3 package Catalyst::Plugin::Authentication::Credential::Password;
9 use Catalyst::Exception ();
13 my ( $c, $user, $password ) = @_;
16 $user ||= $_->param("login")
18 || $_->param("username")
21 $password ||= $_->param("password")
22 || $_->param("passwd")
27 $user = $c->get_user($user) || return
28 unless Scalar::Util::blessed($user)
29 and $user->isa("Catalyst:::Plugin::Authentication::User");
31 if ( $c->_check_password( $user, $password ) ) {
32 $c->set_authenticated($user);
41 my ( $c, $user, $password ) = @_;
43 if ( $user->supports(qw/password clear/) ) {
44 return $user->password eq $password;
46 elsif ( $user->supports(qw/password crypted/) ) {
47 my $crypted = $user->crypted_password;
48 return $crypted eq crypt( $password, $crypted );
50 elsif ( $user->supports(qw/password hashed/) ) {
52 my $d = Digest->new( $user->hash_algorithm );
53 $d->add( $user->password_pre_salt || '' );
55 $d->add( $user->password_post_salt || '' );
57 my $stored = $user->hashed_password;
58 my $computed = $d->digest;
60 return ( ( $computed eq $stored )
61 || ( unpack( "H*", $computed ) eq $stored ) );
63 elsif ( $user->supports(qw/password salted_hash/) ) {
64 require Crypt::SaltedHash;
67 $user->can("password_salt_len") ? $user->password_salt_len : 0;
69 return Crypt::SaltedHash->validate( $user->hashed_password, $password,
72 elsif ( $user->supports(qw/password self_check/) ) {
74 # while somewhat silly, this is to prevent code duplication
75 return $user->check_password($password);
79 Catalyst::Exception->throw(
80 "The user object $user does not support any "
81 . "known password authentication mechanism." );
93 Catalyst::Plugin::Authentication::Credential::Password - Authenticate a user
100 Authentication::Store::Foo
101 Authentication::Credential::Password
105 my ( $self, $c ) = @_;
107 $c->login( $c->req->param('username'), $c->req->param('password') );
112 This authentication credential checker takes a username (or userid) and a
113 password, and tries various methods of comparing a password based on what
114 the chosen store's user objects support:
118 =item clear text password
120 If the user has clear a clear text password it will be compared directly.
122 =item crypted password
124 If UNIX crypt hashed passwords are supported, they will be compared using
125 perl's builtin C<crypt> function.
127 =item hashed password
129 If the user object supports hashed passwords, they will be used in conjunction
138 =item login $username, $password
140 Try to log a user in.
142 C<$username> can be a string (e.g. retrieved from a form) or an object.
143 If the object is a L<Catalyst::Plugin::Authentication::User> it will be used
144 as is. Otherwise C<< $c->get_user >> is used to retrieve it.
146 C<$password> is a string.
148 If C<$username> or C<$password> are not provided, the query parameters
149 C<login>, C<user>, C<username> and C<password>, C<passwd>, C<pass> will
156 After the user is logged in, the user object for the current logged in user
157 can be retrieved from the context using the C<< $c->user >> method.
159 The current user can be logged out again by calling the C<< $c->logout >>
162 =head1 SUPPORTING THIS PLUGIN
164 For a User class to support credential verification using this plugin, it
165 needs to indicate what sort of password a given user supports
166 by implementing the C<supported_features> method in one or many of the
169 =head2 Clear Text Passwords
173 $user->supported_features(qw/password clear/);
181 Returns the user's clear text password as a string to be compared with C<eq>.
185 =head2 Crypted Passwords
189 $user->supported_features(qw/password crypted/);
195 =item crypted_password
197 Return's the user's crypted password as a string, with the salt as the first two chars.
201 =head2 Hashed Passwords
205 $user->supported_features(qw/password hashed/);
211 =item hashed_password
213 Return's the hash of the user's password as B<binary>.
217 Returns a string suitable for feeding into L<Digest/new>.
219 =item password_pre_salt
221 =item password_post_salt
223 Returns a string to be hashed before/after the user's password. Typically only
228 =head2 Crypt::SaltedHash Passwords
232 $user->supported_features(qw/password salted_hash/);
238 =item hashed_password
240 Returns the hash of the user's password as returned from L<Crypt-SaltedHash>->generate.
248 =item password_salt_len
250 Returns the length of salt used to generate the salted hash.