[Catalyst] Advice for Catalyst::Plugin::Authentication::Store::DBIC needed

[Kiki]

Bernhard Graf wrote:
> leonard.a.jaffe at jpmchase.com wrote:
>
>   
>> What you need to do is subclass C::P::A::Credential, and override the
>> login() method.
>>
>> The login method is where the username and password are checked, so
>> you probably want to  do something like the following (probably
>> borrowing the password check form C::P::Authentication::CDBI):
>>     
>
> It works. But is not a trivial thing, because it requires knowledge of 
> the - quite complex - Catalyst authentication code.
>
>
> So may I place a feature request to the author(s):
>
> Offer a possibility to add custom check code to the login() method.
>
> Example:
> $c->login($username, $password, {post_check => \&check_status})
>
> =head2 check_status
>
> Callback function for login() to do further custom checks.
> Receives context object and user object as arguments.
> Checks user status field to equal "active".
> On success this function must return without any value.
> On failure returns a string describing why login fails.
>
> =cut
>
> sub check_status {
>   my ($c, $user) = @_;
>   return if $user->status eq 'active';
>   return 'user status is not "active"';
> }
>
>   

This looks more like an authorization check than an authentication check
to me,
since the purpose of authentication is just to establish an identity,
while it is the
purpose of authorization to determine if that identity is allowed to
proceed
(in your case, the identity is not allowed to do anything if it is not
active).

So it would make more sense to me to setup an "active" role and then
check for it with the C::P::Authz::Roles plugin ....