[Catalyst] Using Progressive realms when username and password fields are all different

Tomas Doran bobtfish at bobtfish.net
Sat Jun 30 11:04:56 GMT 2012

On 29 Jun 2012, at 10:59, Will Crawford wrote:

> On 28 June 2012 23:12, Gavin Henry <gavin.henry at gmail.com> wrote:
> ...
>> Thanks Tim. Yes, I know that but then the other two realms will fail
>> and that's the point of progressive. I want to call one ->authenticate
>> which tries all the realms I've defined in progressive_oauth.
> Regrettably, the docs for the Password realm saith:
>    NOTE If the password_field is something other than 'password', you
> must be sure to use that same field name when calling
> $c->authenticate().
> I'd call that a bug, personally - it certainly isn't intuitive that
> you can specify the field to use, but then have to remember it in all
> your calls to authenticate().
> Not much can be done about that, though. Maybe someone can produce an adaptor?

I don't disagree that it's confusing, however it _is_ intentional, as you can pass an arbitrary hash of data into $c->authenticate for the auth info (allowing you to do lookups on the values of multiple fields).

What happens is that the configured 'password_field' is _removed_ by the Password credential when it calls the 'find_user' method, and then the remaining fields are passed to the store to lookup a user with - this allows you to say $c->authenticate({username => $u, password => $p, is_admin => 1});

For example.

Patches to improve the documentation would be welcome, of course! :)


More information about the Catalyst mailing list