use Digest ();
BEGIN {
- __PACKAGE__->mk_accessors(qw/__config realm/);
+ __PACKAGE__->mk_accessors(qw/_config realm/);
}
sub new {
my ($class, $config, $app, $realm) = @_;
- my $self = { __config => $config };
+ my $self = { _config => $config };
bless $self, $class;
$self->realm($realm);
- $self->__config->{'password_field'} ||= 'password';
- $self->__config->{'password_type'} ||= 'clear';
- $self->__config->{'password_hash_type'} ||= 'SHA-1';
+ $self->_config->{'password_field'} ||= 'password';
+ $self->_config->{'password_type'} ||= 'clear';
+ $self->_config->{'password_hash_type'} ||= 'SHA-1';
- my $passwordtype = $self->__config->{'password_type'};
+ my $passwordtype = $self->_config->{'password_type'};
if (!grep /$passwordtype/, ('none', 'clear', 'hashed', 'salted_hash', 'crypted', 'self_check')) {
- Catalyst::Exception->throw(__PACKAGE__ . " used with unsupported password type: " . $self->__config->{'password_type'});
+ Catalyst::Exception->throw(__PACKAGE__ . " used with unsupported password type: " . $self->_config->{'password_type'});
}
return $self;
}
## password_field before we pass it to the user routine, as some auth modules use
## all data passed to them to find a matching user...
my $userfindauthinfo = {%{$authinfo}};
- delete($userfindauthinfo->{$self->__config->{'password_field'}});
+ delete($userfindauthinfo->{$self->_config->{'password_field'}});
my $user_obj = $realm->find_user($userfindauthinfo, $c);
if (ref($user_obj)) {
sub check_password {
my ( $self, $user, $authinfo ) = @_;
- if ($self->__config->{'password_type'} eq 'self_check') {
- return $user->check_password($authinfo->{$self->__config->{'password_field'}});
+ if ($self->_config->{'password_type'} eq 'self_check') {
+ return $user->check_password($authinfo->{$self->_config->{'password_field'}});
} else {
- my $password = $authinfo->{$self->__config->{'password_field'}};
- my $storedpassword = $user->get($self->__config->{'password_field'});
+ my $password = $authinfo->{$self->_config->{'password_field'}};
+ my $storedpassword = $user->get($self->_config->{'password_field'});
- if ($self->__config->{'password_type'} eq 'none') {
+ if ($self->_config->{'password_type'} eq 'none') {
return 1;
- } elsif ($self->__config->{'password_type'} eq 'clear') {
+ } elsif ($self->_config->{'password_type'} eq 'clear') {
return $password eq $storedpassword;
- } elsif ($self->__config->{'password_type'} eq 'crypted') {
+ } elsif ($self->_config->{'password_type'} eq 'crypted') {
return $storedpassword eq crypt( $password, $storedpassword );
- } elsif ($self->__config->{'password_type'} eq 'salted_hash') {
+ } elsif ($self->_config->{'password_type'} eq 'salted_hash') {
require Crypt::SaltedHash;
- my $salt_len = $self->__config->{'password_salt_len'} ? $self->__config->{'password_salt_len'} : 0;
+ my $salt_len = $self->_config->{'password_salt_len'} ? $self->_config->{'password_salt_len'} : 0;
return Crypt::SaltedHash->validate( $storedpassword, $password,
$salt_len );
- } elsif ($self->__config->{'password_type'} eq 'hashed') {
+ } elsif ($self->_config->{'password_type'} eq 'hashed') {
- my $d = Digest->new( $self->__config->{'password_hash_type'} );
- $d->add( $self->__config->{'password_pre_salt'} || '' );
+ my $d = Digest->new( $self->_config->{'password_hash_type'} );
+ $d->add( $self->_config->{'password_pre_salt'} || '' );
$d->add($password);
- $d->add( $self->__config->{'password_post_salt'} || '' );
+ $d->add( $self->_config->{'password_post_salt'} || '' );
my $computed = $d->clone()->digest;
my $b64computed = $d->clone()->b64digest;
}
}
-## BACKWARDS COMPATIBILITY - all subs below here are deprecated
-## They are here for compatibility with older modules that use / inherit from C::P::A::Password
-## login()'s existance relies rather heavily on the fact that only Credential::Password
-## is being used as a credential. This may not be the case. This is only here
-## for backward compatibility. It will go away in a future version
-## login should not be used in new applications.
-
-sub login {
- my ( $c, $user, $password, @rest ) = @_;
-
- unless (
- defined($user)
- or
- $user = $c->request->param("login")
- || $c->request->param("user")
- || $c->request->param("username")
- ) {
- $c->log->debug(
- "Can't login a user without a user object or user ID param")
- if $c->debug;
- return;
- }
-
- unless (
- defined($password)
- or
- $password = $c->request->param("password")
- || $c->request->param("passwd")
- || $c->request->param("pass")
- ) {
- $c->log->debug("Can't login a user without a password")
- if $c->debug;
- return;
- }
-
- unless ( Scalar::Util::blessed($user)
- and $user->isa("Catalyst::Authentication::User") )
- {
- if ( my $user_obj = $c->get_user( $user, $password, @rest ) ) {
- $user = $user_obj;
- }
- else {
- $c->log->debug("User '$user' doesn't exist in the default store")
- if $c->debug;
- return;
- }
- }
-
- if ( $c->_check_password( $user, $password ) ) {
- $c->set_authenticated($user);
- $c->log->debug("Successfully authenticated user '$user'.")
- if $c->debug;
- return 1;
- }
- else {
- $c->log->debug(
- "Failed to authenticate user '$user'. Reason: 'Incorrect password'")
- if $c->debug;
- return;
- }
-
-}
-
-## also deprecated. Here for compatibility with older credentials which do not inherit from C::P::A::Password
-sub _check_password {
- my ( $c, $user, $password ) = @_;
-
- if ( $user->supports(qw/password clear/) ) {
- return $user->password eq $password;
- }
- elsif ( $user->supports(qw/password crypted/) ) {
- my $crypted = $user->crypted_password;
- return $crypted eq crypt( $password, $crypted );
- }
- elsif ( $user->supports(qw/password hashed/) ) {
-
- my $d = Digest->new( $user->hash_algorithm );
- $d->add( $user->password_pre_salt || '' );
- $d->add($password);
- $d->add( $user->password_post_salt || '' );
-
- my $stored = $user->hashed_password;
- my $computed = $d->clone()->digest;
- my $b64computed = $d->clone()->b64digest;
-
- return ( ( $computed eq $stored )
- || ( unpack( "H*", $computed ) eq $stored )
- || ( $b64computed eq $stored)
- || ( $b64computed.'=' eq $stored) );
- }
- elsif ( $user->supports(qw/password salted_hash/) ) {
- require Crypt::SaltedHash;
-
- my $salt_len =
- $user->can("password_salt_len") ? $user->password_salt_len : 0;
-
- return Crypt::SaltedHash->validate( $user->hashed_password, $password,
- $salt_len );
- }
- elsif ( $user->supports(qw/password self_check/) ) {
-
- # while somewhat silly, this is to prevent code duplication
- return $user->check_password($password);
-
- }
- else {
- Catalyst::Exception->throw(
- "The user object $user does not support any "
- . "known password authentication mechanism." );
- }
-}
-
__PACKAGE__;
__END__
=head2 check_password( )
-=head2 login( )
-
=cut