[Catalyst] Authentication gotchas

Yuval Kogman nothingmuch at woobling.org
Fri Dec 16 14:17:21 CET 2005


On Fri, Dec 16, 2005 at 10:42:46 +0000, Nigel Metheringham wrote:
> The authentication documentation examples, including the one in the
> advent calendar:-
>   http://catalyst.perl.org/calendar/2005/14
> 
> pretty much all have the same set of example code, eg:-
>         use Catalyst qw/Authentication
>                         ...
>         
>         sub login : Local {
>              my ($self, $c) = @_;
>         
>              if (    my $user = $c->req->param("user")
>                  and my $password = $c->req->param("password") )
>              {
>                  if ( $c->login( $user, $password ) ) {
>                       $c->res->body( "hello " . $c->user->name );
>                  } else {
>                     # login incorrect
>                  }
>              }
>              else {
>                  # invalid form input
>              }
>         }
> 
> Unfortunately as written these tend to do interesting and unintended
> things if you put them into the main app module.  [Hint: what class is
> $c?  What happens when the login method calls $c->login($user,
> $pass)?? ]

Yeah, that's a hell of a gotcha... I always place the login action
in MyApp::Controller::Auth, but that should be documented.

I think the problem is actually with Catalyst though - there's no
benefit in mushing the plugin and action namespaces together, in my
opinion.

Perhaps it's too late for that now, though.

-- 
 ()  Yuval Kogman <nothingmuch at woobling.org> 0xEBD27418  perl hacker &
 /\  kung foo master: /me tips over a cow: neeyah!!!!!!!!!!!!!!!!!!!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.rawmode.org/pipermail/catalyst/attachments/20051216/9ee1f00e/attachment.pgp


More information about the Catalyst mailing list