[Catalyst-dev] Bug/Feature request in C::P::A::Backend

[Jay K]

Hi Evan,

Here's the scoop. The for_session and from_session methods both
expect to work with serialized data, a scalar.  This is the way it
works in the updated C::P::Auth also.

If you need more than a single scalar value to restore your user, you
should serialize your data structure in the for_session call and
expand it again in the from_session call.  At which point you can do
whatever is necessary to actually retrieve your user.

It's expected that each storage backend will have it's own
requirements for retrieving a user from the session.  No decision is
made in how that will be handled in the main Auth module, as any
decision made there will most likely be wrong / not fit with some
module.  This is why the core Auth module uses the 'give me a string
and I'll give it back to you when the user is coming out of session
storage' method.

Hope this sheds some light,

Jay

On Feb 19, 2007, at 11:51 AM, Evan Carroll wrote:

> Ok, because me rewriting stuff seems to piss everyone off. I have a
> feature request line 122 of C::P::A::S reads as such:
>
>     $c->_user( my $user = $store->from_session( $c, $frozen_user ) );
>
> This is a problem, because ->from_session this should take the same
> args
> that are sent to ->get_user. ( ->get_user's args should be cached and
> resent to ->from_session )
> package Catalyst::Plugin::Authentication::Store::LDAP::Backend; ( my
> version )
> sub from_session {
>   my ( $self, $c, $id, @args ) = @_;
>   $self->get_user($id, @args);
> }
>
> But it seems as if it extends further than my ::LDAP rewrite, ::DBIC
> doesn't accept a third argument to ->from_session at all. (I would
> suggest ::DBIC::Backend to send the third+ arguments to ->get_user too
> for consistency)
> package Catalyst::Plugin::Authentication::Store::DBIC::Backend;
>
> sub from_session {
>     my ( $self, $c, $id ) = @_;
>
>     return $id if ref $id;
>
>     # XXX: hits the database on every request?  Not good...
>     return $self->get_user( $id );
> }
>
> Most stores implement ->from_session as ->get_user, but they don't
> send
> third+ args.
>
> This makes life more difficult, as anything on $c->login's component
> will work, but any time $c->user is called in a later request, it
> blows
> up and eats your face.
>
>
> --
> Evan Carroll
> System Lord of the Internets
> evan at dealermade.com
> 888-403-9143
>
>
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst-dev

---
America will never be destroyed from the outside. If we falter and
lose our freedoms, it will be because we destroyed ourselves. --
Abraham Lincoln