package TicketAuth;

# -- SOAP::Lite -- guide.soaplite.com -- Copyright (C) 2001 Paul Kulchenko --

# we will need to manage Header information to get a ticket
@TicketAuth::ISA = qw(SOAP::Server::Parameters);

# ----------------------------------------------------------------------
# private functions
# ----------------------------------------------------------------------

use Digest::MD5 qw(md5); 

my $calculateAuthInfo = sub {
  return md5(join '', 'something unique for your implementation', @_);
};

my $checkAuthInfo = sub {
  my $authInfo = shift;
  my $signature = $calculateAuthInfo->(@{$authInfo}{qw(email time)});
  die "Authentication information is not valid\n" 
    if $signature ne $authInfo->{signature};
  die "Authentication information is expired\n" 
    if time() > $authInfo->{time};
  return $authInfo->{email};
};

my $makeAuthInfo = sub {
  my $email = shift;
  my $time = time()+20*60; # signature will be valid for 20 minutes
  my $signature = $calculateAuthInfo->($email, $time);
  return +{time => $time, email => $email, signature => $signature};
};

# ----------------------------------------------------------------------
# public functions
# ----------------------------------------------------------------------

sub login { 
  my $self = shift;

  pop; # last parameter is envelope, don't count it
  die "Wrong parameter(s): login(email, password)\n" unless @_ == 2;
  my($email, $password) = @_;

  # check credentials, write your own is_valid() function
  die "Credentials are wrong\n" unless is_valid($email, $password);

  # create and return ticket if everything is ok
  return $makeAuthInfo->($email);

}

sub protected { 
  my $self = shift;

  # authInfo is passed inside the header
  my $email = $checkAuthInfo->(pop->valueof('//authInfo'));

  # do something, user is already authenticated 
  return;
}

1;