[Catalyst] progressive authentication via db & LDAP

piccard piccard at web.de
Tue Jan 25 14:55:02 GMT 2011


Am 25.01.2011 11:16, schrieb Tomas Doran:
>
> On 25 Jan 2011, at 10:01, piccard wrote:
>> In view of that, I've got one more question. What I would really 
>> need, is a password authentification against LDAP and if successful,
>> get the user and his roles from the database. So, is it possible to 
>> split up this process and still use methods like check_any_user_role()?
>
> I don't think you want the authentication framework to be doing that 
> for you.
>
> If that's what you're _actually_ doing, then putting the 
> authentication logic into your user class makes much more sense, and 
> makes your data model much more consistent... Otherwise you have to 
> replicate the authentication framework if you ever want to log a user 
> in (or simulate a 'proper' user, or change password, or..) outside the 
> context of the Catalyst application.
I'm not sure if I will really run into these problems. I've tried it so 
far this way:

a user authenticates hisself succesfully via LDAP.
afterwards the user will be logged out immediately.
then a dbix find_or_create-routine is going to fetch the user-object 
which I'll use to reauthenticate via DB.

so I think this could work properly and at least I've got all the 
goodies the authentication-framwork provides. what do you think?

unfortunately I'm using a 'dirty' hack to authenticate (the DB shouldn't 
safe LDAP-passwords):

my $user = $c->model('DB::User')->find_or_create({ user_identification 
=> $username });
$c->session->{__user} = { $user->get_columns };

I would prefer using $c->set_authenticated( $user, 'dbAuth'); but 
somehow it doesn't work for me. I think I just use the wrong user-object.
>
> The authentication framework already provides this sort of hook for 
> you, with the self_check configuration option, which says that the 
> user class is responsible for checking it's own password.
I'm not sure how this should work. the doc says  'self_check indicates 
that the password should be passed to the check_password() routine on 
the user object returned from the store'.
How or in which way I can set the hook?



More information about the Catalyst mailing list