3 package Catalyst::Plugin::Authentication::Credential::Password;
9 use Catalyst::Exception ();
13 my ( $c, $user, $password ) = @_;
16 $user ||= $_->param("login")
18 || $_->param("username")
19 || Catalyst::Exception->throw("Can't determine username for login");
21 $password ||= $_->param("password")
22 || $_->param("passwd")
24 || Catalyst::Exception->throw("Can't determine password for login");
27 $user = $c->get_user($user)
28 unless Scalar::Util::blessed($user)
29 and $user->isa("Catalyst:::Plugin::Authentication::User");
31 if ( $c->_check_password( $user, $password ) ) {
32 $c->set_authenticated($user);
41 my ( $c, $user, $password ) = @_;
43 if ( $user->supports(qw/password clear/) ) {
44 return $user->password eq $password;
46 elsif ( $user->supports(qw/password crypted/) ) {
47 my $crypted = $user->crypted_password;
48 return $crypted eq crypt( $password, $crypted );
50 elsif ( $user->supports(qw/password hashed/) ) {
51 my $d = Digest->new( $user->hash_algorithm );
52 $d->add( $user->password_pre_salt || '' );
54 $d->add( $user->password_post_salt || '' );
55 return $d->digest eq $user->hashed_password;
57 elsif ( $user->supports(qw/password self_check/) ) {
59 # while somewhat silly, this is to prevent code duplication
60 return $user->check_password($password);
63 Catalyst::Exception->throw(
64 "The user object $user does not support any "
65 . "known password authentication mechanism." );
77 Catalyst::Plugin::Authentication::Credential::Password - Authenticate a user
84 Authentication::Store::Foo
85 Authentication::Credential::Password
89 my ( $self, $c ) = @_;
91 $c->login( $c->req->param('login'), $c->req->param('password') );
96 This authentication credential checker takes a user and a password, and tries
97 various methods of comparing a password based on what the user supports:
101 =item clear text password
103 If the user has clear a clear text password it will be compared directly.
105 =item crypted password
107 If UNIX crypt hashed passwords are supported, they will be compared using
108 perl's builtin C<crypt> function.
110 =item hashed password
112 If the user object supports hashed passwords, they will be used in conjunction
121 =item login $user, $password
125 Try to log a user in.
127 C<$user> can be an ID or object. If it isa
128 L<Catalyst::Plugin::Authentication::User> it will be used as is. Otherwise
129 C<< $c->get_user >> is used to retrieve it.
131 C<$password> is a string.
133 If C<$user> or C<$password> are not provided the parameters C<login>, C<user>,
134 C<username> and C<password>, C<passwd>, C<pass> will be tried instead.
138 =head1 SUPPORTING THIS PLUGIN
140 =head2 Clear Text Passwords
144 $user->supports(qw/password clear/);
152 Returns the user's clear text password as a string to be compared with C<eq>.
156 =head2 Crypted Passwords
160 $user->supports(qw/password crypted/);
166 =item crypted_password
168 Return's the user's crypted password as a string, with the salt as the first two chars.
172 =head2 Hashed Passwords
176 $user->supports(qw/password hashed/);
182 =item hashed_passwords
184 Return's the hash of the user's password as B<binary>.
188 Returns a string suitable for feeding into L<Digest/new>.
190 =item password_pre_salt
192 =item password_post_salt
194 Returns a string to be hashed before/after the user's password. Typically only