[Catalyst] Change user password

[Bogdan Lucaciu]

Well, $c->authenticate is a more complex process, it does a number of
operations , one of which is calling check_password.

$c->authenticate calls $realm->authenticate which calls
$credential->authenticate which fetches a new user object from the
store and then calls check_password to see if the stored password
(hash) matches the provided password.

Considering you just want to check the password and not reauthenticate
the user, using check_password is less overhead, saves you a trip to
the database,  and it's probably cleaner.

Otherwise I doubt there's any side-efect in calling $c->authenticate
directly, and the performance overhead is probably not important, as
you would probably need to run this code quite rarely. And it's
probably more readable for people not knowing the Authentication
internals

On Mon, Feb 1, 2010 at 10:34 PM, Kiffin Gish <kiffin.gish at planet.nl> wrote:
> Thanks Bogdan, works like a charm!
>
> I noticed that the following also works:
>
> $c->authenticate( { username => $username, password => $password_old },
> 'users');
>
> Do they result in the same actions?
>
> On Mon, 2010-02-01 at 18:25 +0200, Bogdan Lucaciu wrote:
>> I think you're best off using 'check_password' from Credential::Password
>>
>> Take a look at it:
>> http://cpansearch.perl.org/src/FLORA/Catalyst-Plugin-Authentication-0.10016/lib/Catalyst/Authentication/Credential/Password.pm
>>
>> Assuming the user is authenticated, you should try:
>>
>> $c->get_auth_realm('default')->credential->check_password($c->user,
>> {password=>$pass});
>>
>>
>>
>> On Mon, Feb 1, 2010 at 5:47 PM, Kiffin Gish <kiffin.gish at planet.nl> wrote:
>> > I want to give users the ability to change their password via the usual
>> > web form:
>> >
>> > current password: _______
>> > new password:     _______
>> > re-type:          _______
>> >
>> > How do I check that the current password is has been typed in correctly,
>> > and if it is, how do I put the new password into effect (as if he/she
>> > has re-logged in with it)?
>> >
>> > Is this something that $c->authenticate can help me with, how then?
>> >
>> > --
>> > Kiffin Gish <kiffin.gish at planet.nl>
>> > Gouda, The Netherlands
>> >
>> >
>> > _______________________________________________
>> > List: Catalyst at lists.scsys.co.uk
>> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> > Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> > Dev site: http://dev.catalyst.perl.org/
>> >
>>
>>
>>
>
>
> --
> Kiffin Gish <Kiffin.Gish at planet.nl>
> Gouda, The Netherlands
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>



-- 
Bogdan Lucaciu
Operations Manager, Sinapticode
http://www.sinapticode.com