use Catalyst::Exception ();
use Digest ();
-BEGIN {
- __PACKAGE__->mk_accessors(qw/_config realm/);
-}
+__PACKAGE__->mk_accessors(qw/_config realm/);
sub new {
my ($class, $config, $app, $realm) = @_;
-
+
+ # Note _config is horrible back compat hackery!
my $self = { _config => $config };
bless $self, $class;
if ($self->_config->{'password_type'} eq 'none') {
return 1;
} elsif ($self->_config->{'password_type'} eq 'clear') {
+ # FIXME - Should we warn in the $storedpassword undef case,
+ # as the user probably fluffed the config?
+ return unless defined $storedpassword;
return $password eq $storedpassword;
} elsif ($self->_config->{'password_type'} eq 'crypted') {
return $storedpassword eq crypt( $password, $storedpassword );
}
}
-## BACKWARDS COMPATIBILITY - all subs below here are deprecated
-## They are here for compatibility with older modules that use / inherit from C::P::A::Password
-## login()'s existance relies rather heavily on the fact that only Credential::Password
-## is being used as a credential. This may not be the case. This is only here
-## for backward compatibility. It will go away in a future version
-## login should not be used in new applications.
-
-sub login {
- my ( $c, $user, $password, @rest ) = @_;
-
- unless (
- defined($user)
- or
- $user = $c->request->param("login")
- || $c->request->param("user")
- || $c->request->param("username")
- ) {
- $c->log->debug(
- "Can't login a user without a user object or user ID param")
- if $c->debug;
- return;
- }
-
- unless (
- defined($password)
- or
- $password = $c->request->param("password")
- || $c->request->param("passwd")
- || $c->request->param("pass")
- ) {
- $c->log->debug("Can't login a user without a password")
- if $c->debug;
- return;
- }
-
- unless ( Scalar::Util::blessed($user)
- and $user->isa("Catalyst::Authentication::User") )
- {
- if ( my $user_obj = $c->get_user( $user, $password, @rest ) ) {
- $user = $user_obj;
- }
- else {
- $c->log->debug("User '$user' doesn't exist in the default store")
- if $c->debug;
- return;
- }
- }
-
- if ( $c->_check_password( $user, $password ) ) {
- $c->set_authenticated($user);
- $c->log->debug("Successfully authenticated user '$user'.")
- if $c->debug;
- return 1;
- }
- else {
- $c->log->debug(
- "Failed to authenticate user '$user'. Reason: 'Incorrect password'")
- if $c->debug;
- return;
- }
-
-}
-
-## also deprecated. Here for compatibility with older credentials which do not inherit from C::P::A::Password
-sub _check_password {
- my ( $c, $user, $password ) = @_;
-
- if ( $user->supports(qw/password clear/) ) {
- return $user->password eq $password;
- }
- elsif ( $user->supports(qw/password crypted/) ) {
- my $crypted = $user->crypted_password;
- return $crypted eq crypt( $password, $crypted );
- }
- elsif ( $user->supports(qw/password hashed/) ) {
-
- my $d = Digest->new( $user->hash_algorithm );
- $d->add( $user->password_pre_salt || '' );
- $d->add($password);
- $d->add( $user->password_post_salt || '' );
-
- my $stored = $user->hashed_password;
- my $computed = $d->clone()->digest;
- my $b64computed = $d->clone()->b64digest;
-
- return ( ( $computed eq $stored )
- || ( unpack( "H*", $computed ) eq $stored )
- || ( $b64computed eq $stored)
- || ( $b64computed.'=' eq $stored) );
- }
- elsif ( $user->supports(qw/password salted_hash/) ) {
- require Crypt::SaltedHash;
-
- my $salt_len =
- $user->can("password_salt_len") ? $user->password_salt_len : 0;
-
- return Crypt::SaltedHash->validate( $user->hashed_password, $password,
- $salt_len );
- }
- elsif ( $user->supports(qw/password self_check/) ) {
-
- # while somewhat silly, this is to prevent code duplication
- return $user->check_password($password);
-
- }
- else {
- Catalyst::Exception->throw(
- "The user object $user does not support any "
- . "known password authentication mechanism." );
- }
-}
-
__PACKAGE__;
__END__
=head1 CONFIGURATION
# example
- __PACKAGE__->config->{'Plugin::Authentication'} =
+ __PACKAGE__->config('Plugin::Authentication' =>
{
default_realm => 'members',
realms => {
depending on the storage class used, but is most likely something like
'password'. In fact, this is so common that if this is left out of the config,
it defaults to 'password'. This field is obtained from the user object using
-the get() method. Essentially: $user->get('passwordfieldname');
+the get() method. Essentially: $user->get('passwordfieldname');
+B<NOTE> If the password_field is something other than 'password', you must
+be sure to use that same field name when calling $c->authenticate().
=item password_type
most credential modules.) However, below is a description of the routines
required by L<Catalyst::Plugin::Authentication> for all credential modules.
-=head2 new( $config, $app )
+=head2 new( $config, $app, $realm )
Instantiate a new Password object using the configuration hash provided in
$config. A reference to the application is provided as the second argument.
=head2 check_password( )
-=head2 login( )
-
=cut