3 package Catalyst::Plugin::Authentication::Credential::Password;
\r
9 use Catalyst::Exception ();
\r
13 my ( $c, $user, $password ) = @_;
\r
15 for ( $c->request ) {
\r
16 $user ||= $_->param("login")
\r
17 || $_->param("user")
\r
18 || $_->param("username")
\r
21 $password ||= $_->param("password")
\r
22 || $_->param("passwd")
\r
23 || $_->param("pass")
\r
27 $user = $c->get_user($user) || return
\r
28 unless Scalar::Util::blessed($user)
\r
29 and $user->isa("Catalyst:::Plugin::Authentication::User");
\r
31 if ( $c->_check_password( $user, $password ) ) {
\r
32 $c->set_authenticated($user);
\r
40 sub _check_password {
\r
41 my ( $c, $user, $password ) = @_;
\r
43 if ( $user->supports(qw/password clear/) ) {
\r
44 return $user->password eq $password;
\r
46 elsif ( $user->supports(qw/password crypted/) ) {
\r
47 my $crypted = $user->crypted_password;
\r
48 return $crypted eq crypt( $password, $crypted );
\r
50 elsif ( $user->supports(qw/password hashed/) ) {
\r
52 my $d = Digest->new( $user->hash_algorithm );
\r
53 $d->add( $user->password_pre_salt || '' );
\r
55 $d->add( $user->password_post_salt || '' );
\r
57 my $stored = $user->hashed_password;
\r
58 my $computed = $d->digest;
\r
60 return ( ( $computed eq $stored )
\r
61 || ( unpack( "H*", $computed ) eq $stored ) );
\r
63 elsif ( $user->supports(qw/password salted_hash/) ) {
\r
64 require Crypt::SaltedHash;
\r
67 $user->can("password_salt_len") ? $user->password_salt_len : 0;
\r
69 return Crypt::SaltedHash->validate( $user->hashed_password, $password,
\r
72 elsif ( $user->supports(qw/password self_check/) ) {
\r
74 # while somewhat silly, this is to prevent code duplication
\r
75 return $user->check_password($password);
\r
79 Catalyst::Exception->throw(
\r
80 "The user object $user does not support any "
\r
81 . "known password authentication mechanism." );
\r
93 Catalyst::Plugin::Authentication::Credential::Password - Authenticate a user
\r
100 Authentication::Store::Foo
\r
101 Authentication::Credential::Password
\r
104 sub login : Local {
\r
105 my ( $self, $c ) = @_;
\r
107 $c->login( $c->req->param('login'), $c->req->param('password') );
\r
112 This authentication credential checker takes a user and a password, and tries
\r
113 various methods of comparing a password based on what the user supports:
\r
117 =item clear text password
\r
119 If the user has clear a clear text password it will be compared directly.
\r
121 =item crypted password
\r
123 If UNIX crypt hashed passwords are supported, they will be compared using
\r
124 perl's builtin C<crypt> function.
\r
126 =item hashed password
\r
128 If the user object supports hashed passwords, they will be used in conjunction
\r
137 =item login $user, $password
\r
141 Try to log a user in.
\r
143 C<$user> can be an ID or object. If it isa
\r
144 L<Catalyst::Plugin::Authentication::User> it will be used as is. Otherwise
\r
145 C<< $c->get_user >> is used to retrieve it.
\r
147 C<$password> is a string.
\r
149 If C<$user> or C<$password> are not provided the parameters C<login>, C<user>,
\r
150 C<username> and C<password>, C<passwd>, C<pass> will be tried instead.
\r
154 =head1 SUPPORTING THIS PLUGIN
\r
156 =head2 Clear Text Passwords
\r
160 $user->supports(qw/password clear/);
\r
168 Returns the user's clear text password as a string to be compared with C<eq>.
\r
172 =head2 Crypted Passwords
\r
176 $user->supports(qw/password crypted/);
\r
182 =item crypted_password
\r
184 Return's the user's crypted password as a string, with the salt as the first two chars.
\r
188 =head2 Hashed Passwords
\r
192 $user->supports(qw/password hashed/);
\r
198 =item hashed_password
\r
200 Return's the hash of the user's password as B<binary>.
\r
202 =item hash_algorithm
\r
204 Returns a string suitable for feeding into L<Digest/new>.
\r
206 =item password_pre_salt
\r
208 =item password_post_salt
\r
210 Returns a string to be hashed before/after the user's password. Typically only
\r
211 a pre-salt is used.
\r
213 =head2 Crypt::SaltedHash Passwords
\r
217 $user->supports(qw/password salted_hash/);
\r
223 =item hashed_password
\r
225 Return's the hash of the user's password as returned from L<Crypt-SaltedHash>->generate.
\r
233 =item password_salt_len
\r
235 Returns the length of salt used to generate the salted hash.
\r