[Catalyst-commits] r11227 - in
Catalyst-Authentication-Credential-OpenID/trunk: .
lib/Catalyst/Authentication/Credential t t/Consumer/lib
t/Provider/lib t/Provider/lib/TestApp/Controller
apv at dev.catalyst.perl.org
apv at dev.catalyst.perl.org
Mon Aug 24 04:25:22 GMT 2009
Author: apv
Date: 2009-08-24 04:25:20 +0000 (Mon, 24 Aug 2009)
New Revision: 11227
Modified:
Catalyst-Authentication-Credential-OpenID/trunk/Changes
Catalyst-Authentication-Credential-OpenID/trunk/README
Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm
Catalyst-Authentication-Credential-OpenID/trunk/t/Consumer/lib/TestApp.pm
Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp.pm
Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp/Controller/Root.pm
Catalyst-Authentication-Credential-OpenID/trunk/t/live-app.t
Log:
Another dev release for teh CPANZ. Errors are no longer fatal by default.
Modified: Catalyst-Authentication-Credential-OpenID/trunk/Changes
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/Changes 2009-08-24 02:48:43 UTC (rev 11226)
+++ Catalyst-Authentication-Credential-OpenID/trunk/Changes 2009-08-24 04:25:20 UTC (rev 11227)
@@ -1,5 +1,11 @@
Revision history for Catalyst::Authentication::Credential::OpenID
+0.14_03 Sun Aug 23 21:13:33 PDT 2009
+ - Made errors non-fatal to match behavior of other credentials.
+ Provided legacy setting for those who still prefer it.
+ - Note that tickets #46916 and #45006 were fixed a couple
+ releases back.
+
0.14_02 Sun Aug 23 17:43:46 PDT 2009
- Fixed #48952.
Modified: Catalyst-Authentication-Credential-OpenID/trunk/README
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/README 2009-08-24 02:48:43 UTC (rev 11226)
+++ Catalyst-Authentication-Credential-OpenID/trunk/README 2009-08-24 04:25:20 UTC (rev 11227)
@@ -3,9 +3,10 @@
Catalyst::Plugin::Authentication framework.
VERSION
- 0.14_02
+ 0.14_03
-BACKWARDS COMPATIBILITY CHANGE
+BACKWARDS COMPATIBILITY CHANGES
+ EXTENTION_ARGS v EXTENSIONS
NB: The extenstions were previously configured under the key
"extension_args". They are now configured under "extensions". This
prevents the need for double configuration but it breaks extensions in
@@ -15,6 +16,14 @@
As previously noted, "EXTENSIONS TO OPENID", I have not tested the
extensions. I would be grateful for any feedback or, better, tests.
+ FATALS
+ The problems encountered by failed OpenID operations have always been
+ fatals in the past. This is unexpected behavior for most users as it
+ differs from other credentials. Authentication errors here are no longer
+ fatal. Debug/error output is improved to offset the loss of information.
+ If for some reason you would prefer the legacy/fatal behavior, set the
+ configuration variable "errors_are_fatal" to a true value.
+
SYNOPSIS
In MyApp.pm-
Modified: Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm 2009-08-24 02:48:43 UTC (rev 11226)
+++ Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm 2009-08-24 04:25:20 UTC (rev 11227)
@@ -60,12 +60,18 @@
$claimed_uri ||= $c->req->method eq 'GET' ?
$c->req->query_params->{ $field } : $c->req->body_params->{ $field };
+
my $csr = Net::OpenID::Consumer->new(
ua => $self->_config->{ua_class}->new(%{$self->_config->{ua_args} || {}}),
args => $c->req->params,
consumer_secret => $self->secret,
);
+ if ( $self->_config->{extension_args} and $self->debug )
+ {
+ $c->log->info("The configuration key 'extension_args' is deprecated; use 'extensions'");
+ }
+
my @extensions = $self->_config->{extensions} ?
@{ $self->_config->{extensions} } : $self->_config->{extension_args} ?
@{ $self->_config->{extension_args} } : ();
@@ -77,7 +83,15 @@
my $identity = $csr->claimed_identity($claimed_uri);
unless ( $identity )
{
- Catalyst::Exception->throw($csr->err);
+ if ( $self->_config->{errors_are_fatal} )
+ {
+ Catalyst::Exception->throw($csr->err);
+ }
+ else
+ {
+ $c->log->error($csr->err . " -- $claimed_uri");
+ $c->detach();
+ }
}
$identity->set_extension_args(@extensions)
@@ -122,14 +136,16 @@
}
else
{
- $c->log->debug("Verified OpenID identity failed to load with find_user; bad user_class? Try 'Null.'") if $c->debug;
+ $c->log->debug("Verified OpenID identity failed to load with find_user; bad user_class? Try 'Null.'") if $self->debug;
return;
}
}
else
{
- Catalyst::Exception->throw("Error validating identity: " .
