[Catalyst] HTTP authentication with DBIx::Class

Gerhard Jungwirth gjungwirth at sipwise.com
Mon May 23 12:58:58 GMT 2016


Hi,

thanks for confirming, that I didn't miss anything. I have – for now – 
resolved to something similar:

my ($username,$password) = $c->req->headers->authorization_basic;
my ($u,$d) = split(/\@/,$username);
$c->req->headers->authorization_basic($u,$password);
my $res = $c->authenticate({}, $realm);

if($c->user_exists) {
     $c->log->debug("checking '".$c->user->domain->domain."' against '$d'");
     if ($c->user->domain->domain ne $d) {
         $c->user->logout;
         $c->log->warn("invalid api http login from 
'".$c->req->address."'");
         my $r = $c->get_auth_realm($realm);
         $r->credential->authorization_required_response($c, $r);
         return;
     }
     ...
} else {
     $c->log->warn("invalid api http login from '".$c->req->address."'");
     my $r = $c->get_auth_realm($realm);
     $r->credential->authorization_required_response($c, $r);
     return;
}


If I get around to it, I'll consider extending 
Catalyst::Authentication::Credential::HTTP because this sounds like a 
useful feature.

-Gerhard



On 2016-05-17 11:45, Dermot wrote:
> We had a similar problem at $work. To get what we wanted we had to 
> stop using the HTTP plugin and do something like this (warning: 
> hand-written, un-tested code follows) in the Root controller.
>
> my ( $username, $password ) = $c->request->headers->authorization_basic;
> my $logged_in_user;
> if ( defined $username && defined $password ) {
>  some_method_in_users_that_concatenates_and_athenticates($username, 
> $password);
> }
>
> if ($logged_in_user) {
>    $c->stash(user => $logged_in_user;
>    ...
> }
> else {
>   $c->response->header('WWW-Authenticate' => 'Basic realm="MyRealm");
>   $c->response->content_type('text/plain');
>   $c->response->status(401);
>   $c->detach();
> }
>
>
> HTH,
> Dermot
>
> On 13 May 2016 at 16:32, Gerhard Jungwirth <gjungwirth at sipwise.com 
> <mailto:gjungwirth at sipwise.com>> wrote:
>
>     Hi,
>
>     I am using Catalyst::Authentication::Store::DBIx::Class and
>     Catalyst::Authentication::Credential::HTTP with the following
>     configuration:
>
>             my_realm => {
>                 credential => {
>                     class => 'HTTP',
>                     type => 'basic',
>                     username_field => 'username',
>                     password_field => 'password',
>                     password_type => 'clear',
>                 },
>                 store => {
>                     class => 'DBIx::Class',
>                     user_model => 'DB::my_user_table',
>                 },
>             },
>
>     Which works great. The thing is: I want the user to authenticate
>     in the form "username at domain:password" using HTTP Basic
>     Authentication, where username and domain are checked against
>     separate fields in my DBIx::Class table. (Ideally, domain is
>     checked against a related table in my schema)
>
>     Is that supported? If not, can it be added? If not, how do you
>     suggest I implement that?
>
>     Thanks and Cheers,
>     Gerhard
>
>     _______________________________________________
>     List: Catalyst at lists.scsys.co.uk <mailto:Catalyst at lists.scsys.co.uk>
>     Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>     Searchable archive:
>     http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>     Dev site: http://dev.catalyst.perl.org/
>
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.scsys.co.uk/pipermail/catalyst/attachments/20160523/c3039ec1/attachment.htm>


More information about the Catalyst mailing list