[Catalyst] bypassing password authentication

Ash Berlin ash_cpan at firemirror.com
Tue Mar 11 18:37:31 GMT 2008


On 11 Mar 2008, at 18:33, Jim Spath wrote:

> I'm currently using password authentication in a Catalyst app, but  
> would like to implement a way to log in as a particular user,  
> without knowing the password.  (Please don't respond with "don't do  
> this"... I'm aware of the security ramifications of this kind of  
> functionality).
>
> I'll already have all the information on the user, except for their  
> password, since we hash the password before storing it.
>
> The end goal would be to have an authenticated session.
>
> Thanks!
> - Jim


*WARNING* might not work with the new auth framework. But here's some  
code:

sub login_as : Local Args(1) {
   my ($self, $c, $user_id) = @_;
	
   $c->res->redirect($c->uri_for()) if $user_id =~ /\D/;

   my $user = $c->model('DBIC::User')->find($user_id);	

   if ($user) {
     $c->set_authenticated($c->find_user({ id => $user->email}));
     $c->flash(message => "Logged in as @{[$user->email]}");
   }

   return $c->res->redirect('/');
}




More information about the Catalyst mailing list