package Catalyst::Authentication::Credential::HTTP;
-use base qw/Catalyst::Component/;
+use base qw/Catalyst::Authentication::Credential::Password/;
use strict;
use warnings;
__PACKAGE__->mk_accessors(qw/_config realm/);
}
-our $VERSION = "1.000";
+our $VERSION = "1.002";
sub new {
my ($class, $config, $app, $realm) = @_;
if ( my ( $username, $password ) = $headers->authorization_basic ) {
my $user_obj = $realm->find_user( { username => $username }, $c);
if (ref($user_obj)) {
- if ($user_obj->check_password($password)) {
+ if ($self->check_password($user_obj, {$self->_config->{password_field} => $password})) {
$c->set_authenticated($user_obj);
return $user_obj;
}
# the idea of the for loop:
# if we do not want to store the plain password in our user store,
# we can store md5_hex("$username:$realm:$password") instead
+ my $password_field = $self->_config->{password_field};
for my $r ( 0 .. 1 ) {
-
+ # FIXME - Do not assume accessor is called password.
# calculate H(A1) as per spec
- my $A1_digest = $r ? $user->password : do {
+ my $A1_digest = $r ? $user->$password_field() : do {
$ctx = Digest::MD5->new;
- $ctx->add( join( ':', $username, $realm->name, $user->password ) );
+ $ctx->add( join( ':', $username, $realm->name, $user->$password_field() ) );
$ctx->hexdigest;
};
if ( $nonce->algorithm eq 'MD5-sess' ) {
credential => {
class => 'HTTP',
type => 'any', # or 'digest' or 'basic'
+ password_type => 'clear',
+ password_field => 'password'
},
store => {
class => 'Minimal',
=item authenticate_basic $c, $realm, \%auth_info
+Acts like L<Catalyst::Authentication::Credential::Password>, and will lookup the user's password as detailed in that module.
+
=item authenticate_digest $c, $realm, \%auth_info
-Try to authenticate one of the methods without checking if the method is
-allowed in the configuration.
+Assumes that your user object has a hard coded method which returns a clear text password.
=item authorization_required_response $c, $realm, \%auth_info