[Catalyst] bypassing password authentication
Jay K
jayk at ion0.com
Tue Mar 11 18:58:42 GMT 2008
tsk tsk. Using internal methods. ;-)
There's actually a much easier way to do this.
Step 1: Create a duplicate realm to your normal realm. Call it
'passwordless' or something.
Only instead of password_type => 'crypted' or whatever - set
password_type => 'none'.
Step 2: use the passwordless realm.
Step 3: There is no step 3.
Just make your auth call look like this - IE leave out the password
altogether, and use the passwordless realm.
$c->authenticate({ username => $usernamevariable }, 'passwordless');
*poof* passwordless authentication.
Just for the record - just because you can doesn't mean you should.
Don't take this as a recommendation, more of a 'how to if you are
really determined to do that.'
Jay
On Mar 11, 2008, at 12:37 PM, Ash Berlin wrote:
>
> On 11 Mar 2008, at 18:33, Jim Spath wrote:
>
>> I'm currently using password authentication in a Catalyst app, but
>> would like to implement a way to log in as a particular user,
>> without knowing the password. (Please don't respond with "don't do
>> this"... I'm aware of the security ramifications of this kind of
>> functionality).
>>
>> I'll already have all the information on the user, except for their
>> password, since we hash the password before storing it.
>>
>> The end goal would be to have an authenticated session.
>>
>> Thanks!
>> - Jim
>
>
> *WARNING* might not work with the new auth framework. But here's
> some code:
>
> sub login_as : Local Args(1) {
> my ($self, $c, $user_id) = @_;
>
> $c->res->redirect($c->uri_for()) if $user_id =~ /\D/;
>
> my $user = $c->model('DBIC::User')->find($user_id);
>
> if ($user) {
> $c->set_authenticated($c->find_user({ id => $user->email}));
> $c->flash(message => "Logged in as @{[$user->email]}");
> }
>
> return $c->res->redirect('/');
> }
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
---
For most things, throwing yourself at the wall over and over is a
better way to improve than thinking hard about the wall and taking
pictures of it. -- D.Litwack
More information about the Catalyst
mailing list