670305 - Use Module::Pluggable to get authentication methods (instead of hardcoded lists)

Status: NEW

(Bugzilla :: Administration, task, P3)

Description

[Frédéric Buclin]

Currently, Bugzilla::Config::Auth uses hardcoded lists for user_info_class and user_verify_class:

   name => 'user_info_class',
   choices => [ 'CGI', 'Env', 'Env,CGI' ],

   name => 'user_verify_class',
   choices => [ 'DB', 'RADIUS', 'LDAP' ],

This means that if you add new authentication methods to the Bugzilla/Auth/Login/ and Bugzilla/Auth/Verify/ directories, then these lists must be updated manually. To avoid this problem, and to reflect what is really available, we should use Module::Pluggable (a module which is included in the core distribution of Perl) in Bugzilla::Auth::Login and Bugzilla::Auth::Verify.

For instance, Bugzilla::Auth::Login would have the following line:

  use Module::Pluggable search_path => 'Bugzilla::Auth::Login',
                        except      => 'Bugzilla::Auth::Login::Stack';

And Bugzilla::Config::Auth would simply have this single call to get the list of available methods:

  my @methods = Bugzilla::Auth::Login->new()->plugins;

Comment 1

[Max Kanat-Alexander]

Ah, except that some orders of modules in user_info_class are forbidden, so we'd also have to take that into account. (For example CGI,Env.) We could add some parameters like must_come_before to the Login modules, though--I imagine that would solve it.