[Catalyst] HTTP authentication with DBIx::Class
Gerhard Jungwirth
gjungwirth at sipwise.com
Mon May 23 12:58:58 GMT 2016
Hi,
thanks for confirming, that I didn't miss anything. I have – for now –
resolved to something similar:
my ($username,$password) = $c->req->headers->authorization_basic;
my ($u,$d) = split(/\@/,$username);
$c->req->headers->authorization_basic($u,$password);
my $res = $c->authenticate({}, $realm);
if($c->user_exists) {
$c->log->debug("checking '".$c->user->domain->domain."' against '$d'");
if ($c->user->domain->domain ne $d) {
$c->user->logout;
$c->log->warn("invalid api http login from
'".$c->req->address."'");
my $r = $c->get_auth_realm($realm);
$r->credential->authorization_required_response($c, $r);
return;
}
...
} else {
$c->log->warn("invalid api http login from '".$c->req->address."'");
my $r = $c->get_auth_realm($realm);
$r->credential->authorization_required_response($c, $r);
return;
}
If I get around to it, I'll consider extending
Catalyst::Authentication::Credential::HTTP because this sounds like a
useful feature.
-Gerhard
On 2016-05-17 11:45, Dermot wrote:
> We had a similar problem at $work. To get what we wanted we had to
> stop using the HTTP plugin and do something like this (warning:
> hand-written, un-tested code follows) in the Root controller.
>
> my ( $username, $password ) = $c->request->headers->authorization_basic;
> my $logged_in_user;
> if ( defined $username && defined $password ) {
> some_method_in_users_that_concatenates_and_athenticates($username,
> $password);
> }
>
> if ($logged_in_user) {
> $c->stash(user => $logged_in_user;
> ...
> }
> else {
> $c->response->header('WWW-Authenticate' => 'Basic realm="MyRealm");
> $c->response->content_type('text/plain');
> $c->response->status(401);
> $c->detach();
> }
>
>
> HTH,
> Dermot
>
> On 13 May 2016 at 16:32, Gerhard Jungwirth <gjungwirth at sipwise.com
> <mailto:gjungwirth at sipwise.com>> wrote:
>
> Hi,
>
> I am using Catalyst::Authentication::Store::DBIx::Class and
> Catalyst::Authentication::Credential::HTTP with the following
> configuration:
>
> my_realm => {
> credential => {
> class => 'HTTP',
> type => 'basic',
> username_field => 'username',
> password_field => 'password',
> password_type => 'clear',
> },
> store => {
> class => 'DBIx::Class',
> user_model => 'DB::my_user_table',
> },
> },
>
> Which works great. The thing is: I want the user to authenticate
> in the form "username at domain:password" using HTTP Basic
> Authentication, where username and domain are checked against
> separate fields in my DBIx::Class table. (Ideally, domain is
> checked against a related table in my schema)
>
> Is that supported? If not, can it be added? If not, how do you
> suggest I implement that?
>
> Thanks and Cheers,
> Gerhard
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk <mailto:Catalyst at lists.scsys.co.uk>
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.scsys.co.uk/pipermail/catalyst/attachments/20160523/c3039ec1/attachment.htm>
More information about the Catalyst
mailing list