[Catalyst] Re: bypassing password authentication
kevin montuori
montuori at gmail.com
Tue Mar 11 18:42:28 GMT 2008
>>>>> "JS" == Jim Spath <jspath at pangeamedia.com> writes:
JS> I'm currently using password authentication in a Catalyst app,
JS> but would like to implement a way to log in as a particular user,
JS> without knowing the password. (Please don't respond with "don't
JS> do this"... I'm aware of the security ramifications of this kind
JS> of functionality).
JS> I'll already have all the information on the user, except for
JS> their password, since we hash the password before storing it.
JS> The end goal would be to have an authenticated session.
i had an authentication credential plugin that looks like this to
handle authentication without actually authenticating. this is
essentially untested, but if memory serves, it worked back when i
though i was going to have to use an SSO solution.
package Catalyst::Plugin::Authentication::Credential::SSO;
use strict;
sub new {
my ($class, $config, $app) = @_;
my $self = { _config => $config };
return bless $self, $class;
}
sub authenticate {
my ($self, $c, $authstore, $authinfo) = @_;
my $user_obj = $authstore->find_user($authinfo, $c);
if (ref $user_obj) {
return $user_obj;
}
else {
$c->log->error("Unable to locate user in user store.");
return;
}
}
1;
--
kevin montuori
montuori at gmail.com
AIM: ignavusinfo
More information about the Catalyst
mailing list