[Catalyst] bypassing password authentication
Ash Berlin
ash_cpan at firemirror.com
Tue Mar 11 18:37:31 GMT 2008
On 11 Mar 2008, at 18:33, Jim Spath wrote:
> I'm currently using password authentication in a Catalyst app, but
> would like to implement a way to log in as a particular user,
> without knowing the password. (Please don't respond with "don't do
> this"... I'm aware of the security ramifications of this kind of
> functionality).
>
> I'll already have all the information on the user, except for their
> password, since we hash the password before storing it.
>
> The end goal would be to have an authenticated session.
>
> Thanks!
> - Jim
*WARNING* might not work with the new auth framework. But here's some
code:
sub login_as : Local Args(1) {
my ($self, $c, $user_id) = @_;
$c->res->redirect($c->uri_for()) if $user_id =~ /\D/;
my $user = $c->model('DBIC::User')->find($user_id);
if ($user) {
$c->set_authenticated($c->find_user({ id => $user->email}));
$c->flash(message => "Logged in as @{[$user->email]}");
}
return $c->res->redirect('/');
}
More information about the Catalyst
mailing list