__PACKAGE__->mk_accessors(qw/_config realm/);
}
-our $VERSION = "1.002";
+our $VERSION = "1.004";
sub new {
my ($class, $config, $app, $realm) = @_;
# we can store md5_hex("$username:$realm:$password") instead
my $password_field = $self->_config->{password_field};
for my $r ( 0 .. 1 ) {
- # FIXME - Do not assume accessor is called password.
# calculate H(A1) as per spec
my $A1_digest = $r ? $user->$password_field() : do {
$ctx = Digest::MD5->new;
sub _build_auth_header_domain {
my ( $self, $c, $opts ) = @_;
-
if ( my $domain = $opts->{domain} ) {
Catalyst::Exception->throw("domain must be an array reference")
unless ref($domain) && ref($domain) eq "ARRAY";
sub _build_auth_header_common {
my ( $self, $c, $opts ) = @_;
-
return (
$self->_build_auth_header_realm($c, $opts),
$self->_build_auth_header_domain($c, $opts),
=item authenticate_digest $c, $realm, \%auth_info
Performs HTTP digest authentication. Note that the password_type B<must> by I<clear> for
-digest authentication to succeed.
+digest authentication to succeed, and you must have L<Catalyst::Plugin::Session> in
+your application as digest authentication needs to store persistent data.
+
+Note - if you do not want to store your user passwords as clear text, then it is possible
+to store instead the MD5 digest in hex of the string '$username:$realm:$password'
=item authorization_required_response $c, $realm, \%auth_info
=item password_type
-The type of password returned by the user object. Same useage as in
+The type of password returned by the user object. Same usage as in
L<Catalyst::Authentication::Credential::Password|Catalyst::Authentication::Credential::Password/passwprd_type>
=item password_field
-The name of accessor used to retrieve the value of the password field from the user object. Same useage as in
+The name of accessor used to retrieve the value of the password field from the user object. Same usage as in
L<Catalyst::Authentication::Credential::Password|Catalyst::Authentication::Credential::Password/password_field>
=item use_uri_for