File Coverage

blib/lib/PlugAuth/Client.pm

Criterion	Covered	Total	%
statement	22	52	42.3
branch	0	10	0.0
condition	0	3	0.0
subroutine	6	11	54.5
pod	5	5	100.0
total	33	81	40.7

line	stmt	bran	cond	sub	pod	time	code
1							package PlugAuth::Client;
2
3	2			2		37733	use strict;
	2					4
	2					79
4	2			2		13	use warnings;
	2					4
	2					62
5	2			2		36	use v5.10;
	2					6
	2					88
6	2			2		9100	use Log::Log4perl qw(:easy);
	2					126442
	2					16
7	2			2		3643	use Clustericious::Client;
	2					1565957
	2					18
8
9							# ABSTRACT: PlugAuth Client
10							our $VERSION = '0.20'; # VERSION
11
12
13							route welcome => 'GET', '/';
14
15
16							route auth => 'GET', '/auth';
17
18
19							route_doc authz => "user action resource";
20							sub authz
21							{
22	0			0	1	0	my($self, $user, $action, $resource) = @_;
23
24	0					0	my $url = Mojo::URL->new( $self->server_url );
25
26	0	0				0	$resource = "/$resource" unless $resource =~ m{^/};
27
28	0					0	$url->path("/authz/user/$user/$action$resource");
29
30	0					0	$self->_doit('GET', $url);
31							}
32
33
34							route user => 'GET', '/user';
35
36
37							route create_user => 'POST', '/user', \("--user username --password password");
38							route_args create_user => [
39							{ name => 'user', type => '=s', required => 1, modifies_payload => 'hash' },
40							{ name => 'password', type => '=s', required => 1, modifies_payload => 'hash' },
41							{ name => 'groups', type => '=s', required => 0, modifies_payload => 'hash' },
42							];
43
44
45							route delete_user => 'DELETE', '/user', \("user");
46							route_args delete_user => [
47							{ name => 'user', type => '=s', required => 1, modifies_url => 'append' },
48							];
49
50
51							route groups => 'GET', '/groups', \("user");
52
53
54							route_doc change_password => 'username password';
55							sub change_password
56							{
57	0			0	1	0	my($self, $user, $password) = @_;
58	0					0	my $url = Mojo::URL->new( $self->server_url );
59	0					0	$url->path("/user/$user");
60	0					0	$self->_doit('POST', $url, { password => $password });
61							}
62
63
64							route group => 'GET', '/group';
65
66
67							route users => 'GET', '/users', \("group");
68
69
70							route create_group => 'POST', '/group', \("--group group --users user1,user2,...");
71							route_args create_group => [
72							{ name => 'group', type => '=s', required => 1, modifies_payload => 'hash' },
73							{ name => 'users', type => '=s', required => 1, modifies_payload => 'hash' },
74							];
75
76
77							route_doc 'update_group' => 'group --users user1,user2,...';
78							route_args update_group => [
79							{ name => 'group', type => '=s', required => 1, modifies_url => 'append', 'positional' => 'one' },
80							{ name => 'users', type => '=s', required => 1 },
81							];
82							sub update_group
83							{
84	0			0	1	0	my $self = shift;
85	0					0	my $group = shift;
86	0	0				0	my $args = ref($_[0]) eq 'HASH' ? $_[0] : {@_};
87
88	0	0				0	LOGDIE "group needed for update"
89							unless $group;
90
91	0					0	my $url = Mojo::URL->new( $self->server_url );
92	0					0	$url->path("/group/$group");
93
94	0					0	TRACE("updating $group ", $url->to_string);
95
96	0		0			0	$self->_doit('POST', $url, { users => $args->{users} // $args->{'--users'} });
97							}
98
99
100							route delete_group => 'DELETE', '/group', \("group");
101
102
103							route 'group_add_user' => 'POST' => '/group';
104							route_args 'group_add_user' => [
105							{ name => 'group', type => '=s', modifies_url => 'append', 'positional' => 'one' },
106							{ name => 'user', type => '=s', modifies_url => 'append', 'positional' => 'one' },
107							];
108
109
110							route 'group_delete_user' => 'DELETE' => '/group';
111							route_args 'group_delete_user' => [
112							{ name => 'group', type => '=s', modifies_url => 'append', 'positional' => 'one' },
