[html-formfu] applying a filter

Octavian Rasnita orasnita at gmail.com
Fri Mar 20 09:01:47 GMT 2009 

Thank you for remembering me about the \%params which is sent to the callback subroutine.

In this case, which would be the recommended way to insert the hashed password in the database?

Create an external custom transformer that uses only the value of the password field, or applying the transformer in the controller, or something else?

I've seen recommendations for using DBIx::Class::EncodedColumn, and now it seems mor easier to use, because the Catalyst helper that generates the result classes accepts to add components before the Core.

However, if the old password field was generated as:

__PACKAGE__->add_columns(
'password' => {
data_type     => 'CHAR',
size          => 40,
}

I still don't know how I can upgrade it to be:

__PACKAGE__->add_columns(
'password' => {
data_type     => 'CHAR',
size          => 40,
encode_column => 1,
encode_class  => 'Digest',
encode_args   => {algorithm => 'SHA-1', format => 'hex'},
}

This way would be more complicated than creating a custom transformer, but maybe it has some other benefits... I don't know.

I think that I can't use __PACKAGE__->add_columns... after the "do not modify anything above" in the result class file, because it might try to add the same column twice, and I don't know if there is a modify_columns() method.

Thank you for the recommendation for the best considered way.

Octavian

----- Original Message ----- 
From: "Carl Franks" <fireartist at gmail.com>
To: "HTML Form Creation,Rendering and Validation Framework" <html-formfu at lists.scsys.co.uk>
Sent: Friday, March 20, 2009 10:15 AM
Subject: Re: [html-formfu] applying a filter


> 2009/3/19 David Schmidt <davewood at gmx.at>:
>> I am using the transformer in the form where I create a new user and
>> insert username and password into the database.
>> But the password hash that is inserted into the database doesnt match
>> with the one I get when I execute the same command on the commandline.
> 
> Callback subroutines are passed the arguments ($value, \%params)
> 
> print sha1_hex('password');
>    5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> print sha1_hex('password', {});
>    71252337f7555e49ec5eaa05c8026c846057e404
> print sha1_hex('password', { a => 'b', c => 'd' });
>    e0613e6de2ebadf9cdfe59a27b251f74ea3052cf
> print sha1_hex('password', { c => 'd', a => 'b' });
>    f229018fb7726a0ecb73b3b621e1074dbb8763fd
> 
> Callback.pm was never intended for use with arbitrary subroutines.
> It's unfortunate that someone tried it and thought it worked.
> 
> The above code shows that it can't possibly work reliably.
> If the value for a submit button changes, it breaks your hashed-values.
> If you add a new hidden field, it breaks...
> If the order of hash keys changes (which is guaranteed with perl), it breaks...
> 
> I'll check the docs and make sure there are no examples of this there.
> 
> Carl
> 
> _______________________________________________
> HTML-FormFu mailing list
> HTML-FormFu at lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu

More information about the HTML-FormFu mailing list