From: Tomas Doran Date: Wed, 10 Dec 2008 23:54:19 +0000 (+0000) Subject: Checking in changes prior to tagging of version 1.008. Changelog diff is: X-Git-Tag: v1.008^0 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Authentication-Credential-HTTP.git;a=commitdiff_plain;h=b5402c9e1b00eb7dbb28da81db4bfb5e53919744 Checking in changes prior to tagging of version 1.008. Changelog diff is: === Changes ================================================================== --- Changes (revision 8543) +++ Changes (local) @@ -1,3 +1,10 @@ +1.008 2008-12-10 + - Fix issue with the user not being authenticated into the correct + realm, by not calling $c->set_authenticated ourselves, but instead + just returning the user object. Fix suggested by Bernhard Graf. (t0m) + - Add test for this (t0m) + - Change $user to $user_obj in authenticate_digest for consistency (t0m) + 1.007 2008-11-19 - Add test for query strings in digest auth as digest header is built using the full URI (t0m) --- diff --git a/Changes b/Changes index c4781f8..ab512be 100644 --- a/Changes +++ b/Changes @@ -1,3 +1,10 @@ +1.008 2008-12-10 + - Fix issue with the user not being authenticated into the correct + realm, by not calling $c->set_authenticated ourselves, but instead + just returning the user object. Fix suggested by Bernhard Graf. (t0m) + - Add test for this (t0m) + - Change $user to $user_obj in authenticate_digest for consistency (t0m) + 1.007 2008-11-19 - Add test for query strings in digest auth as digest header is built using the full URI (t0m) diff --git a/lib/Catalyst/Authentication/Credential/HTTP.pm b/lib/Catalyst/Authentication/Credential/HTTP.pm index d668e53..350cfd1 100644 --- a/lib/Catalyst/Authentication/Credential/HTTP.pm +++ b/lib/Catalyst/Authentication/Credential/HTTP.pm @@ -13,7 +13,7 @@ BEGIN { __PACKAGE__->mk_accessors(qw/_config realm/); } -our $VERSION = "1.007"; +our $VERSION = '1.008'; sub new { my ($class, $config, $app, $realm) = @_; @@ -65,7 +65,6 @@ sub authenticate_basic { $opts->{$self->_config->{password_field}} = $password if $self->_config->{password_field}; if ($self->check_password($user_obj, $opts)) { - $c->set_authenticated($user_obj); return $user_obj; } } @@ -126,12 +125,12 @@ sub authenticate_digest { my $username = $res{username}; - my $user; + my $user_obj; - unless ( $user = $auth_info->{user} ) { - $user = $realm->find_user( { $self->_config->{username_field} => $username }, $c); + unless ( $user_obj = $auth_info->{user} ) { + $user_obj = $realm->find_user( { $self->_config->{username_field} => $username }, $c); } - unless ($user) { # no user, no authentication + unless ($user_obj) { # no user, no authentication $c->log->debug("Unable to locate user matching user info provided") if $c->debug; return; } @@ -153,9 +152,9 @@ sub authenticate_digest { my $password_field = $self->_config->{password_field}; for my $r ( 0 .. 1 ) { # calculate H(A1) as per spec - my $A1_digest = $r ? $user->$password_field() : do { + my $A1_digest = $r ? $user_obj->$password_field() : do { $ctx = Digest::MD5->new; - $ctx->add( join( ':', $username, $realm->name, $user->$password_field() ) ); + $ctx->add( join( ':', $username, $realm->name, $user_obj->$password_field() ) ); $ctx->hexdigest; }; if ( $nonce->algorithm eq 'MD5-sess' ) { @@ -173,8 +172,7 @@ sub authenticate_digest { $c->cache->set( __PACKAGE__ . '::opaque:' . $nonce->opaque, $nonce ); if ($rq_digest eq $res{response}) { - $c->set_authenticated($user); - return 1; + return $user_obj; } } } diff --git a/t/basic.t b/t/basic.t index 5ce143a..3df2527 100644 --- a/t/basic.t +++ b/t/basic.t @@ -1,7 +1,7 @@ #!/usr/bin/perl use strict; use warnings; -use Test::More tests => 34; +use Test::More tests => 35; use Test::MockObject::Extends; use Test::MockObject; use Test::Exception; @@ -25,6 +25,7 @@ $res->mock(body => sub { $body = $_[1] }); my $res_headers = HTTP::Headers->new; $res->set_always( headers => $res_headers ); my $user = Test::MockObject->new; +$user->set_isa('Catalyst::Authentication::User'); $user->mock(get => sub { return shift->{$_[0]} }); my $find_user_opts; my $realm = Test::MockObject->new; @@ -70,8 +71,12 @@ throws_ok { # Correct credentials $req_headers->authorization_basic( qw/foo bar/ ); -ok($self->authenticate($c, $realm), "auth successful with header"); -is($authenticated, 1, 'authenticated once'); +{ + my $user = $self->authenticate($c, $realm); + ok($user, "auth successful with header"); + isa_ok $user, 'Catalyst::Authentication::User'; +} +is($authenticated, 0, 'Not called set_authenticated'); is_deeply( $find_user_opts, { username => 'foo'}, "login delegated"); # Test all the headers look good.