projects / catagits/Catalyst-Manual.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
update pod and podcoverage tests to match cat dist
[catagits/Catalyst-Manual.git] / lib / Catalyst / Manual / Tutorial / Authentication.pod
CommitLineData
d442cc9f 1=head1 NAME
2
3Catalyst::Manual::Tutorial::Authentication - Catalyst Tutorial - Part 4: Authentication
4
5
6=head1 OVERVIEW
7
8This is B<Part 4 of 9> for the Catalyst tutorial.
9
10L<Tutorial Overview|Catalyst::Manual::Tutorial>
11
12=over 4
13
14=item 1
15
16L<Introduction|Catalyst::Manual::Tutorial::Intro>
17
18=item 2
19
20L<Catalyst Basics|Catalyst::Manual::Tutorial::CatalystBasics>
21
22=item 3
23
24L<Basic CRUD|Catalyst::Manual::Tutorial::BasicCRUD>
25
26=item 4
27
28B<Authentication>
29
30=item 5
31
32L<Authorization|Catalyst::Manual::Tutorial::Authorization>
33
34=item 6
35
36L<Debugging|Catalyst::Manual::Tutorial::Debugging>
37
38=item 7
39
40L<Testing|Catalyst::Manual::Tutorial::Testing>
41
42=item 8
43
44L<AdvancedCRUD|Catalyst::Manual::Tutorial::AdvancedCRUD>
45
46=item 9
47
48L<Appendices|Catalyst::Manual::Tutorial::Appendices>
49
50=back
51
52
53=head1 DESCRIPTION
54
55Now that we finally have a simple yet functional application, we can
56focus on providing authentication (with authorization coming next in
57Part 5).
58
59This part of the tutorial is divided into two main sections: 1) basic,
60cleartext authentication and 2) hash-based authentication.
61
62You can checkout the source code for this example from the catalyst
63subversion repository as per the instructions in
64L<Catalyst::Manual::Tutorial::Intro>
65
66=head1 BASIC AUTHENTICATION
67
68This section explores how to add authentication logic to a Catalyst
69application.
70
71
72=head2 Add Users and Roles to the Database
73
74First, we add both user and role information to the database (we will
75add the role information here although it will not be used until the
76authorization section, Part 5). Create a new SQL script file by opening
77C<myapp02.sql> in your editor and insert:
78
79 --
80 -- Add users and roles tables, along with a many-to-many join table
81 --
82 CREATE TABLE users (
83 id INTEGER PRIMARY KEY,
84 username TEXT,
85 password TEXT,
86 email_address TEXT,
87 first_name TEXT,
88 last_name TEXT,
89 active INTEGER
90 );
91 CREATE TABLE roles (
92 id INTEGER PRIMARY KEY,
93 role TEXT
94 );
95 CREATE TABLE user_roles (
96 user_id INTEGER,
97 role_id INTEGER,
98 PRIMARY KEY (user_id, role_id)
99 );
100 --
101 -- Load up some initial test data
102 --
103 INSERT INTO users VALUES (1, 'test01', 'mypass', 't01@na.com', 'Joe', 'Blow', 1);
104 INSERT INTO users VALUES (2, 'test02', 'mypass', 't02@na.com', 'Jane', 'Doe', 1);
105 INSERT INTO users VALUES (3, 'test03', 'mypass', 't03@na.com', 'No', 'Go', 0);
106 INSERT INTO roles VALUES (1, 'user');
107 INSERT INTO roles VALUES (2, 'admin');
108 INSERT INTO user_roles VALUES (1, 1);
109 INSERT INTO user_roles VALUES (1, 2);
110 INSERT INTO user_roles VALUES (2, 1);
111 INSERT INTO user_roles VALUES (3, 1);
112
113Then load this into the C<myapp.db> database with the following command:
114
115 $ sqlite3 myapp.db < myapp02.sql
116
117
118=head2 Add User and Role Information to DBIC Schema
119
120This step adds DBIC-based classes for the user-related database tables
121(the role information will not be used until Part 5):
122
123Edit C<lib/MyAppDB.pm> and update the contents to match (only the
124C<MyAppDB =E<gt> [qw/Book BookAuthor Author User UserRole Role/]> line
125has changed):
126
127 package MyAppDB;
128
129 =head1 NAME
130
131 MyAppDB -- DBIC Schema Class
132
133 =cut
134
135 # Our schema needs to inherit from 'DBIx::Class::Schema'
136 use base qw/DBIx::Class::Schema/;
137
138 # Need to load the DB Model classes here.
