X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthentication.pod;h=d5401f8abd0e25bbc11439dc7123de62c3c8e8cc;hb=be16bacd7d5dcea0165355cb7bbd8a14c1af184e;hp=c33946b2d19763b104bb8809dfacc77477433b65;hpb=a63e6e6726445baeea08771316b3ce44a495a96a;p=catagits%2FCatalyst-Runtime.git
diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod
index c33946b..d5401f8 100644
--- a/lib/Catalyst/Manual/Tutorial/Authentication.pod
+++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod
@@ -333,7 +333,7 @@ Again, notice that your "result source" classes have been "re-loaded" by Catalys
=head2 Include Authentication and Session Plugins
-Edit C and update it as follows (everything below C is new):
+Edit C and update it as follows (everything below C is new):
use Catalyst qw/
-Debug
@@ -341,7 +341,6 @@ Edit C and update it as follows (everything below C is
Static::Simple
StackTrace
- DefaultEnd
Authentication
Authentication::Store::DBIC
@@ -415,15 +414,21 @@ you could have a C controller with both C and C
actions. Remember, Catalyst is designed to be very flexible, and leaves
such matters up to you, the designer and programmer.
-Then open C and add:
+Then open C, locate the C method (this was automatically inserted by the helpers when we
+created the Login controller above), and delete this line:
- =head2 default
+ $c->response->body('Matched MyApp::Controller::Login in Login.');
+
+Then update it to match:
+
+ =head2 base
Login logic
=cut
- sub default : Private {
+ sub index : Private {
my ($self, $c) = @_;
# Get the username and password from form
@@ -454,15 +459,33 @@ at the login page but receive an error message. If the C and
C values are not present in the form, the user will be taken
to the empty login form.
+Note that we could have used something like C;
+however, the use of C actions is discouraged because it does
+not receive path args as with other actions. The recommended practice
+is to only use C in C.
+
+Another options would be to use something like
+C (where the C<...> refers to the login
+code shown in C above). We are using C here to specifically match the URL C.
+C actions (aka, "literal actions") create URI matches relative to
+the namespace of the controller where they are defined. Although
+C supports arguments that allow relative and absolute paths to be
+defined, here we use an empty C definition to match on just the
+name of the controller itself. The method name, C, is arbitrary.
+We make the match even more specific with the C<:Args(0)> action
+modifier -- this forces the match on I C, not
+C.
+
Next, create a corresponding method in C:
- =head2 default
+ =head2 base
Logout logic
=cut
- sub default : Private {
+ sub index : Private {
my ($self, $c) = @_;
# Clear the user's state
@@ -472,6 +495,10 @@ Next, create a corresponding method in C:
$c->response->redirect($c->uri_for('/'));
}
+As with the login controller, be sure to delete the
+C<$c->response->body('Matched MyApp::Controller::Logout in Logout.');>
+line of the C.
+
=head2 Add a Login Form TT Template Page
@@ -638,11 +665,11 @@ bottom:
Create
-Reload your browser and you should now see a "Login" and "Create" links
-at the bottom of the page (as mentioned earlier, you can update
-template files without reloading the development server). Click this
-link to return to the login page. This time you I see the
-"You are already logged in" message.
+Reload your browser and you should now see a "Login" and "Create" links
+at the bottom of the page (as mentioned earlier, you can update template
+files without reloading the development server). Click the first link
+to return to the login page. This time you I see the "You are
+already logged in" message.
Finally, click the C link on the C page.
You should stay at the login page, but the message should change to "You
@@ -678,6 +705,13 @@ dirty" way to do this:
e727d1464ae12436e899a726da5b2f11d8381b26
$
+B You should probably modify this code for production use to
+not read the password from the command line. By having the script
+prompt for the cleartext password, it avoids having the password linger
+in forms such as your C<.bash_history> files (assuming you are using
+BASH as your shell). An example of such a script can be found in
+Appendix 3.
+
=head2 Switch to SHA-1 Password Hashes in the Database
@@ -741,12 +775,23 @@ You should now be able to go to L and
login as before. When done, click the "Logout" link on the login page
(or point your browser at L).
+B If you receive the debug screen in your browser with a
+C error message,
+make sure that you are using v0.07 of
+L.
+The following command can be a useful way to quickly dump the version number
+of this module on your system:
+
+ perl -MCatalyst::Plugin::Authorization::ACL -e 'print $Catalyst::Plugin::Authorization::ACL::VERSION, "\n";'
+
=head1 AUTHOR
Kennedy Clark, C
-Please report any errors, issues or suggestions to the author.
+Please report any errors, issues or suggestions to the author. The
+most recent version of the Catlayst Tutorial can be found at
+L.
Copyright 2006, Kennedy Clark, under Creative Commons License
(L).