[Catalyst] Re: bypassing password authentication

kevin montuori montuori at gmail.com
Tue Mar 11 18:42:28 GMT 2008


>>>>> "JS" == Jim Spath <jspath at pangeamedia.com> writes:

 JS> I'm currently using password authentication in a Catalyst app,
 JS> but would like to implement a way to log in as a particular user,
 JS> without knowing the password.  (Please don't respond with "don't
 JS> do this"... I'm aware of the security ramifications of this kind
 JS> of functionality).

 JS> I'll already have all the information on the user, except for
 JS> their password, since we hash the password before storing it.

 JS> The end goal would be to have an authenticated session.


i had an authentication credential plugin that looks like this to
handle authentication without actually authenticating.  this is
essentially untested, but if memory serves, it worked back when i
though i was going to have to use an SSO solution.

package Catalyst::Plugin::Authentication::Credential::SSO;

use strict;

sub new {
  my ($class, $config, $app) = @_;
  my $self = { _config => $config };
  return bless $self, $class;
}

sub authenticate {
  my ($self, $c, $authstore, $authinfo) = @_;
  my $user_obj = $authstore->find_user($authinfo, $c);
  if (ref $user_obj) {
    return $user_obj;
  }
  else {
    $c->log->error("Unable to locate user in user store.");
    return;
  }
}

1;






-- 
kevin montuori

montuori at gmail.com
AIM: ignavusinfo



More information about the Catalyst mailing list