139 # You can use this syntax if you want:
140 # __PACKAGE__->load_classes(qw/Book BookAuthor Author User UserRole Role/);
141 # Also, if you simply want to load all of the classes in a directory
142 # of the same name as your schema class (as we do here) you can use:
143 # __PACKAGE__->load_classes(qw//);
144 # But the variation below is more flexible in that it can be used to
145 # load from multiple namespaces.
146 __PACKAGE__->load_classes({
147 MyAppDB => [qw/Book BookAuthor Author User UserRole Role/]
148 });
149
150 1;
151
152
153=head2 Create New "Result Source Objects"
154
155Create the following three files with the content shown below.
156
157C<lib/MyAppDB/User.pm>:
158
159 package MyAppDB::User;
160
161 use base qw/DBIx::Class/;
162
163 # Load required DBIC stuff
164 __PACKAGE__->load_components(qw/PK::Auto Core/);
165 # Set the table name
166 __PACKAGE__->table('users');
167 # Set columns in table
168 __PACKAGE__->add_columns(qw/id username password email_address first_name last_name/);
169 # Set the primary key for the table
170 __PACKAGE__->set_primary_key('id');
171
172 #
173 # Set relationships:
174 #
175
176 # has_many():
177 # args:
178 # 1) Name of relationship, DBIC will create accessor with this name
179 # 2) Name of the model class referenced by this relationship
180 # 3) Column name in *foreign* table
181 __PACKAGE__->has_many(map_user_role => 'MyAppDB::UserRole', 'user_id');
182
183
184 =head1 NAME
185
186 MyAppDB::User - A model object representing a person with access to the system.
187
188 =head1 DESCRIPTION
189
190 This is an object that represents a row in the 'users' table of your application
191 database. It uses DBIx::Class (aka, DBIC) to do ORM.
192
193 For Catalyst, this is designed to be used through MyApp::Model::MyAppDB.
194 Offline utilities may wish to use this class directly.
195
196 =cut
197
198 1;
199
200
201C<lib/MyAppDB/Role.pm>:
202
203 package MyAppDB::Role;
204
205 use base qw/DBIx::Class/;
206
207 # Load required DBIC stuff
208 __PACKAGE__->load_components(qw/PK::Auto Core/);
209 # Set the table name
210 __PACKAGE__->table('roles');
211 # Set columns in table
212 __PACKAGE__->add_columns(qw/id role/);
213 # Set the primary key for the table
214 __PACKAGE__->set_primary_key('id');
215
216 #
217 # Set relationships:
218 #
219
220 # has_many():
221 # args:
222 # 1) Name of relationship, DBIC will create accessor with this name
223 # 2) Name of the model class referenced by this relationship
224 # 3) Column name in *foreign* table
225 __PACKAGE__->has_many(map_user_role => 'MyAppDB::UserRole', 'role_id');
226
227
228 =head1 NAME
229
230 MyAppDB::Role - A model object representing a class of access permissions to
231 the system.
232
233 =head1 DESCRIPTION
234
235 This is an object that represents a row in the 'roles' table of your
236 application database. It uses DBIx::Class (aka, DBIC) to do ORM.
237
238 For Catalyst, this is designed to be used through MyApp::Model::MyAppDB.
239 "Offline" utilities may wish to use this class directly.
