[Catalyst] Legacy porting to auto-authenticate a logged in user

Ashley Pond V apv at sedition.com
Sun Dec 23 19:10:25 GMT 2007 

You've hit it. You are better than my Teddy bear lately. I wasn't  
thinking straight. Since the password is coming from the DB instead  
of a user form, it's already in SHA1 so it should be treated for the  
sake of authentication as clear since SHA1 != SHA1(SHA1).

Thanks and to Peter for the other ideas for future debuggery, so to  
speak!

-Ashley

On Dec 23, 2007, at 10:29 AM, Jay K wrote:

> Hi Ashley,
>
> My guess is that your password hashing type in the db is different
> from the password hashing type you defined for the Password  
> credential.
>
> Since your database does store the password in plaintext - why not set
> password type to 'clear' - and set the password_field to password.
> This should cause authentication to happen against your unencrypted
> password and should work.
>
> Jay
>
>
> On Dec 23, 2007, at 10:10 AM, Ashley Pond V wrote:
>
>> Thanks for the idea. Didn't work. After following the code trail
>> back through a few namespaces and lots of config v class_data v ....
>> eyes glaze over, I fixed it by setting the password_type to "none"
>> and merely authenticating on the "username."
>>
>> This is fine in this case but it's obviously less than ideal. If
>> anyone has insight into what I'm doing wrong with my original
>> version, I'd love to hear it.
>>
>> WORKING VERSION (username isn't guaranteed unique so I went with the
>> Id instead):
>>
>>  $c->authenticate({ acctid => $user->acctid })
>>       or die "RC_403: " . $user->username . ": " . $user->acctid . "
>> failed to authenticate";
>>
>> authentication:
>>   default_realm: users
>>   realms:
>>     users:
>>       credential:
>>         class: Password
>>         password_type: none
>> #        password_hash_type: SHA-1
>> #        password_field: crypt_passwd
>>      store:
>>        class: DBIx::Class
>>        user_class: DB::User
>>        id_field: acctid
>>
>>
>> On Dec 22, 2007, at 3:44 AM, Peter Edwards wrote:
>>
>>> Try
>>>
>>>    $c->authenticate({ acctid => $user->username,
>>>                       password => $user->password })
>>>        or die "RC_403: " . $user->username . " failed to
>>> authenticate";
>>>
>>> Regards, Peter
>>>
>>>
>>> -----Original Message-----
>>> From: Ashley Pond V [mailto:apv at sedition.com]
>>> Sent: 22 December 2007 08:08
>>> To: The elegant MVC web framework
>>> Subject: [Catalyst] Legacy porting to auto-authenticate a logged in
>>> user
>>>
>>> I have what I first thought was a gimme (this is only tangentially
>>> related to the questions I asked a few days ago; same app, different
>>> DB and part). Legacy porting of a "login" with Authenticate where I
>>> already have the user id and everything verified. I have tried many
>>> permutations of arguments and setup.
>>>
>>> The user has already logged into the legacy part of the app. So this
>>> is the code that is not working but I think should.
>>>
>>>    my $user_id = ...legacy fetch; working fine
>>>    my $user = $c->model("DB::User")->find($user_id)
>>>        or die "RC_403: No such user for id $user_id"; # also working
>>> fine
>>>
>>>    # this dies, I've verified the $user, username, and password are
>>> correct
>>>    $c->authenticate({ username => $user->username,
>>>                       password => $user->password })
>>>        or die "RC_403: " . $user->username . " failed to
>>> authenticate";
>>>
>>> So. why? The legacy setup is a little strange so I think that  
>>> must be
>>> it. The user table's DBIC looks like this (password is plaintext,
>>> legacy, and crypt_passwd is sha1 of it)-
>>>
>>>  package MyApp::DB::User;
>>>  use base qw/DBIx::Class/;
>>>  __PACKAGE__->load_components(qw/PK::Auto Core/);
>>>  __PACKAGE__->table('foo.account');
>>>  __PACKAGE__->add_columns(qw/ acctid email fname lname password
>>> crypt_passwd /);
>>>  __PACKAGE__->set_primary_key('acctid');
>>>
>>>  sub username {
>>>      +shift->email;
>>>  };
>>>
>>> My config looks like this-
>>>
>>>  authentication:
>>>    default_realm: users
>>>    realms:
>>>      users:
>>>        credential:
>>>          class: Password
>>>          password_field: crypt_passwd
>>>          password_type: hashed
>>>          password_hash_type: SHA-1
>>>        store:
>>>          class: DBIx::Class
>>>          user_class: DB::User
>>>          id_field: acctid
>>>
>>>
>>> Thanks for looking!
>>> -Ashley
>>>
>>>
>>> _______________________________________________
>>> List: Catalyst at lists.scsys.co.uk
>>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>>> Searchable archive: http://www.mail-archive.com/ 
>>> catalyst at lists.rawmode.org/
>>> Dev site: http://dev.catalyst.perl.org/
>>>
>>>
>>> _______________________________________________
>>> List: Catalyst at lists.scsys.co.uk
>>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>>> Searchable archive: http://www.mail-archive.com/ 
>>> catalyst at lists.rawmode.org/
>>> Dev site: http://dev.catalyst.perl.org/
>>
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive: http://www.mail-archive.com/ 
>> catalyst at lists.rawmode.org/
>> Dev site: http://dev.catalyst.perl.org/
>
> ---
> America will never be destroyed from the outside. If we falter and
> lose our freedoms, it will be because we destroyed ourselves. --
> Abraham Lincoln
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/ 
> catalyst at lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/

More information about the Catalyst mailing list