[Catalyst-commits] r9127 - in trunk/Catalyst-Plugin-Authentication: . lib/Catalyst/Authentication/Credential t

t0m at dev.catalyst.perl.org t0m at dev.catalyst.perl.org
Sat Jan 24 23:26:22 GMT 2009 

Author: t0m
Date: 2009-01-24 23:26:21 +0000 (Sat, 24 Jan 2009)
New Revision: 9127

Modified:
   trunk/Catalyst-Plugin-Authentication/Changes
   trunk/Catalyst-Plugin-Authentication/Makefile.PL
   trunk/Catalyst-Plugin-Authentication/lib/Catalyst/Authentication/Credential/Password.pm
   trunk/Catalyst-Plugin-Authentication/t/05_password.t
Log:
Fix bug with cleartext password_type (bug reported to my email by crackcraft at gmail.com), adding mock tests around that area..

Modified: trunk/Catalyst-Plugin-Authentication/Changes
===================================================================
--- trunk/Catalyst-Plugin-Authentication/Changes	2009-01-24 05:30:09 UTC (rev 9126)
+++ trunk/Catalyst-Plugin-Authentication/Changes	2009-01-24 23:26:21 UTC (rev 9127)
@@ -1,5 +1,10 @@
 Revision history for Perl extension Catalyst::Plugin::Authentication
 
+      - Fix bug in Credential::Password with password_type: clear.
+        - Add test for this.
+      - Add mock object tests for Credential::Password with password_type: 
+        clear.
+
 0.100092
       - Release new version, no changes since dev release.     
 

Modified: trunk/Catalyst-Plugin-Authentication/Makefile.PL
===================================================================
--- trunk/Catalyst-Plugin-Authentication/Makefile.PL	2009-01-24 05:30:09 UTC (rev 9126)
+++ trunk/Catalyst-Plugin-Authentication/Makefile.PL	2009-01-24 23:26:21 UTC (rev 9127)
@@ -15,6 +15,7 @@
 
 test_requires 'Test::More';
 test_requires 'Test::Exception';
+test_requires 'Test::MockObject';
 
 auto_install;
 WriteAll;

Modified: trunk/Catalyst-Plugin-Authentication/lib/Catalyst/Authentication/Credential/Password.pm
===================================================================
--- trunk/Catalyst-Plugin-Authentication/lib/Catalyst/Authentication/Credential/Password.pm	2009-01-24 05:30:09 UTC (rev 9126)
+++ trunk/Catalyst-Plugin-Authentication/lib/Catalyst/Authentication/Credential/Password.pm	2009-01-24 23:26:21 UTC (rev 9127)
@@ -64,6 +64,9 @@
         if ($self->_config->{'password_type'} eq 'none') {
             return 1;
         } elsif ($self->_config->{'password_type'} eq 'clear') {
+            # FIXME - Should we warn in the $storedpassword undef case, 
+            #         as the user probably fluffed the config?
+            return unless defined $storedpassword;
             return $password eq $storedpassword;
         } elsif ($self->_config->{'password_type'} eq 'crypted') {            
             return $storedpassword eq crypt( $password, $storedpassword );

Modified: trunk/Catalyst-Plugin-Authentication/t/05_password.t
===================================================================
--- trunk/Catalyst-Plugin-Authentication/t/05_password.t	2009-01-24 05:30:09 UTC (rev 9126)
+++ trunk/Catalyst-Plugin-Authentication/t/05_password.t	2009-01-24 23:26:21 UTC (rev 9127)
@@ -1,11 +1,44 @@
 use strict;
 use warnings;
 
-use Test::More 'no_plan';
+use Test::More tests => 11;
+use Test::Exception;
+use Test::MockObject;
 
-
+# 1,2
 my $m; BEGIN { use_ok($m = "Catalyst::Authentication::Credential::Password") }
-
 can_ok($m, "authenticate");
 
+my $app = Test::MockObject->new;
+my $realm = Test::MockObject->new;
+my $user = Test::MockObject->new;
+our ($user_get_password_field_name, $user_password );
+$user->mock('get' => sub { $user_get_password_field_name = $_[1]; return $user_password });
 
+# 3-6 # Test clear passwords if you mess up the password_field
+{
+    local $user_password = undef;        # The user returns an undef password, 
+    local $user_get_password_field_name; # as there is no field named 'mistyped'
+    my $config = { password_type => 'clear', password_field => 'mistyped' };
+    my $i; lives_ok { $i = $m->new($config, $app, $realm) } 'Construct instance';
+    ok($i, 'Have instance');
+    my $r = $i->check_password($user, { username => 'someuser', password => 'password' });
+    is($user_get_password_field_name, 'mistyped', 
+        '(Incorrect) field name from config correctly passed to user');
+    ok(! $r, 'Authentication unsuccessful' );
+}
+
+# 7-11 # Test clear passwords working, and not working
+{
+    local $user_password = 'mypassword';         
+    local $user_get_password_field_name;
+    my $config = { password_type => 'clear', password_field => 'the_password_field' };
+    my $i; lives_ok { $i = $m->new($config, $app, $realm) } 'Construct instance';
+    ok($i, 'Have instance');
+    my $r = $i->check_password($user, { username => 'someuser', the_password_field => 'mypassword' });
+    is($user_get_password_field_name, 'the_password_field', 
+        'Correct field name from config correctly passed to user');
+    ok( $r, 'Authentication successful with correct password' );
+    $r = $i->check_password($user, { username => 'someuser', the_password_field => 'adifferentpassword' });
+    ok( ! $r, 'Authentication ussuccessful with incorrect password' );
+}

More information about the Catalyst-commits mailing list