NAME
    Catalyst::Plugin::Authentication::Store::DBIC - Authentication and
    authorization against a DBIx::Class or Class::DBI model.

SYNOPSIS
        use Catalyst qw/
            Authentication
            Authentication::Store::DBIC
            Authentication::Credential::Password
            Authorization::Roles                                # if using roles
            /;

        # Authentication
        __PACKAGE__->config->{authentication}->{dbic} = {
            user_class         => 'MyApp::Model::User',
            user_field         => 'username',
            password_field     => 'password',
            password_type      => 'hashed',
            password_hash_type => 'SHA-1',
        };
    
        # Authorization using a many-to-many role relationship
        # For more detailed instructions on setting up role-based auth, please
        # see the section below titled L<"Roles">.
        __PACKAGE__->config->{authorization}->{dbic} = {
            role_class           => 'MyApp::Model::Role',
            role_field           => 'role',
            role_rel             => 'map_user_role',            # DBIx::Class only        
            user_role_user_field => 'user',
            user_role_class      => 'MyApp::Model::UserRole',   # Class::DBI only        
            user_role_role_field => 'role',                     # Class::DBI only
        };

        # log a user in
        sub login : Global {
            my ( $self, $c ) = @_;

            $c->login( $c->req->param("email"), $c->req->param("password"), );
        }
    
        # verify a role
        if ( $c->check_user_roles( 'admin' ) ) {
            $model->delete_everything;
        }

DESCRIPTION
    This plugin uses a DBIx::Class (or Class::DBI) object to authenticate a
    user.

AUTHENTICATION CONFIGURATION
    Authentication is configured by setting an authentication->{dbic} hash
    reference in your application's config method. The following
    configuration options are supported.

  user_class
    The name of the class that represents a user object.

  user_field
    The name of the column holding the user identifier (defaults to
    ""user"")

  password_field
    The name of the column holding the user's password (defaults to
    ""password"")

  password_type
    The type of password your user object stores. One of: clear, crypted, or
    hashed. Defaults to clear.

  password_hash_type
    If using a password_type of hashed, this option specifies the hashing
    method being used. Any hashing method supported by the Digest module may
    be used.

  password_pre_salt
    Use this option if your passwords are hashed with a prefix salt value.

  password_post_salt
    Use this option if your passwords are hashed with a postfix salt value.

AUTHORIZATION CONFIGURATION
    Role-based authorization is configured by setting an
    authorization->{dbic} hash reference in your application's config
    method. The following options are supported. For more detailed
    instructions on setting up roles, please see the section below titled
    "Roles".

  role_class
    The name of the class that contains the list of roles.

  role_field
    The name of the field in "role_class" that contains the role name.

  role_rel
    DBIx::Class models only. This field specifies the name of the
    relationship in "role_class" that refers to the mapping table between
    users and roles. Using this relationship, DBIx::Class models can
    retrieve the list of roles for a user in a single SQL statement using a
    join.

  user_role_class
    Class::DBI models only. The name of the class that contains the
    many-to-many linking data between users and roles.

  user_role_user_field
    The name of the field in "user_role_class" that contains the user ID.
    This is required for both DBIx::Class and Class::DBI.

  user_role_role_field
    Class::DBI models only. The name of the field in "user_role_class" that
    contains the role ID.

METHODS
  user_object
    Returns the DBIx::Class or Class::DBI object representing the user in
    the database.

INTERNAL METHODS
  setup
ROLES
    This section will attempt to provide detailed instructions for
    configuring role-based authorization in your application.

  Database Schema
    The basic database structure for roles consists of the following 3
    tables. This syntax is for SQLite, but can be easily adapted to other
    databases.

