use Catalyst ();
use Digest::MD5 ();
-BEGIN {
- __PACKAGE__->mk_accessors(qw/_config realm/);
-}
-
-our $VERSION = '1.008';
+__PACKAGE__->mk_accessors(qw/
+ _config
+ authorization_required_message
+ password_field
+ username_field
+ type
+ realm
+ algorithm
+ use_uri_for
+/);
+
+our $VERSION = '1.012';
sub new {
my ($class, $config, $app, $realm) = @_;
$config->{username_field} ||= 'username';
- my $self = { _config => $config, _debug => $app->debug };
+ # _config is shity back-compat with our base class.
+ my $self = { %$config, _config => $config, _debug => $app->debug ? 1 : 0 };
bless $self, $class;
$self->realm($realm);
sub init {
my ($self) = @_;
- my $type = $self->_config->{'type'} ||= 'any';
+ my $type = $self->type || 'any';
if (!grep /$type/, ('basic', 'digest', 'any')) {
Catalyst::Exception->throw(__PACKAGE__ . " used with unsupported authentication type: " . $type);
}
+ $self->type($type);
}
sub authenticate {
my $headers = $c->req->headers;
if ( my ( $username, $password ) = $headers->authorization_basic ) {
- my $user_obj = $realm->find_user( { $self->_config->{username_field} => $username }, $c);
+ my $user_obj = $realm->find_user( { $self->username_field => $username }, $c);
if (ref($user_obj)) {
my $opts = {};
- $opts->{$self->_config->{password_field}} = $password
- if $self->_config->{password_field};
+ $opts->{$self->password_field} = $password
+ if $self->password_field;
if ($self->check_password($user_obj, $opts)) {
return $user_obj;
}
- }
- else {
- $c->log->debug("Unable to locate user matching user info provided") if $c->debug;
+ else {
+ $c->log->debug("Password mismatch!") if $c->debug;
+ return;
+ }
+ }
+ else {
+ $c->log->debug("Unable to locate user matching user info provided")
+ if $c->debug;
return;
}
}
my $user_obj;
unless ( $user_obj = $auth_info->{user} ) {
- $user_obj = $realm->find_user( { $self->_config->{username_field} => $username }, $c);
+ $user_obj = $realm->find_user( { $self->username_field => $username }, $c);
}
unless ($user_obj) { # no user, no authentication
$c->log->debug("Unable to locate user matching user info provided") if $c->debug;
# the idea of the for loop:
# if we do not want to store the plain password in our user store,
# we can store md5_hex("$username:$realm:$password") instead
- my $password_field = $self->_config->{password_field};
+ my $password_field = $self->password_field;
for my $r ( 0 .. 1 ) {
# calculate H(A1) as per spec
my $A1_digest = $r ? $user_obj->$password_field() : do {
$A2_digest );
my $rq_digest = Digest::MD5::md5_hex($digest_in);
$nonce->nonce_count($nonce_count);
- $c->cache->set( __PACKAGE__ . '::opaque:' . $nonce->opaque,
- $nonce );
+ my $key = __PACKAGE__ . '::opaque:' . $nonce->opaque;
+ $self->store_digest_authorization_nonce( $c, $key, $nonce );
if ($rq_digest eq $res{response}) {
return $user_obj;
}
sub _is_http_auth_type {
my ( $self, $type ) = @_;
- my $cfgtype = lc( $self->_config->{'type'} || 'any' );
+ my $cfgtype = lc( $self->type );
return 1 if $cfgtype eq 'any' || $cfgtype eq lc $type;
return 0;
}
$c->res->status(401);
$c->res->content_type('text/plain');
- if (exists $self->_config->{authorization_required_message}) {
+ if (exists $self->{authorization_required_message}) {
# If you set the key to undef, don't stamp on the body.
- $c->res->body($self->_config->{authorization_required_message})
- if defined $c->res->body($self->_config->{authorization_required_message});
+ $c->res->body($self->authorization_required_message)
+ if defined $self->authorization_required_message;
}
else {
$c->res->body('Authorization required.');
unless ref($domain) && ref($domain) eq "ARRAY";
my @uris =
- $self->_config->{use_uri_for}
+ $self->use_uri_for
? ( map { $c->uri_for($_) } @$domain )
: ( map { URI::Escape::uri_escape($_) } @$domain );
my $nonce = $package->new;
- if ( my $algorithm = $opts->{algorithm} || $self->_config->{algorithm}) {
+ if ( my $algorithm = $opts->{algorithm} || $self->algorithm) {
$nonce->algorithm( $algorithm );
}
=item Peter Corlett
+=item Devin Austin (dhoss) C<dhoss@cpan.org>
+
=back
=head1 SEE ALSO
projects / catagits/Catalyst-Authentication-Credential-HTTP.git / blobdiff