = $r->version;
213
214							# Authenticate user "alice", pw "sesame"
215							$r->login("alice", "sesame");
216							if ($r->auth) {
217							print "authentication succeeded\n";
218							} else {
219							print "authentication failed\n";
220							}
221
222							# Authorize "alice" to "POST" to "/board"
223							if ($r->authz("alice","POST","board")) {
224							print "authorization succeeded\n";
225							} else {
226							print "authorization failed\n";
227							}
228
229							=head1 DESCRIPTION
230
231							This module provides a perl front-end to the PlugAuth API. For a stripped
232							down interface to just the authentication and authorization API (that is
233							not including the user/group/authorization management functions), see
234							L<PlugAuth::Client::Tiny>.
235
236							=head1 METHODS
237
238							=head2 $client-E<gt>auth
239
240							Returns true if the PlugAuth server can authenticate the user.
241							Username and passwords can be specified with the login method or
242							via the application's configuration file, see L<Clustericious::Client>
243							for details.
244
245							=head2 $client-E<gt>authz($user $action, $resource)
246
247							Returns true if the given user ($user) is authorized to perform the
248							given action ($action) on the given resource ($resource).
249
250							=head2 $client-E<gt>user
251
252							Returns a list reference containing all usernames.
253
254							=head2 $client-E<gt>create_user( %args )
255
256							Create a user with the given username and password.
257
258							=over 4
259
260							=item * user
261
262							The new user's username
263
264							REQUIRED
265
266							=item * password
267
268							The new user's password
269
270							REQUIRED
271
272							=item * groups
273
274							List of groups as a comma separated string. Using this option requires that
275							the server is running PlugAuth 0.21 or better.
276
277							=back
278
279							=head2 $client-E<gt>delete_user( $username )
280
281							Delete the user with the given username.
282
283							=head2 $client-E<gt>groups($user)
284
285							Returns a list reference containing the groups that the given user ($user)
286							belongs to.
287
288							=head2 $client-E<gt>change_password($user, $password)
289
290							Change the password of the given user ($user) to a new password ($password).
291
292							=head2 $client-E<gt>group
293
294							Returns a list reference containing all group names.
295
296							=head2 $client-E<gt>users($group)
297
298							Returns the list of users belonging to the given group ($group).
299
300							=head2 $client-E<gt>create_group( \%args )
301
302							Create a group.
303
304							=over 4
305
306							=item * group
307
308							The name of the new group
309
310							=item * users
311
312							Comma separated list (as a string) of the users that
313							should initially belong to this group.
314
315							=back
316
317							=head2 $client-E<gt>update_group( $group, '--users' => $users )
318
319							Update the given group ($group) replacing the existing list with
320							the new list ($users), which is a comma separated list as a string.
321
322							=head2 $client-E<gt>delete_group( $group )
323
324							Delete the given group ($group).
325
326							=head2 $client-E<gt>group_add_user( $group, $user )
327
328							Adds the given user ($user) to the given group ($group)
329
330							=head2 $client-E<gt>group_delete_user( $group, $user )
331
332							Delete the given user ($user) from the given group ($group)
333
334							=head2 $client-E<gt>grant( $user, $action, $resource )
335
336							Grants the given user ($user) the authorization to perform the given
337							action ($action) on the given resource ($resource).
338
339							=head2 $client-E<gt>revoke( $user, $action, $resource )
340
341							Revokes permission for the give user ($user) to perform the given action ($action)
342							on the given resource ($resource).
343
344							=head2 $client-E<gt>granted
345
346							Returns a list of granted permissions
347
348							=head2 $client-E<gt>actions
349
350							Returns a list reference containing the actions that the PlugAuth server
351							knows about.
352
353							=head2 $client-E<gt>host_tag($ip_address, $tag)
354
355							Returns true if the host specified by the given IP address ($ip_address)
356							has the given host tag ($tag).
357
358							=head2 $client-E<gt>resources( $user, $action, $resource_regex )
359
360							Returns a list reference containing the resources that match the regex
361							provided ($resource_regex) that the given user ($user) can perform the
362							given action ($action). To see all the resources that the user can
363							perform the given action against, pass in '.*' as the regex.
364
365							=head2 $client-E<gt>action_resources( $user )
366
367							Returns a hash reference of all actions and resources that the given
368							user ($user) can perform. The keys in the returned hash are the
369							actions and the values are list references containing the resources
370							where those actions can be performed by the user.
371
372							=head2 $client-E<gt>audit( $year, $month, $day )
373
374							Interface to the L<Audit\|PlugAuth::Plugin::Audit> plugin, if it is available.
375
376							=head1 SEE ALSO
377
378							L<Clustericious::Client>,
379							L<PlugAuth>,
380							L<plugauthclient>,
381							L<plugauthpasswd>,
382							L<PlugAuth::Client::Tiny>
383
384							=head1 AUTHOR
385
386							Graham Ollis <gollis@sesda3.com>
387
388							=head1 COPYRIGHT AND LICENSE
389
390							This software is copyright (c) 2012 by NASA GSFC.
391
392							This is free software; you can redistribute it and/or modify it under
393							the same terms as the Perl 5 programming language system itself.
394
395							=cut