1 package Catalyst::Authentication::Realm::Progressive;
7 use base 'Catalyst::Authentication::Realm';
11 Catalyst::Authentication::Realm::Progressive - Authenticate against multiple realms
15 This Realm allows an application to use a single authenticate() call during
16 which multiple realms are used and tried incrementally until one performs
17 a successful authentication is accomplished.
19 A simple use case is a Temporary Password that looks and acts exactly as a
20 regular password. Without changing the authentication code, you can
21 authenticate against multiple realms.
23 Another use might be to support a legacy website authentication system, trying
24 the current auth system first, and upon failure, attempting authentication against
29 If your application has multiple realms to authenticate, such as a temporary
30 password realm and a normal realm, you can configure the progressive realm as
31 the default, and configure it to iteratively call the temporary realm and then
35 'Plugin::Authentication' => {
36 default_realm => 'progressive',
39 class => 'Progressive',
40 realms => [ 'temp', 'normal' ],
41 # Modify the authinfo passed into authenticate by merging
42 # these hashes into the realm's authenticate call:
44 'local' => { 'type' => 'normal' },
45 'temp' => { 'type' => 'temporary' },
51 password_field => 'secret',
52 password_type => 'hashed',
53 password_hash_type => 'SHA-1',
56 class => 'DBIx::Class',
57 user_class => 'Schema::Person::Identity',
64 password_field => 'secret',
65 password_type => 'hashed',
66 password_hash_type => 'SHA-1',
69 class => 'DBIx::Class',
70 user_class => 'Schema::Person::Identity',
78 Then, in your controller code, to attempt authentication against both realms
79 you just have to do a simple authenticate call:
81 if ( $c->authenticate({ id => $username, password => $password }) ) {
82 if ( $c->user->type eq 'temporary' ) {
83 # Force user to change password
93 An array reference consisting of each realm to attempt authentication against,
94 in the order listed. If the realm does not exist, calling authenticate will
99 A hash reference keyed by realm names, with values being hash references to
100 merge into the authinfo call that is subsequently passed into the realm's
101 authenticate method. This is useful if your store uses the same class for each
102 realm, separated by some other token (in the L<EXAMPLE> authinfo_mungesection,
103 the 'realm' is a column on C<Schema::Person::Identity> that will be either
104 'temp' or 'local', to ensure the query to fetch the user finds the right
105 Identity record for that realm.
113 This method iteratively calls each realm listed in the C<realms> configuration
114 key. It returns after the first successful authentication call is done.
119 my ( $self, $c, $authinfo ) = @_;
120 my $realms = $self->config->{realms};
121 carp "No realms to authenticate against, check configuration"
123 carp "Realms configuration must be an array reference"
124 unless ref $realms eq 'ARRAY';
125 foreach my $realm_name ( @$realms ) {
126 my $realm = $c->get_auth_realm( $realm_name );
127 carp "Unable to find realm: $realm_name, check configuration"
129 my $auth = { %$authinfo };
130 $auth->{realm} ||= $realm->name;
131 if ( my $info = $realm->config->{authinfo_munge}->{$realm->name} ) {
132 $auth = Catalyst::Utils::merge_hashes($auth, $info);
134 if ( my $obj = $realm->authenticate( $c, $auth ) ) {
135 $c->set_authenticated( $obj, $realm->name );
142 ## we can not rely on inheriting new() because in this case we do not
143 ## load a credential or store, which is what new() sets up in the
144 ## standard realm. So we have to create our realm object, set our name
145 ## and return $self in order to avoid nasty warnings.
148 my ($class, $realmname, $config, $app) = @_;
150 my $self = { config => $config };
153 $self->name($realmname);
159 J. Shirley C<< <jshirley@cpan.org> >>
161 Jay Kuri C<< <jayk@cpan.org> >>
163 =head1 COPYRIGHT & LICENSE
165 Copyright (c) 2008 the aforementioned authors. All rights reserved. This program
166 is free software; you can redistribute it and/or modify it under the same terms