[html-formfu] Constraint for salted hash password

Christian Lackas christian at lackas.net
Fri Feb 27 16:00:11 GMT 2009


* Carl Franks <fireartist at gmail.com> [090227 15:07]:

Hi Carl,

thanks for your prompt reply, again.

> >    - type: Password
> >      name: password
> >      label: Password
> >      constraint:
> >        - type: MinLength
> >          min: 6
> >        - type: Regex
> >          regex: '\W'
> >          message: Must contain one non-letter/digit
> >      transformers:
> >        - type: Callback
> >          callback: MyApp::Utils::hashpassword
> Generally in all constraints, etc, you first need to check if the
> value is empty.
> In constraints it's:
>     return 1 if !defined $value || $value eq '';

So, MinLength does not apply to the empty string? Why is that?
I would have expected that FormFu complains here also.

I mean, in this case (with passwords) it is actually better for me
(since empty password means no change). But it was not the behavior I
had expected.

> >    $form->add_valid(password => $user->password);
> > I assume the password get's lost in the process since it is never used
> > as a default value (due to the 'Password' type), right?
> Is this from using $form->model->update() ?

Yes.

> Model-DBIC's update() isn't smart enough to know you don't want the
> column updated, so you need some logic somewhere, either so you don't
> call update() if the password isn't being changed
>     if ( $form->param_value('password') ) {
>         $form->model->update( $user );
>     }

The user might have updated other fields (such as his mail address, not
shown in my example here, though).
I found that simply re-adding the value from the database (s.a.) is the
quickest solution.

Christian




More information about the HTML-FormFu mailing list