[Catalyst] Unable to output anything in Root.pm -> 'auto'

Lukas Thiemeier spamcatcher at thiemeier.net
Mon Oct 29 19:03:11 GMT 2012


Hi Craig,

You are NOT wrong. Catalyst allows you to do so. I think it is the right
choice.

For C::A::Store::DBI - What you need is to provide the user_table,
user_key and user_name, and the password_field and password_type for the
credential part. I guess you have this, haven't you?

All the "role" stuff is optional and only required if you want to use
Catalyst::Plugin::Authorization::Roles (which you don't want if I got
you right).

I would suggest you to use as much existing code as possible, and only
rewrite what you really need.

In your case:
Use C::A::Store::DBI for authentication and C::Model::DBI to access your
database.
If you do so, you only have to write your own authorization code (roles
etc) and your CRUD stuff. You can access your db using DBI, without ORM
or any  assumptions to the db layout.

If you can not use C::A::Store::DBI for any reasons, I would still
recommend you to either write your own Catalyst::Authentication::Store
and/or Catalyst::Authentication::Credential modules (I guess a
Store-module will do the trick). You will not have to deal with
user-sessions and related stuff. Just tell Catalyst how to authenticate
the user, and let catalyst itself deal with the session.

Catalyst::Plugin::Authentication::Internals tells you how to write your
own store and credential modules. You will have to read the docs first,
but I am sure that this is less work than writing ALL your
authentication, session handling and authorization code by yourself.

When it comes to reusability, Catalyst is unbeatable :)

If you want or need to write your own authentication code in your
controller classes, you should still use $c->session directly. Don't
fiddle with the session id. Doing so is error-prone, and not required.
You can do it like this:

  unless(defined $c->session->{user}){;
    my $user = your_auth_code(\%data);
    $c->session(user => $user);
  }

You can later access it in any controller by saying:

  my $user = $c->session->{user}

You can even make a shortcut in your App.pm:

  sub is_authenticated{ defined( shift->session->{user}) }

And later check if the user is authenticated like this:

  if($c->is_authenticated){
	do_some_privileged_stuff();
  }


You should consider using DBIx::Class anyway. It doesn't require
normalized databases. Automated model generation might not work
correctly, but in general you can use it on any database. DBIx::Class is
well documented, easy to learn, and it makes database access simple and
safe. Without ORM, you will most likely have to write 10 times more
database-code, and you will have to double check it to ensure that you
are not vulnerable to sql injections.

You are not forced to use DBIC relationships et cetera. You can just use
it to update your tables, and only use the rels where you have them in
your db layout.

In my opinion, the reasons not to use DBIC are:

1: it takes some time to install, but you only have to do it once.

2: it slows down the startup time for your application, but unless you
are using plain CGI, this doesn't really matter. (If you use
plain-old-CGI, STOP doing so. Use FastCGI instead.)

3: It sometimes generates more SQL statements than it is required to
fulfill a certain task, but this is only relevant if you are running a
high performance, high traffic site. And IF this is the case, you can
still optimize it.

If you compare it to the benefits I described above, the benefits are
dominant in most cases.

I know that this is not the universal truth (which doesn't exist
anyway). It is my personal opinion. Just think about it.

Additionally: DBIC makes moving from one database system to another very
very easy. You have a SQLite DB, and want to move to Portgresql?
no problem. With DBIC, you are already done :)

Ok. I hope I could help.

Sorry for the DBIC-praising at the end. It is just that I first didn't
want to use DBIC, too. And now I see how much easier my life is with
DBIC, and I think I should have moved to DBIC earlier.

