X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthentication.pod;h=46b061c7a605081a3af6a466b80d309d8d87025b;hb=45569686c8d290df9fb4bd6a89ec1fcf6b5bbcb2;hp=e65dab93c6abf027d84e7e04bd000805b0c273cf;hpb=13852f978caf002dab00728e7f6d03c30c3c9560;p=catagits%2FCatalyst-Runtime.git diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod index e65dab9..46b061c 100644 --- a/lib/Catalyst/Manual/Tutorial/Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod @@ -21,7 +21,7 @@ L =item 3 -L +L =item 4 @@ -45,7 +45,7 @@ L =item 9 -L +L =back @@ -59,12 +59,9 @@ Part 5). This part of the tutorial is divided into two main sections: 1) basic, cleartext authentication and 2) hash-based authentication. -B: Note that all of the code for this part of the tutorial can be -pulled from the Catalyst Subversion repository in one step with the -following command: - - svn checkout http://dev.catalyst.perl.org/repos/Catalyst/trunk/examples/Tutorial@4612 . - +You can checkout the source code for this example from the catalyst +subversion repository as per the instructions in +L =head1 BASIC AUTHENTICATION @@ -421,7 +418,7 @@ created the Login controller above), and delete this line: Then update it to match: - =head2 base + =head2 index Login logic @@ -463,7 +460,7 @@ however, the use of C actions is discouraged because it does not receive path args as with other actions. The recommended practice is to only use C in C. -Another options would be to use something like +Another option would be to use something like C (where the C<...> refers to the login code shown in C above). We are using C here to specifically match the URL C. @@ -476,9 +473,10 @@ We make the match even more specific with the C<:Args(0)> action modifier -- this forces the match on I C, not C. -Next, create a corresponding method in C: +Next, update the corresponding method in C +to match: - =head2 base + =head2 index Logout logic @@ -543,11 +541,17 @@ the following method: # Note that 'auto' runs after 'begin' but before your actions and that # 'auto' "chain" (all from application path to most specific class are run) + # See the 'Actions' section of 'Catalyst::Manual::Intro' for more info. sub auto : Private { my ($self, $c) = @_; - # Allow unauthenticated users to reach the login page - if ($c->request->path =~ /login/) { + # Allow unauthenticated users to reach the login page. This + # allows anauthenticated users to reach any action in the Login + # controller. To lock it down to a single action, we could use: + # if ($c->action eq $c->controller('Login')->action_for('index')) + # to only allow unauthenticated access to the C action we + # added above. + if ($c->controller eq $c->controller('Login')) { return 1; } @@ -585,9 +589,18 @@ C, C, and C. =item * +With C, C, C, C private actions, only the +most specific action of each type will be called. For example, if you +define a C action in your controller it will I a +C action in your application/root controller -- I the +action in your controller will be called. + +=item * + Unlike the other actions where only a single method is called for each request, I auto action along the chain of namespaces will be -called. +called. Each C action will be called I. =back @@ -608,7 +621,7 @@ lines to the bottom of the file: # This code illustrates how certain parts of the TT # template will only be shown to users who have logged in %] - [% IF Catalyst.user %] + [% IF Catalyst.user_exists %] Please Note: You are already logged in as '[% Catalyst.user.username %]'. You can logout here. [% ELSE %] @@ -688,8 +701,7 @@ still transmits the passwords in cleartext to your application. We are just avoiding the I of cleartext passwords in the database by using a SHA-1 hash. If you are concerned about cleartext passwords between the browser and your application, consider using SSL/TLS, made -easy with the Catalyst plugin -L. +easy with the Catalyst plugin Catalyst::Plugin:RequireSSL. =head2 Get a SHA-1 Hash for the Password @@ -750,7 +762,8 @@ C are new, everything else is the same): # This is the model object created by Catalyst::Model::DBIC from your # schema (you created 'MyAppDB::User' but as the Catalyst startup # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User'). - # NOTE: Omit 'MyApp::Model' to avoid a component lookup issue in Catalyst 5.66 + # NOTE: Omit 'MyApp::Model' here just as you would when using + # '$c->model("MyAppDB::User)' user_class: MyAppDB::User # This is the name of the field in your 'users' table that contains the user's name user_field: username @@ -784,12 +797,78 @@ of this module on your system: perl -MCatalyst::Plugin::Authorization::ACL -e 'print $Catalyst::Plugin::Authorization::ACL::VERSION, "\n";' +=head1 USING THE SESSION FOR FLASH + +As discussed in Part 3 of the tutorial, C allows you to set +variables in a way that is very similar to C, but it will +remain set across multiple requests. Once the value is read, it +is cleared (unless reset). Although C has nothing to do with +authentication, it does leverage the same session plugins. Now that +those plugins are enabled, let's go back and improve the "delete +and redirect with query parameters" code seen at the end of the +L part of the +tutorial. + +First, open C and modify C +to match the following: + + =head2 delete + + Delete a book + + =cut + + sub delete : Local { + # $id = primary key of book to delete + my ($self, $c, $id) = @_; + + # Search for the book and then delete it + $c->model('MyAppDB::Book')->search({id => $id})->delete_all; + + # Use 'flash' to save information across requests until it's read + $c->flash->{status_msg} = "Book deleted"; + + # Redirect the user back to the list page with status msg as an arg + $c->response->redirect($c->uri_for('/books/list')); + } + +Next, open C and update the TT code to pull from +flash vs. the C query parameter: + + + +
+ [% status_msg || Catalyst.flash.status_msg %] + [% error_msg %] + [% content %] +
+ + + + +=head2 Try Out Flash + +Restart the development server and point your browser to +L to create an extra +book. Click the "Return to list" link and delete the "Test" book you +just added. The C mechanism should retain our "Book deleted" +status message across the redirect. + +B While C will save information across multiple requests, +I. In general, this is +exactly what you want -- the C message will get displayed on +the next screen where it's appropriate, but it won't "keep showing up" +after that first time (unless you reset it). Please refer to +L for additional +information. + + =head1 AUTHOR Kennedy Clark, C Please report any errors, issues or suggestions to the author. The -most recent version of the Catlayst Tutorial can be found at +most recent version of the Catalyst Tutorial can be found at L. Copyright 2006, Kennedy Clark, under Creative Commons License