__PACKAGE__->mk_accessors(qw/_config realm/);
}
-our $VERSION = "1.005";
+our $VERSION = "1.007";
sub new {
my ($class, $config, $app, $realm) = @_;
+ $config->{username_field} ||= 'username';
my $self = { _config => $config, _debug => $app->debug };
bless $self, $class;
my $headers = $c->req->headers;
if ( my ( $username, $password ) = $headers->authorization_basic ) {
- my $user_obj = $realm->find_user( { username => $username }, $c);
- if (ref($user_obj)) {
- if ($self->check_password($user_obj, {$self->_config->{password_field} => $password})) {
+ my $user_obj = $realm->find_user( { $self->_config->{username_field} => $username }, $c);
+ if (ref($user_obj)) {
+ my $opts = {};
+ $opts->{$self->_config->{password_field}} = $password
+ if $self->_config->{password_field};
+ if ($self->check_password($user_obj, $opts)) {
$c->set_authenticated($user_obj);
return $user_obj;
}
$c->log->debug('Checking authentication parameters.')
if $c->debug;
- my $uri = '/' . $c->request->path;
+ my $uri = $c->request->uri->path_query;
my $algorithm = $res{algorithm} || 'MD5';
my $nonce_count = '0x' . $res{nc};
my $user;
unless ( $user = $auth_info->{user} ) {
- $user = $realm->find_user( { username => $username }, $c);
+ $user = $realm->find_user( { $self->_config->{username_field} => $username }, $c);
}
unless ($user) { # no user, no authentication
$c->log->debug("Unable to locate user matching user info provided") if $c->debug;
/;
__PACKAGE__->config( authentication => {
+ default_realm => 'example',
realms => {
example => {
credential => {
$c->authenticate({ realm => "example" });
# either user gets authenticated or 401 is sent
- # Note that the authentication realm sent to the client is overridden
- # here, but this does not affect the Catalyst::Authentication::Realm
- # used for authentication.
+ # Note that the authentication realm sent to the client (in the
+ # RFC 2617 sense) is overridden here, but this *does not*
+ # effect the Catalyst::Authentication::Realm used for
+ # authentication - to do that, you need
+ # $c->authenticate({}, 'otherrealm')
do_stuff();
}
=item password_type
The type of password returned by the user object. Same usage as in
-L<Catalyst::Authentication::Credential::Password|Catalyst::Authentication::Credential::Password/passwprd_type>
+L<Catalyst::Authentication::Credential::Password|Catalyst::Authentication::Credential::Password/password_type>
=item password_field
The name of accessor used to retrieve the value of the password field from the user object. Same usage as in
L<Catalyst::Authentication::Credential::Password|Catalyst::Authentication::Credential::Password/password_field>
+=item username_field
+
+The field name that the user's username is mapped into when finding the user from the realm. Defaults to 'username'.
+
=item use_uri_for
If this configuration key has a true value, then the domain(s) for the authorization header will be
Updated to current name space and currently maintained
by: Tomas Doran C<bobtfish@bobtfish.net>.
-Original module by:
+Original module by:
=over
=back
+=head1 CONTRIBUTORS
+
+Patches contributed by:
+
+=over
+
+=item Peter Corlett
+
+=back
+
=head1 SEE ALSO
RFC 2617 (or its successors), L<Catalyst::Plugin::Cache>, L<Catalyst::Plugin::Authentication>