[Catalyst] What is correct way to re-check user password for authenticated user?

Matt Whipple matt at mattwhipple.com
Tue Aug 25 23:50:06 GMT 2009


Oleg Kostyuk wrote:
> Hello subscribers,
>
> On some pages I need to re-check user password (to be more concrete -
> each time when user change any settings on "user settings" page). I
> can't compare passwords directly (something like: $form->{password} eq
> $c->user->password()), because in DB I have only hashed passwords.
>   
You could always just hash the supplied password and compare the hashes

> Seems that I can try to authenticate user again, by calling
> $c->authenticate(name=>$c->user->name, pass=>$form->{password}), but I
> concerned is this acceptable - calling authenticate, when user is
> already authenticated. And what will be if provided password is
> incorrect - user will be auto-logout'ed or not?
>   
I'd probably use the authentication again, but ensure that it treated 
logically as such and not lumped in with some CRUD (unless that's not 
how it's being used in which case you probably shouldn't use it).  I'm 
fairly sure a failed auth doesn't result in a logout, so you could use 
that as a means to redisplay the form with a message.

> May be there is some other way, that is not obvious to me?
>
> Any thoughts is welcome,
> Thanks.
>
>   




More information about the Catalyst mailing list