Class::User::DBI A User class: Login credentials, roles, privileges, domains
Download

Class::User::DBI Ranking & Summary

Class::User::DBI Tags

Perl module perl Login Credentials

Class::User::DBI Description

Class::User::DBI is a Perl module designed to simplify user logins, authentication, role based access control (authorization), as well as domain (locality) constraint access control.It stores user credentials, roles, and basic user information in a database via a DBIx::Connector database connection.User passphrases are salted with a 512 bit random salt (unique per user) using a cryptographically strong random number generator, and converted to a SHA2-512 digest before being stored in the database. All subsequent passphrase validation checks test against the salt and passphrase SHA2 hash.IP whitelists may be maintained per user. If a user is set to require an IP check, then the user validates only if his passphrase authenticates AND his IP is found in the whitelist associated with his user id.Users may be given a role, which is conceptually similar to a Unix 'group'. Roles are simple strings. Furthermore, multiple privileges (also simple strings) are granted to roles.Users may be given multiple domains, which might be used to model localities or jurisdictions. Domains act independently from roles and privileges, but are a convenient way of constraining a role and its privileges to a specific set of localities.SYNOPSISThis module models a "User" class, with login credentials, and Roles Based Access Control. Additionally, IP whitelists may be used as an additional validation measure. Domain (locality) based access control is also provided independently of role based access control.A brief description of authentication: Passphrases are stored as randomly salted SHA2-512 hashes. Optional whitelisting of IP's is also available.A brief description of this RBAC implementation: Users have roles and domains (localities). Roles carry privileges. Roles with privileges, and domains act independently, allowing for sophisticated access control. # Set up a connection using DBIx::Connector: # MySQL database settings: my $conn = DBIx::Connector->new( 'dbi:mysql:database=cudbi_tests, 'testing_user', 'testers_pass', { RaiseError => 1, AutoCommit => 1, } ); # Now we can play with Class::User::DBI: Class::User::DBI->configure_db( $conn ); # Set up the tables for a user DB. my @user_list = Class::User::DBI->list_users; my $user = new( $conn, $userid ); my $user_id = $user->add_user( { password => $password, ip_req => $bool_ip_req, ips => , # aref ip's. username => $full_name, email => $email, role => $role, } ); my $userid = $user->userid; my $validated = $user->validated; my $invalidated = $user->validated(0); # Cancel authentication. my $is_valid = $user->validate( $pass, $ip ); # Validate including IP. my $is_valid = $user->validate( $pass ); # Validate without IP. my $info_href = $user->load_profile; my $credentials = $user->get_credentials; # Returns a useful hashref. my @valid_ips = $user->get_valid_ips; my $ip_required = $user->get_ip_required; my $success = $user->set_ip_required(1); my $ exists = $user->exists_user; my $success = $user->delete_user; my $del_count = $user->delete_ips( @ips ); my $add_count = $user->add_ips( @ips ); my $success = $user->set_email( 'new@email.address' ); my $success = $user->set_username( 'Cool New User Name' ); my $success = $user->update_password( 'Old Pass', 'New Pass' ); my $success = $user->update_password( 'New Pass' ); my $success = $user->set_role( $role ); my $has = $user->is_role( $role ); my $role = $user->get_role; # Accessors for the RolePrivileges and UserDomains classes. my $rp = $user->role_privileges; my $has_priv = $user->role_privileges->has_privilege( 'some_privilg' ); my $ud = $user->user_domains; my $has_domain = $user->user_domains->has_domain( 'some_domain' );Product's homepage

Class::User::DBI Related Software