X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2F05_Authentication.pod;h=ec3a748f58617084f29dd7a4052767fbb3ecfb0a;hp=5628b1986dd7e19a79c65dd204e2f88e4399b544;hb=1dc333c7b1dbb2334c1a263f5c19e6191f5562a8;hpb=cc0ef55e7569cf9746bdeaaebbc0b72ddcd97467

diff --git a/lib/Catalyst/Manual/Tutorial/05_Authentication.pod b/lib/Catalyst/Manual/Tutorial/05_Authentication.pod
index 5628b19..ec3a748 100644
--- a/lib/Catalyst/Manual/Tutorial/05_Authentication.pod
+++ b/lib/Catalyst/Manual/Tutorial/05_Authentication.pod
@@ -119,6 +119,7 @@ Then load this into the C<myapp.db> database with the following command:
 
     $ sqlite3 myapp.db < myapp02.sql
 
+
 =head2 Add User and Role Information to DBIC Schema
 
 Although we could manually edit the DBIC schema information to include
@@ -268,8 +269,9 @@ C<StackTrace> is new):
                     /;
 
 B<Note:> As discussed in MoreCatalystBasics, different versions of
-C<Catalyst::Devel> have used a variety of methods to load the plugins.
-You can put the plugins in the C<use Catalyst> statement if you prefer.
+C<Catalyst::Devel> have used a variety of methods to load the plugins,
+but we are going to use the current Catalyst 5.8X practice of putting
+them on the C<use Catalyst> line.
 
 The C<Authentication> plugin supports Authentication while the
 C<Session> plugins are required to maintain state across multiple HTTP
@@ -334,9 +336,8 @@ for the tutorial, but if you wish to use C<myapp.conf>, just convert
 to the following code:
 
     <Plugin::Authentication>
-        use_session 1
         <default>
-            password_type self_check
+            password_type clear
             user_model    DB::User
             class         SimpleDB
         </default>
@@ -387,8 +388,8 @@ and update the definition of C<sub index> to match:
         my ($self, $c) = @_;
     
         # Get the username and password from form
-        my $username = $c->request->params->{username} || "";
-        my $password = $c->request->params->{password} || "";
+        my $username = $c->request->params->{username};
+        my $password = $c->request->params->{password};
     
         # If the username and password values were found in form
         if ($username && $password) {
@@ -403,6 +404,9 @@ and update the definition of C<sub index> to match:
                 # Set an error message
                 $c->stash->{error_msg} = "Bad username or password.";
             }
+        } else {
+            # Set an error message
+            $c->stash->{error_msg} = "Empty username or password.";
         }
     
         # If either of above don't work out, send to the login page
@@ -489,9 +493,8 @@ Create a login form by opening C<root/src/login.tt2> and inserting:
 We need something that provides enforcement for the authentication
 mechanism -- a I<global> mechanism that prevents users who have not
 passed authentication from reaching any pages except the login page.
-This is generally done via an C<auto> action/method (prior to Catalyst
-v5.66, this sort of thing would go in C<MyApp.pm>, but starting in
-v5.66, the preferred location is C<lib/MyApp/Controller/Root.pm>).
+This is generally done via an C<auto> action/method in 
+C<lib/MyApp/Controller/Root.pm>.
 
 Edit the existing C<lib/MyApp/Controller/Root.pm> class file and insert
 the following method:
@@ -650,16 +653,6 @@ between the browser and your application, consider using SSL/TLS, made
 easy with the Catalyst plugin Catalyst::Plugin:RequireSSL.
 
 
-=head2 Install DBIx::Class::EncodedColumn
-
-L<DBIx::Class::EncodedColumn|DBIx::Class::EncodedColumn> provides features
-that can greatly simplify the maintenance of passwords.  It's currently 
-not available as a .deb package in the normal Debian repositories, so let's
-install it directly from CPAN:
-
-    $ sudo cpan DBIx::Class::EncodedColumn
-
-
 =head2 Re-Run the DBIC::Schema Model Helper to Include DBIx::Class::EncodedColumn
 
 Next, we can re-run the model helper to have it include 
@@ -748,7 +741,7 @@ Then run the following command:
 
     $ DBIC_TRACE=1 perl -Ilib set_hashed_passwords.pl
 
-We had to use the C<-Ilib> arguement to tell perl to look under the 
+We had to use the C<-Ilib> argument to tell perl to look under the 
 C<lib> directory for our C<MyApp::Schema> model.
 
 The DBIC_TRACE output should show that the update worked:
@@ -771,7 +764,9 @@ But we can further confirm our actions by dumping the users table:
     3|test03|af929a151340c6aed4d54d7e2651795d1ad2e2f7UW8dHoGv9z|t03@na.com|No|Go|0
 
 As you can see, the passwords are much harder to steal from the 
-database.  Also note that this demonstrates how to use a DBIx::Class 
+database (not only are the hashes stored, but every hash is different 
+even though the passwords are the same because of the added "salt" 
+value).  Also note that this demonstrates how to use a DBIx::Class 
 model outside of your web application -- a very useful feature in many 
 situations.
 
@@ -892,7 +887,7 @@ C<__PACKAGE__-E<gt>config> setting to something like:
 
     __PACKAGE__->config(
             name    => 'MyApp',
-            session => {flash_to_stash => 1}
+            session => {flash_to_stash => 1},
         );
 
 B<or> add the following to C<myapp.conf>: