[Catalyst] progressive authentication via db & LDAP

Tomas Doran bobtfish at bobtfish.net
Tue Jan 25 15:55:19 GMT 2011

On 25 Jan 2011, at 14:55, piccard wrote:
> I'm not sure if I will really run into these problems. I've tried it  
> so far this way:

You will.

It will come and bite you on the ass, trust me. You are trying to make  
Catalyst (and the authentication framework) take place of your  
business logic code, and that's not what it should be doing.

> so I think this could work properly and at least I've got all the  
> goodies the authentication-framwork provides. what do you think?

That it's a terrible idea. What 'goodies' do you want?

I'm suggesting just using the DBIC authentication layer as normal in  
Catalyst, so everything will work as normal, with all the 'goodies'.

> unfortunately I'm using a 'dirty' hack to authenticate (the DB  
> shouldn't safe LDAP-passwords):
> my $user = $c->model('DB::User')- 
> >find_or_create({ user_identification => $username });
> $c->session->{__user} = { $user->get_columns };
> I would prefer using $c->set_authenticated( $user, 'dbAuth'); but  
> somehow it doesn't work for me. I think I just use the wrong user- 
> object.

Don't do any of that.

>> The authentication framework already provides this sort of hook for  
>> you, with the self_check configuration option, which says that the  
>> user class is responsible for checking it's own password.
> I'm not sure how this should work. the doc says  'self_check  
> indicates that the password should be passed to the check_password()  
> routine on the user object returned from the store'.
> How or in which way I can set the hook?

You set it in the config, you implement a check_password method in  
your user object (which goes and checks the password from LDAP),  
you're done.


More information about the Catalyst mailing list