240
241 =cut
242
243 1;
244
245
246C<lib/MyAppDB/UserRole.pm>:
247
248 package MyAppDB::UserRole;
249
250 use base qw/DBIx::Class/;
251
252 # Load required DBIC stuff
253 __PACKAGE__->load_components(qw/PK::Auto Core/);
254 # Set the table name
255 __PACKAGE__->table('user_roles');
256 # Set columns in table
257 __PACKAGE__->add_columns(qw/user_id role_id/);
258 # Set the primary key for the table
259 __PACKAGE__->set_primary_key(qw/user_id role_id/);
260
261 #
262 # Set relationships:
263 #
264
265 # belongs_to():
266 # args:
267 # 1) Name of relationship, DBIC will create accessor with this name
268 # 2) Name of the model class referenced by this relationship
269 # 3) Column name in *this* table
270 __PACKAGE__->belongs_to(user => 'MyAppDB::User', 'user_id');
271
272 # belongs_to():
273 # args:
274 # 1) Name of relationship, DBIC will create accessor with this name
275 # 2) Name of the model class referenced by this relationship
276 # 3) Column name in *this* table
277 __PACKAGE__->belongs_to(role => 'MyAppDB::Role', 'role_id');
278
279
280 =head1 NAME
281
282 MyAppDB::UserRole - A model object representing the JOIN between Users and Roles.
283
284 =head1 DESCRIPTION
285
286 This is an object that represents a row in the 'user_roles' table of your application
287 database. It uses DBIx::Class (aka, DBIC) to do ORM.
288
289 You probably won't need to use this class directly -- it will be automatically
290 used by DBIC where joins are needed.
291
292 For Catalyst, this is designed to be used through MyApp::Model::MyAppDB.
293 Offline utilities may wish to use this class directly.
294
295 =cut
296
297 1;
298
299The code for these three result source classes is obviously very familiar to the C<Book>, C<Author>, and C<BookAuthor> classes created in Part 2.
300
301
302=head2 Sanity-Check Reload of Development Server
303
304We aren't ready to try out the authentication just yet; we only want to do a quick check to be sure our model loads correctly. Press C<Ctrl-C> to kill the previous server instance (if it's still running) and restart it:
305
306 $ script/myapp_server.pl
307
308Look for the three new model objects in the startup debug output:
309
310 ...
311 .-------------------------------------------------------------------+----------.
312 | Class | Type |
313 +-------------------------------------------------------------------+----------+
314 | MyApp::Controller::Books | instance |
315 | MyApp::Controller::Root | instance |
316 | MyApp::Model::MyAppDB | instance |
317 | MyApp::Model::MyAppDB::Author | class |
318 | MyApp::Model::MyAppDB::Book | class |
319 | MyApp::Model::MyAppDB::BookAuthor | class |
320 | MyApp::Model::MyAppDB::Role | class |
321 | MyApp::Model::MyAppDB::User | class |
322 | MyApp::Model::MyAppDB::UserRole | class |
323 | MyApp::View::TT | instance |
324 '-------------------------------------------------------------------+----------'
325 ...
326
327Again, notice that your "result source" classes have been "re-loaded" by Catalyst under C<MyApp::Model>.
328
329
330=head2 Include Authentication and Session Plugins
331
332Edit C<lib/MyApp.pm> and update it as follows (everything below C<StackTrace> is new):
333
334 use Catalyst qw/
335 -Debug
336 ConfigLoader
337 Static::Simple
338
339 StackTrace
340
341 Authentication
d442cc9f 342
343 Session
344 Session::Store::FastMmap
345 Session::State::Cookie
346 /;
347
6d0971ad 348The C<Authentication> plugin supports
d442cc9f 349Authentication while the C<Session> plugins are required to maintain
6d0971ad 350state across multiple HTTP requests.
351
352Note that the only required Authentication class is the main
353one. This is a change that occured in version 0.09999_01
354of the C<Authentication> plugin. You B<do not need> to specify a
355particular Authentication::Store or Authentication::Credential plugin.
356Instead, indicate the Store and Credential you want to use in your application
357configuration (see below).