113							{ name => 'user', type => '=s', modifies_url => 'append', 'positional' => 'one' },
114							];
115
116
117							route 'grant' => 'POST' => '/grant';
118							route_args 'grant' => [
119							{ name => 'user', type => '=s', modifies_url => 'append', positional => 'one' },
120							{ name => 'action', type => '=s', modifies_url => 'append', positional => 'one' },
121							{ name => 'resource', type => '=s', modifies_url => 'append', positional => 'one' },
122							];
123
124
125							route 'revoke' => 'DELETE' => '/grant';
126							route_args 'revoke' => [
127							{ name => 'user', type => '=s', modifies_url => 'append', positional => 'one' },
128							{ name => 'action', type => '=s', modifies_url => 'append', positional => 'one' },
129							{ name => 'resource', type => '=s', modifies_url => 'append', positional => 'one' },
130							];
131
132
133							route granted => 'GET', '/grant';
134
135
136							route actions => 'GET', '/actions';
137
138
139							route host_tag => 'GET', '/host', \("host tag");
140
141
142							route resources => 'GET', '/authz/resources', \("user action resource_regex");
143
144
145							sub _remove_prefixes
146							{
147	1			1		962	my @in = sort @_;
148	1					3	my @out;
149	1					5	while(my $item = shift @in)
150							{
151	2					5	@in = grep { substr($_, 0, length $item) ne $item } @in;
	5					14
152	2					8	push @out, $item;
153							}
154	1					10	@out;
155							}
156
157							route_doc action_resources => "user";
158							sub action_resources
159							{
160	0			0	1		my($self, $user) = @_;
161	0						my %table;
162	0						foreach my $action (@{ $self->actions })
	0
163							{
164	0						my $resources = $self->resources($user, $action, '/');
165	0	0					$table{$action} = [_remove_prefixes(@$resources)] if @$resources > 0;
166							}
167	0						\%table;
168							}
169
170
171							route_doc action_resource => 'audit';
172							sub audit
173							{
174	0			0	1		my($self, $year, $month, $day) = @_;
175	0						my $uri;
176	0	0					if(defined $day)
177							{
178	0						$uri = join('/', '', 'audit', $year, sprintf("%02d", $month), sprintf("%02d", $day));
179							}
180							else
181							{
182							# TODO: Clustericious::Client doesn't handle 302 correctly
183	0						$uri = join('/', '', 'audit', 'today');
184							}
185	0						$self->_doit(GET => $uri);
186							}
187
188							1;
189
190
191
192							=pod
193
194							=head1 NAME
195
196							PlugAuth::Client - PlugAuth Client
197
198							=head1 VERSION
199
200							version 0.20
201
202							=head1 SYNOPSIS
203
204							In a perl program :
205
206							my $r = PlugAuth::Client->new;
207
208							# Check auth server status and version
209							my $check = $r->status;
210							my $version = $r->version;
211
212							# Authenticate user "alice", pw "sesame"
213							$r->login("alice", "sesame");
214							if ($r->auth) {
215							print "authentication succeeded\n";
216							} else {
217							print "authentication failed\n";
218							}
219
220							# Authorize "alice" to "POST" to "/board"
221							if ($r->authz("alice","POST","board")) {
222							print "authorization succeeded\n";
223							} else {
224							print "authorization failed\n";
225							}
226
227							=head1 DESCRIPTION
228
229							This module provides a perl front-end to the PlugAuth API. For a stripped
230							down interface to just the authentication and authorization API (that is
231							not including the user/group/authorization management functions), see
232							L.
233
234							=head1 METHODS
235
236							=head2 $client-Eauth
237
238							Returns true if the PlugAuth server can authenticate the user.
239							Username and passwords can be specified with the login method or
240							via the application's configuration file, see L
241							for details.
