package KiokuX::User;
use MooseX::Role::Parameterized;

use namespace::clean -except => 'meta';

our $VERSION = "0.02";

parameter id => (
    isa     => 'HashRef',
    default => sub { +{} },

parameter password => (
    isa     => 'HashRef',
    default => sub { +{} },

role {
    my ($p) = @_;

    with 'KiokuX::User::ID' => $p->id,
         'KiokuX::User::Password' => $p->password;




=head1 NAME

KiokuX::User - A generic role for user objects stored in L<KiokuDB>


    package MyFoo::Schema::User;
    use Moose;

    use KiokuX::User::Util qw(crypt_password);

    with qw(KiokuX::User);

    my $user = MyFoo::Schema::User->new(
        id       => $user_id,
        password => crypt_password($password),

    $user->kiokudb_object_id; # "user:$user_id"

    if ( $user->check_password($read_password) ) {
        warn "Login successful";
    } else {
        warn "Login failed";


This role provides a fairly trivial set of attributes and methods designed to
ease the storage of objects representing users in a KiokuDB database.

It consumes L<KiokuX::User::ID> which provides the C<id> attribute and related
methods as well as L<KiokuDB::Role::ID> integration, and
L<KiokuX::User::Password> which provides an L<Authen::Passphrase> based
C<password> attribute and a C<check_password> method.


This role strictly implements a notion of an authenticatable identity, not of a

If you want to support renaming, multiple authentication methods (e.g. a
password and/or an openid), it's best to create identity delegates that consume
this role, and have them point at the actual user object:

    package MyFoo::Schema::Identity;
    use Moose::Role;

    has user => (
        isa => "MyFoo::Schema::User",
        is  => "ro",
        required => 1,

And here's an example username identity:

    package MyFoo::Schema::Identity::Username;
    use Moose;

    with qw(

and then point back to these identities from the user:

    has identities => (
        isa      => "ArrayRef[MyFoo::Schema::Identity]",
        is       => "rw",
        required => 1,

Since the identity is part of the objects' ID uniqueness is enforced in a
portable way (you don't need to use the DBI backend and a custom unique

This also allows you to easily add additional authentication schemes, change
them, provide namespacing support and so on without affecting the high level
user object, which represents the actual account holder regardless of the
authentication scheme they used.



=head1 AUTHOR

Yuval Kogman E<lt>nothingmuch@woobling.orgE<gt>


    Copyright (c) 2008, 2009 Yuval Kogman, Infinity Interactive. All
    rights reserved This program is free software; you can redistribute
    it and/or modify it under the same terms as Perl itself.


# ex: set sw=4 et: