after the break: when overloaded objects lie about themselves

[catagits/Catalyst-Plugin-Authentication.git] / lib / Catalyst / Plugin / Authentication / Credential / Password.pm

diff --git a/lib/Catalyst/Plugin/Authentication/Credential/Password.pm b/lib/Catalyst/Plugin/Authentication/Credential/Password.pm
index b5c14cb..f9d9b62 100644 (file)
--- a/lib/Catalyst/Plugin/Authentication/Credential/Password.pm
+++ b/lib/Catalyst/Plugin/Authentication/Credential/Password.pm
@@ -10,29 +10,58 @@ use Catalyst::Exception ();
 use Digest              ();
 
 sub login {
-    my ( $c, $user, $password ) = @_;
+    my ( $c, $user, $password, @rest ) = @_;
 
     for ( $c->request ) {
-             $user ||= $_->param("login")
-          || $_->param("user")
-          || $_->param("username")
-          || return;
-
-             $password ||= $_->param("password")
-          || $_->param("passwd")
-          || $_->param("pass")
-          || return;
+        unless (
+            defined($user)
+                or
+            $user = $_->param("login")
+                 || $_->param("user")
+                 || $_->param("username")
+        ) {
+            $c->log->debug(
+                "Can't login a user without a user object or user ID param")
+                  if $c->debug;
+            return;
+        }
+
+        unless (
+            defined($password)
+                or
+            $password = $_->param("password")
+                     || $_->param("passwd")
+                     || $_->param("pass")
+        ) {
+            $c->log->debug("Can't login a user without a password")
+              if $c->debug;
+            return;
+        }
     }
 
-    $user = $c->get_user($user) || return
-      unless Scalar::Util::blessed($user)
-      and $user->isa("Catalyst:::Plugin::Authentication::User");
+    unless ( Scalar::Util::blessed($user)
+        and $user->isa("Catalyst::Plugin::Authentication::User") )
+    {
+        if ( my $user_obj = $c->get_user( $user, $password, @rest ) ) {
+            $user = $user_obj;
+        }
+        else {
+            $c->log->debug("User '$user' doesn't exist in the default store")
+              if $c->debug;
+            return;
+        }
+    }
 
     if ( $c->_check_password( $user, $password ) ) {
         $c->set_authenticated($user);
+        $c->log->debug("Successfully authenticated user '$user'.")
+          if $c->debug;
         return 1;
     }
     else {
+        $c->log->debug(
+            "Failed to authenticate user '$user'. Reason: 'Incorrect password'")
+          if $c->debug;
         return;
     }
 }
@@ -54,11 +83,14 @@ sub _check_password {
         $d->add($password);
         $d->add( $user->password_post_salt || '' );
 
-        my $stored   = $user->hashed_password;
-        my $computed = $d->digest;
+        my $stored      = $user->hashed_password;
+        my $computed    = $d->clone()->digest;
+        my $b64computed = $d->clone()->b64digest;
 
         return ( ( $computed eq $stored )
-              || ( unpack( "H*", $computed ) eq $stored ) );
+              || ( unpack( "H*", $computed ) eq $stored )
+              || ( $b64computed eq $stored)
+              || ( $b64computed.'=' eq $stored) );
     }
     elsif ( $user->supports(qw/password salted_hash/) ) {
         require Crypt::SaltedHash;
@@ -101,6 +133,15 @@ with a password.
       Authentication::Credential::Password
       /;
 
+    package MyApp::Controller::Auth;
+
+    # *** NOTE ***
+    # if you place an action named 'login' in your application's root (as
+    # opposed to inside a controller) the following snippet will recurse,
+    # giving you lots of grief.
+    # never name actions in the root controller after plugin methods - use
+    # controllers and : Global instead.
+
     sub login : Local {
         my ( $self, $c ) = @_;