[Catalyst] Require User Logins in Manual::Cookbook
Geoffrey Ferrari
geoffrey.ferrari at oriel.oxford.ac.uk
Tue Jan 24 22:36:16 CET 2006
I've since traced the problem, and it's not quite what I had thought.
I post the details here, plus my own setup, for anyone else who's
having difficulty. In short, I was logging in successfully, and the
logins were carried over between sessions. Unfortunately, the top-
level auto subroutine in the Manual::Cookbook tests for a logged in
user using
$c->request->user
Apparently the new authentication framework uses $c->user instead.
Here's my setup anyway:
In my top level application module (MyApp.pm) I setup the
authentication plugin and include an auto subroutine. Users should
note that, as far as I can make out, the Authentication::DBIC module
uses the hexadecimal output from the SHA-1 hashing algorithm. So your
passwords in your database must be likewise encrypted as hexadecimal,
rather than as base_64 or binary. The output from SHA-1 in
hexadecimal is 40 characters long, so your password field in your
database needs to be 40 characters long, too.
use Catalyst qw/-Debug
DefaultEnd
Static::Simple
Authentication
Authentication::Store::DBIC
Authentication::Credential::Password
Session
Session::Store::FastMmap
Session::State::Cookie
/;
__PACKAGE__->config->{authentication}->{dbic} = {
user_class => 'MyApp::Model::DBIC::Users', # or
whichever of your Model Classes
user_field => 'username', # contains your users
password_type => 'hashed',
password_hash_type => 'SHA-1',
};
sub auto : Private {
my ($self, $c) = @_;
my $login_path = 'auth/login';
# allow people to actually reach the login page!
if ($c->request->path eq $login_path) {
return 1;
}
# if we have a user ... we're OK
$c->res->redirect($c->request->base . $login_path) unless $c-
>user;
# continue with the processing chain
return 1;
}
Then in Controller::Auth.pm (or whichever module your using, as in
the $login_path above)
sub login : Local {
my ( $self, $c ) = @_;
$c->stash->{'template'} = "login.tt";
# default form message
$c->stash->{'message'} = 'Please enter your username and password';
if ( my $user = $c->req->param("username")
and my $password = $c->req->param("password") )
{
if ( $c->login( $user, $password ) ) {
$c->res->redirect('/');
} else {
# login incorrect
$c->stash->{'message'} =
'Unable to authenticate the login details supplied';
}
}
else {
# invalid form input
}
}
sub logout : Local {
my ($self, $c) = @_;
$c->logout if $c->user;
$c->res->redirect('/');
}
Finally you need a login template. Beside the usual html, you need a
form, set to post to your login method, which contains a 'username'
and 'password' field. I have the following from the cookbook
<form action="/auth/login" method="POST" name="login_form">
[% message %]<br />
<label for="username">username:</label><br />
<input type="text" id="username" name="username" /><br />
<label for="password">password:</label><br />
<input type="password" id="password" name="password" /><br />
<input type="submit" value="log in" name="form_submit" />
</form>
As others have already said, the $c->session_login is no longer
available. Instead the 'use_session' configuration parameter for the
Authentication framework determines whether the $c->login call will
persist over sessions. It's true by default.
On 23 Jan 2006, at 02:12, Geoffrey Ferrari wrote:
> I've tried following the 'require user logins' section of the
> Catalyst::Manual::Cookbook but I have a feeling it is out of date
> and broken. In particular,the call to '$c->session_login
> (..., ...)" causes an error. I suspect it might not have been
> updated for the most recent version of the authentication framework.
>
> Since there is no other documentation around on how to achieve the
> same functionality, I'm sending out a general plea for someone who
> knows how to achieve it to update the cookbook documentation, and/
> or post some instructions to this list.
>
> I've tried to make it work myself but although I can get a user
> logged in and redirected, I don't seem to be able to carry the
> login over multiple sessions. So when I submit the login form, and
> the log tells me that the user has successfully been authenticated,
> all that happens in practice is that I get the login form returned
> to me again. (I've been redirected, during the request for the page
> it's been noticed that I'm not logged in, and so I'm redirected to
> the login form again.)
>
> Thanks in advance
>
> GHF
>
> _______________________________________________
> Catalyst mailing list
> Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst
>
>
On 23 Jan 2006, at 02:12, Geoffrey Ferrari wrote:
> I've tried following the 'require user logins' section of the
> Catalyst::Manual::Cookbook but I have a feeling it is out of date
> and broken. In particular,the call to '$c->session_login
> (..., ...)" causes an error. I suspect it might not have been
> updated for the most recent version of the authentication framework.
>
> Since there is no other documentation around on how to achieve the
> same functionality, I'm sending out a general plea for someone who
> knows how to achieve it to update the cookbook documentation, and/
> or post some instructions to this list.
>
> I've tried to make it work myself but although I can get a user
> logged in and redirected, I don't seem to be able to carry the
> login over multiple sessions. So when I submit the login form, and
> the log tells me that the user has successfully been authenticated,
> all that happens in practice is that I get the login form returned
> to me again. (I've been redirected, during the request for the page
> it's been noticed that I'm not logged in, and so I'm redirected to
> the login form again.)
>
> Thanks in advance
>
> GHF
>
> _______________________________________________
> Catalyst mailing list
> Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst
>
More information about the Catalyst
mailing list