Welcome, Registration, and other StartingPoints; TWiki history & Wiki style; All the docs...
View   r3  >  r2  >  r1
TWikiClientDotPm 3 - 16 Jan 2007 - Main.TWikiContributor
Line: 5 to 5
 On it's own, an object of this class is used when you specify 'none' in the security setup section of
Changed:
<
<		configure. When it is used,
>
>		configure. When it is used,
 logins are not supported. If you want to authenticate users then you should consider TemplateLogin? or ApacheLogin? , which are subclasses of this class.
Line: 18 to 18
 let the perl optimiser optimise out the trace function as a no-op if tracing is disabled.
Added:
>
>		Here's an overview of how it works:

Early in TWiki::new, the login manager is created. The creation of the login manager does two things:

  1. If sessions are in use, it loads CGI::Session but doesn't initialise the session yet.
  2. Creates the login manager object
Slightly later in TWiki::new, loginManager->loadSession is called.
  1. Calls loginManager->getUser to get the username before the session is created
    • TWiki::Client::ApacheLogin looks at REMOTE_USER
    • TWiki::Client::TemplateLogin just returns undef
  2. reads the TWIKISID cookie to get the SID (or the TWIKISID parameters in the CGI query if cookies aren't available, or IP2SID? mapping if that's enabled).
  3. Creates the CGI::Session object, and the session is thereby read.
  4. If the username still isn't known, reads it from the cookie. Thus TWiki::Client::ApacheLogin overrides the cookie using REMOTE_USER, and TWiki::Client::TemplateLogin always uses the session.

Later again in TWiki::new, plugins are given a chance to override the username found from the loginManager.

The last step in TWiki::new is to find the user, using whatever user mapping manager is in place.

 

ObjectData? twiki

Added:
>
>
 The TWiki object this login manager is attached to.
Line: 24 to 42
 
Changed:
<
<

StaticMethod makeClient ($twiki) -> $TWiki::Client

>
>

StaticMethod makeLoginManager ($twiki) -> $TWiki::Client

 Factory method, used to generate a new TWiki::Client object for the given session.

Changed:
<
<

ObjectMethod loadSession ()

>
>

ObjectMethod loadSession ($defaultUser) -> $login

 Get the client session data, using the cookie and/or the request URL. Set up appropriate session variables in the twiki object and return the login name.
Added:
>
>		$defaultUser is a username to use if one is not available from other sources. The username passed when you create a TWiki instance is passed in here.
 

ObjectMethod checkAccess ()

Line: 51 to 76
 

StaticMethod expireDeadSessions ()

Changed:
<
<		Delete sessions that are sitting around but are really expired.
>
>		Delete sessions and passthrough files that are sitting around but are really expired.
 This assumes that the sessions are stored as files.

This is a static method, but requires TWiki::cfg. It is designed to be

Line: 92 to 120
 

ObjectMethod redirectCgiQuery ($url)

Added:
>
>
 Generate an HTTP redirect on STDOUT, if you can. Return 1 if you did.
Deleted:
<
<		Don't forget to pass all query parameters through.
 
  • $url - target of the redirection.
Line: 114 to 145
 
Changed:
<
<

ObjectMethod clearSessionValue ($name)

>
>

ObjectMethod clearSessionValue ($name) -> $boolean

 Clear the value of a session variable. We do not allow setting of AUTHUSER.

TWikiClientDotPm 2 - 25 Jun 2006 - Main.TWikiContributor
Line: 13 to 13
 of this class, implementing the methods marked as VIRTUAL. There are already examples in the lib/TWiki/Client directory.
Added:
>
>		The class has extensive tracing, which is enabled by $TWiki::cfg{Trace}{Client.pm}. The tracing is done in such a way as to let the perl optimiser optimise out the trace function as a no-op if tracing is disabled.

ObjectData? twiki

The TWiki object this login manager is attached to.
 

TWikiClientDotPm 1 - 01 Feb 2006 - Main.TWikiContributor
Line: 1 to 1
Added:
>
>

Package TWiki::Client

The package is also a Factory for login managers and also the base class for all login managers.

On it's own, an object of this class is used when you specify 'none' in the security setup section of configure. When it is used, logins are not supported. If you want to authenticate users then you should consider TemplateLogin? or ApacheLogin? , which are subclasses of this class.

If you are building a new login manager, then you should write a new subclass of this class, implementing the methods marked as VIRTUAL. There are already examples in the lib/TWiki/Client directory.

StaticMethod makeClient ($twiki) -> $TWiki::Client

Factory method, used to generate a new TWiki::Client object for the given session.

ObjectMethod loadSession ()

Get the client session data, using the cookie and/or the request URL. Set up appropriate session variables in the twiki object and return the login name.

ObjectMethod checkAccess ()

Check if the script being run in this session is authorised for execution. If not, throw an access control exception.

ObjectMethod finish

Complete processing after the client's HTTP request has been responded to. Flush the user's session (if any) to disk.

StaticMethod expireDeadSessions ()

Delete sessions that are sitting around but are really expired. This assumes that the sessions are stored as files.

This is a static method, but requires TWiki::cfg. It is designed to be run from a session or from a cron job.

ObjectMethod userLoggedIn ($login,$wikiname)

Called when the user logs in. It's invoked from TWiki::UI::Register::finish for instance, when the user follows the link in their verification email message.

  • $login - string login name
  • $wikiname - string wikiname

ObjectMethod endRenderingHandler ()

This handler is called by getRenderedVersion just before the plugins postRenderingHandler. So it is passed all HTML text just before it is printed.

DEPRECATED Use postRenderingHandler instead.

ObjectMethod addCookie ($c)

Add a cookie to the list of cookies for this session.

  • $c - a CGI::Cookie

ObjectMethod modifyHeader (\%header)

Modify a HTTP header
  • \%header - header entries

ObjectMethod redirectCgiQuery ($url)

Generate an HTTP redirect on STDOUT, if you can. Return 1 if you did. Don't forget to pass all query parameters through.
  • $url - target of the redirection.

ObjectMethod getSessionValues () -> \%values

Get a name->value hash of all the defined session variables

ObjectMethod getSessionValue ($name) -> $value

Get the value of a session variable.

ObjectMethod setSessionValue ($name,$value)

Set the value of a session variable. We do not allow setting of AUTHUSER.

ObjectMethod clearSessionValue ($name)

Clear the value of a session variable. We do not allow setting of AUTHUSER.

ObjectMethod forceAuthentication () -> boolean

VIRTUAL METHOD implemented by subclasses

Triggered by an access control violation, this method tests to see if the current session is authenticated or not. If not, it does whatever is needed so that the user can log in, and returns 1.

If the user has an existing authenticated session, the function simply drops though and returns 0.

ObjectMethod loginUrl (...) -> $url

VIRTUAL METHOD implemented by subclasses

Return a full URL suitable for logging in.

  • ... - url parameters to be added to the URL, in the format required by TWiki::getScriptUrl()

ObjectMethod getUser ()

VIRTUAL METHOD implemented by subclasses

If there is some other means of getting a username - for example, Apache has remote_user() - then return it. Otherwise, return undef and the username stored in the session will be used.


Revision 3r3 - 16 Jan 2007 - 04:12:06 - TWikiContributor
Revision 2r2 - 25 Jun 2006 - 16:26:33 - TWikiContributor
Revision 1r1 - 01 Feb 2006 - 12:01:25 - TWikiContributor
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM