X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2F05_Authentication.pod;h=75c1482f7d68988efc99adbcda533d173b53436f;hp=15455c62730de4badd5e1edd3db73dbb08ad68f9;hb=429d1caf111575afa4c25287cc48d7ed712af327;hpb=bd8f28e099f4c3d43b4b5d18bc27b04fbaaa0bb5 diff --git a/lib/Catalyst/Manual/Tutorial/05_Authentication.pod b/lib/Catalyst/Manual/Tutorial/05_Authentication.pod index 15455c6..75c1482 100644 --- a/lib/Catalyst/Manual/Tutorial/05_Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/05_Authentication.pod @@ -63,8 +63,9 @@ L). This chapter of the tutorial is divided into two main sections: 1) basic, cleartext authentication and 2) hash-based authentication. -You can checkout the source code for this example from the catalyst -subversion repository as per the instructions in +Source code for the tutorial in included in the F directory +of the Tutorial Virtual machine (one subdirectory per chapter). There +are also instructions for downloading the code in L. @@ -131,11 +132,11 @@ for us: $ script/myapp_create.pl model DB DBIC::Schema MyApp::Schema \ create=static components=TimeStamp dbi:SQLite:myapp.db \ on_connect_do="PRAGMA foreign_keys = ON" - exists "/root/dev/MyApp/script/../lib/MyApp/Model" - exists "/root/dev/MyApp/script/../t" - Dumping manual schema for MyApp::Schema to directory /root/dev/MyApp/script/../lib ... + exists "/home/catalyst/dev/MyApp/script/../lib/MyApp/Model" + exists "/home/catalyst/dev/MyApp/script/../t" + Dumping manual schema for MyApp::Schema to directory /home/catalyst/dev/MyApp/script/../lib ... Schema dump completed. - exists "/root/dev/MyApp/script/../lib/MyApp/Model/DB.pm" + exists "/home/catalyst/dev/MyApp/script/../lib/MyApp/Model/DB.pm" $ $ ls lib/MyApp/Schema/Result Author.pm BookAuthor.pm Book.pm Role.pm User.pm UserRole.pm @@ -224,11 +225,11 @@ C is new): -Debug ConfigLoader Static::Simple - + StackTrace - + Authentication - + Session Session::Store::File Session::State::Cookie @@ -280,7 +281,7 @@ sets a reasonable set of defaults for us. (Note: the C here has nothing to do with the SimpleDB offered in Amazon's web services offerings -- here we are only talking about a "simple" way to use your DB as an authentication backend.) Open C and place the -following text above the call to C<__PACKAGE__-Esetup();>: +following text above the call to C<< __PACKAGE__->setup(); >>: # Configure SimpleDB Authentication __PACKAGE__->config( @@ -323,7 +324,7 @@ B, if you try out the command above, be sure to delete the configurations. B Because we are using -L along with a +L along with a database layout that complies with its default assumptions: we don't need to specify the names of the columns where our username and password information is stored (hence, the "Simple" part of "SimpleDB"). That @@ -348,18 +349,18 @@ Then open C, and update the definition of C to match: =head2 index - + Login logic - + =cut - + sub index :Path :Args(0) { my ($self, $c) = @_; - + # Get the username and password from form my $username = $c->request->params->{username}; my $password = $c->request->params->{password}; - + # If the username and password values were found in form if ($username && $password) { # Attempt to log the user in @@ -378,7 +379,7 @@ C to match: $c->stash(error_msg => "Empty username or password.") unless ($c->user_exists); } - + # If either of above don't work out, send to the login page $c->stash(template => 'login.tt2'); } @@ -410,17 +411,17 @@ Next, update the corresponding method in C to match: =head2 index - + Logout logic - + =cut - + sub index :Path :Args(0) { my ($self, $c) = @_; - + # Clear the user's state $c->logout; - + # Send the user to the starting point $c->response->redirect($c->uri_for('/')); } @@ -431,7 +432,7 @@ C to match: Create a login form by opening C and inserting: [% META title = 'Login' %] - +