358
359Note that there are several
e74b1cd1 360options for L<Session::Store|Catalyst::Plugin::Session::Store>
d442cc9f 361(L<Session::Store::FastMmap|Catalyst::Plugin::Session::Store::FastMmap>
362is generally a good choice if you are on Unix; try
e74b1cd1 363L<Session::Store::File|Catalyst::Plugin::Session::Store::File> if you
364are on Win32) -- consult
365L<Session::Store|Catalyst::Plugin::Session::Store> and its subclasses
366for additional information and options (for example to use a
367database-backed session store).
d442cc9f 368
369
370=head2 Configure Authentication
371
372Although C<__PACKAGE__-E<gt>config(name =E<gt> 'value');> is still
373supported, newer Catalyst applications tend to place all configuration
374information in C<myapp.yml> and automatically load this information into
375C<MyApp-E<gt>config> using the
376L<ConfigLoader|Catalyst::Plugin::ConfigLoader> plugin. Here, we need
377to load several parameters that tell
378L<Catalyst::Plugin::Authentication|Catalyst::Plugin::Authentication>
379where to locate information in your database. To do this, edit the
380C<myapp.yml> YAML and update it to match:
381
382 ---
383 name: MyApp
384 authentication:
6d0971ad 385 default_realm: dbic
386 realms:
387 dbic:
388 credential:
389 class: Password
390 password_field: password
391 password_type: self_check
392 store:
393 class: DBIx::Class
d442cc9f 394 # This is the model object created by Catalyst::Model::DBIC from your
395 # schema (you created 'MyAppDB::User' but as the Catalyst startup
396 # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User').
397 # NOTE: Omit 'MyApp::Model' to avoid a component lookup issue in Catalyst 5.66
6d0971ad 398 user_class: MyApp::Users
d442cc9f 399 # This is the name of the field in your 'users' table that contains the user's name
6d0971ad 400 id_field: username
401 role_relation: roles
402 role_field: rolename
403 ignore_fields_in_find: [ 'remote_name' ]
d442cc9f 404
405Inline comments in the code above explain how each field is being used.
406
407B<TIP>: Although YAML uses a very simple and easy-to-ready format, it
408does require the use of a consistent level of indenting. Be sure you
409line up everything on a given 'level' with the same number of indents.
410Also, be sure not to use C<tab> characters (YAML does not support them
411because they are handled inconsistently across editors).
412
413
414=head2 Add Login and Logout Controllers
415
416Use the Catalyst create script to create two stub controller files:
417
418 $ script/myapp_create.pl controller Login
419 $ script/myapp_create.pl controller Logout
420
421B<NOTE>: You could easily use a single controller here. For example,
422you could have a C<User> controller with both C<login> and C<logout>
423actions. Remember, Catalyst is designed to be very flexible, and leaves
424such matters up to you, the designer and programmer.
425
426Then open C<lib/MyApp/Controller/Login.pm>, locate the C<sub index :
427Private> method (this was automatically inserted by the helpers when we
428created the Login controller above), and delete this line:
429
430 $c->response->body('Matched MyApp::Controller::Login in Login.');
431
432Then update it to match:
433
434 =head2 index
435
436 Login logic
437
438 =cut
439
440 sub index : Private {
441 my ($self, $c) = @_;
442
443 # Get the username and password from form
444 my $username = $c->request->params->{username} || "";
445 my $password = $c->request->params->{password} || "";
446
447 # If the username and password values were found in form
448 if ($username && $password) {
449 # Attempt to log the user in
f632e28b 450 if ($c->authenticate({ username => $username,
451 password => $password} )) {
d442cc9f 452 # If successful, then let them use the application
453 $c->response->redirect($c->uri_for('/books/list'));
454 return;
455 } else {
456 # Set an error message
457 $c->stash->{error_msg} = "Bad username or password.";
458 }
459 }
460
461 # If either of above don't work out, send to the login page
462 $c->stash->{template} = 'login.tt2';
463 }
464
465This controller fetches the C<username> and C<password> values from the
f632e28b 466login form and attempts to authenticate the user. If successful, it
467redirects the user to the book list page. If the login fails, the user
468will stay at the login page but receive an error message. If the
469C<username> and C<password> values are not present in the form, the
470user will be taken to the empty login form.
d442cc9f 471
472Note that we could have used something like C<sub default :Private>;
473however, the use of C<default> actions is discouraged because it does
474not receive path args as with other actions. The recommended practice
475is to only use C<default> in C<MyApp::Controller::Root>.
