Just about ready to add the matrix routines on backend

lib/Trog/Auth.pm

@@ -60,7 +60,7 @@ Returns a session ID, or blank string in the event the user does not exist or in
 
 =cut
 
-sub mksession ($user,$pass) {
+sub mksession ($type,$user,$pass) {
     my $dbh = _dbh();
     my $records = $dbh->selectall_arrayref("SELECT salt FROM user WHERE name = ?", { Slice => {} }, $user);
     return '' unless ref $records eq 'ARRAY' && @$records;

lib/Trog/Authz.pm

@@ -6,4 +6,13 @@ use warnings;
 no warnings 'experimental';
 use feature qw{signatures state};
 
+use constant 'valid_modules'   => [ 'Default', 'Matrix' ];
 
+sub do_auth_for ($module, $params) {
+    die "Invalid authorization class" if !grep { $module eq $_ } @{$class->valid_modules()};
+    my $class = "Trog::Authz::$module";
+    eval "require $class";
+    return $class->new($params);
+}
+
+1;

lib/Trog/Authz/Base.pm

@@ -0,0 +1,26 @@
+package Trog::Authz;
+
+use strict;
+use warnings;
+
+no warnings 'experimental';
+use feature qw{signatures state};
+
+use constant 'required_params' => [];
+
+sub new ($class, $params) {
+    return 0 if grep { !$params->{$_} } @{$class->required_params()};
+    my $self = bless { 'params' => $params }, $class;
+    return $self->do_auth();
+}
+
+sub do_auth {
+    die "Implemented in subclass";
+}
+
+sub failed {
+    $self->{'failed'} //= -1;
+    return $self->{'failed'};
+}
+
+1;

lib/Trog/Authz/Default.pm

@@ -6,4 +6,33 @@ use warnings;
 no warnings 'experimental';
 use feature qw{signatures state};
 
+use parent Trog::Authz::Base;
 
+use constant 'required_params' => [ 'username', 'password' ];
+
+sub do_auth ($self) {
+    if (!$self->{'hasusers'}) {
+        # Make the first user
+        Trog::Auth::useradd($self->{'params'}->{username}, $self->{'params'}->{password}, ['admin'] );
+        # Add a stub user page and the initial series.
+        my $dat = Trog::Data->new($conf);
+        _setup_initial_db($dat,$self->{'params'}->{username});
+        # Ensure we stop registering new users
+        File::Touch::touch("config/has_users");
+    }
+
+    $self->{failed} = 1;
+    my $cookie = Trog::Auth::mksession( 'Default', $self->{'params'}->{username}, $self->{'params'}->{password});
+    if ($cookie) {
+        # TODO secure / sameSite cookie to kill csrf, maybe do rememberme with Expires=~0
+        my $secure = '';
+        $secure = '; Secure' if $self->{'params'}->{scheme} eq 'https';
+        @headers = (
+            "Set-Cookie" => "tcmslogin=$cookie; HttpOnly; SameSite=Strict$secure",
+        );
+        $self->{failed} = 0;
+    }
+    return $self;
+}
+
+1;

lib/Trog/Authz/Matrix.pm

@@ -6,4 +6,16 @@ use warnings;
 no warnings 'experimental';
 use feature qw{signatures state};
 
+use parent Trog::Authz::Base;
 
+use constant 'required_params' => [ 'extAuthData' ];
+
+sub do_auth ($self) {
+    die "Please setup an admin user first" if !$self->{'params'}{'hasuers'};
+
+    # TODO: Parse json from params->extAuthData, figure it out from there
+    $self->{'failed'} = 1;
+    return $self;
+}
+
+1;

lib/Trog/Routes/HTML.pm

@@ -394,42 +394,27 @@ sub login ($query, $render_cb) {
     }
 
     #Check and see if we have no users.  If so we will just accept whatever creds are passed.
-    my $hasusers = -f "config/has_users";
-    my $btnmsg = $hasusers ? "Log In" : "Register";
+    $query->{'hasusers'} = -f "config/has_users";
+    my $btnmsg = $query->{'hasusers'} ? "Log In" : "Register";
 
     my @headers;
-    if ($query->{username} && $query->{password}) {
-        if (!$hasusers) {
-            # Make the first user
-            Trog::Auth::useradd($query->{username}, $query->{password}, ['admin'] );
-            # Add a stub user page and the initial series.
-            my $dat = Trog::Data->new($conf);
-            _setup_initial_db($dat,$query->{username});
-            # Ensure we stop registering new users
-            File::Touch::touch("config/has_users");
-        }
-
-        $query->{failed} = 1;
-        my $cookie = Trog::Auth::mksession($query->{username}, $query->{password});
-        if ($cookie) {
-            # TODO secure / sameSite cookie to kill csrf, maybe do rememberme with Expires=~0
-            my $secure = '';
-            $secure = '; Secure' if $query->{scheme} eq 'https';
-            @headers = (
-                "Set-Cookie" => "tcmslogin=$cookie; HttpOnly; SameSite=Strict$secure",
-            );
-            $query->{failed} = 0;
-        }
+    my $do_auth = grep { $query->{$_} } qw{username extAuthProvider};
+    my $failed = -1;
+    if($do_auth) {
+        my $auth_module = "Default";
+        $auth_module = ucfirst($query->{'extAuthProvider'}) if($query->{'extAuthProvider'});
+        require Trog::Authz;
+        my $auth_obj = Trog::Authz::do_auth_for( $auth_module, $query );
+        $failed = $auth_obj->failed();
     }
 
-    $query->{failed} //= -1;
     return $render_cb->('login.tx', {
         title         => 'tCMS 2 ~ Login',
         to            => $query->{to},
         failure => int( $query->{failed} ),
         message => int( $query->{failed} ) < 1 ? "Login Successful, Redirecting..." : "Login Failed.",
         btnmsg        => $btnmsg,
-        hasusers      => $hasusers ? 1 : 0,
+        hasusers      => $query->{'hasusers'} ? 1 : 0,
         stylesheets   => _build_themed_styles('login.css'),
         theme_dir     => $td,
     }, @headers);