X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthentication.pod;h=b330fd70aec9185601f22a8e1f7b381d1fbe71f2;hb=f2c10d65222a90ee666a98daeff0120508061b52;hp=26707fee82c2911fc3ec8c9ae6b978d47a5a54bb;hpb=d0afb3a93f0c51d32e9074957fff4e8b5aae0369;p=catagits%2FCatalyst-Runtime.git diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod index 26707fe..b330fd7 100644 --- a/lib/Catalyst/Manual/Tutorial/Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod @@ -21,7 +21,7 @@ L =item 3 -L +L =item 4 @@ -59,12 +59,9 @@ Part 5). This part of the tutorial is divided into two main sections: 1) basic, cleartext authentication and 2) hash-based authentication. -B: Note that all of the code for this part of the tutorial can be -pulled from the Catalyst Subversion repository in one step with the -following command: - - svn co http://dev.catalyst.perl.org/repos/Catalyst/tags/examples/Tutorial/MyApp/5.7/Authentication MyApp - +You can checkout the source code for this example from the catalyst +subversion repository as per the instructions in +L =head1 BASIC AUTHENTICATION @@ -624,7 +621,7 @@ lines to the bottom of the file: # This code illustrates how certain parts of the TT # template will only be shown to users who have logged in %] - [% IF Catalyst.user %] + [% IF Catalyst.user_exists %] Please Note: You are already logged in as '[% Catalyst.user.username %]'. You can logout here. [% ELSE %] @@ -704,8 +701,7 @@ still transmits the passwords in cleartext to your application. We are just avoiding the I of cleartext passwords in the database by using a SHA-1 hash. If you are concerned about cleartext passwords between the browser and your application, consider using SSL/TLS, made -easy with the Catalyst plugin -L. +easy with the Catalyst plugin Catalyst::Plugin:RequireSSL. =head2 Get a SHA-1 Hash for the Password @@ -801,6 +797,71 @@ of this module on your system: perl -MCatalyst::Plugin::Authorization::ACL -e 'print $Catalyst::Plugin::Authorization::ACL::VERSION, "\n";' +=head1 USING THE SESSION FOR FLASH + +As discussed in Part 3 of the tutorial, C allows you to set +variables in a way that is very similar to C, but it will +remain set across multiple requests. Once the value is read, it +is cleared (unless reset). Although C has nothing to do with +authentication, it does leverage the same session plugins. Now that +those plugins are enabled, let's go back and improve the "delete +and redirect with query parameters" code seen at the end of the +C part of the tutorial. + +First, open C and modify C +to match the following: + + =head2 delete + + Delete a book + + =cut + + sub delete : Local { + # $id = primary key of book to delete + my ($self, $c, $id) = @_; + + # Search for the book and then delete it + $c->model('MyAppDB::Book')->search({id => $id})->delete_all; + + # Use 'flash' to save information across requests util it's read + $c->flash->{status_msg} = "Book deleted"; + + # Redirect the user back to the list page with status msg as an arg + $c->response->redirect($c->uri_for('/books/list')); + } + +Next, open C update the TT code to pull from flash +vs. the C query parameter: + + + +
+ [% status_msg || Catalyst.flash.status_msg %] + [% error_msg %] + [% content %] +
+ + + + +=head2 Try Out Flash + +Restart the development server and point your browser to +L to create an extra +book. Click the "Return to list" link and delete this "Test" book. +The C mechanism should retain our "Book deleted" status message +across the redirect. + +B While C will save information across multiple requests, +it does get cleared the first time it is read. In general, this is +exactly what you want -- the C message will get displayed on +the next screen where it's appropriate, but it won't "keep showing up" +after that first time (unless you reset it). Please refer to +L for additional +information. + + =head1 AUTHOR Kennedy Clark, C