X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2F05_Authentication.pod;h=ec3a748f58617084f29dd7a4052767fbb3ecfb0a;hb=08ae25e9778ecddbda5d44e2b5db9c17a6ec7741;hp=40fd38fe6188d428e145bb15660680e98841d59d;hpb=2a6eb5f9e3b1b3a8dacd724bb8ab87ba18f733a5;p=catagits%2FCatalyst-Manual.git

diff --git a/lib/Catalyst/Manual/Tutorial/05_Authentication.pod b/lib/Catalyst/Manual/Tutorial/05_Authentication.pod
index 40fd38f..ec3a748 100644
--- a/lib/Catalyst/Manual/Tutorial/05_Authentication.pod
+++ b/lib/Catalyst/Manual/Tutorial/05_Authentication.pod
@@ -119,6 +119,7 @@ Then load this into the C<myapp.db> database with the following command:
 
     $ sqlite3 myapp.db < myapp02.sql
 
+
 =head2 Add User and Role Information to DBIC Schema
 
 Although we could manually edit the DBIC schema information to include
@@ -268,8 +269,9 @@ C<StackTrace> is new):
                     /;
 
 B<Note:> As discussed in MoreCatalystBasics, different versions of
-C<Catalyst::Devel> have used a variety of methods to load the plugins.
-You can put the plugins in the C<use Catalyst> statement if you prefer.
+C<Catalyst::Devel> have used a variety of methods to load the plugins,
+but we are going to use the current Catalyst 5.8X practice of putting
+them on the C<use Catalyst> line.
 
 The C<Authentication> plugin supports Authentication while the
 C<Session> plugins are required to maintain state across multiple HTTP
@@ -334,9 +336,8 @@ for the tutorial, but if you wish to use C<myapp.conf>, just convert
 to the following code:
 
     <Plugin::Authentication>
-        use_session 1
         <default>
-            password_type self_check
+            password_type clear
             user_model    DB::User
             class         SimpleDB
         </default>
@@ -387,8 +388,8 @@ and update the definition of C<sub index> to match:
         my ($self, $c) = @_;
     
         # Get the username and password from form
-        my $username = $c->request->params->{username} || "";
-        my $password = $c->request->params->{password} || "";
+        my $username = $c->request->params->{username};
+        my $password = $c->request->params->{password};
     
         # If the username and password values were found in form
         if ($username && $password) {
@@ -403,6 +404,9 @@ and update the definition of C<sub index> to match:
                 # Set an error message
                 $c->stash->{error_msg} = "Bad username or password.";
             }
+        } else {
+            # Set an error message
+            $c->stash->{error_msg} = "Empty username or password.";
         }
     
         # If either of above don't work out, send to the login page
@@ -489,9 +493,8 @@ Create a login form by opening C<root/src/login.tt2> and inserting:
 We need something that provides enforcement for the authentication
 mechanism -- a I<global> mechanism that prevents users who have not
 passed authentication from reaching any pages except the login page.
-This is generally done via an C<auto> action/method (prior to Catalyst
-v5.66, this sort of thing would go in C<MyApp.pm>, but starting in
-v5.66, the preferred location is C<lib/MyApp/Controller/Root.pm>).
+This is generally done via an C<auto> action/method in 
+C<lib/MyApp/Controller/Root.pm>.
 
 Edit the existing C<lib/MyApp/Controller/Root.pm> class file and insert
 the following method:
@@ -650,16 +653,6 @@ between the browser and your application, consider using SSL/TLS, made
 easy with the Catalyst plugin Catalyst::Plugin:RequireSSL.
 
 
-=head2 Install DBIx::Class::EncodedColumn
-
-L<DBIx::Class::EncodedColumn|DBIx::Class::EncodedColumn> provides features
-that can greatly simplify the maintenance of passwords.  It's currently 
-not available as a .deb package in the normal Debian repositories, so let's
-install it directly from CPAN:
-
-    $ sudo cpan DBIx::Class::EncodedColumn
-
-
 =head2 Re-Run the DBIC::Schema Model Helper to Include DBIx::Class::EncodedColumn
 
 Next, we can re-run the model helper to have it include 
@@ -748,16 +741,20 @@ Then run the following command:
 
     $ DBIC_TRACE=1 perl -Ilib set_hashed_passwords.pl
 
-We had to use the C<-Ilib> arguement to tell perl to look under the 
+We had to use the C<-Ilib> argument to tell perl to look under the 
 C<lib> directory for our C<MyApp::Schema> model.
 