242
243							=head2 $client-Eauthz($user $action, $resource)
244
245							Returns true if the given user ($user) is authorized to perform the
246							given action ($action) on the given resource ($resource).
247
248							=head2 $client-Euser
249
250							Returns a list reference containing all usernames.
251
252							=head2 $client-Ecreate_user( \%args )
253
254							Create a user with the given username and password.
255
256							=over 4
257
258							=item * user
259
260							The new user's username
261
262							REQUIRED
263
264							=item * password
265
266							The new user's password
267
268							REQUIRED
269
270							=item * groups
271
272							List of groups as a comma separated string. Using this option requires that
273							the server is running PlugAuth 0.21 or better.
274
275							=back
276
277							=head2 $client-Edelete_user( $username )
278
279							Delete the user with the given username.
280
281							=head2 $client-Egroups($user)
282
283							Returns a list reference containing the groups that the given user ($user)
284							belongs to.
285
286							=head2 $client-Echange_password($user, $password)
287
288							Change the password of the given user ($user) to a new password ($password).
289
290							=head2 $client-Egroup
291
292							Returns a list reference containing all group names.
293
294							=head2 $client-Eusers($group)
295
296							Returns the list of users belonging to the given group ($group).
297
298							=head2 $client-Ecreate_group( \%args )
299
300							Create a group.
301
302							=over 4
303
304							=item * group
305
306							The name of the new group
307
308							=item * users
309
310							Comma separated list (as a string) of the users that
311							should initially belong to this group.
312
313							=back
314
315							=head2 $client-Eupdate_group( $group, '--users' => $users )
316
317							Update the given group ($group) replacing the existing list with
318							the new list ($users), which is a comma separated list as a string.
319
320							=head2 $client-Edelete_group( $group )
321
322							Delete the given group ($group).
323
324							=head2 $client-Egroup_add_user( $group, $user )
325
326							Adds the given user ($user) to the given group ($group)
327
328							=head2 $client-Egroup_delete_user( $group, $user )
329
330							Delete the given user ($user) from the given group ($group)
331
332							=head2 $client-Egrant( $user, $action, $resource )
333
334							Grants the given user ($user) the authorization to perform the given
335							action ($action) on the given resource ($resource).
336
337							=head2 $client-Erevoke( $user, $action, $resource )
338
339							Revokes permission for the give user ($user) to perform the given action ($action)
340							on the given resource ($resource).
341
342							=head2 $client-Egranted
343
344							Returns a list of granted permissions
345
346							=head2 $client-Eactions
347
348							Returns a list reference containing the actions that the PlugAuth server
349							knows about.
350
351							=head2 $client-Ehost_tag($ip_address, $tag)
352
353							Returns true if the host specified by the given IP address ($ip_address)
354							has the given host tag ($tag).
355
356							=head2 $client-Eresources( $user, $action, $resource_regex )
357
358							Returns a list reference containing the resources that match the regex
359							provided ($resource_regex) that the given user ($user) can perform the
360							given action ($action). To see all the resources that the user can
361							perform the given action against, pass in '.*' as the regex.
362
363							=head2 $client-Eaction_resources( $user )
364
365							Returns a hash reference of all actions and resources that the given
366							user ($user) can perform. The keys in the returned hash are the
367							actions and the values are list references containing the resources
368							where those actions can be performed by the user.
369
370							=head2 $client-Eaudit( $year, $month, $day )
371
372							Interface to the L plugin, if it is available.
373
374							=head1 SEE ALSO
375
376							L,
377							L,
378							L,
379							L,
380							L
381
382							=head1 AUTHOR
383
384							Graham Ollis
385
386							=head1 COPYRIGHT AND LICENSE
387
388							This software is copyright (c) 2012 by NASA GSFC.
389
390							This is free software; you can redistribute it and/or modify it under
391							the same terms as the Perl 5 programming language system itself.
392
393							=cut
394
395
396							__END__