internal package
Foswiki::LoginManager internal package
Foswiki::LoginManager The package is also a Factory for login managers and also the base class for all login managers.
On it's own, an object of this class is used when you specify 'none' in the security setup section of configure. When it is used, logins are not supported. If you want to authenticate users then you should consider TemplateLogin or ApacheLogin, which are subclasses of this class. If you are building a new login manager, then you should write a new subclass of this class, implementing the methods marked as VIRTUAL. There are already examples in thelib/Foswiki/LoginManager
directory.
The class has extensive tracing, which is enabled by $Foswiki::cfg{Trace}{LoginManager}. The tracing is done in such a way as to let the perl optimiser optimise out the trace function as a no-op if tracing is disabled.
Here's an overview of how it works:
Early in Foswiki::new, the login manager is created. The creation of the login manager does two things:The last step in Foswiki::new is to find the user, using whatever user mapping manager is in place.
twiki
The Foswiki object this login manager is attached to.
StaticMethod
makeLoginManager( $session ) → $Foswiki::LoginManager ClassMethod
new ($session, $impl) Construct the user management object
ObjectMethod
finish() ClassMethod
_real_trace ($session, $impl) Construct the user management object
ClassMethod
_IP2SID ($session, $impl) read/write IP to SID map, return SID
ObjectMethod
loadSession($defaultUser, $pwchecker) → $login Get the client session data, using the cookie and/or the request URL. Set up appropriate session variables in the session object and return the login name.
$pwchecker is a pointer to an object that implements checkPassword
$defaultUser is a username to use if one is not available from other sources. The username passed when you create a Foswiki instance is passed in here.
ObjectMethod
redirectToLoggedOutUrl($authUser, $defaultUser) Helper method, called by loadSession, to redirect to the non-authenticated url and return the non-authenticated "default user" login name.
$authUser is the currently logged in user, derived from the request's username.
$defaultUser is a username to use if one is not available from other sources. The username passed when you create a Foswiki instance is passed in here.
ObjectMethod
checkAccess() Check if the script being run in this session is authorised for execution. If not, throw an access control exception.
ObjectMethod
complete() Complete processing after the client's HTTP request has been responded to. Flush the user's session (if any) to disk.
StaticMethod
expireDeadSessions() This is a static method, but requires Foswiki::cfg. It is designed to be run from a session or from a cron job.
ObjectMethod
userLoggedIn( $authUser, $wikiname) $authUser
- string login name
$wikiname
- string wikiname
ObjectMethod
_myScriptURLRE ($thisl) ObjectMethod
_rewriteURL ($this, $url) → $url ObjectMethod
_rewriteFORM ($thisl) ObjectMethod
endRenderingHandler() This handler is called by getRenderedVersion just before the plugins postRenderingHandler. So it is passed all HTML text just before it is printed.
DEPRECATED Use postRenderingHandler instead.ObjectMethod
rewriteRedirectUrl( $url ) ->$url $url
- target of the redirection.
ObjectMethod
getSessionValues() → \%values Get a name->value hash of all the defined session variables
ObjectMethod
getCGISession() ObjectMethod
getSessionValue( $name ) → $value Get the value of a session variable.
ObjectMethod
setSessionValue( $name, $value ) Set the value of a session variable.
ObjectMethod
clearSessionValue( $name ) → $boolean Clear the value of a session variable. We do not allow setting of AUTHUSER.
ObjectMethod
forceAuthentication() → boolean Triggered by an access control violation, this method tests to see if the current session is authenticated or not. If not, it does whatever is needed so that the user can log in, and returns 1.
If the user has an existing authenticated session, the function simply drops though and returns 0.
ObjectMethod
loginUrl( ... ) → $url ...
- url parameters to be added to the URL, in the format required by Foswiki::getScriptUrl()
ObjectMethod
getUser() Should be implemented by subclasses
If there is some other means of getting a username - for example, Apache has remote_user() - then return it. Otherwise, return undef and the username stored in the session will be used.
This method of getting the user assumes that the identified user has been authenticated in some way (for example, by the web server)ObjectMethod
isValidLoginName( $name ) → $boolean Check for a valid login name (not an existance check, just syntax). Default behaviour is to check the login name against $Foswiki::cfg{LoginNameFilterIn}
ObjectMethod
_LOGIN ($thisl) ObjectMethod
_LOGOUTURL ($thisl) ObjectMethod
_LOGOUT ($thisl) ObjectMethod
_AUTHENTICATED ($thisl) ObjectMethod
_CANLOGIN ($thisl) ObjectMethod
_SESSION_VARIABLE ($thisl) ObjectMethod
_LOGINURL ($thisl) ObjectMethod
_dispLogon ($thisl) PrivateMethod
_skinSelect () Internal use only TODO: what does it do?
StaticMethod
removeUserSessions() Delete session files for a user that is being removed from the system. Removing the Session prevents any further damage from a spammer when the account has been removed.
This is a static method, but requires Foswiki::cfg. It is designed to be run from a session.