From: Tomas Doran Date: Wed, 10 Sep 2008 00:00:36 +0000 (+0000) Subject: Fix a load of the documentation up. Fix overriding HTTP auth relam in the ->authentic... X-Git-Tag: v1.003~3 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Authentication-Credential-HTTP.git;a=commitdiff_plain;h=bf39928587b827d04613b4a7c638a7ca335b7e51 Fix a load of the documentation up. Fix overriding HTTP auth relam in the ->authenticate call + tests and docs --- diff --git a/Changes b/Changes index 557e172..4be501e 100644 --- a/Changes +++ b/Changes @@ -1,3 +1,9 @@ +1.003 2008-09-?? + - Add ability to override the realm name presented for authentication + when calling $c->authenticate. Docs and tests for this. + - Clean up documentation of options inherited from + Catalyst::Authentication::Credential::Password + 1.002 2008-09-03 - Fix the assumptions that the password field is named password when doing digest auth. diff --git a/Todo b/Todo index 352f9d8..c87e4a8 100644 --- a/Todo +++ b/Todo @@ -1,10 +1,8 @@ -* Document the C::A::C::Password stuff properly -* Work out what options inherited from C::A::C::Password make sense, and - test / document them + make apply to digest as appropriate. +. Document md5'd passwords for digest stuff . Port work's apps. . Document how to find the credential module, so that you can call authorization_required_response if you want to. -. Document, and test overriding the realm's realm->name method. . Add deprecation notice to old module. +. document & test authorization_required_message . Test $self->_config->{authorization_required_message} + authorization_required_message = undef does not stamp on body. . Split auth headers / do auth methods again, and make authenticate call each in turn. . Document / test 'algorithm' config. diff --git a/lib/Catalyst/Authentication/Credential/HTTP.pm b/lib/Catalyst/Authentication/Credential/HTTP.pm index e3ca145..f1ff62b 100644 --- a/lib/Catalyst/Authentication/Credential/HTTP.pm +++ b/lib/Catalyst/Authentication/Credential/HTTP.pm @@ -248,10 +248,8 @@ sub _create_basic_auth_response { } sub _build_auth_header_realm { - my ( $self ) = @_; - - if ( my $realm = $self->realm ) { - my $realm_name = String::Escape::qprintable($realm->name); + my ( $self, $c, $opts ) = @_; + if ( my $realm_name = String::Escape::qprintable($opts->{realm} ? $opts->{realm} : $self->realm->name) ) { $realm_name = qq{"$realm_name"} unless $realm_name =~ /^"/; return 'realm=' . $realm_name; } @@ -279,7 +277,7 @@ sub _build_auth_header_common { my ( $self, $c, $opts ) = @_; return ( - $self->_build_auth_header_realm(), + $self->_build_auth_header_realm($c, $opts), $self->_build_auth_header_domain($c, $opts), ); } @@ -406,6 +404,9 @@ for Catalyst. $c->authenticate({ realm => "example" }); # either user gets authenticated or 401 is sent + # Note that the authentication realm sent to the client is overridden + # here, but this does not affect the Catalyst::Authentication::Realm + # used for authentication. do_stuff(); } @@ -457,15 +458,35 @@ Looks inside C<< $c->request->headers >> and processes the digest and basic This will only try the methods set in the configuration. First digest, then basic. -This method just passes the options through untouched. See the next two methods for what \%auth_info can contain. +The %auth_info hash can contain a number of keys which control the authentication behaviour: + +=over + +=item realm + +Sets the HTTP authentication realm presented to the client. Note this does not alter the +Catalyst::Authentication::Realm object used for the authentication. + +=item password_type + +The type of password returned by the user object. Same useage as in +L + +=item password_field + +The name of accessor used to retrieve the value of the password field from the user object. Same useage as in +L + +=back =item authenticate_basic $c, $realm, \%auth_info -Acts like L, and will lookup the user's password as detailed in that module. +Performs HTTP basic authentication. =item authenticate_digest $c, $realm, \%auth_info -Assumes that your user object has a hard coded method which returns a clear text password. +Performs HTTP digest authentication. Note that the password_type B by I for +digest authentication to succeed. =item authorization_required_response $c, $realm, \%auth_info diff --git a/t/basic.t b/t/basic.t index ffd07e7..a819115 100644 --- a/t/basic.t +++ b/t/basic.t @@ -74,6 +74,7 @@ is_deeply( $find_user_opts, { username => 'foo'}, "login delegated"); # Test all the headers look good. $req_headers->clear; +$res_headers->clear; $c->clear; throws_ok { $self->authenticate( $c, $realm ); @@ -86,6 +87,7 @@ like( ($res_headers->header('WWW-Authenticate'))[0], qr/realm="foo"/, "WWW-Authe like( ($res_headers->header('WWW-Authenticate'))[1], qr/^Basic/, "WWW-Authenticate header set: basic"); like( ($res_headers->header('WWW-Authenticate'))[1], qr/realm="foo"/, "WWW-Authenticate header set: basic realm"); +$res_headers->clear; # Check password_field works { my $self = new_self( type => 'any', password_type => 'clear', password_field => 'the_other_password' ); @@ -101,14 +103,13 @@ like( ($res_headers->header('WWW-Authenticate'))[1], qr/realm="foo"/, "WWW-Authe } $req_headers->clear; +$res_headers->clear; throws_ok { $self->authenticate( $c, $realm, { realm => 'myrealm' }); # Override realm object's name method by doing this. } qr/^ $Catalyst::DETACH $/x, "detached on no authorization supplied, overridden realm value"; is( $status, 401, "401 status code" ); is( $content_type, 'text/plain' ); is( $body, 'Authorization required.' ); -TODO: { - local $TODO = 'This should work, it (or something very like it) used to work'; - like( ($res_headers->header('WWW-Authenticate'))[0], qr/realm="myrealm"/, "WWW-Authenticate header set: digest realm overridden"); - like( ($res_headers->header('WWW-Authenticate'))[1], qr/realm="myrealm"/, "WWW-Authenticate header set: basic realm overridden"); -} +like( ($res_headers->header('WWW-Authenticate'))[0], qr/realm="myrealm"/, "WWW-Authenticate header set: digest realm overridden"); +like( ($res_headers->header('WWW-Authenticate'))[1], qr/realm="myrealm"/, "WWW-Authenticate header set: basic realm overridden"); +