[Catalyst] Require User Logins in Manual::Cookbook

Geoffrey Ferrari geoffrey.ferrari at oriel.oxford.ac.uk
Mon Jan 23 11:20:45 CET 2006 

I've since traced the problem, and it's not quite what I had thought.  
I post the details here, plus my own setup, for anyone else who's  
having difficulty. In short, I was logging in successfully, and the  
logins were carried over between sessions. Unfortunately, the top- 
level auto subroutine in the Manual::Cookbook tests for a logged in  
user using

	$c->request->user

Apparently the new authentication framework uses $c->user instead.

Here's my setup anyway:

In my top level application module (MyApp.pm) I setup the  
authentication plugin and include an auto subroutine. Users should  
note that, as far as I can make out, the Authentication::DBIC module  
uses the hexadecimal output from the SHA-1 hashing algorithm. So your  
passwords in your database must be likewise encrypted as hexadecimal,  
rather than as base_64 or binary. The output from SHA-1 in  
hexadecimal is 40 characters long, so your password field in your  
database needs to be 40 characters long, too.

use Catalyst qw/-Debug
				DefaultEnd
				Static::Simple
				Authentication
				Authentication::Store::DBIC
				Authentication::Credential::Password
				Session
				Session::Store::FastMmap
				Session::State::Cookie
				/;

__PACKAGE__->config->{authentication}->{dbic} = {
	user_class				=> 'MyApp::Model::DBIC::Users',         	# or  
whichever of your Model Classes	
	user_field				=> 'username',						# contains your users
	password_type			=> 'hashed',
	password_hash_type		=> 'SHA-1',
};

sub auto : Private {
     my ($self, $c) = @_;
     my $login_path = 'auth/login';

     # allow people to actually reach the login page!
     if ($c->request->path eq $login_path) {
       return 1;
     }

     # if we have a user ... we're OK

       $c->res->redirect($c->request->base . $login_path) unless $c- 
 >user;

     # continue with the processing chain
     return 1;
   }


Then in Controller::Auth.pm (or whichever module your using, as in  
the $login_path above)

sub login : Local {
         my ( $self, $c ) = @_;

         $c->stash->{'template'} = "login.tt";
         # default form message
	    $c->stash->{'message'} = 'Please enter your username and password';

         if (    my $user = $c->req->param("username")
             and my $password = $c->req->param("password") )
         {
             if ( $c->login( $user, $password ) ) {
                 $c->res->redirect('/');
             } else {
                 # login incorrect
             $c->stash->{'message'} =
            'Unable to authenticate the login details supplied';
             }
         }
         else {
             # invalid form input
         }
}


sub logout : Local {

	my ($self, $c) = @_;
	$c->logout if $c->user;
	$c->res->redirect('/');

}

Finally you need a login template. Beside the usual html, you need a  
form, set to post to your login method, which contains a 'username'  
and 'password' field. I have the following from the cookbook

<form action="/auth/login" method="POST" name="login_form">
     [% message %]<br />
     <label for="username">username:</label><br />
     <input type="text" id="username" name="username" /><br />

     <label for="password">password:</label><br />
     <input type="password" id="password" name="password" /><br />

     <input type="submit" value="log in" name="form_submit" />
</form>


As others have already said, the $c->session_login is no longer  
available. Instead the 'use_session' configuration parameter for the  
Authentication framework determines whether the $c->login call will  
persist over sessions. It's true by default.



On 23 Jan 2006, at 02:12, Geoffrey Ferrari wrote:

> I've tried following the 'require user logins' section of the  
> Catalyst::Manual::Cookbook but I have a feeling it is out of date  
> and broken. In particular,the call to  '$c->session_login 
> (..., ...)" causes an error.  I suspect it might not have been  
> updated for the most recent version of the authentication framework.
>
> Since there is no other documentation around on how to achieve the  
> same functionality, I'm sending out a general plea for someone who  
> knows how to achieve it to update the cookbook documentation, and/ 
> or post some instructions to this list.
>
> I've tried to make it work myself but although I can get a user  
> logged in and redirected, I don't seem to be able to carry the  
> login over multiple sessions. So when I submit the login form, and  
> the log tells me that the user has successfully been authenticated,  
> all that happens in practice is that I get the login form returned  
> to me again. (I've been redirected, during the request for the page  
> it's been noticed that I'm not logged in, and so I'm redirected to  
> the login form again.)
>
> Thanks in advance
>
> GHF
>
> _______________________________________________
> Catalyst mailing list
> Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst
>

More information about the Catalyst mailing list