 The DBIC_TRACE output should show that the update worked:
 
     $ DBIC_TRACE=1 perl -Ilib set_hashed_passwords.pl
-    SELECT me.id, me.username, me.password, me.email_address, me.first_name, me.last_name, me.active FROM user me: 
-    UPDATE user SET password = ? WHERE ( id = ? ): 'oXiyAcGOjowz7ISUhpIm1IrS8AxSZ9r4jNjpX9VnVeQmN6GRtRKTz', '1'
-    UPDATE user SET password = ? WHERE ( id = ? ): 'PmyEPrkB8EGwvaF/DvJm7LIfxoZARjv8ygFIR7pc1gEA1OfwHGNzs', '2'
-    UPDATE user SET password = ? WHERE ( id = ? ): 'h7CS1Fm9UCs4hjcbu2im0HumaHCJUq4Uriac+SQgdUMUfFSoOrz3c', '3'
+    SELECT me.id, me.username, me.password, me.email_address, 
+    me.first_name, me.last_name, me.active FROM user me: 
+    UPDATE user SET password = ? WHERE ( id = ? ): 
+    'oXiyAcGOjowz7ISUhpIm1IrS8AxSZ9r4jNjpX9VnVeQmN6GRtRKTz', '1'
+    UPDATE user SET password = ? WHERE ( id = ? ): 
+    'PmyEPrkB8EGwvaF/DvJm7LIfxoZARjv8ygFIR7pc1gEA1OfwHGNzs', '2'
+    UPDATE user SET password = ? WHERE ( id = ? ): 
+    'h7CS1Fm9UCs4hjcbu2im0HumaHCJUq4Uriac+SQgdUMUfFSoOrz3c', '3'
 
 But we can further confirm our actions by dumping the users table:
 
@@ -767,15 +764,17 @@ But we can further confirm our actions by dumping the users table:
     3|test03|af929a151340c6aed4d54d7e2651795d1ad2e2f7UW8dHoGv9z|t03@na.com|No|Go|0
 
 As you can see, the passwords are much harder to steal from the 
-database.  Also note that this demonstrates how to use a DBIx::Class 
+database (not only are the hashes stored, but every hash is different 
+even though the passwords are the same because of the added "salt" 
+value).  Also note that this demonstrates how to use a DBIx::Class 
 model outside of your web application -- a very useful feature in many 
 situations.
 
 
 =head2 Enable Hashed and Salted Passwords
 
-Edit C<lib/MyApp.pm> and update it to match the following text (the only change
-is to the C<password_type> field):
+Edit C<lib/MyApp.pm> and update it to match the following text (the 
+only change is to the C<password_type> field):
 
     # Configure SimpleDB Authentication
     __PACKAGE__->config->{'Plugin::Authentication'} = {
@@ -853,9 +852,9 @@ flash vs. the C<status_msg> query parameter:
     ...
 
 Although the sample above only shows the C<content> div, leave the
-rest of the file intact -- the only change we made to the C<wrapper.tt2>
-was to add "C<|| c.request.params.status_msg>" to the
-C<E<lt>span class="message"E<gt>> line.
+rest of the file intact -- the only change we made to replace 
+"|| c.request.params.status_msg" with "c.flash.status_msg" in the 
+C<< <span class="message"> >> line.
 
 
 =head2 Try Out Flash
@@ -888,7 +887,7 @@ C<__PACKAGE__-E<gt>config> setting to something like:
 
     __PACKAGE__->config(
             name    => 'MyApp',
-            session => {flash_to_stash => 1}
+            session => {flash_to_stash => 1},
         );
 
 B<or> add the following to C<myapp.conf>:
@@ -919,7 +918,7 @@ Kennedy Clark, C<hkclark@gmail.com>
 
 Please report any errors, issues or suggestions to the author.  The
 most recent version of the Catalyst Tutorial can be found at
-L<http://dev.catalyst.perl.org/repos/Catalyst/Catalyst-Manual/5.70/trunk/lib/Catalyst/Manual/Tutorial/>.
+L<http://dev.catalyst.perl.org/repos/Catalyst/Catalyst-Manual/5.80/trunk/lib/Catalyst/Manual/Tutorial/>.
 
 Copyright 2006-2008, Kennedy Clark, under Creative Commons License
 (L<http://creativecommons.org/licenses/by-sa/3.0/us/>).