 Lukas







On 10/29/2012 06:00 PM, Craig Chant wrote:
> Hi Luka,
> 
> Perhaps I miss-read the info on http://search.cpan.org/~janus/Catalyst-Authentication-Store-DBI-0.01/lib/Catalyst/Authentication/Store/DBI.pm
> 
> But from what I can see it expects you to map specific fields in a table as well as have a user role table with specific data mapping?
> 
> [quote] __PACKAGE__->config->{'authentication'} = {
>     'default_realm' => 'default',
>     'realms' => {
>       'default' => {
>         'credential' => {
>           'class'               => 'Password',
>           'password_field'      => 'password',
>           'password_type'       => 'hashed',
>           'password_hash_type'  => 'SHA-1',
>         },
>         'store' => {
>           'class'              => 'DBI',
>           'user_table'         => 'login',
>           'user_key'           => 'id',
>           'user_name'          => 'name',
>           'role_table'         => 'authority',
>           'role_key'           => 'id',
>           'role_name'          => 'name',
>           'user_role_table'    => 'competence',
>           'user_role_user_key' => 'login',
>           'user_role_role_key' => 'authority',
>         },
>       },
>     },
>   };[/quote]
> 
> Have I read the above incorrectly?
> 
> I have a non-normalised DB , with an application that functions in a particular way, I deal with user roles and other such stuff in my own way and I cannot refactor to use catalyst without ensuring all sections of the system function the same along with the back end admin system, I can't rewrite both parts at the same time, this is a live app in production that works currently, I'm simply trying to learn Catalyst & MVC cuteness, not start from scratch.
> 
>>From what I can see using any of those authentication modules expects certain data I don't have or use nor want.
> 
> Please correct  me if I'm reading the CPAN documentation incorrectly.
> 
> I want to refactor my app to be MVC using Catalyst without being forced to do any other than MVC cuteness and work the way I want to with the a database that already exists, I got the feeling Catalyst allows this unlike ROR or other MVC frameworks.
> 
> Again, have I got this wrong?
> 
> If to use Catalyst I have to have a normalised DB, use specific modules with data in a particular format, then I will just refactor our systems myself using my own modules and such, best to find this out now before I spend any more time on something that isn't suitable.
> 
> Thanks,
> 
> Craig.
> 
> 
> -----Original Message-----
> From: Lukas Thiemeier [mailto:spamcatcher at thiemeier.net]
> Sent: 29 October 2012 16:42
> To: catalyst at lists.scsys.co.uk
> Subject: Re: [Catalyst] Unable to output anything in Root.pm -> 'auto'
> 
> 
> Hey Craig,
> 
> I got it. You want to store your credentials in a database, but you don't want to use DBIx::Class?
> 
> What about Catalyst::Authentication::Storage::DBI?
> 
> If this doesn't help, you might me right. Maybe you have to write your own authentication module. In that case, consider making it a Catalyst::Authentication::Store module, and publish it on cpan. It might be useful for others, too...
> 
> By the way: Catalyst::Model::DBI is a ORM-less, raw DBI model for catalyst. So "... whenever I look at how it implements anything to do with DB access, it forces ORM upon you ..." is not correct. There are very few things which are really forced by catalyst. Using DBIx::Class is just considered "good practice". A lot of people use it, thats why it is used in most tutorials and examples.
> 
> Lukas
> 
> 
> 
> On 10/29/2012 05:09 PM, Craig Chant wrote:
>> Yes, but I need to keep a backed DB up-to-date with current logins, where in the system they are etc...
>>
>> So local server disk won't help in this situation.
>>
>> -----Original Message-----
>> From: Denny [mailto:2012 at denny.me]
>> Sent: 29 October 2012 15:50
>> To: The elegant MVC web framework
>> Subject: RE: [Catalyst] Unable to output anything in Root.pm -> 'auto'
>>
>> On Mon, 2012-10-29 at 15:43 +0000, Craig Chant wrote:
>>> "By the way, what do you need the session-id for? Catalyst handles sessions in a transparent way"
>>>
>>> To authenticate users, I don't want to store authentication in the hash and it seems the only other way to do this is via ORM, which I don't want to use either.
>>>
>>> I find catalyst whenever I look at how it implements anything to do with DB access, it forces ORM upon you, so I need to write my own authentication code don't I ?
>>
>> I'm pretty sure the default storage for session stuff is disk-based.
>>
>>
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/ This Email and any attachments
>> contain confidential information and is intended solely for the
>> individual to whom it is addressed. If this Email has been
>> misdirected, please notify the author as soon as possible. If you are
>> not the intended recipient you must not disclose, distribute, copy,
>> print or rely on any of the information contained, and all copies must
>> be deleted immediately. Whilst we take reasonable steps to try to
>> identify any software viruses, any attachments to this e-mail may
>> nevertheless contain viruses, which our anti-virus software has failed
>> to identify. You should therefore carry out your own anti-virus checks
>> before opening any documents. HomeLoan Partnership will not accept any
>> liability for damage caused by computer viruses emanating from any
>> attachment or other document supplied with this e-mail. HomeLoan
>> Partnership reserves the right to monitor and archive all e-mail
>> communications through its network. No representative or employee of
>> HomeLoan Partn
>  ership ha
> s the authority to enter into any contract on behalf of HomeLoan Partnership by email. HomeLoan Partnership is a trading name of H L Partnership Limited, registered in England and Wales with Registration Number 5011722. Registered office: 26-34 Old Street, London, EC1V 9QQ. H L Partnership Limited is authorised and regulated by the Financial Services Authority.
>>
>>
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
> 
> 
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
> This Email and any attachments contain confidential information and is intended solely for the individual to whom it is addressed. If this Email has been misdirected, please notify the author as soon as possible. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained, and all copies must be deleted immediately. Whilst we take reasonable steps to try to identify any software viruses, any attachments to this e-mail may nevertheless contain viruses, which our anti-virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents. HomeLoan Partnership will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this e-mail. HomeLoan Partnership reserves the right to monitor and archive all e-mail communications through its network. No representative or employee of HomeLoan Partn
 ership ha
s the authority to enter into any contract on behalf of HomeLoan Partnership by email. HomeLoan Partnership is a trading name of H L Partnership Limited, registered in England and Wales with Registration Number 5011722. Registered office: 26-34 Old Street, London, EC1V 9QQ. H L Partnership Limited is authorised and regulated by the Financial Services Authority.
> 
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/




More information about the Catalyst mailing list