3 package Catalyst::Plugin::Authentication::Credential::Password;
9 use Catalyst::Exception ();
13 my ( $c, $user, $password ) = @_;
14 $user = $c->get_user($user)
15 unless Scalar::Util::blessed($user)
16 and $user->isa("Catalyst:::Plugin::Authentication::User");
18 if ( $c->_check_password( $user, $password ) ) {
19 $c->set_authenticated($user);
28 my ( $c, $user, $password ) = @_;
30 if ( $user->supports(qw/password clear/) ) {
31 return $user->password eq $password;
33 elsif ( $user->supports(qw/password crypted/) ) {
34 my $crypted = $user->crypted_password;
35 return $crypted eq crypt( $password, $crypted );
37 elsif ( $user->supports(qw/password hashed/) ) {
38 my $d = Digest->new( $user->hash_algorithm );
39 $d->add( $user->password_pre_salt || '' );
41 $d->add( $user->password_post_salt || '' );
42 return $d->digest eq $user->hashed_password;
45 Catalyst::Exception->throw(
46 "The user object $user does not support any "
47 . "known password authentication mechanism." );
59 Catalyst:::Plugin::Authentication::Credential::Password - Authenticate a user
66 Authentication::Store::Foo
67 Authentication::Credential::Password
71 my ( $self, $c ) = @_;
73 $c->login( $c->req->param('login'), $c->req->param('password') );
78 This authentication credential checker takes a user and a password, and tries
79 various methods of comparing a password based on what the user supports:
83 =item clear text password
85 If the user has clear a clear text password it will be compared directly.
87 =item crypted password
89 If UNIX crypt hashed passwords are supported, they will be compared using
90 perl's builtin C<crypt> function.
94 If the user object supports hashed passwords, they will be used in conjunction
103 =item login $user, $password
105 Try to log a user in.
107 $user can be an ID or object. If it isa
108 L<Catalyst:::Plugin::Authentication::User> it will be used as is. Otherwise
109 C<< $c->get_user >> is used to retrieve it.
111 $password is a string.
115 =head1 SUPPORTING THIS PLUGIN
117 =head2 Clear Text Passwords
121 $user->supports(qw/password clear/);
129 Returns the user's clear text password as a string to be compared with C<eq>.
133 =head2 Crypted Passwords
137 $user->supports(qw/password crypted/);
143 =item crypted_password
145 Return's the user's crypted password as a string, with the salt as the first two chars.
149 =head2 Hashed Passwords
153 $user->supports(qw/password hashed/);
159 =item hashed_passwords
161 Return's the hash of the user's password as B<binary>.
165 Returns a string suitable for feeding into L<Digest/new>.
167 =item password_pre_salt
169 =item password_post_salt
171 Returns a string to be hashed before/after the user's password. Typically only