[Catalyst] C::P::Authentication, force user authentication

David Schmidt davewood at gmx.at
Mon Dec 28 19:44:32 GMT 2009


On Mon, Dec 28, 2009 at 4:53 PM, J. Shirley <jshirley at gmail.com> wrote:
> On Mon, Dec 28, 2009 at 7:13 AM, Tomas Doran <bobtfish at bobtfish.net> wrote:
>>
>> On 28 Dec 2009, at 09:16, Ben van Staveren wrote:
>>>
>>> Warning: I use this myself, it seems to work, but it's a hack. YMMV.
>>> Standard disclaimer applies.
>>
>> I.e. It is very much relying on an implementation detail which I/we can and
>> _will_ feel free to change at our leisure if needed.
>>
>> The solution Rafal suggested in the next reply is a much better idea,
>> however it's not as easy as it could/should be right now - someone should
>> write a Realm class specifically for making doing this easier (as it's a
>> common use-case).
>>
>> If anyone wants to volunteer I'd be happy to work with them on it :)
>>
>
>
> When I wrote the progressive realm, I also wrote this up:
> http://www.coldhardcode.com/2009/01/building-the-best-forgot-passw.html
>
> (And also an advent that makes use of OpenID:
> http://www.catalystframework.org/calendar/2008/19)
>
> Provides quite a few boiler plate examples.
>
> -J

Hello and thanks for all the input,

I solved my problem with a different approach.

If the user lost his password he can submit the emailaddress along
with a new password.
I then send a digest to the email address (only if this address is in
DB already)
The digest is stored in the DB along with the new password
If the digest is entered on the website I set the new password

I use the same approach for:
- initial mail confirmation
- password change
- email change

david



More information about the Catalyst mailing list