package Catalyst::Authentication::AuthTkt;

use warnings;
use strict;

our $VERSION = '0.17';

=head1 NAME

Catalyst::Authentication::AuthTkt - shim for Apache::AuthTkt

=head1 SYNOPSIS

 # in your MyApp.pm file
 use Catalyst qw(
     Authentication
 );

 # Configure an authentication realm in your app config:
 <Plugin::Authentication>
    default_realm authtkt
    <realms>
        <authtkt>
            class AuthTkt
            <credential>
                class AuthTkt
            </credential>
            <store>
                class AuthTkt
                
                cookie_name auth_tkt

                # if ignore_ip is on in your login script, set this
                ignore_ip 1
                use_req_address 0.0.0.0
                
                # either the path to your Apache .conf file
                #conf path/to/httpd.conf
                
                # or set the secret string explicitly
                #secret fee fi fo fum
                
                # these next two are the Apache::AuthTkt defaults
                timeout 2h
                timeout_refresh 0.50
                
                # explicitly define a domain for the cookie
                # NOTE the leading dot means every host in the subdomain
                domain .foo.bar.com
                
                # mock a user -- this effectively turns off
                # the auth system. *** for development only ***
                <mock>
                    id joeuser
                    tokens foo
                    tokens bar
                </mock>
                    

            </store>
        </authtkt>
    </realms>
 </Plugin::Authentication>
 <Controller::Root>
    auth_url http://yourdomain/login
 </Controller::Root>

 # and then in your Root controller:

 has auth_url => (
    is => 'ro',
    required => 1,
 );

 sub auto : Private {
     my ( $self, $c ) = @_;
             
     # validate the ticket and update ticket and session if necessary
     return 1 if $c->authenticate;
        
     # no valid login found so redirect.
     $c->response->redirect( $self->auth_url );
        
     # tell Catalyst to abort processing.
     return 0;
 }

 # and then elsewhere in your app
 if ($c->user_exists) {
    $c->log->debug("Logged in as user " . $c->user->id);
    #...
 }

=head1 DESCRIPTION

This module implements the Catalyst::Authentication API 
for Apache::AuthTkt version 0.08 and later.

B<This module does not implement any features 
for creating the AuthTkt cookie.>
Instead, this module simply checks that the 
AuthTkt cookie is present and unpacks it
in accordance with the Authentication API. 
The intention is that you create/set the AuthTkt cookie
independently of the Authentication code, 
whether in a separate application (e.g. the mod_auth_tkt
C<login.cgi> script) or via the Apache::AuthTkt module directly.

mod_auth_tkt L<http://www.openfusion.com.au/labs/mod_auth_tkt/> 
is a single-sign-on C module for Apache.
Using this module, however, you could implement all 
the features of mod_auth_tkt, in Perl, using any
web server where you can deploy Catalyst, including 
front-end-proxy/back-end-mod_perl and lighttpd situations.

=head1 AUTHOR

Peter Karman, C<< <karman at cpan dot org> >>

=head1 BUGS

Please report any bugs or feature requests to
C<bug-catalyst-authentication-authtkt at rt.cpan.org>, 
or through the web interface at
L<http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Catalyst-Authentication-AuthTkt>.
I will be notified, and then you'll automatically be 
notified of progress on
your bug as I make changes.

=head1 SUPPORT

You can find documentation for this module with the perldoc command.

    perldoc Catalyst::Authentication::AuthTkt

You can also look for information at:

=over 4

=item * AnnoCPAN: Annotated CPAN documentation

L<http://annocpan.org/dist/Catalyst-Authentication-AuthTkt>

=item * CPAN Ratings

L<http://cpanratings.perl.org/d/Catalyst-Authentication-AuthTkt>

=item * RT: CPAN's request tracker

L<http://rt.cpan.org/NoAuth/Bugs.html?Dist=Catalyst-Authentication-AuthTkt>

=item * Search CPAN

L<http://search.cpan.org/dist/Catalyst-Authentication-AuthTkt>

=back

=head1 ACKNOWLEDGEMENTS

The Minnesota Supercomputing Institute C<< http://www.msi.umn.edu/ >>
sponsored the development of this software.

=head1 COPYRIGHT & LICENSE

Copyright 2008 by the Regents of the University of Minnesota.

This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.


=cut

1; # End of Catalyst::Authentication::AuthTkt