X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthentication.pod;h=b330fd70aec9185601f22a8e1f7b381d1fbe71f2;hb=f2c10d65222a90ee666a98daeff0120508061b52;hp=f58e2d6b986e80bdde8d12582a995e6cd0d336f9;hpb=d645910ddfb37f5c18acaf6ce88fd392a91101db;p=catagits%2FCatalyst-Runtime.git diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod index f58e2d6..b330fd7 100644 --- a/lib/Catalyst/Manual/Tutorial/Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod @@ -21,7 +21,7 @@ L =item 3 -L +L =item 4 @@ -45,7 +45,7 @@ L =item 9 -L +L =back @@ -59,13 +59,9 @@ Part 5). This part of the tutorial is divided into two main sections: 1) basic, cleartext authentication and 2) hash-based authentication. -B: Note that all of the code for this part of the tutorial can be -pulled from the Catalyst Subversion repository in one step with the -following command: - - svn checkout http://dev.catalyst.perl.org/repos/Catalyst/trunk/examples/Tutorial@4612 . - IMPORTANT: Does not work yet. Will be completed for final version. - +You can checkout the source code for this example from the catalyst +subversion repository as per the instructions in +L =head1 BASIC AUTHENTICATION @@ -422,7 +418,7 @@ created the Login controller above), and delete this line: Then update it to match: - =head2 base + =head2 index Login logic @@ -464,7 +460,7 @@ however, the use of C actions is discouraged because it does not receive path args as with other actions. The recommended practice is to only use C in C. -Another options would be to use something like +Another option would be to use something like C (where the C<...> refers to the login code shown in C above). We are using C here to specifically match the URL C. @@ -477,9 +473,10 @@ We make the match even more specific with the C<:Args(0)> action modifier -- this forces the match on I C, not C. -Next, create a corresponding method in C: +Next, update the corresponding method in C +to match: - =head2 base + =head2 index Logout logic @@ -544,11 +541,17 @@ the following method: # Note that 'auto' runs after 'begin' but before your actions and that # 'auto' "chain" (all from application path to most specific class are run) + # See the 'Actions' section of 'Catalyst::Manual::Intro' for more info. sub auto : Private { my ($self, $c) = @_; - # Allow unauthenticated users to reach the login page - if ($c->request->path =~ /login/) { + # Allow unauthenticated users to reach the login page. This + # allows anauthenticated users to reach any action in the Login + # controller. To lock it down to a single action, we could use: + # if ($c->action eq $c->controller('Login')->action_for('index')) + # to only allow unauthenticated access to the C action we + # added above. + if ($c->controller eq $c->controller('Login')) { return 1; } @@ -586,9 +589,18 @@ C, C, and C. =item * +With C, C, C, C private actions, only the +most specific action of each type will be called. For example, if you +define a C action in your controller it will I a +C action in your application/root controller -- I the +action in your controller will be called. + +=item * + Unlike the other actions where only a single method is called for each request, I auto action along the chain of namespaces will be -called. +called. Each C action will be called I. =back @@ -609,7 +621,7 @@ lines to the bottom of the file: # This code illustrates how certain parts of the TT # template will only be shown to users who have logged in %] - [% IF Catalyst.user %] + [% IF Catalyst.user_exists %] Please Note: You are already logged in as '[% Catalyst.user.username %]'. You can logout here. [% ELSE %] @@ -689,8 +701,7 @@ still transmits the passwords in cleartext to your application. We are just avoiding the I of cleartext passwords in the database by using a SHA-1 hash. If you are concerned about cleartext passwords between the browser and your application, consider using SSL/TLS, made -easy with the Catalyst plugin -L. +easy with the Catalyst plugin Catalyst::Plugin:RequireSSL. =head2 Get a SHA-1 Hash for the Password @@ -751,7 +762,8 @@ C are new, everything else is the same): # This is the model object created by Catalyst::Model::DBIC from your # schema (you created 'MyAppDB::User' but as the Catalyst startup # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User'). - # NOTE: Omit 'MyApp::Model' to avoid a component lookup issue in Catalyst 5.66 + # NOTE: Omit 'MyApp::Model' here just as you would when using + # '$c->model("MyAppDB::User)' user_class: MyAppDB::User # This is the name of the field in your 'users' table that contains the user's name user_field: username @@ -785,12 +797,77 @@ of this module on your system: perl -MCatalyst::Plugin::Authorization::ACL -e 'print $Catalyst::Plugin::Authorization::ACL::VERSION, "\n";' +=head1 USING THE SESSION FOR FLASH + +As discussed in Part 3 of the tutorial, C allows you to set +variables in a way that is very similar to C, but it will +remain set across multiple requests. Once the value is read, it +is cleared (unless reset). Although C has nothing to do with +authentication, it does leverage the same session plugins. Now that +those plugins are enabled, let's go back and improve the "delete +and redirect with query parameters" code seen at the end of the +C part of the tutorial. + +First, open C and modify C +to match the following: + + =head2 delete + + Delete a book + + =cut + + sub delete : Local { + # $id = primary key of book to delete + my ($self, $c, $id) = @_; + + # Search for the book and then delete it + $c->model('MyAppDB::Book')->search({id => $id})->delete_all; + + # Use 'flash' to save information across requests util it's read + $c->flash->{status_msg} = "Book deleted"; + + # Redirect the user back to the list page with status msg as an arg + $c->response->redirect($c->uri_for('/books/list')); + } + +Next, open C update the TT code to pull from flash +vs. the C query parameter: + + + +
+ [% status_msg || Catalyst.flash.status_msg %] + [% error_msg %] + [% content %] +
+ + + + +=head2 Try Out Flash + +Restart the development server and point your browser to +L to create an extra +book. Click the "Return to list" link and delete this "Test" book. +The C mechanism should retain our "Book deleted" status message +across the redirect. + +B While C will save information across multiple requests, +it does get cleared the first time it is read. In general, this is +exactly what you want -- the C message will get displayed on +the next screen where it's appropriate, but it won't "keep showing up" +after that first time (unless you reset it). Please refer to +L for additional +information. + + =head1 AUTHOR Kennedy Clark, C Please report any errors, issues or suggestions to the author. The -most recent version of the Catlayst Tutorial can be found at +most recent version of the Catalyst Tutorial can be found at L. Copyright 2006, Kennedy Clark, under Creative Commons License