[html-formfu] applying a filter

David Schmidt davewood at gmx.at
Thu Mar 19 23:15:56 GMT 2009 

I am using the transformer in the form where I create a new user and
insert username and password into the database.
But the password hash that is inserted into the database doesnt match
with the one I get when I execute the same command on the commandline.



2009/3/19 Octavian Râşniţă <orasnita at gmail.com>:
> If you use the Authentication plugin, it means that that password field is
> used in a login form, right?
>
> In that case, you don't need to use a transformer at all.
>
> The transformer is needed only in the form used for creating a new user,
> where the new user types the password in 2 fields that should match, and
> then the password should be transformed in sha1_hex for beeing inserted
> hashed in the database.
>
> Octavian
>
> ----- Original Message ----- From: "David Schmidt" <davewood at gmx.at>
> To: "HTML Form Creation,Rendering and Validation Framework"
> <html-formfu at lists.scsys.co.uk>
> Sent: Thursday, March 19, 2009 6:39 PM
> Subject: Re: [html-formfu] applying a filter
>
>
> I got a little problem here.
>
> in my formfu yml file I use
>
> transformers:
>       - type: Callback
>         callback: 'Digest::SHA::sha1_hex'
>
> and in myApp.conf
>
> <authentication>
>   default_realm dbic
>   <realms>
>       <dbic>
>           <credential>
>               class Password
>               password_field password
>               password_type hashed
>               password_hash_type SHA-1
>           </credential>
>           <store>
>              (...)
>           </store>
>       </dbic>
>   </realms>
> </authentication>
>
> but the hashes dont match.
>
> This hash is inserted (providing password "oioioioi")
> 0c15f7b5ddad2ba75792b5d30d62ada2e7bda995
>
> But *** perl -MDigest::SHA -e "print
> Digest::SHA::sha1_hex('oioioioi')" *** returns
>
> 4a8737e65bd1312a45201bee99649b26e0eb3a22
>
> I am not the best of debuggers so I am a bit stuck
>
> as a workaround I am changing the password field manually with
> add_valid before I update the model (just as you tried)
> but I really want the transformer to work, any hints?
> my $account = $c->model('myDB::Accounts')->new_result({});
> $form->add_valid("password", sha1_hex($form->param('password')));
> $form->model->update($account);
>
> On Thu, Mar 19, 2009 at 4:36 PM, David Schmidt <davewood at gmx.at> wrote:
>>
>> sweet :)
>>
>> I was just about to comment on your solution for hashing the pw before
>> update/insert but transformers seem to be what should be used for that
>> kind of problem.
>>
>> thanks
>>
>> 2009/3/19 Octavian Râşniţă <orasnita at gmail.com>:
>>>
>>> I found a good solution for that, not by using a filter, but a
>>> transformer.
>>>
>>> But it can be done directly without creating a custom module, like:
>>>
>>> <element>
>>> type Password
>>> name password
>>> label_xml Password<sup>*</sup>:
>>> filter TrimEdges
>>> constraint Required
>>> <transformers>
>>> type Callback
>>> callback Digest::SHA1::sha1_hex
>>> </transformers>
>>> </element>
>>>
>>> The method Digest::SHA1::sha1_hex can be used directly as a callback
>>> method.
>>>
>>> Octavian
>>>
>>> ----- Original Message ----- From: "David Schmidt" <davewood at gmx.at>
>>> To: "HTML Form Creation,Rendering and Validation Framework"
>>> <html-formfu at lists.scsys.co.uk>
>>> Sent: Thursday, March 19, 2009 4:43 PM
>>> Subject: Re: [html-formfu] applying a filter
>>>
>>>
>>> I wrote my own Filter
>>>
>>> lib/HTML/FormFu/Filter/myApp/Digest_SHA.pm
>>>
>>> package HTML::FormFu::Filter::myApp::Digest_SHA;
>>> use strict;
>>> use warnings;
>>> use base 'HTML::FormFu::Filter';
>>> use Digest::SHA qw/sha1_hex/;
>>>
>>> sub filter {
>>> my ( $self, $value, $params ) = @_;
>>> return sha1_hex($value);
>>> }
>>>
>>> 1;
>>>
>>> and in my create.yml
>>>
>>> - type: Password
>>> name: password
>>> filters:
>>> - type: "myApp::Digest_SHA"
>>>
>>>
>>> works fine, but since I also use the repeat_password constraint and
>>> the filter is applied before passwords are compared I will not use
>>> this approach and rather change the password prior to
>>> updating/inserting into the database.
>>>
>>> On Sun, Jan 11, 2009 at 10:21 AM, Octavian Rasnita <orasnita at gmail.com>
>>> wrote:
>>>>
>>>> Hello,
>>>>
>>>> I am trying to find the best way of storing an encrypted password in the
>>>> database (when creating a new user for example).
>>>>
>>>> I thought that using a filter might be the best way for this and using a
>>>> callback would be enough:
>>>>
>>>> <filters>
>>>> type Callback
>>>> callback Digest::SHA1::sha1_hex
>>>> </filters>
>>>>
>>>> The single problem is that it doesn't work.
>>>>
>>>> Digest::SHA1::sha1_hex returns the encrypted string, so it should work,
>>>> but
>>>> I don't know why, it doesn't.
>>>>
>>>> I have also tried to use a 'use Digest::SHA1;' in MyApp.pm, even though
>>>> without it it didn't give any error, however it still doesn't work, and
>>>> the
>>>> unencrypted string is inserted in the database.
>>>>
>>>> The code I use for inserting the user is:
>>>>
>>>> if ($form->submitted_and_valid) {
>>>> my $user = $form->param_value('user');
>>>> my $email = $form->param_value('email');
>>>> my $hash = sha1_hex($user . $email . time());
>>>>
>>>> my $new_user = $c->model("DB::TempUser")->new_result({hash => $hash});
>>>> $form->process;
>>>> $form->model->update($new_user);
>>>> }
>>>>
>>>> Am I doing something wrong, or the filter can't be used for what I want?
>>>>
>>>> Thanks.
>>>>
>>>> Octavian
>>>>
>>>>
>>>> _______________________________________________
>>>> HTML-FormFu mailing list
>>>> HTML-FormFu at lists.scsys.co.uk
>>>> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>>>>
>>>
>>>
>>>
>>> --
>>> David Schmidt | http://www.fm5.at
>>>
>>> _______________________________________________
>>> HTML-FormFu mailing list
>>> HTML-FormFu at lists.scsys.co.uk
>>> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>>>
>>> _______________________________________________
>>> HTML-FormFu mailing list
>>> HTML-FormFu at lists.scsys.co.uk
>>> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>>>
>>
>>
>>
>> --
>> David Schmidt | http://www.fm5.at
>>
>
>
>
> --
> David Schmidt   |   http://www.fm5.at
>
> _______________________________________________
> HTML-FormFu mailing list
> HTML-FormFu at lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>
>
> _______________________________________________
> HTML-FormFu mailing list
> HTML-FormFu at lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>



-- 
David Schmidt   |   http://www.fm5.at

More information about the HTML-FormFu mailing list