[Catalyst] Require User Logins in Manual::Cookbook
Will Hawes
info at whawes.co.uk
Wed Jan 25 09:58:32 CET 2006
Geoffrey Ferrari wrote:
> I've since traced the problem, and it's not quite what I had thought. I
> post the details here, plus my own setup, for anyone else who's having
> difficulty. In short, I was logging in successfully, and the logins were
> carried over between sessions. Unfortunately, the top-level auto
> subroutine in the Manual::Cookbook tests for a logged in user using
>
> $c->request->user
>
> Apparently the new authentication framework uses $c->user instead.
>
> Here's my setup anyway:
>
> In my top level application module (MyApp.pm) I setup the authentication
> plugin and include an auto subroutine. Users should note that, as far as
> I can make out, the Authentication::DBIC module uses the hexadecimal
> output from the SHA-1 hashing algorithm. So your passwords in your
> database must be likewise encrypted as hexadecimal, rather than as
> base_64 or binary. The output from SHA-1 in hexadecimal is 40 characters
> long, so your password field in your database needs to be 40 characters
> long, too.
>
> use Catalyst qw/-Debug
> DefaultEnd
> Static::Simple
> Authentication
> Authentication::Store::DBIC
> Authentication::Credential::Password
> Session
> Session::Store::FastMmap
> Session::State::Cookie
> /;
>
> __PACKAGE__->config->{authentication}->{dbic} = {
> user_class =>
> 'MyApp::Model::DBIC::Users', # or whichever of your Model
> Classes
> user_field => 'username', #
> contains your users
> password_type => 'hashed',
> password_hash_type => 'SHA-1',
> };
>
> sub auto : Private {
> my ($self, $c) = @_;
> my $login_path = 'auth/login';
>
> # allow people to actually reach the login page!
> if ($c->request->path eq $login_path) {
> return 1;
> }
>
> # if we have a user ... we're OK
>
> $c->res->redirect($c->request->base . $login_path) unless $c->user;
>
> # continue with the processing chain
> return 1;
> }
>
>
> Then in Controller::Auth.pm (or whichever module your using, as in the
> $login_path above)
>
> sub login : Local {
> my ( $self, $c ) = @_;
>
> $c->stash->{'template'} = "login.tt";
> # default form message
> $c->stash->{'message'} = 'Please enter your username and password';
>
> if ( my $user = $c->req->param("username")
> and my $password = $c->req->param("password") )
> {
> if ( $c->login( $user, $password ) ) {
> $c->res->redirect('/');
> } else {
> # login incorrect
> $c->stash->{'message'} =
> 'Unable to authenticate the login details supplied';
> }
> }
> else {
> # invalid form input
> }
> }
>
>
> sub logout : Local {
>
> my ($self, $c) = @_;
> $c->logout if $c->user;
> $c->res->redirect('/');
>
> }
>
> Finally you need a login template. Beside the usual html, you need a
> form, set to post to your login method, which contains a 'username' and
> 'password' field. I have the following from the cookbook
>
> <form action="/auth/login" method="POST" name="login_form">
> [% message %]<br />
> <label for="username">username:</label><br />
> <input type="text" id="username" name="username" /><br />
>
> <label for="password">password:</label><br />
> <input type="password" id="password" name="password" /><br />
>
> <input type="submit" value="log in" name="form_submit" />
> </form>
>
>
> As others have already said, the $c->session_login is no longer
> available. Instead the 'use_session' configuration parameter for the
> Authentication framework determines whether the $c->login call will
> persist over sessions. It's true by default.
Thanks for highlighting the Cookbook error - now updated:
http://dev.catalyst.perl.org/changeset/3129
More information about the Catalyst
mailing list