[Catalyst] OpenID authentication just redirects back to the login
page
Robert Rothenberg
robrwo at gmail.com
Mon May 14 17:00:56 GMT 2012
On 14/05/12 17:34 Tomas Doran wrote:
>
> On 14 May 2012, at 16:37, Robert Rothenberg wrote:
>>
>> Any idea's what's happening?
>
> No, as we have no idea what code is executing, or how that code has been configured.
>
> Need debug logs from the app and details about your auth config to even
> start guessing, sorry!
Thankls. Details below.
The __PACKAGE__->config()'s authentication section includes as a realm:
authentication => {
default_realm => 'users',
realms => {
openid => {
credential => {
class => 'OpenID',
},
ua_class => "LWPx::ParanoidAgent",
ua_args => {
whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
},
},
users => {
# [Snip!]
}
The users authentication works, BTW. I am trying to add an option for
OpenID. The Login controller's index method has the code:
my $username = lc($c->request->params->{username} // q{});
my $password = $c->request->params->{password} // q{};
my $openid_url = $c->req->params->{openid_identifier} // q{};
if ($openid_url ne q{}) {
try {
if ($c->authenticate({ openid_identifier => $openid_url },
'openid')) {
$log->debug("URL = " . $c->user->url);
# TODO if this works, fetch the user w/ $c->user->url?
} else {
$log->warn("Failed login '${openid_url}'");
$c->response->status(HTTP_UNAUTHORIZED);
$c->stash(
error_msg => $c->loc("Bad OpenID login"),
);
}
} catch {
$log->error("Login failure - ${ARG}");
$c->stash(
error_msg => $c->loc("Login failure."),
);
};
}
elsif (($username ne q{}) && ($password ne q{})) {
if ($c->authenticate({ username => $username,
password => $password,
deleted => 0} )) {
# [snip!]
}
}
FWIW, I tried moving the code to a login method in the Root controller, out
of cargo-cultish insecurity. Same problem.
Debug logs (with specific details omitted for security, replaced with
"[snip!]"):
[info] MyApp powered by Catalyst 5.90011
HTTP::Server::PSGI: Accepting connections at http://0:3000/
[info] *** Request 1 (0.007/s) [24751] [Mon May 14 17:49:18 2012] ***
[debug] Path is "login"
[debug] "POST" request for "login" from "127.0.0.1"
[debug] Body Parameters are:
.----------------------------------+--------------------------------------.
| Parameter | Value |
+----------------------------------+--------------------------------------+
| openid_identifier | https://www.google.com/accounts/o8/- |
| | id |
| password | |
| submit | Login |
| username | |
'----------------------------------+--------------------------------------'
[error] Login failure - catalyst_detach
[debug] Redirecting to
"https://www.google.com/accounts/o8/ud?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Flogin%3Fopenid-check%3D1%26oic.time%3D1337014159-f5836e98720e6c263f84&openid.claimed_id=[snip!]
[debug] Response Code: 302; Content-Type: text/html; charset=utf-8;
Content-Length: 725
[info] Request took 0.284954s (3.509/s)
.------------------------------------------------------------+-----------.
| Action | Time |
+------------------------------------------------------------+-----------+
| /auto | 0.000248s |
| /login/index | 0.276124s |
| /end | 0.000382s |
'------------------------------------------------------------+-----------'
[info] *** Request 2 (0.014/s) [24751] [Mon May 14 17:49:19 2012] ***
[debug] Path is "login"
[debug] "GET" request for "login" from "127.0.0.1"
[debug] Query Parameters are:
.----------------------------------+--------------------------------------.
| Parameter | Value |
+----------------------------------+--------------------------------------+
| oic.time | 1337014159-f5836e98720e6c263f84 |
| openid-check | 1 |
| openid.assoc_handle | AMlYA9Um_a-[snip!]- |
| | pyPPsyVmYE88zfk2YyrwH |
| openid.claimed_id | https://www.google.com/accounts/o8/- |
| | id?id=[snip!]
| | hnP2g3yFZs |
| openid.identity | https://www.google.com/accounts/o8/- |
| | id?id=[snip!]
| | hnP2g3yFZs |
| openid.mode | id_res |
| openid.ns | http://specs.openid.net/auth/2.0 |
| openid.op_endpoint | https://www.google.com/accounts/o8/- |
| | ud |
| openid.response_nonce | 2012-05-14T16:49:17ZhZbHCRh79idUfw |
| openid.return_to | http://localhost:3000/login?openid-- |
| | check=1&oic.time=1337014159-f5836e9- |
| | 8720e6c263f84 |
| openid.sig | hF95ava6LalPOjAED1OAJ1cJMr8= |
| openid.signed | op_endpoint,claimed_id,identity,ret- |
| | urn_to,response_nonce,assoc_handle |
'----------------------------------+--------------------------------------'
[debug] Found sessionid "d8b7aec6c4d89a72b37c5c0da6a6863536e54283" in cookie
[debug] Restored session "d8b7aec6c4d89a72b37c5c0da6a6863536e54283"
[debug] Rendering template "login.tt2"
[debug] Response Code: 200; Content-Type: text/html; charset=utf-8;
Content-Length: 3528
[info] Request took 0.044583s (22.430/s)
.----------------------------------------------------------+-----------.
| Action | Time |
+----------------------------------------------------------+-----------+
| /auto | 0.000200s |
| /login/index | 0.004244s |
| /end | 0.032848s |
| -> MyApp::View::HTML->process | 0.032114s |
'----------------------------------------------------------+-----------'
More information about the Catalyst
mailing list