[Catalyst] Extending C::Plugin::Authentication::Store::DBIC for
additional constraints
Doran L. Barton
fozz at iodynamics.com
Mon Mar 26 06:23:30 GMT 2007
Not long ago, Fernan Aguero proclaimed...
> Certainly not what you were asking (subclassing
> store::dbic), but ...
>
>
> sub login : Local {
> my ( $self, $c ) = @_;
>
> my $username = $c->req->params->{username} || "";
> my $password = $c->req->params->{password} || "";
>
> my $model = $c->model('Users');
>
> if ( $username && $password ) {
>
> # attempt to login
> if ( $c->login( $username, $password ) ) {
>
> # now we check site_id
> $ok = $model->search(
> { username => $username,
> password => $password,
> site_id => $site_id } )->count();
>
> $c->logout unless $ok > 0;
>
> }
This is an interesting strategy. The only thing I question is the
$c->login() call because the username field is not unique (there could be
more than one 'johndoe' in the table).
After I posted my original question, I started wondering about
concatenating the username and site_id together. I have a feeling this
won't fly well inside DBIx::Class, but in theory if I declare the user
field to be "username || '#' || site_id" and call the login() using
$username . '#' . $c->stash->{'site_id'}, the resulting SELECT in sql would
find the unique row. Of course, that all falls apart in the ORM, most
likely.
--
fozz at iodynamics.com is Doran L. Barton, president/CTO, Iodynamics LLC
Iodynamics: IT and Web services by Linux/Open Source specialists
"Free: farm kittens, ready to eat"
-- Seen in a newspaper
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.scsys.co.uk/pipermail/catalyst/attachments/20070325/5a011922/attachment.pgp
More information about the Catalyst
mailing list