+1.008 2008-12-10
+ - Fix issue with the user not being authenticated into the correct
+ realm, by not calling $c->set_authenticated ourselves, but instead
+ just returning the user object. Fix suggested by Bernhard Graf. (t0m)
+ - Add test for this (t0m)
+ - Change $user to $user_obj in authenticate_digest for consistency (t0m)
+
1.007 2008-11-19
- Add test for query strings in digest auth as digest header is built using
the full URI (t0m)
__PACKAGE__->mk_accessors(qw/_config realm/);
}
-our $VERSION = "1.007";
+our $VERSION = '1.008';
sub new {
my ($class, $config, $app, $realm) = @_;
$opts->{$self->_config->{password_field}} = $password
if $self->_config->{password_field};
if ($self->check_password($user_obj, $opts)) {
- $c->set_authenticated($user_obj);
return $user_obj;
}
}
my $username = $res{username};
- my $user;
+ my $user_obj;
- unless ( $user = $auth_info->{user} ) {
- $user = $realm->find_user( { $self->_config->{username_field} => $username }, $c);
+ unless ( $user_obj = $auth_info->{user} ) {
+ $user_obj = $realm->find_user( { $self->_config->{username_field} => $username }, $c);
}
- unless ($user) { # no user, no authentication
+ unless ($user_obj) { # no user, no authentication
$c->log->debug("Unable to locate user matching user info provided") if $c->debug;
return;
}
my $password_field = $self->_config->{password_field};
for my $r ( 0 .. 1 ) {
# calculate H(A1) as per spec
- my $A1_digest = $r ? $user->$password_field() : do {
+ my $A1_digest = $r ? $user_obj->$password_field() : do {
$ctx = Digest::MD5->new;
- $ctx->add( join( ':', $username, $realm->name, $user->$password_field() ) );
+ $ctx->add( join( ':', $username, $realm->name, $user_obj->$password_field() ) );
$ctx->hexdigest;
};
if ( $nonce->algorithm eq 'MD5-sess' ) {
$c->cache->set( __PACKAGE__ . '::opaque:' . $nonce->opaque,
$nonce );
if ($rq_digest eq $res{response}) {
- $c->set_authenticated($user);
- return 1;
+ return $user_obj;
}
}
}
#!/usr/bin/perl
use strict;
use warnings;
-use Test::More tests => 34;
+use Test::More tests => 35;
use Test::MockObject::Extends;
use Test::MockObject;
use Test::Exception;
my $res_headers = HTTP::Headers->new;
$res->set_always( headers => $res_headers );
my $user = Test::MockObject->new;
+$user->set_isa('Catalyst::Authentication::User');
$user->mock(get => sub { return shift->{$_[0]} });
my $find_user_opts;
my $realm = Test::MockObject->new;
# Correct credentials
$req_headers->authorization_basic( qw/foo bar/ );
-ok($self->authenticate($c, $realm), "auth successful with header");
-is($authenticated, 1, 'authenticated once');
+{
+ my $user = $self->authenticate($c, $realm);
+ ok($user, "auth successful with header");
+ isa_ok $user, 'Catalyst::Authentication::User';
+}
+is($authenticated, 0, 'Not called set_authenticated');
is_deeply( $find_user_opts, { username => 'foo'}, "login delegated");
# Test all the headers look good.