476
477Another option would be to use something like
478C<sub base :Path :Args(0) {...}> (where the C<...> refers to the login
479code shown in C<sub index : Private> above). We are using C<sub base
480:Path :Args(0) {...}> here to specifically match the URL C</login>.
481C<Path> actions (aka, "literal actions") create URI matches relative to
482the namespace of the controller where they are defined. Although
483C<Path> supports arguments that allow relative and absolute paths to be
484defined, here we use an empty C<Path> definition to match on just the
485name of the controller itself. The method name, C<base>, is arbitrary.
486We make the match even more specific with the C<:Args(0)> action
487modifier -- this forces the match on I<only> C</login>, not
488C</login/somethingelse>.
489
490Next, update the corresponding method in C<lib/MyApp/Controller/Logout.pm>
491to match:
492
493 =head2 index
494
495 Logout logic
496
497 =cut
498
499 sub index : Private {
500 my ($self, $c) = @_;
501
502 # Clear the user's state
503 $c->logout;
504
505 # Send the user to the starting point
506 $c->response->redirect($c->uri_for('/'));
507 }
508
509As with the login controller, be sure to delete the
510C<$c->response->body('Matched MyApp::Controller::Logout in Logout.');>
511line of the C<sub index>.
512
513
514=head2 Add a Login Form TT Template Page
515
516Create a login form by opening C<root/src/login.tt2> and inserting:
517
518 [% META title = 'Login' %]
519
520 <!-- Login form -->
521 <form method="post" action=" [% Catalyst.uri_for('/login') %] ">
522 <table>
523 <tr>
524 <td>Username:</td>
525 <td><input type="text" name="username" size="40" /></td>
526 </tr>
527 <tr>
528 <td>Password:</td>
529 <td><input type="password" name="password" size="40" /></td>
530 </tr>
531 <tr>
532 <td colspan="2"><input type="submit" name="submit" value="Submit" /></td>
533 </tr>
534 </table>
535 </form>
536
537
538=head2 Add Valid User Check
539
540We need something that provides enforcement for the authentication
541mechanism -- a I<global> mechanism that prevents users who have not
542passed authentication from reaching any pages except the login page.
543This is generally done via an C<auto> action/method (prior to Catalyst
544v5.66, this sort of thing would go in C<MyApp.pm>, but starting in
545v5.66, the preferred location is C<lib/MyApp/Controller/Root.pm>).
546
547Edit the existing C<lib/MyApp/Controller/Root.pm> class file and insert
548the following method:
549
550 =head2 auto
551
552 Check if there is a user and, if not, forward to login page
553
554 =cut
555
556 # Note that 'auto' runs after 'begin' but before your actions and that
557 # 'auto' "chain" (all from application path to most specific class are run)
558 # See the 'Actions' section of 'Catalyst::Manual::Intro' for more info.
559 sub auto : Private {
560 my ($self, $c) = @_;
561
562 # Allow unauthenticated users to reach the login page. This
563 # allows anauthenticated users to reach any action in the Login
564 # controller. To lock it down to a single action, we could use:
565 # if ($c->action eq $c->controller('Login')->action_for('index'))
566 # to only allow unauthenticated access to the C<index> action we
567 # added above.
568 if ($c->controller eq $c->controller('Login')) {
569 return 1;
570 }
571
572 # If a user doesn't exist, force login
573 if (!$c->user_exists) {
574 # Dump a log message to the development server debug output
575 $c->log->debug('***Root::auto User not found, forwarding to /login');
576 # Redirect the user to the login page
577 $c->response->redirect($c->uri_for('/login'));
578 # Return 0 to cancel 'post-auto' processing and prevent use of application
579 return 0;
580 }
581
582 # User found, so return 1 to continue with processing after this 'auto'
583 return 1;
584 }
585
586B<Note:> Catalyst provides a number of different types of actions, such
587as C<Local>, C<Regex>, and C<Private>. You should refer to
588L<Catalyst::Manual::Intro> for a more detailed explanation, but the
589following bullet points provide a quick introduction:
590
591=over 4
592
593=item *
594
595The majority of application use C<Local> actions for items that respond
596to user requests and C<Private> actions for those that do not directly
597respond to user input.
598
599=item *
600
601There are five types of C<Private> actions: C<begin>, C<end>,
602C<default>, C<index>, and C<auto>.
603
604=item *
605
606With C<begin>, C<end>, C<default>, C<index> private actions, only the
607most specific action of each type will be called. For example, if you
608define a C<begin> action in your controller it will I<override> a
609C<begin> action in your application/root controller -- I<only> the
610action in your controller will be called.
611
612=item *
613
614Unlike the other actions where only a single method is called for each
615request, I<every> auto action along the chain of namespaces will be
616called. Each C<auto> action will be called I<from the application/root
617controller down through the most specific class>.
618
619=back
620
621By placing the authentication enforcement code inside the C<auto> method
622of C<lib/MyApp/Controller/Root.pm> (or C<lib/MyApp.pm>), it will be
623called for I<every> request that is received by the entire application.
624
625
626=head2 Displaying Content Only to Authenticated Users
627
628Let's say you want to provide some information on the login page that
629changes depending on whether the user has authenticated yet. To do
630this, open C<root/src/login.tt2> in your editor and add the following
631lines to the bottom of the file:
632
633 <p>
634 [%
635 # This code illustrates how certain parts of the TT
636 # template will only be shown to users who have logged in
637 %]
638 [% IF Catalyst.user_exists %]
639 Please Note: You are already logged in as '[% Catalyst.user.username %]'.
640 You can <a href="[% Catalyst.uri_for('/logout') %]">logout</a> here.
641 [% ELSE %]
642 You need to log in to use this application.
643 [% END %]
644 [%#
645 Note that this whole block is a comment because the "#" appears
646 immediate after the "[%" (with no spaces in between). Although it
647 can be a handy way to temporarily "comment out" a whole block of
648 TT code, it's probably a little too subtle for use in "normal"
649 comments.
650 %]
5edc2aae 651 </p>
d442cc9f 652
653Although most of the code is comments, the middle few lines provide a
654"you are already logged in" reminder if the user returns to the login
655page after they have already authenticated. For users who have not yet
656authenticated, a "You need to log in..." message is displayed (note the
657use of an IF-THEN-ELSE construct in TT).
658
659
660=head2 Try Out Authentication
661
662Press C<Ctrl-C> to kill the previous server instance (if it's still
663running) and restart it:
664
665 $ script/myapp_server.pl
666
667B<IMPORTANT NOTE>: If you happen to be using Internet Explorer, you may
668need to use the command C<script/myapp_server.pl -k> to enable the
669keepalive feature in the development server. Otherwise, the HTTP
670redirect on successful login may not work correctly with IE (it seems to
671work without -k if you are running the web browser and development
672server on the same machine). If you are using browser a browser other
673than IE, it should work either way. If you want to make keepalive the
674default, you can edit C<script/myapp_server.pl> and change the
675initialization value for C<$keepalive> to C<1>. (You will need to do
676this every time you create a new Catalyst application or rebuild the
677C<myapp_server.pl> script.)
678
679Now trying going to L<http://localhost:3000/books/list> and you should
680be redirected to the login page, hitting Shift+Reload if necessary (the
681"You are already logged in" message should I<not> appear -- if it does,
682click the C<logout> button and try again). Note the C<***Root::auto User
683not found...> debug message in the development server output. Enter
684username C<test01> and password C<mypass>, and you should be taken to
685the Book List page.