- $csr->err);
+ $self->_config->{errors_are_fatal} ?
+ Catalyst::Exception->throw("Error validating identity: " . $csr->err)
+ :
+ $c->log->error( $csr->err);
}
}
return;
@@ -147,12 +163,18 @@
0.14_03
-=head1 BACKWARDS COMPATIBILITY CHANGE
+=head1 BACKWARDS COMPATIBILITY CHANGES
+=head2 EXTENTION_ARGS v EXTENSIONS
+
B<NB>: The extenstions were previously configured under the key C<extension_args>. They are now configured under C<extensions>. This prevents the need for double configuration but it breaks extensions in your application if you do not change the name. The old version is supported for now but may be phased out at any time.
As previously noted, L</EXTENSIONS TO OPENID>, I have not tested the extensions. I would be grateful for any feedback or, better, tests.
+=head2 FATALS
+
+The problems encountered by failed OpenID operations have always been fatals in the past. This is unexpected behavior for most users as it differs from other credentials. Authentication errors here are no longer fatal. Debug/error output is improved to offset the loss of information. If for some reason you would prefer the legacy/fatal behavior, set the configuration variable C<errors_are_fatal> to a true value.
+
=head1 SYNOPSIS
In MyApp.pm-
@@ -443,23 +465,17 @@
=item ua_args and ua_class
-L<LWPx::ParanoidAgent> is the default agent E<mdash> C<ua_class>
-E<mdash> if it's available, L<LWP::UserAgent> if not. You don't have
-to set it. I recommend that you do B<not> override it. You can with
-any well behaved L<LWP::UserAgent>. You probably should not.
-L<LWPx::ParanoidAgent> buys you many defenses and extra security
-checks. When you allow your application users freedom to initiate
-external requests, you open an avenue for DoS (denial of service)
-attacks. L<LWPx::ParanoidAgent> defends against this.
-L<LWP::UserAgent> and any regular subclass of it will not.
+L<LWPx::ParanoidAgent> is the default agent E<mdash> C<ua_class> E<mdash> if it's available, L<LWP::UserAgent> if not. You don't have to set
+it. I recommend that you do B<not> override it. You can with any well behaved L<LWP::UserAgent>. You probably should not.
+L<LWPx::ParanoidAgent> buys you many defenses and extra security checks. When you allow your application users freedom to initiate external
+requests, you open an avenue for DoS (denial of service) attacks. L<LWPx::ParanoidAgent> defends against this. L<LWP::UserAgent> and any
+regular subclass of it will not.
=item consumer_secret
-The underlying L<Net::OpenID::Consumer> object is seeded with a
-secret. If it's important to you to set your own, you can. The default
-uses this package name + its version + the sorted configuration keys
-of your Catalyst application (chopped at 255 characters if it's
-longer). This should generally be superior to any fixed string.
+The underlying L<Net::OpenID::Consumer> object is seeded with a secret. If it's important to you to set your own, you can. The default uses
+this package name + its version + the sorted configuration keys of your Catalyst application (chopped at 255 characters if it's longer).
+This should generally be superior to any fixed string.
=back
@@ -469,13 +485,10 @@
Support more of the new methods in the L<Net::OpenID> kit.
-There are some interesting implications with this sort of setup. Does
-a user aggregate realms or can a user be signed in under more than one
-realm? The documents could contain a recipe of the self-answering
-OpenID end-point that is in the tests.
+There are some interesting implications with this sort of setup. Does a user aggregate realms or can a user be signed in under more than one
+realm? The documents could contain a recipe of the self-answering OpenID end-point that is in the tests.
-Debug statements need to be both expanded and limited via realm
-configuration.
+Debug statements need to be both expanded and limited via realm configuration.
Better diagnostics in errors. Debug info at all consumer calls.
@@ -495,26 +508,17 @@
=head1 DISCLAIMER OF WARRANTY
-Because this software is licensed free of charge, there is no warranty
-for the software, to the extent permitted by applicable law. Except when
-otherwise stated in writing the copyright holders and other parties
-provide the software "as is" without warranty of any kind, either
-expressed or implied, including, but not limited to, the implied
-warranties of merchantability and fitness for a particular purpose. The
-entire risk as to the quality and performance of the software is with
-you. Should the software prove defective, you assume the cost of all
+Because this software is licensed free of charge, there is no warranty for the software, to the extent permitted by applicable law. Except
+when otherwise stated in writing the copyright holders and other parties provide the software "as is" without warranty of any kind, either
+expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The
+entire risk as to the quality and performance of the software is with you. Should the software prove defective, you assume the cost of all
necessary servicing, repair, or correction.