@@ -462,17 +463,17 @@ Edit the existing C class file and insert the following method: =head2 auto - + Check if there is a user and, if not, forward to login page - + =cut - + # Note that 'auto' runs after 'begin' but before your actions and that # 'auto's "chain" (all from application path to most specific class are run) # See the 'Actions' section of 'Catalyst::Manual::Intro' for more info. sub auto :Private { my ($self, $c) = @_; - + # Allow unauthenticated users to reach the login page. This # allows unauthenticated users to reach any action in the Login # controller. To lock it down to a single action, we could use: @@ -482,7 +483,7 @@ the following method: if ($c->controller eq $c->controller('Login')) { return 1; } - + # If a user doesn't exist, force login if (!$c->user_exists) { # Dump a log message to the development server debug output @@ -492,7 +493,7 @@ the following method: # Return 0 to cancel 'post-auto' processing and prevent use of application return 0; } - + # User found, so return 1 to continue with processing after this 'auto' return 1; } @@ -643,7 +644,7 @@ the closing "1;": passphrase_class => 'SaltedDigest', passphrase_args => { algorithm => 'SHA-1', - salt_random => 20. + salt_random => 20, }, passphrase_check_method => 'check_password', }, @@ -670,16 +671,16 @@ file C in your editor and enter the following text: #!/usr/bin/perl - + use strict; use warnings; - + use MyApp::Schema; - + my $schema = MyApp::Schema->connect('dbi:SQLite:myapp.db'); - + my @users = $schema->resultset('User')->all; - + foreach my $user (@users) { $user->password('mypass'); $user->update; @@ -741,7 +742,7 @@ change is to the C field): ); The use of C will cause -Catalyst::Plugin::Authentication::Store::DBIC to call the +Catalyst::Plugin::Authentication::Store::DBIx::Class to call the C method we enabled on our C columns. @@ -771,21 +772,21 @@ match the following (everything after the model search line of code has changed): =head2 delete - + Delete a book - + =cut - + sub delete :Chained('object') :PathPart('delete') :Args(0) { my ($self, $c) = @_; - + # Use the book object saved by 'object' and delete it along # with related 'book_authors' entries $c->stash->{object}->delete; - + # Use 'flash' to save information across requests until it's read $c->flash->{status_msg} = "Book deleted"; - + # Redirect the user back to the list page $c->response->redirect($c->uri_for($self->action_for('list'))); } @@ -806,7 +807,7 @@ flash vs. the C query parameter: Although the sample above only shows the C div, leave the rest of the file intact -- the only change we made to replace "|| c.request.params.status_msg" with "c.flash.status_msg" in the -Cspan class="message"E> line. +C<< >> line. =head2 Try Out Flash @@ -832,7 +833,7 @@ we used above. Consult L for additional information. -=head2 Switch To Catalyst::Plugin::StatusMessages +=head2 Switch To Catalyst::Plugin::StatusMessages Although the query parameter technique we used in L and the C @@ -862,13 +863,15 @@ C to the list of plugins: -Debug ConfigLoader Static::Simple - + + StackTrace + Authentication - + Session Session::Store::File Session::State::Cookie - + StatusMessage /; @@ -877,14 +880,14 @@ action to match the following: sub delete :Chained('object') :PathPart('delete') :Args(0) { my ($self, $c) = @_; - + # Saved the PK id for status_msg below my $id = $c->stash->{object}->id; - + # Use the book object saved by 'object' and delete it along # with related 'book_authors' entries $c->stash->{object}->delete; - + # Redirect the user back to the list page $c->response->redirect($c->uri_for($self->action_for('list'), {mid => $c->set_status_msg("Deleted book $id")})); @@ -906,13 +909,13 @@ match: sub base :Chained('/') :PathPart('books') :CaptureArgs(0) { my ($self, $c) = @_; - + # Store the ResultSet in stash so it's available for other methods $c->stash(resultset => $c->model('DB::Book')); - + # Print a message to the debug log $c->log->debug('*** INSIDE BASE METHOD ***'); - + # Load status messages $c->load_status_msgs; } @@ -926,7 +929,7 @@ for C from: to: - sub list :Chained('base') :PathParth('list') :Args(0) { + sub list :Chained('base') :PathPart('list') :Args(0) { Finally, let's clean up the status/error message code in our wrapper template. Edit C and change the "content" div @@ -951,17 +954,18 @@ token, it is ignored -- thereby keeping the state of our status/error messages in sync with the users actions). +You can jump to the next chapter of the tutorial here: +L + + =head1 AUTHOR Kennedy Clark, C Feel free to contact the author for any errors or suggestions, but the best way to report issues is via the CPAN RT Bug system at -. - -The most recent version of the Catalyst Tutorial can be found at -L. +L. -Copyright 2006-2010, Kennedy Clark, under the +Copyright 2006-2011, Kennedy Clark, under the Creative Commons Attribution Share-Alike License Version 3.0 (L).