X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthentication.pod;h=d5401f8abd0e25bbc11439dc7123de62c3c8e8cc;hb=be16bacd7d5dcea0165355cb7bbd8a14c1af184e;hp=c33946b2d19763b104bb8809dfacc77477433b65;hpb=a63e6e6726445baeea08771316b3ce44a495a96a;p=catagits%2FCatalyst-Runtime.git diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod index c33946b..d5401f8 100644 --- a/lib/Catalyst/Manual/Tutorial/Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod @@ -333,7 +333,7 @@ Again, notice that your "result source" classes have been "re-loaded" by Catalys =head2 Include Authentication and Session Plugins -Edit C and update it as follows (everything below C is new): +Edit C and update it as follows (everything below C is new): use Catalyst qw/ -Debug @@ -341,7 +341,6 @@ Edit C and update it as follows (everything below C is Static::Simple StackTrace - DefaultEnd Authentication Authentication::Store::DBIC @@ -415,15 +414,21 @@ you could have a C controller with both C and C actions. Remember, Catalyst is designed to be very flexible, and leaves such matters up to you, the designer and programmer. -Then open C and add: +Then open C, locate the C method (this was automatically inserted by the helpers when we +created the Login controller above), and delete this line: - =head2 default + $c->response->body('Matched MyApp::Controller::Login in Login.'); + +Then update it to match: + + =head2 base Login logic =cut - sub default : Private { + sub index : Private { my ($self, $c) = @_; # Get the username and password from form @@ -454,15 +459,33 @@ at the login page but receive an error message. If the C and C values are not present in the form, the user will be taken to the empty login form. +Note that we could have used something like C; +however, the use of C actions is discouraged because it does +not receive path args as with other actions. The recommended practice +is to only use C in C. + +Another options would be to use something like +C (where the C<...> refers to the login +code shown in C above). We are using C here to specifically match the URL C. +C actions (aka, "literal actions") create URI matches relative to +the namespace of the controller where they are defined. Although +C supports arguments that allow relative and absolute paths to be +defined, here we use an empty C definition to match on just the +name of the controller itself. The method name, C, is arbitrary. +We make the match even more specific with the C<:Args(0)> action +modifier -- this forces the match on I C, not +C. + Next, create a corresponding method in C: - =head2 default + =head2 base Logout logic =cut - sub default : Private { + sub index : Private { my ($self, $c) = @_; # Clear the user's state @@ -472,6 +495,10 @@ Next, create a corresponding method in C: $c->response->redirect($c->uri_for('/')); } +As with the login controller, be sure to delete the +C<$c->response->body('Matched MyApp::Controller::Logout in Logout.');> +line of the C. + =head2 Add a Login Form TT Template Page @@ -638,11 +665,11 @@ bottom: Create

-Reload your browser and you should now see a "Login" and "Create" links -at the bottom of the page (as mentioned earlier, you can update -template files without reloading the development server). Click this -link to return to the login page. This time you I see the -"You are already logged in" message. +Reload your browser and you should now see a "Login" and "Create" links +at the bottom of the page (as mentioned earlier, you can update template +files without reloading the development server). Click the first link +to return to the login page. This time you I see the "You are +already logged in" message. Finally, click the C link on the C page. You should stay at the login page, but the message should change to "You @@ -678,6 +705,13 @@ dirty" way to do this: e727d1464ae12436e899a726da5b2f11d8381b26 $ +B You should probably modify this code for production use to +not read the password from the command line. By having the script +prompt for the cleartext password, it avoids having the password linger +in forms such as your C<.bash_history> files (assuming you are using +BASH as your shell). An example of such a script can be found in +Appendix 3. + =head2 Switch to SHA-1 Password Hashes in the Database @@ -741,12 +775,23 @@ You should now be able to go to L and login as before. When done, click the "Logout" link on the login page (or point your browser at L). +B If you receive the debug screen in your browser with a +C error message, +make sure that you are using v0.07 of +L. +The following command can be a useful way to quickly dump the version number +of this module on your system: + + perl -MCatalyst::Plugin::Authorization::ACL -e 'print $Catalyst::Plugin::Authorization::ACL::VERSION, "\n";' + =head1 AUTHOR Kennedy Clark, C -Please report any errors, issues or suggestions to the author. +Please report any errors, issues or suggestions to the author. The +most recent version of the Catlayst Tutorial can be found at +L. Copyright 2006, Kennedy Clark, under Creative Commons License (L).