[html-formfu] Constraint for salted hash password

[Christian Lackas]

Hi Everybody,

just working on a user detail form, where the user has to type in his
password to be able to store the data. The passwords are stored as a
salted hash (using Crypt::SaltedHash and Digest::SHA1) in the database.

My idea was to have this in my form.yml:

    - type: Password
      name: password_old
      label: Old password
      filters:
        - type: Callback
          callback: MyApp::Utils::hashpassword
      constraint:
        - type: Set
          message: Password does not match

and then complete the Set constraint in the controller (where I have
access to the user object):

    $form->get_all_element({name=>'password_old'})->
        get_constraint({type => 'Set'})->set([$user->password]);

MyApp::Utils::hashpassword just calculates the salted hash:

    sub hashpassword {
        my ($pwd) = @_;
        Crypt::SaltedHash->new->add($pwd)->generate;
    }

After a happy moment, that I kind of understood filters and constraints,
I quickly realized that this cannot work (of course), since everytime I
hash a cleartext it will be different, due to the salt. So the
constraint will always fail.
So I probably have to use a Callback (and the remove the filter) to use
the old password to extract the salt and hash the input value with that
salt again, to compare them.  
That said, how can I pass an additional parameter into my callback
function? If the callback function just sees the input value and a
hashref of all other name/value pairs, I don't see how to do it (other
than using an ugly global variable). I would have the user id, but I
cannot access my model from within the callback to fetch the user data,
can I?

I assume this is a problem somebody else already solved.
Any help is appreciated.

Christian