        CREATE TABLE user (
            id       INTEGER PRIMARY KEY,
            username TEXT,
            password TEXT
        );

        CREATE TABLE role (
            id   INTEGER PRIMARY KEY,
            role TEXT
        );

        # DBIx::Class can handle multiple primary keys
        CREATE TABLE user_role (
            user INTEGER,
            role INTEGER,
            PRIMARY KEY (user, role)
        );
    
        # Class::DBI may need the following user_role table
        CREATE TABLE user_role (
            id   INTEGER PRIMARY KEY,
            user INTEGER,
            role INTEGER,
            UNIQUE (user, role)
        );

  DBIx::Class
    For best performance when using roles, DBIx::Class models are
    recommended. By using DBIx::Class you will benefit from optimized SQL
    using joins that can retrieve roles for a user with a single SQL
    statement.

    The steps for setting up roles with DBIx::Class are:

   1. Create Model classes and define relationships
        # Example User Model
        package MyApp::Model::User;

        use strict;
        use warnings;
        use base 'MyApp::Model::DBIC';

        __PACKAGE__->table( 'user' );
        __PACKAGE__->add_columns( qw/id username password/ );
        __PACKAGE__->set_primary_key( 'id' );

        __PACKAGE__->has_many(
            map_user_role => 'MyApp::Model::UserRole' => 'user' ); 

        1;
    
        # Example Role Model
        package MyApp::Model::Role;
    
        use strict;
        use warnings;
        use base 'MyApp::Model::DBIC';
    
        __PACKAGE__->table( 'role' );
        __PACKAGE__->add_columns( qw/id role/ );    
        __PACKAGE__->set_primary_key( 'id' );
    
        __PACKAGE__->has_many(
            map_user_role => 'MyApp::Model::UserRole' => 'role' );

        1;
    
        # Example UserRole Model
        package MyApp::Model::UserRole;
    
        use strict;
        use warnings;
        use base 'MyApp::Model::DBIC';
    
        __PACKAGE__->table( 'user_role' );
        __PACKAGE__->add_columns( qw/user role/ );                                 
        __PACKAGE__->set_primary_key( qw/user role/ );

        1;

   2. Specify authorization configuration settings
    For the above DBIx::Class model classes, the configuration would look
    like this:

        __PACKAGE__->config->{authorization}->{dbic} = {
            role_class           => 'MyApp::Model::Role',
            role_field           => 'role',
            role_rel             => 'map_user_role',    
            user_role_user_field => 'user',
        };

  Class::DBI
    Class::DBI models are also supported but require slightly more
    configuration. Performance will also suffer as more SQL statements must
    be run to retrieve all roles for a user.

    The steps for setting up roles with Class::DBI are:

   1. Create Model classes
        # Example User Model
        package MyApp::Model::User;

        use strict;
        use warnings;
        use base 'MyApp::Model::CDBI';

        __PACKAGE__->table  ( 'user' );
        __PACKAGE__->columns( Primary   => qw/id/ );
        __PACKAGE__->columns( Essential => qw/username password/ );

        1;
    
        # Example Role Model
        package MyApp::Model::Role;
    
        use strict;
        use warnings;
        use base 'MyApp::Model::CDBI';
    
        __PACKAGE__->table  ( 'role' );
        __PACKAGE__->columns( Primary   => qw/id/ );
        __PACKAGE__->columns( Essential => qw/role/ );
    
        1;
    
        # Example UserRole Model
        package MyApp::Model::UserRole;
    
        use strict;
        use warnings;
        use base 'MyApp::Model::CDBI';
    
        __PACKAGE__->table  ( 'user_role' );
        __PACKAGE__->columns( Primary   => qw/id/ );
        __PACKAGE__->columns( Essential => qw/user role/ );

        1;

   2. Specify authorization configuration settings
    For the above Class::DBI model classes, the configuration would look
    like this:

        __PACKAGE__->config->{authorization}->{dbic} = {
            role_class           => 'MyApp::Model::Role',
            role_field           => 'role',
            user_role_class      => 'MyApp::Model::UserRole',
            user_role_user_field => 'user',        
            user_role_role_field => 'role',
        };

SEE ALSO
    Catalyst::Plugin::Authentication, Catalyst::Plugin::Authorization::Roles

AUTHOR
    Andy Grundman, <andy@hybridized.org>

COPYRIGHT
    This program is free software, you can redistribute it and/or modify it
    under the same terms as Perl itself.