X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FCredential%2FHTTP.pm;h=775ec08e41108ab338c483ceeb907232795a253d;hb=b56120cde918d5d8d94aabdb48f24bfdf4682b9a;hp=43e464e941180e86d3e91b020eb77a77d7a6ba76;hpb=f1f73b5393230beeb7ee969a4b56974c8edc6281;p=catagits%2FCatalyst-Authentication-Credential-HTTP.git

diff --git a/lib/Catalyst/Authentication/Credential/HTTP.pm b/lib/Catalyst/Authentication/Credential/HTTP.pm
index 43e464e..775ec08 100644
--- a/lib/Catalyst/Authentication/Credential/HTTP.pm
+++ b/lib/Catalyst/Authentication/Credential/HTTP.pm
@@ -13,7 +13,7 @@ BEGIN {
     __PACKAGE__->mk_accessors(qw/_config realm/);
 }
 
-our $VERSION = "1.003";
+our $VERSION = "1.005";
 
 sub new {
     my ($class, $config, $app, $realm) = @_;
@@ -23,12 +23,17 @@ sub new {
     
     $self->realm($realm);
     
+    $self->init;
+    return $self;
+}    
+
+sub init {
+    my ($self) = @_;
     my $type = $self->_config->{'type'} ||= 'any';
     
     if (!grep /$type/, ('basic', 'digest', 'any')) {
         Catalyst::Exception->throw(__PACKAGE__ . " used with unsupported authentication type: " . $type);
     }
-    return $self;
 }
 
 sub authenticate {
@@ -143,7 +148,6 @@ sub authenticate_digest {
         # we can store md5_hex("$username:$realm:$password") instead
         my $password_field = $self->_config->{password_field};
         for my $r ( 0 .. 1 ) {
-            # FIXME - Do not assume accessor is called password.
             # calculate H(A1) as per spec
             my $A1_digest = $r ? $user->$password_field() : do {
                 $ctx = Digest::MD5->new;
@@ -274,7 +278,6 @@ sub _build_auth_header_domain {
 
 sub _build_auth_header_common {
     my ( $self, $c, $opts ) = @_;
-warn("HERE Opts $opts");
     return (
         $self->_build_auth_header_realm($c, $opts),
         $self->_build_auth_header_domain($c, $opts),
@@ -457,6 +460,10 @@ C<get_digest_authorization_nonce> methods as shown below.
 
 Simple constructor.
 
+=item init
+
+Validates that $config is ok.
+
 =item authenticate $c, $realm, \%auth_info
 
 Tries to authenticate the user, and if that fails calls
@@ -480,6 +487,20 @@ Catalyst::Authentication::Realm object used for the authentication.
 
 Array reference to domains used to build the authorization headers.
 
+This list of domains defines the protection space. If a domain URI is an 
+absolute path (starts with /), it is relative to the root URL of the server being accessed. 
+An absolute URI in this list may refer to a different server than the one being accessed. 
+
+The client will use this list to determine the set of URIs for which the same authentication 
+information may be sent. 
+
+If this is omitted or its value is empty, the client will assume that the
+protection space consists of all URIs on the responding server.
+
+Therefore, if your application is not hosted at the root of this domain, and you want to
+prevent the authentication credentials for this application being sent to any other applications.
+then you should use the I<use_uri_for> configuration option, and pass a domain of I</>.
+
 =back
 
 =item authenticate_basic $c, $realm, \%auth_info
@@ -489,7 +510,14 @@ Performs HTTP basic authentication.
 =item authenticate_digest $c, $realm, \%auth_info
 
 Performs HTTP digest authentication. Note that the password_type B<must> by I<clear> for
-digest authentication to succeed.
+digest authentication to succeed, and you must have L<Catalyst::Plugin::Session> in
+your application as digest authentication needs to store persistent data.
+
+Note - if you do not want to store your user passwords as clear text, then it is possible
+to store instead the MD5 digest in hex of the string '$username:$realm:$password' 
+
+Takes an additional parameter of I<algorithm>, the possible values of which are 'MD5' (the default)
+and 'MD5-sess'. For more information about 'MD5-sess', see section 3.2.2.2 in RFC 2617.
 
 =item authorization_required_response $c, $realm, \%auth_info
 
@@ -534,7 +562,7 @@ Set this to a string to override the default body content "Authorization require
 =item password_type
 
 The type of password returned by the user object. Same usage as in 
-L<Catalyst::Authentication::Credential::Password|Catalyst::Authentication::Credential::Password/passwprd_type>
+L<Catalyst::Authentication::Credential::Password|Catalyst::Authentication::Credential::Password/password_type>
 
 =item password_field
 
@@ -544,7 +572,9 @@ L<Catalyst::Authentication::Credential::Password|Catalyst::Authentication::Crede
 =item use_uri_for
 
 If this configuration key has a true value, then the domain(s) for the authorization header will be
-run through $c->uri_for()
+run through $c->uri_for(). Use this configuration option if your application is not running at the root
+of your domain, and you want to ensure that authentication credentials from your application are not shared with
+other applications on the same server.
 
 =back