-In no event unless required by applicable law or agreed to in writing
-will any copyright holder, or any other party who may modify or
-redistribute the software as permitted by the above license, be
-liable to you for damages, including any general, special, incidental,
-or consequential damages arising out of the use or inability to use
-the software (including but not limited to loss of data or data being
-rendered inaccurate or losses sustained by you or third parties or a
-failure of the software to operate with any other software), even if
-such holder or other party has been advised of the possibility of
-such damages.
+In no event unless required by applicable law or agreed to in writing will any copyright holder, or any other party who may modify or
+redistribute the software as permitted by the above license, be liable to you for damages, including any general, special, incidental, or
+consequential damages arising out of the use or inability to use the software (including but not limited to loss of data or data being
+rendered inaccurate or losses sustained by you or third parties or a failure of the software to operate with any other software), even if
+such holder or other party has been advised of the possibility of such damages.
=head1 SEE ALSO
@@ -522,11 +526,13 @@
=item OpenID
-L<Net::OpenID::Server>, L<Net::OpenID::VerifiedIdentity>, L<Net::OpenID::Consumer>, L<http://openid.net/>, L<http://openid.net/developers/specs/>, and L<http://openid.net/extensions/sreg/1.1>.
+L<Net::OpenID::Server>, L<Net::OpenID::VerifiedIdentity>, L<Net::OpenID::Consumer>, L<http://openid.net/>,
+L<http://openid.net/developers/specs/>, and L<http://openid.net/extensions/sreg/1.1>.
=item Catalyst Authentication
-L<Catalyst>, L<Catalyst::Plugin::Authentication>, L<Catalyst::Manual::Tutorial::Authorization>, and L<Catalyst::Manual::Tutorial::Authentication>.
+L<Catalyst>, L<Catalyst::Plugin::Authentication>, L<Catalyst::Manual::Tutorial::Authorization>, and
+L<Catalyst::Manual::Tutorial::Authentication>.
=item Catalyst Configuration
Modified: Catalyst-Authentication-Credential-OpenID/trunk/t/Consumer/lib/TestApp.pm
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/t/Consumer/lib/TestApp.pm 2009-08-24 02:48:43 UTC (rev 11226)
+++ Catalyst-Authentication-Credential-OpenID/trunk/t/Consumer/lib/TestApp.pm 2009-08-24 04:25:20 UTC (rev 11227)
@@ -41,6 +41,7 @@
}
},
openid => {
+ errors_are_fatal => 1,
# ua_class => "LWPx::ParanoidAgent",
ua_class => "LWP::UserAgent",
ua_args => {
Modified: Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp/Controller/Root.pm
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp/Controller/Root.pm 2009-08-24 02:48:43 UTC (rev 11226)
+++ Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp/Controller/Root.pm 2009-08-24 04:25:20 UTC (rev 11227)
@@ -105,6 +105,8 @@
sub signin_openid : Local {
my($self, $c) = @_;
+ # eval { $c->authenticate({}, "openid") }; $c->res->body($@); return 1;
+
if ( $c->authenticate({}, "openid") )
{
$c->res->body("You did it with OpenID!");
Modified: Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp.pm
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp.pm 2009-08-24 02:48:43 UTC (rev 11226)
+++ Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp.pm 2009-08-24 04:25:20 UTC (rev 11227)
@@ -41,6 +41,7 @@
}
},
openid => {
+ errors_are_fatal => 1,
#ua_class => "LWPx::ParanoidAgent",
ua_class => "LWP::UserAgent",
ua_args => {
Modified: Catalyst-Authentication-Credential-OpenID/trunk/t/live-app.t
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/t/live-app.t 2009-08-24 02:48:43 UTC (rev 11226)
+++ Catalyst-Authentication-Credential-OpenID/trunk/t/live-app.t 2009-08-24 04:25:20 UTC (rev 11227)
@@ -11,8 +11,8 @@
eval "use Catalyst::Devel 1.0";
plan skip_all => 'Catalyst::Devel required' if $@;
-plan "no_plan";
-# plan tests => 17;
+# plan "no_plan";
+plan tests => 21;
# One port for consumer app, one for provider.
my $consumer_port = 10000 + int rand(1 + 10000);
More information about the Catalyst-commits
mailing list