1 package Catalyst::Authentication::Realm::Progressive;
7 use base 'Catalyst::Authentication::Realm';
11 Catalyst::Authentication::Realm::Progressive - Authenticate against multiple realms
15 This Realm allows an application to use a single authenticate() call during
16 which multiple realms are used and tried incrementally until one performs
17 a successful authentication is accomplished.
19 A simple use case is a Temporary Password that looks and acts exactly as a
20 regular password. Without changing the authentication code, you can
21 authenticate against multiple realms.
23 Another use might be to support a legacy website authentication system, trying
24 the current auth system first, and upon failure, attempting authentication against
29 If your application has multiple realms to authenticate, such as a temporary
30 password realm and a normal realm, you can configure the progressive realm as
31 the default, and configure it to iteratively call the temporary realm and then
35 'Plugin::Authentication' => {
36 default_realm => 'progressive',
39 class => 'Progressive',
40 realms => [ 'temp', 'normal' ],
41 # Modify the authinfo passed into authenticate by merging
42 # these hashes into the realm's authenticate call:
44 'normal' => { 'type' => 'normal' },
45 'temp' => { 'type' => 'temporary' },
51 password_field => 'secret',
52 password_type => 'hashed',
53 password_hash_type => 'SHA-1',
56 class => 'DBIx::Class',
57 user_model => 'Schema::Person::Identity',
64 password_field => 'secret',
65 password_type => 'hashed',
66 password_hash_type => 'SHA-1',
69 class => 'DBIx::Class',
70 user_model => 'Schema::Person::Identity',
78 Then, in your controller code, to attempt authentication against both realms
79 you just have to do a simple authenticate call:
81 if ( $c->authenticate({ id => $username, password => $password }) ) {
82 if ( $c->user->type eq 'temporary' ) {
83 # Force user to change password
93 An array reference consisting of each realm to attempt authentication against,
94 in the order listed. If the realm does not exist, calling authenticate will
99 A hash reference keyed by realm names, with values being hash references to
100 merge into the authinfo call that is subsequently passed into the realm's
101 authenticate method. This is useful if your store uses the same class for each
102 realm, separated by some other token (in the L<EXAMPLE> authinfo_mungesection,
103 the 'realm' is a column on C<Schema::Person::Identity> that will be either
104 'temp' or 'local', to ensure the query to fetch the user finds the right
105 Identity record for that realm.
111 =head2 new ($realmname, $config, $app)
113 Constructs an instance of this realm.
117 This method iteratively calls each realm listed in the C<realms> configuration
118 key. It returns after the first successful authentication call is done.
123 my ( $self, $c, $authinfo ) = @_;
124 my $realms = $self->config->{realms};
125 carp "No realms to authenticate against, check configuration"
127 carp "Realms configuration must be an array reference"
128 unless ref $realms eq 'ARRAY';
129 foreach my $realm_name ( @$realms ) {
130 my $realm = $c->get_auth_realm( $realm_name );
131 carp "Unable to find realm: $realm_name, check configuration"
133 my $auth = { %$authinfo };
134 $auth->{realm} ||= $realm->name;
135 if ( my $info = $self->config->{authinfo_munge}->{$realm->name} ) {
136 $auth = Catalyst::Utils::merge_hashes($auth, $info);
138 if ( my $obj = $realm->authenticate( $c, $auth ) ) {
139 $c->set_authenticated( $obj, $realm->name );
146 ## we can not rely on inheriting new() because in this case we do not
147 ## load a credential or store, which is what new() sets up in the
148 ## standard realm. So we have to create our realm object, set our name
149 ## and return $self in order to avoid nasty warnings.
152 my ($class, $realmname, $config, $app) = @_;
154 my $self = { config => $config };
157 $self->name($realmname);
163 J. Shirley C<< <jshirley@cpan.org> >>
165 Jay Kuri C<< <jayk@cpan.org> >>
167 =head1 COPYRIGHT & LICENSE
169 Copyright (c) 2008 the aforementioned authors. All rights reserved. This program
170 is free software; you can redistribute it and/or modify it under the same terms