X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FCredential%2FHTTP.pm;h=1e2648d3f00febfd256444375efa7f61f3b4c4e1;hb=1cd102dc545e92cac6b163c26492e03662932081;hp=135283598d27a175c98648d4f4550a424f723249;hpb=9c02f7aa12c546a85435a362efc92eb4658423fe;p=catagits%2FCatalyst-Authentication-Credential-HTTP.git diff --git a/lib/Catalyst/Authentication/Credential/HTTP.pm b/lib/Catalyst/Authentication/Credential/HTTP.pm index 1352835..1e2648d 100644 --- a/lib/Catalyst/Authentication/Credential/HTTP.pm +++ b/lib/Catalyst/Authentication/Credential/HTTP.pm @@ -20,7 +20,7 @@ __PACKAGE__->mk_accessors(qw/ use_uri_for /); -our $VERSION = '1.011'; +our $VERSION = '1.012'; sub new { my ($class, $config, $app, $realm) = @_; @@ -183,8 +183,8 @@ sub authenticate_digest { $A2_digest ); my $rq_digest = Digest::MD5::md5_hex($digest_in); $nonce->nonce_count($nonce_count); - $c->cache->set( __PACKAGE__ . '::opaque:' . $nonce->opaque, - $nonce ); + my $key = __PACKAGE__ . '::opaque:' . $nonce->opaque; + $self->store_digest_authorization_nonce( $c, $key, $nonce ); if ($rq_digest eq $res{response}) { return $user_obj; } @@ -528,12 +528,17 @@ Performs HTTP basic authentication. =item authenticate_digest $c, $realm, \%auth_info -Performs HTTP digest authentication. Note that the password_type B by I for -digest authentication to succeed, and you must have L in -your application as digest authentication needs to store persistent data. +Performs HTTP digest authentication. -Note - if you do not want to store your user passwords as clear text, then it is possible -to store instead the MD5 digest in hex of the string '$username:$realm:$password' +The password_type B be I for digest authentication to +succeed. If you do not want to store your user passwords as clear +text, you may instead store the MD5 digest in hex of the string +'$username:$realm:$password'. + +L is used for persistent storage of the nonce +values (see L). It must be loaded in your application, unless +you override the C and +C methods as shown below. Takes an additional parameter of I, the possible values of which are 'MD5' (the default) and 'MD5-sess'. For more information about 'MD5-sess', see section 3.2.2.2 in RFC 2617.