686
687Open C<root/src/books/list.tt2> and add the following lines to the
688bottom:
689
690 <p>
691 <a href="[% Catalyst.uri_for('/login') %]">Login</a>
692 <a href="[% Catalyst.uri_for('form_create') %]">Create</a>
693 </p>
694
695Reload your browser and you should now see a "Login" and "Create" links
696at the bottom of the page (as mentioned earlier, you can update template
697files without reloading the development server). Click the first link
698to return to the login page. This time you I<should> see the "You are
699already logged in" message.
700
701Finally, click the C<You can logout here> link on the C</login> page.
702You should stay at the login page, but the message should change to "You
703need to log in to use this application."
704
705
706=head1 USING PASSWORD HASHES
707
708In this section we increase the security of our system by converting
709from cleartext passwords to SHA-1 password hashes.
710
711B<Note:> This section is optional. You can skip it and the rest of the
712tutorial will function normally.
713
714Note that even with the techniques shown in this section, the browser
715still transmits the passwords in cleartext to your application. We are
716just avoiding the I<storage> of cleartext passwords in the database by
717using a SHA-1 hash. If you are concerned about cleartext passwords
718between the browser and your application, consider using SSL/TLS, made
719easy with the Catalyst plugin Catalyst::Plugin:RequireSSL.
720
721
722=head2 Get a SHA-1 Hash for the Password
723
724Catalyst uses the C<Digest> module to support a variety of hashing
725algorithms. Here we will use SHA-1 (SHA = Secure Hash Algorithm).
726First, we should compute the SHA-1 hash for the "mypass" password we are
727using. The following command-line Perl script provides a "quick and
728dirty" way to do this:
729
730 $ perl -MDigest::SHA -e 'print Digest::SHA::sha1_hex("mypass"), "\n"'
731 e727d1464ae12436e899a726da5b2f11d8381b26
732 $
733
734B<Note:> You should probably modify this code for production use to
735not read the password from the command line. By having the script
736prompt for the cleartext password, it avoids having the password linger
737in forms such as your C<.bash_history> files (assuming you are using
738BASH as your shell). An example of such a script can be found in
739Appendix 3.
740
741
742=head2 Switch to SHA-1 Password Hashes in the Database
743
744Next, we need to change the C<password> column of our C<users> table to
745store this hash value vs. the existing cleartext password. Open
746C<myapp03.sql> in your editor and enter:
747
748 --
749 -- Convert passwords to SHA-1 hashes
750 --
751 UPDATE users SET password = 'e727d1464ae12436e899a726da5b2f11d8381b26' WHERE id = 1;
752 UPDATE users SET password = 'e727d1464ae12436e899a726da5b2f11d8381b26' WHERE id = 2;
753 UPDATE users SET password = 'e727d1464ae12436e899a726da5b2f11d8381b26' WHERE id = 3;
754
755Then use the following command to update the SQLite database:
756
757 $ sqlite3 myapp.db < myapp03.sql
758
759B<Note:> We are using SHA-1 hashes here, but many other hashing
760algorithms are supported. See C<Digest> for more information.
761
762
763=head2 Enable SHA-1 Hash Passwords in
764C<Catalyst::Plugin::Authentication::Store::DBIC>
765
766Edit C<myapp.yml> and update it to match (the C<password_type> and
767C<password_hash_type> are new, everything else is the same):
768
769 ---
770 name: MyApp
771 authentication:
772 dbic:
773 # Note this first definition would be the same as setting
774 # __PACKAGE__->config->{authentication}->{dbic}->{user_class} = 'MyAppDB::User'
775 # in lib/MyApp.pm (IOW, each hash key becomes a "name:" in the YAML file).
776 #
777 # This is the model object created by Catalyst::Model::DBIC from your
778 # schema (you created 'MyAppDB::User' but as the Catalyst startup
779 # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User').
