X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FPlugin%2FAuthentication%2FCredential%2FPassword.pm;h=cfbaf3bd89cefbb2f62b2ef34f124235b48fbbc7;hb=290e5a7efa221cbd3f34a9a72206a6f2d12cc09f;hp=7ade9665eb112b7eceb49fa9f5c68975d92084a8;hpb=a93f11972cf86f1dcb7e7219fa82f154c15807e5;p=catagits%2FCatalyst-Plugin-Authentication.git diff --git a/lib/Catalyst/Plugin/Authentication/Credential/Password.pm b/lib/Catalyst/Plugin/Authentication/Credential/Password.pm index 7ade966..cfbaf3b 100644 --- a/lib/Catalyst/Plugin/Authentication/Credential/Password.pm +++ b/lib/Catalyst/Plugin/Authentication/Credential/Password.pm @@ -1,40 +1,49 @@ -#!/usr/bin/perl - package Catalyst::Plugin::Authentication::Credential::Password; use strict; use warnings; -use Scalar::Util (); -use Catalyst::Exception (); -use Digest (); - -sub login { - my ( $c, $user, $password ) = @_; +use Catalyst::Authentication::Credential::Password (); - for ( $c->request ) { - unless ( $user ||= $_->param("login") - || $_->param("user") - || $_->param("username") ) - { - $c->log->debug( - "Can't login a user without a user object or user ID param"); - return; - } +## BACKWARDS COMPATIBILITY - all subs below here are deprecated +## They are here for compatibility with older modules that use / inherit from C::P::A::Password +## login()'s existance relies rather heavily on the fact that only Credential::Password +## is being used as a credential. This may not be the case. This is only here +## for backward compatibility. It will go away in a future version +## login should not be used in new applications. - unless ( $password ||= $_->param("password") - || $_->param("passwd") - || $_->param("pass") ) - { - $c->log->debug("Can't login a user without a password"); - return; - } +sub login { + my ( $c, $user, $password, @rest ) = @_; + + unless ( + defined($user) + or + $user = $c->request->param("login") + || $c->request->param("user") + || $c->request->param("username") + ) { + $c->log->debug( + "Can't login a user without a user object or user ID param") + if $c->debug; + return; } + unless ( + defined($password) + or + $password = $c->request->param("password") + || $c->request->param("passwd") + || $c->request->param("pass") + ) { + $c->log->debug("Can't login a user without a password") + if $c->debug; + return; + } + unless ( Scalar::Util::blessed($user) - and $user->isa("Catalyst:::Plugin::Authentication::User") ) + and $user->isa("Catalyst::Authentication::User") ) { - if ( my $user_obj = $c->get_user($user) ) { + if ( my $user_obj = $c->get_user( $user, $password, @rest ) ) { $user = $user_obj; } else { @@ -52,16 +61,17 @@ sub login { } else { $c->log->debug( - "Failed to authenticate user '$user'. Reason: 'Incorrect password'" - ) + "Failed to authenticate user '$user'. Reason: 'Incorrect password'") if $c->debug; return; } + } +## also deprecated. Here for compatibility with older credentials which do not inherit from C::P::A::Password sub _check_password { my ( $c, $user, $password ) = @_; - + if ( $user->supports(qw/password clear/) ) { return $user->password eq $password; } @@ -76,11 +86,14 @@ sub _check_password { $d->add($password); $d->add( $user->password_post_salt || '' ); - my $stored = $user->hashed_password; - my $computed = $d->digest; + my $stored = $user->hashed_password; + my $computed = $d->clone()->digest; + my $b64computed = $d->clone()->b64digest; return ( ( $computed eq $stored ) - || ( unpack( "H*", $computed ) eq $stored ) ); + || ( unpack( "H*", $computed ) eq $stored ) + || ( $b64computed eq $stored) + || ( $b64computed.'=' eq $stored) ); } elsif ( $user->supports(qw/password salted_hash/) ) { require Crypt::SaltedHash; @@ -112,167 +125,15 @@ __END__ =head1 NAME -Catalyst::Plugin::Authentication::Credential::Password - Authenticate a user -with a password. - -=head1 SYNOPSIS - - use Catalyst qw/ - Authentication - Authentication::Store::Foo - Authentication::Credential::Password - /; - - sub login : Local { - my ( $self, $c ) = @_; - - $c->login( $c->req->param('username'), $c->req->param('password') ); - } +Catalyst::Plugin::Authentication::Credential::Password - Compatibility shim =head1 DESCRIPTION -This authentication credential checker takes a username (or userid) and a -password, and tries various methods of comparing a password based on what -the chosen store's user objects support: - -=over 4 - -=item clear text password - -If the user has clear a clear text password it will be compared directly. - -=item crypted password - -If UNIX crypt hashed passwords are supported, they will be compared using -perl's builtin C function. - -=item hashed password - -If the user object supports hashed passwords, they will be used in conjunction -with L. - -=back - -=head1 METHODS - -=over 4 - -=item login $username, $password - -Try to log a user in. - -C<$username> can be a string (e.g. retrieved from a form) or an object. -If the object is a L it will be used -as is. Otherwise C<< $c->get_user >> is used to retrieve it. - -C<$password> is a string. - -If C<$username> or C<$password> are not provided, the query parameters -C, C, C and C, C, C will -be tried instead. - -=back - -=head1 RELATED USAGE - -After the user is logged in, the user object for the current logged in user -can be retrieved from the context using the C<< $c->user >> method. - -The current user can be logged out again by calling the C<< $c->logout >> -method. - -=head1 SUPPORTING THIS PLUGIN - -For a User class to support credential verification using this plugin, it -needs to indicate what sort of password a given user supports -by implementing the C method in one or many of the -following ways: - -=head2 Clear Text Passwords - -Predicate: - - $user->supported_features(qw/password clear/); - -Expected methods: - -=over 4 - -=item password - -Returns the user's clear text password as a string to be compared with C. - -=back - -=head2 Crypted Passwords - -Predicate: - - $user->supported_features(qw/password crypted/); - -Expected methods: - -=over 4 - -=item crypted_password - -Return's the user's crypted password as a string, with the salt as the first two chars. - -=back - -=head2 Hashed Passwords - -Predicate: - - $user->supported_features(qw/password hashed/); - -Expected methods: - -=over 4 - -=item hashed_password - -Return's the hash of the user's password as B. - -=item hash_algorithm - -Returns a string suitable for feeding into L. - -=item password_pre_salt - -=item password_post_salt - -Returns a string to be hashed before/after the user's password. Typically only -a pre-salt is used. - -=back - -=head2 Crypt::SaltedHash Passwords - -Predicate: - - $user->supported_features(qw/password salted_hash/); - -Expected methods: - -=over 4 - -=item hashed_password - -Returns the hash of the user's password as returned from L->generate. - -=back - -Optional methods: - -=over 4 - -=item password_salt_len - -Returns the length of salt used to generate the salted hash. +THIS IS A COMPATIBILITY SHIM. It allows old configurations of Catalyst +Authentication to work without code changes. -=back +B -=cut +Please see L for more information.