# Slauth storage interface to DB4 library

package Slauth::Storage::User_DB;

use strict;
#use warnings FATAL => 'all', NONFATAL => 'redefine';
use base "Slauth::Storage::DB";
use IO::File;
use Digest::MD5 'md5_base64';

sub debug { Slauth::Config::debug; }

# instantiate a new object
sub new
{
	my $class = shift;
	my $self = {};
	debug and print STDERR "debug: Slauth::Storage::User_DB new\n";
	bless $self, $class;
	$self->initialize(@_);
	return $self;
}

#
# the record structure is as follows:
#   0	login name
#   1   password MD5 hash
#   2	password hashing salt (randomizing string)
#   2   name
#   3	e-mail
#   5	groups
#

# set up the data needed within a DB_User object
sub initialize
{
	my ( $self, $config ) = @_;

        # set filename prefix string
        $self->{file_prefix} = "user-";

        # use parent class' Slauth::Storage::DB::opendb to open the DB
        $self->opendb( $config );
}

# write a (possibly new) user record
sub write_record
{
	my ( $self, $login, $password, $name, $email, @groups ) = @_;
	my $salt = Slauth::Storage::DB::gen_salt();
	my $pw_hash = md5_base64( $password."-".$salt );
	my $rec = join ( "::", $login, $pw_hash, $salt, $name, $email,
		join ( ",", @groups ));
	return $self->write_raw_record($login,$rec);
}

# check a user's password
# external function
sub check_pw
{
	my ( $login, $pw_test, $config ) = @_;
	my ( $user_login, $user_pw_hash, $user_salt, $user_name,
		$user_email, $user_groups )
		= Slauth::Storage::User_DB::get_user($login, $config);
	my $pw_hash_test = md5_base64( $pw_test."-".$user_salt );

	# This comparison uses a one-way hash - the user's password
	# has not been stored in clear text and is not available anywhere.
	# If the submitted password hashed with the salt (randomizer) string
	# matches the password hash (prepared the same way), it's a match.
	my $result = ( $pw_hash_test eq $user_pw_hash );
	debug and print STDERR "Slauth::Storage::User_DB::check_pw: $result\n";
	return $result;
}

# get user data
# external function
sub get_user
{
	my $login = shift;
	my $config = shift;
	debug and print STDERR "Slauth::Storage::User_DB::get_user: begin\n";
	my $user_db = Slauth::Storage::User_DB->new( $config );
	debug and print STDERR "Slauth::Storage::User_DB::get_user: login=$login\n";
	return $user_db->read_record($login);
}

1;