780 # NOTE: Omit 'MyApp::Model' here just as you would when using
781 # '$c->model("MyAppDB::User)'
782 user_class: MyAppDB::User
783 # This is the name of the field in your 'users' table that contains the user's name
784 user_field: username
785 # This is the name of the field in your 'users' table that contains the password
786 password_field: password
787 # Other options can go here for hashed passwords
788 # Enabled hashed passwords
789 password_type: hashed
790 # Use the SHA-1 hashing algorithm
791 password_hash_type: SHA-1
792
793
794=head2 Try Out the Hashed Passwords
795
796Press C<Ctrl-C> to kill the previous server instance (if it's still
797running) and restart it:
798
799 $ script/myapp_server.pl
800
801You should now be able to go to L<http://localhost:3000/books/list> and
802login as before. When done, click the "Logout" link on the login page
803(or point your browser at L<http://localhost:3000/logout>).
804
805B<Note:> If you receive the debug screen in your browser with a
806C<Can't call method "stash" on an undefined value...> error message,
807make sure that you are using v0.07 of
808L<Catalyst::Plugin::Authorization::ACL|Catalyst::Plugin::Authorization::ACL>.
809The following command can be a useful way to quickly dump the version number
810of this module on your system:
811
812 perl -MCatalyst::Plugin::Authorization::ACL -e 'print $Catalyst::Plugin::Authorization::ACL::VERSION, "\n";'
813
814
815=head1 USING THE SESSION FOR FLASH
816
817As discussed in Part 3 of the tutorial, C<flash> allows you to set
818variables in a way that is very similar to C<stash>, but it will
819remain set across multiple requests. Once the value is read, it
820is cleared (unless reset). Although C<flash> has nothing to do with
821authentication, it does leverage the same session plugins. Now that
822those plugins are enabled, let's go back and improve the "delete
823and redirect with query parameters" code seen at the end of the
824L<Basic CRUD|Catalyst::Manual::Tutorial::BasicCRUD> part of the
825tutorial.
826
827First, open C<lib/MyApp/Controller/Books.pm> and modify C<sub delete>
828to match the following:
829
830 =head2 delete
831
832 Delete a book
833
834 =cut
835
836 sub delete : Local {
837 # $id = primary key of book to delete
838 my ($self, $c, $id) = @_;
839
840 # Search for the book and then delete it
841 $c->model('MyAppDB::Book')->search({id => $id})->delete_all;
842
843 # Use 'flash' to save information across requests until it's read
844 $c->flash->{status_msg} = "Book deleted";
845
846 # Redirect the user back to the list page with status msg as an arg
847 $c->response->redirect($c->uri_for('/books/list'));
848 }
849
850Next, open C<root/lib/site/layout> and update the TT code to pull from
851flash vs. the C<status_msg> query parameter:
852
853 <div id="header">[% PROCESS site/header %]</div>
854
855 <div id="content">
856 <span class="message">[% status_msg || Catalyst.flash.status_msg %]</span>
857 <span class="error">[% error_msg %]</span>
858 [% content %]
859 </div>
860
861 <div id="footer">[% PROCESS site/footer %]</div>
862
863
864=head2 Try Out Flash
865
866Restart the development server and point your browser to
867L<http://localhost:3000/books/url_create/Test/1/4> to create an extra
868book. Click the "Return to list" link and delete the "Test" book you
869just added. The C<flash> mechanism should retain our "Book deleted"
870status message across the redirect.
871
872B<NOTE:> While C<flash> will save information across multiple requests,
873I<it does get cleared the first time it is read>. In general, this is
874exactly what you want -- the C<flash> message will get displayed on
875the next screen where it's appropriate, but it won't "keep showing up"
876after that first time (unless you reset it). Please refer to
877L<Catalyst::Plugin::Session|Catalyst::Plugin::Session> for additional
878information.
879
880
881=head1 AUTHOR
882
883Kennedy Clark, C<hkclark@gmail.com>
884
885Please report any errors, issues or suggestions to the author. The
886most recent version of the Catalyst Tutorial can be found at
d712b826 887L<http://dev.catalyst.perl.org/repos/Catalyst/trunk/Catalyst-Manual/lib/Catalyst/Manual/Tutorial/>.
d442cc9f 888
889Copyright 2006, Kennedy Clark, under Creative Commons License
890(L<http://creativecommons.org/licenses/by-nc-sa/2.5/>).
Unnamed repository; edit this file 'description' to name the repository.