[Catalyst] Behaviour of Catalyst::Plugin::Authentication
Jochen Luig
skirnir at gmx.net
Wed Mar 19 19:06:00 GMT 2008
Hi,
I stumbled upon a feature of the Authentication Plugin today
(Yes I was the guy who used Ash's cardboard cutout programmer service
earlier today on #catalyst, so thanks again, Ash ;-)
My configuration was something like this:
authentication:
default_realm: users
realms:
users:
credential:
class: Password
user_field: login
password_field: password
password_type: clear
store:
class: DBIx::Class
user_class: MyAppDB::Users
role_class: MyAppDB::Roles
role_field: title
role_relation: user_roles
user_role_user_field: user_id
but the $userinfo hash I passed to the authenticate() method looked
like this
my $userinfo = { username => $login, password => $password}
Thus, Catalyst logged in the first user in the MyAppDB::Users table if I
provided the correct password regardless of what I supplied as a login
(ok, the latter is obvious).
Does the plugin try to DWIM by using the first user it happens to
stumble upon and using his primary key as the login field? This is what
I suspect because the (test-)user in question happened to have "1" as
his primary key as well as in the 'login'-column.
Maybe this is because of my limited idea of what $userinfo can be, but
wouldn't a warning be suitable in such a case?
Thanks,
Jochen
More information about the Catalyst
mailing list