X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FPlugin%2FAuthentication.pm;h=ca0c4251e38a400ef8900c37e89791f972607490;hb=cb5d628d9f1a02fda5e195f39fff589139456186;hp=8119e49030e0c616e6cf79277575fb8c0ff11b1e;hpb=ff87fb62a7206d93881ee1a2a269483573b12d99;p=catagits%2FCatalyst-Plugin-Authentication.git

diff --git a/lib/Catalyst/Plugin/Authentication.pm b/lib/Catalyst/Plugin/Authentication.pm
index 8119e49..ca0c425 100644
--- a/lib/Catalyst/Plugin/Authentication.pm
+++ b/lib/Catalyst/Plugin/Authentication.pm
@@ -12,7 +12,7 @@ use Tie::RefHash;
 use Class::Inspector;
 use Catalyst::Authentication::Realm;
 
-our $VERSION = "0.10011";
+our $VERSION = "0.10013";
 
 sub set_authenticated {
     my ( $c, $user, $realmname ) = @_;
@@ -165,10 +165,10 @@ sub find_realm_for_persisted_user {
     } else {
         ## we have no choice but to ask each realm whether it has a persisted user.
         foreach my $realmname (@{$c->_auth_realm_restore_order}) {
-            my $ret = $c->auth_realms->{$realmname}->user_is_restorable($c);
-            if ($ret) {
-                return $c->auth_realms->{$realmname};
-            }
+            my $realm = $c->auth_realms->{$realmname}
+                || Catalyst::Exception->throw("Could not find authentication realm '$realmname'");
+            return $realm
+                if $realm->user_is_restorable($c);
         }
     }
     return undef;
@@ -626,7 +626,7 @@ This means that our application will begin like this:
         Authentication
     /;
 
-    __PACKAGE__->config->{'Plugin::Authentication'} = 
+    __PACKAGE__->config( 'Plugin::Authentication' => 
                 {  
                     default => {
                         credential => {
@@ -649,7 +649,8 @@ This means that our application will begin like this:
         	                }	                
         	            }
         	        }
-                };
+                }
+    );
 
 This tells the authentication plugin what realms are available, which
 credential and store modules are used, and the configuration of each. With
@@ -745,7 +746,7 @@ efficient to maintain a hash of users, so you move this data to a database.
 You can accomplish this simply by installing the L<DBIx::Class|Catalyst::Authentication::Store::DBIx::Class> Store and
 changing your config:
 
-    __PACKAGE__->config->{'Plugin::Authentication'} = 
+    __PACKAGE__->config( 'Plugin::Authentication'} => 
                     {  
                         default_realm => 'members',
                         members => {
@@ -760,7 +761,8 @@ changing your config:
         	                    role_column => 'roles'	                
         	                }
             	        }
-                    };
+                    }
+    );
 
 The authentication system works behind the scenes to load your data from the
 new source. The rest of your application is completely unchanged.
@@ -769,7 +771,7 @@ new source. The rest of your application is completely unchanged.
 =head1 CONFIGURATION
 
     # example
-    __PACKAGE__->config->{'Plugin::Authentication'} = 
+    __PACKAGE__->config( 'Plugin::Authentication' => 
                 {  
                     default_realm => 'members',
 
@@ -796,7 +798,8 @@ new source. The rest of your application is completely unchanged.
         	                authserver => '192.168.10.17'
         	            }
         	        }
-                };
+                }
+    );
 
 NOTE: Until version 0.10008 of this module, you would need to put all the
 realms inside a "realms" key in the configuration. Please see 
@@ -807,9 +810,15 @@ L</COMPATIBILITY CONFIGURATION> for more information
 =item use_session
 
 Whether or not to store the user's logged in state in the session, if the
-application is also using L<Catalyst::Plugin::Session>. This 
+application is also using L<Catalyst::Plugin::Session>. This
 value is set to true per default.
 
+However, even if use_session is disabled, if any code touches $c->session, a session
+object will be auto-vivified and session Cookies will be sent in the headers. To
+prevent accidental session creation, check if a session already exists with
+if ($c->sessionid) { ... }. If the session doesn't exist, then don't place
+anything in the session to prevent an unecessary session from being created.
+
 =item default_realm
 
 This defines which realm should be used as when no realm is provided to methods
@@ -980,6 +989,8 @@ L<Catalyst::Authentication::Realm>
 
 =item L<Catalyst::Authentication::Credential::Kerberos>
 
+=back
+
 =head2 Authorization
 
 L<Catalyst::Plugin::Authorization::ACL>,
@@ -1018,7 +1029,7 @@ Until version 0.10008 of this module, you needed to put all the
 realms inside a "realms" key in the configuration. 
 
     # example
-    __PACKAGE__->config->{'Plugin::Authentication'} = 
+    __PACKAGE__->config( 'Plugin::Authentication'} => 
                 {  
                     default_realm => 'members',
                     realms => {
@@ -1026,9 +1037,10 @@ realms inside a "realms" key in the configuration.
                             ...
                         },
                     },
-                };
+                }
+    );
 
-If you use the old, deprecated C<< __PACKAGE__->config->{'authentication'} >>
+If you use the old, deprecated C<< __PACKAGE__->config( 'authentication' ) >>
 configuration key, then the realms key is still required.
 
 =head1 COMPATIBILITY ROUTINES
@@ -1062,7 +1074,7 @@ included here for reference only.
 
 Return the store whose name is 'default'.
 
-This is set to C<< $c->config->{'Plugin::Authentication'}{store} >> if that value exists,
+This is set to C<< $c->config( 'Plugin::Authentication' => { store => # Store} ) >> if that value exists,
 or by using a Store plugin:
 
     # load the Minimal authentication store.
@@ -1101,7 +1113,11 @@ Jess Robinson
 
 David Kamholz
 
-Tomas Doran (t0m), C<bobtfish@bobtfish.net> 
+Tomas Doran (t0m), C<bobtfish@bobtfish.net>
+
+kmx
+
+Nigel Metheringham
 
 =head1 COPYRIGHT & LICENSE