[Catalyst] OpenID authentication just redirects back to the login page

Robert Rothenberg robrwo at gmail.com
Mon May 14 17:00:56 GMT 2012


On 14/05/12 17:34 Tomas Doran wrote:
> 
> On 14 May 2012, at 16:37, Robert Rothenberg wrote:
>>
>> Any idea's what's happening?
> 
> No, as we have no idea what code is executing, or how that code has been configured.
>
> Need debug logs from the app and details about your auth config to even
> start guessing, sorry!

Thankls. Details below.

The __PACKAGE__->config()'s authentication section includes as a realm:

    authentication => {
	default_realm => 'users',
	realms        => {

	    openid => {
		credential => {
		    class => 'OpenID',
  		},
		ua_class => "LWPx::ParanoidAgent",
		ua_args => {
		    whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
		},
	    },

	    users => {

            # [Snip!]

         }


The users authentication works, BTW. I am trying to add an option for
OpenID. The Login controller's index method has the code:

    my $username = lc($c->request->params->{username} // q{});
    my $password = $c->request->params->{password}    // q{};

    my $openid_url = $c->req->params->{openid_identifier} // q{};

    if  ($openid_url ne q{}) {

	try {

	    if ($c->authenticate({ openid_identifier => $openid_url },
             'openid')) {

		$log->debug("URL = " . $c->user->url);

 	        # TODO if this works, fetch the user w/ $c->user->url?

	    } else {

		$log->warn("Failed login '${openid_url}'");

		$c->response->status(HTTP_UNAUTHORIZED);

		$c->stash(
		    error_msg => $c->loc("Bad OpenID login"),
		);

	    }

	} catch {

	    $log->error("Login failure - ${ARG}");
	    $c->stash(
		error_msg => $c->loc("Login failure."),
	    );

	};
   }
    elsif (($username ne q{}) && ($password ne q{})) {

	if ($c->authenticate({ username => $username,
			       password => $password,
			       deleted  => 0} )) {

           # [snip!]

        }

    }

FWIW, I tried moving the code to a login method in the Root controller, out
of cargo-cultish insecurity. Same problem.


Debug logs (with specific details omitted for security, replaced with
"[snip!]"):

[info] MyApp powered by Catalyst 5.90011
HTTP::Server::PSGI: Accepting connections at http://0:3000/
[info] *** Request 1 (0.007/s) [24751] [Mon May 14 17:49:18 2012] ***
[debug] Path is "login"
[debug] "POST" request for "login" from "127.0.0.1"
[debug] Body Parameters are:
.----------------------------------+--------------------------------------.
| Parameter                        | Value                                |
+----------------------------------+--------------------------------------+
| openid_identifier                | https://www.google.com/accounts/o8/- |
|                                  | id                                   |
| password                         |                                      |
| submit                           | Login                                |
| username                         |                                      |
'----------------------------------+--------------------------------------'

[error] Login failure - catalyst_detach

[debug] Redirecting to
"https://www.google.com/accounts/o8/ud?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Flogin%3Fopenid-check%3D1%26oic.time%3D1337014159-f5836e98720e6c263f84&openid.claimed_id=[snip!]
[debug] Response Code: 302; Content-Type: text/html; charset=utf-8;
Content-Length: 725
[info] Request took 0.284954s (3.509/s)
.------------------------------------------------------------+-----------.
| Action                                                     | Time      |
+------------------------------------------------------------+-----------+
| /auto                                                      | 0.000248s |
| /login/index                                               | 0.276124s |
| /end                                                       | 0.000382s |
'------------------------------------------------------------+-----------'


[info] *** Request 2 (0.014/s) [24751] [Mon May 14 17:49:19 2012] ***
[debug] Path is "login"
[debug] "GET" request for "login" from "127.0.0.1"
[debug] Query Parameters are:
.----------------------------------+--------------------------------------.
| Parameter                        | Value                                |
+----------------------------------+--------------------------------------+
| oic.time                         | 1337014159-f5836e98720e6c263f84      |
| openid-check                     | 1                                    |
| openid.assoc_handle              | AMlYA9Um_a-[snip!]-                  |
|                                  | pyPPsyVmYE88zfk2YyrwH                |
| openid.claimed_id                | https://www.google.com/accounts/o8/- |
|                                  | id?id=[snip!]
|                                  | hnP2g3yFZs                           |
| openid.identity                  | https://www.google.com/accounts/o8/- |
|                                  | id?id=[snip!]
|                                  | hnP2g3yFZs                           |
| openid.mode                      | id_res                               |
| openid.ns                        | http://specs.openid.net/auth/2.0     |
| openid.op_endpoint               | https://www.google.com/accounts/o8/- |
|                                  | ud                                   |
| openid.response_nonce            | 2012-05-14T16:49:17ZhZbHCRh79idUfw   |
| openid.return_to                 | http://localhost:3000/login?openid-- |
|                                  | check=1&oic.time=1337014159-f5836e9- |
|                                  | 8720e6c263f84                        |
| openid.sig                       | hF95ava6LalPOjAED1OAJ1cJMr8=         |
| openid.signed                    | op_endpoint,claimed_id,identity,ret- |
|                                  | urn_to,response_nonce,assoc_handle   |
'----------------------------------+--------------------------------------'

[debug] Found sessionid "d8b7aec6c4d89a72b37c5c0da6a6863536e54283" in cookie
[debug] Restored session "d8b7aec6c4d89a72b37c5c0da6a6863536e54283"
[debug] Rendering template "login.tt2"
[debug] Response Code: 200; Content-Type: text/html; charset=utf-8;
Content-Length: 3528
[info] Request took 0.044583s (22.430/s)
.----------------------------------------------------------+-----------.
| Action                                                   | Time      |
+----------------------------------------------------------+-----------+
| /auto                                                    | 0.000200s |
| /login/index                                             | 0.004244s |
| /end                                                     | 0.032848s |
|  -> MyApp::View::HTML->process                           | 0.032114s |
'----------------------------------------------------------+-----------'





More information about the Catalyst mailing list