after the break: when overloaded objects lie about themselves

[catagits/Catalyst-Plugin-Authentication.git] / lib / Catalyst / Plugin / Authentication / Credential / Password.pm

diff --git a/lib/Catalyst/Plugin/Authentication/Credential/Password.pm b/lib/Catalyst/Plugin/Authentication/Credential/Password.pm
index 2428795..f9d9b62 100644 (file)
--- a/lib/Catalyst/Plugin/Authentication/Credential/Password.pm
+++ b/lib/Catalyst/Plugin/Authentication/Credential/Password.pm
@@ -13,20 +13,26 @@ sub login {
     my ( $c, $user, $password, @rest ) = @_;
 
     for ( $c->request ) {
-        unless ( $user ||= $_->param("login")
-            || $_->param("user")
-            || $_->param("username") )
-        {
+        unless (
+            defined($user)
+                or
+            $user = $_->param("login")
+                 || $_->param("user")
+                 || $_->param("username")
+        ) {
             $c->log->debug(
                 "Can't login a user without a user object or user ID param")
                   if $c->debug;
             return;
         }
 
-        unless ( $password ||= $_->param("password")
-            || $_->param("passwd")
-            || $_->param("pass") )
-        {
+        unless (
+            defined($password)
+                or
+            $password = $_->param("password")
+                     || $_->param("passwd")
+                     || $_->param("pass")
+        ) {
             $c->log->debug("Can't login a user without a password")
               if $c->debug;
             return;
@@ -77,11 +83,14 @@ sub _check_password {
         $d->add($password);
         $d->add( $user->password_post_salt || '' );
 
-        my $stored   = $user->hashed_password;
-        my $computed = $d->digest;
+        my $stored      = $user->hashed_password;
+        my $computed    = $d->clone()->digest;
+        my $b64computed = $d->clone()->b64digest;
 
         return ( ( $computed eq $stored )
-              || ( unpack( "H*", $computed ) eq $stored ) );
+              || ( unpack( "H*", $computed ) eq $stored )
+              || ( $b64computed eq $stored)
+              || ( $b64computed.'=' eq $stored) );
     }
     elsif ( $user->supports(qw/password salted_hash/) ) {
         require Crypt::SaltedHash;