X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2F05_Authentication.pod;h=8c3523e53afcaffb66fa10bc8a1f76b3d7c7c9da;hp=5effaac1438effa62aebdd7b32e6a0ec298a7983;hb=6290bf87f4960688b5aec32fc762886031e9db09;hpb=4370705338dd0a8e1d416467beb0ddb1bc62e877 diff --git a/lib/Catalyst/Manual/Tutorial/05_Authentication.pod b/lib/Catalyst/Manual/Tutorial/05_Authentication.pod index 5effaac..8c3523e 100644 --- a/lib/Catalyst/Manual/Tutorial/05_Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/05_Authentication.pod @@ -119,6 +119,7 @@ Then load this into the C database with the following command: $ sqlite3 myapp.db < myapp02.sql + =head2 Add User and Role Information to DBIC Schema Although we could manually edit the DBIC schema information to include @@ -268,8 +269,9 @@ C is new): /; B As discussed in MoreCatalystBasics, different versions of -C have used a variety of methods to load the plugins. -You can put the plugins in the C statement if you prefer. +C have used a variety of methods to load the plugins, +but we are going to use the current Catalyst 5.8X practice of putting +them on the C line. The C plugin supports Authentication while the C plugins are required to maintain state across multiple HTTP @@ -334,7 +336,6 @@ for the tutorial, but if you wish to use C, just convert to the following code: - use_session 1 password_type clear user_model DB::User @@ -391,7 +392,7 @@ and update the definition of C to match: my $password = $c->request->params->{password} || ""; # If the username and password values were found in form - if ($username && $password) { + if (defined($username) && defined($password)) { # Attempt to log the user in if ($c->authenticate({ username => $username, password => $password } )) { @@ -489,9 +490,8 @@ Create a login form by opening C and inserting: We need something that provides enforcement for the authentication mechanism -- a I mechanism that prevents users who have not passed authentication from reaching any pages except the login page. -This is generally done via an C action/method (prior to Catalyst -v5.66, this sort of thing would go in C, but starting in -v5.66, the preferred location is C). +This is generally done via an C action/method in +C. Edit the existing C class file and insert the following method: @@ -650,16 +650,6 @@ between the browser and your application, consider using SSL/TLS, made easy with the Catalyst plugin Catalyst::Plugin:RequireSSL. -=head2 Install DBIx::Class::EncodedColumn - -L provides features -that can greatly simplify the maintenance of passwords. It's currently -not available as a .deb package in the normal Debian repositories, so let's -install it directly from CPAN: - - $ sudo cpan DBIx::Class::EncodedColumn - - =head2 Re-Run the DBIC::Schema Model Helper to Include DBIx::Class::EncodedColumn Next, we can re-run the model helper to have it include @@ -771,7 +761,9 @@ But we can further confirm our actions by dumping the users table: 3|test03|af929a151340c6aed4d54d7e2651795d1ad2e2f7UW8dHoGv9z|t03@na.com|No|Go|0 As you can see, the passwords are much harder to steal from the -database. Also note that this demonstrates how to use a DBIx::Class +database (not only are the hashes stored, but every hash is different +even though the passwords are the same because of the added "salt" +value). Also note that this demonstrates how to use a DBIx::Class model outside of your web application -- a very useful feature in many situations. @@ -892,7 +884,7 @@ C<__PACKAGE__-Econfig> setting to something like: __PACKAGE__->config( name => 'MyApp', - session => {flash_to_stash => 1} + session => {flash_to_stash => 1}, ); B add the following to C: