X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthentication.pod;h=04106439870e7081c284e2b91648d7a5ce7eff2a;hp=8bae7167e8cb4286630e8839fe15b5f80b824b94;hb=b0eca006a93b36b6b1a7c83f2ff5508ce618f3e2;hpb=b411df01b40662f125aa854a7c25097bc53ad86a

diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod
index 8bae716..0410643 100644
--- a/lib/Catalyst/Manual/Tutorial/Authentication.pod
+++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod
@@ -65,7 +65,8 @@ cleartext authentication and 2) hash-based authentication.
 
 You can checkout the source code for this example from the catalyst
 subversion repository as per the instructions in
-L<Catalyst::Manual::Tutorial::Intro>
+L<Catalyst::Manual::Tutorial::Intro|Catalyst::Manual::Tutorial::Intro>.
+
 
 =head1 BASIC AUTHENTICATION
 
@@ -126,6 +127,12 @@ the new tables added in the previous step, let's use the C<create=static>
 option on the DBIC model helper to do most of the work for us:
 
     $ script/myapp_create.pl model DB DBIC::Schema MyApp::Schema create=static dbi:SQLite:myapp.db
+     exists "/root/dev/MyApp/script/../lib/MyApp/Model"
+     exists "/root/dev/MyApp/script/../t"
+    Dumping manual schema for MyApp::Schema to directory /root/dev/MyApp/script/../lib ...
+    Schema dump completed.
+     exists "/root/dev/MyApp/script/../lib/MyApp/Model/DB.pm"
+    $
     $ ls lib/MyApp/Schema
     Authors.pm  BookAuthors.pm  Books.pm  Roles.pm  UserRoles.pm  Users.pm
 
@@ -133,11 +140,10 @@ Notice how the helper has added three new table-specific result source
 files to the C<lib/MyApp/Schema/MyApp> directory.  And, more
 importantly, even if there were changes to the existing result source
 files, those changes would have only been written above the C<# DO NOT
-MODIFY THIS OR ANYTHING ABOVE!> comment and your hand-editted
+MODIFY THIS OR ANYTHING ABOVE!> comment and your hand-edited
 enhancements would have been preserved.
 
-
-Speaking of "hand-editted enhancements," we should now add
+Speaking of "hand-edit ted enhancements," we should now add
 relationship information to the three new result source files.  Edit
 each of these files and add the following information between the C<#
 DO NOT MODIFY THIS OR ANYTHING ABOVE!> comment and the closing C<1;>:
@@ -147,14 +153,14 @@ C<lib/MyApp/Schema/Users.pm>:
     #
     # Set relationships:
     #
-
+    
     # has_many():
     #   args:
     #     1) Name of relationship, DBIC will create accessor with this name
     #     2) Name of the model class referenced by this relationship
     #     3) Column name in *foreign* table
     __PACKAGE__->has_many(map_user_role => 'MyApp::Schema::UserRoles', 'user_id');
-
+    
     # many_to_many():
     #   args:
     #     1) Name of relationship, DBIC will create accessor with this name
@@ -169,7 +175,7 @@ C<lib/MyApp/Schema/Roles.pm>:
     #
     # Set relationships:
     #
-
+    
     # has_many():
     #   args:
     #     1) Name of relationship, DBIC will create accessor with this name
@@ -183,14 +189,14 @@ C<lib/MyApp/Schema/UserRoles.pm>:
     #
     # Set relationships:
     #
-
+    
     # belongs_to():
     #   args:
     #     1) Name of relationship, DBIC will create accessor with this name
     #     2) Name of the model class referenced by this relationship
     #     3) Column name in *this* table
     __PACKAGE__->belongs_to(user => 'MyApp::Schema::Users', 'user_id');
-
+    
     # belongs_to():
     #   args:
     #     1) Name of relationship, DBIC will create accessor with this name
@@ -205,7 +211,7 @@ classes created in Part 3.
 
 Note that we do not need to make any change to the
 C<lib/MyApp/Schema.pm> schema file.  It simply tells DBIC to
-load all of the result source files it finds in below the
+load all of the result class files it finds in below the
 C<lib/MyApp/Schema> directory, so it will automatically pick
 up our new table information.
 
@@ -238,7 +244,7 @@ Look for the three new model objects in the startup debug output:
     '-------------------------------------------------------------------+----------'
     ...
 
-Again, notice that your "result source" classes have been "re-loaded"
+Again, notice that your "result class" classes have been "re-loaded"
 by Catalyst under C<MyApp::Model>.
 
 
@@ -247,19 +253,23 @@ by Catalyst under C<MyApp::Model>.
 Edit C<lib/MyApp.pm> and update it as follows (everything below
 C<StackTrace> is new):
 
-    use Catalyst qw/
+    __PACKAGE__->setup(qw/
             -Debug
             ConfigLoader
             Static::Simple
-
+    
             StackTrace
-
+    
             Authentication
-
+    
             Session
             Session::Store::FastMmap
             Session::State::Cookie
-            /;
+        /);
+
+B<Note:> As discussed in MoreCatalystBasics, different versions of 
+C<Catalyst::Devel> have used a variety of methods to load the plugins. 
+You can put the plugins in the C<use Catalyst> statement if you prefer.
 
 The C<Authentication> plugin supports Authentication while the
 C<Session> plugins are required to maintain state across multiple HTTP
@@ -285,24 +295,33 @@ backed session store).
 
 =head2 Configure Authentication
 
-Although C<__PACKAGE__-E<gt>config(name =E<gt> 'value');> is still
-supported, newer Catalyst applications tend to place all configuration
-information in C<myapp.conf> and automatically load this information
-into C<MyApp-E<gt>config> using the
+Although C<__PACKAGE__-E<gt>config(name =E<gt> 'value');> is still 
+supported, newer Catalyst applications tend to place all configuration 
+information in C<myapp.conf> and automatically load this information 
+into C<MyApp-E<gt>config> using the 
 L<ConfigLoader|Catalyst::Plugin::ConfigLoader> plugin.
 
-First, as noted in Part 3 of the tutorial, Catalyst has recently
-switched from a default config file format of YAML to
-C<Config::General> (an apache-like format).  In case you are using
-a version of Catalyst earlier than v5.7014, delete the C<myapp.yml>
-file and simply follow the directions below to create a new
-C<myapp.conf> file.
+As discussed in Part 3 of the tutorial, Catalyst has recently 
+switched from a default config file format of YAML to 
+L<Config::General|Config::General> (an apache-like format).  In case 
+you are using a version of Catalyst earlier than v5.7014, delete the 
+C<myapp.yml>, or convert it to .conf format using the TIP in 
+L<Catalyst::Manual::MoreCatalystBasics/EDIT THE LIST OF CATALYST PLUGINS> 
+then simply follow the directions below to create a new C<myapp.conf> 
+file.  Although we will use the C<Config::General> format here because
+YAML files can be difficult to cut and paste in certain environments, 
+you are free to use any format supported by 
+L<Catalyst::Plugin::ConfigLoader|Catalyst::Plugin::ConfigLoader> and
+L<Config::Any|Config::Any> -- Catalyst will transparently handle the
+different formats.
 
 Here, we need to load several parameters that tell
 L<Catalyst::Plugin::Authentication|Catalyst::Plugin::Authentication>
 where to locate information in your database.  To do this, edit the
 C<myapp.conf> file and update it to match:
 
+    # rename this file to MyApp.yml and put a : in front of "name" if
+    # you want to use yaml like in old versions of Catalyst
     name MyApp
     <authentication>
         default_realm dbic
@@ -331,9 +350,6 @@ C<myapp.conf> file and update it to match:
                     # NOTE: Omit 'MyApp::Model' here just as you would when using
                     # '$c->model("DB::Users)'
                     user_class DB::Users
-                    # This is the name of the field in your 'users' table that
-                    # contains the user's name
-                    id_field username
                 </store>
             </dbic>
         </realms>
@@ -341,9 +357,6 @@ C<myapp.conf> file and update it to match:
 
 Inline comments in the code above explain how each field is being used.
 
-Note that you can use many other config file formats with catalyst.
-See L<Catalyst::Plugin::ConfigLoader|Catalyst::Plugin::ConfigLoader>
-for details.
 
 =head2 Add Login and Logout Controllers
 
@@ -352,48 +365,45 @@ Use the Catalyst create script to create two stub controller files:
     $ script/myapp_create.pl controller Login
     $ script/myapp_create.pl controller Logout
 
-B<NOTE:> You could easily use a single controller here.  For example,
-you could have a C<User> controller with both C<login> and C<logout>
-actions.  Remember, Catalyst is designed to be very flexible, and leaves
-such matters up to you, the designer and programmer.
+You could easily use a single controller here.  For example, you could 
+have a C<User> controller with both C<login> and C<logout> actions. 
+Remember, Catalyst is designed to be very flexible, and leaves such 
+matters up to you, the designer and programmer.
 
-Then open C<lib/MyApp/Controller/Login.pm>, locate the C<sub index
-:Path :Args(0)> method (or C<sub index : Private> if you are using an
-older version of Catalyst) that was automatically inserted by the
-helpers when we created the Login controller above, and delete this
-line:
-
-    $c->response->body('Matched MyApp::Controller::Login in Login.');
-
-Then update it to match:
+Then open C<lib/MyApp/Controller/Login.pm>, locate the 
+C<sub index :Path :Args(0)> method (or C<sub index : Private> if you 
+are using an older version of Catalyst) that was automatically 
+inserted by the helpers when we created the Login controller above, 
+and update the definition of C<sub index> to match:
 
     =head2 index
-
+    
     Login logic
-
+    
     =cut
-
+    
     sub index :Path :Args(0) {
         my ($self, $c) = @_;
-
+    
         # Get the username and password from form
         my $username = $c->request->params->{username} || "";
         my $password = $c->request->params->{password} || "";
-
+    
         # If the username and password values were found in form
         if ($username && $password) {
             # Attempt to log the user in
             if ($c->authenticate({ username => $username,
-                                   password => $password} )) {
+                                   password => $password  } )) {
                 # If successful, then let them use the application
-                $c->response->redirect($c->uri_for('/books/list'));
+                $c->response->redirect($c->uri_for(
+                    $c->controller('Books')->action_for('list')));
                 return;
             } else {
                 # Set an error message
                 $c->stash->{error_msg} = "Bad username or password.";
             }
         }
-
+    
         # If either of above don't work out, send to the login page
         $c->stash->{template} = 'login.tt2';
     }
@@ -405,13 +415,13 @@ will stay at the login page and receive an error message.  If the
 C<username> and C<password> values are not present in the form, the
 user will be taken to the empty login form.
 
-Note that we could have used something like C<sub default :Path>,
-however partly for historical reasons, and partly for code clarity it
-is generally recommended only to use C<default> in
-C<MyApp::Controller::Root>, and then mainly to generate the 404 not
+Note that we could have used something like "C<sub default :Path>", 
+however, it is generally recommended (partly for historical reasons, 
+and partly for code clarity) only to use C<default> in 
+C<MyApp::Controller::Root>, and then mainly to generate the 404 not 
 found page for the application.
 
-Instead, we are using C<sub base :Path :Args(0) {...}> here to
+Instead, we are using "C<sub somename :Path :Args(0) {...}>" here to
 specifically match the URL C</login>. C<Path> actions (aka, "literal
 actions") create URI matches relative to the namespace of the
 controller where they are defined.  Although C<Path> supports
@@ -426,17 +436,17 @@ Next, update the corresponding method in
 C<lib/MyApp/Controller/Logout.pm> to match:
 
     =head2 index
-
+    
     Logout logic
-
+    
     =cut
-
+    
     sub index :Path :Args(0) {
         my ($self, $c) = @_;
-
+    
         # Clear the user's state
         $c->logout;
-
+    
         # Send the user to the starting point
         $c->response->redirect($c->uri_for('/'));
     }
@@ -451,7 +461,7 @@ line of the C<sub index>.
 Create a login form by opening C<root/src/login.tt2> and inserting:
 
     [% META title = 'Login' %]
-
+    
     <!-- Login form -->
     <form method="post" action="[% c.uri_for('/login') %]">
       <table>
@@ -483,19 +493,19 @@ Edit the existing C<lib/MyApp/Controller/Root.pm> class file and insert
 the following method:
 
     =head2 auto
-
+    
     Check if there is a user and, if not, forward to login page
-
+    
     =cut
-
+    
     # Note that 'auto' runs after 'begin' but before your actions and that
     # 'auto's "chain" (all from application path to most specific class are run)
     # See the 'Actions' section of 'Catalyst::Manual::Intro' for more info.
     sub auto : Private {
         my ($self, $c) = @_;
-
+    
         # Allow unauthenticated users to reach the login page.  This
-        # allows anauthenticated users to reach any action in the Login
+        # allows unauthenticated users to reach any action in the Login
         # controller.  To lock it down to a single action, we could use:
         #   if ($c->action eq $c->controller('Login')->action_for('index'))
         # to only allow unauthenticated access to the 'index' action we
@@ -503,7 +513,7 @@ the following method:
         if ($c->controller eq $c->controller('Login')) {
             return 1;
         }
-
+    
         # If a user doesn't exist, force login
         if (!$c->user_exists) {
             # Dump a log message to the development server debug output
@@ -513,68 +523,19 @@ the following method:
             # Return 0 to cancel 'post-auto' processing and prevent use of application
             return 0;
         }
-
+    
         # User found, so return 1 to continue with processing after this 'auto'
         return 1;
     }
 
-
-B<Note:> Catalyst provides a number of different types of actions,
-such as C<Local>, C<Regex>, C<Private> and the new C<Path>.  You
-should refer to L<Catalyst::Manual::Intro|Catalyst::Manual::Intro> for
-a more detailed explanation, but the following bullet points provide a
-quick introduction:
-
-=over 4
-
-=item *
-
-The majority of application have traditionally used C<Local> actions
-for items that respond to user requests and C<Private> actions for
-those that do not directly respond to user input.
-
-=item *
-
-Newer Catalyst applications tend to use C<Path> actions and the
-C<Args> attribute because of their power and flexibility.  You can
-specify the path to match relative to the namespace of the current
-module as an argument to C<Path>.  For example C<Path('list')> in
-C<lib/MyApp/Controller/Books.pm> would match on the URL
-C<http://localhost:3000/books/list> but C<Path('/list')> would
-match on C<http://localhost:3000/list>.
-
-=item *
-
-Automatic "chaining" of actions by the dispatcher is a powerful
-feature that allows multiple methods to handle a single URL.  See
-L<Catalyst::DispatchType::Chained|Catalyst::DispatchType::Chained>
-for more information on chained actions.
-
-=item *
-
-There are five types of build-in C<Private> actions: C<begin>, C<end>,
-C<default>, C<index>, and C<auto>.
-
-=item *
-
-With C<begin>, C<end>, C<default>, C<index> private actions, only the
-most specific action of each type will be called.  For example, if you
-define a C<begin> action in your controller it will I<override> a
-C<begin> action in your application/root controller -- I<only> the
-action in your controller will be called.
-
-=item *
-
-Unlike the other actions where only a single method is called for each
-request, I<every> auto action along the chain of namespaces will be
-called.  Each C<auto> action will be called I<from the application/root
-controller down through the most specific class>.
-
-=back
-
-By placing the authentication enforcement code inside the C<auto> method
-of C<lib/MyApp/Controller/Root.pm> (or C<lib/MyApp.pm>), it will be
-called for I<every> request that is received by the entire application.
+As discussed in 
+L<Catalyst::Manual::Tutorial::MoreCatalystBasics/CREATE A CATALYST CONTROLLER>, 
+every C<auto> method from the application/root controller down to the 
+most specific controller will be called.  By placing the 
+authentication enforcement code inside the C<auto> method of 
+C<lib/MyApp/Controller/Root.pm> (or C<lib/MyApp.pm>), it will be 
+called for I<every> request that is received by the entire 
+application.
 
 
 =head2 Displaying Content Only to Authenticated Users
@@ -618,28 +579,32 @@ running) and restart it:
 
     $ script/myapp_server.pl
 
-B<IMPORTANT NOTE:> If you are having issues with authentication on
-Internet Explorer, be sure to check the system clocks on both your
-server and client machines.  Internet Explorer is very picky about
-timestamps for cookies.  Note that you can quickly sync an Ubuntu
-system with the following command:
+B<IMPORTANT NOTE:> If you are having issues with authentication on 
+Internet Explorer, be sure to check the system clocks on both your 
+server and client machines.  Internet Explorer is very picky about 
+timestamps for cookies.  You can quickly sync an Ubuntu system with 
+the following command:
 
     sudo ntpdate ntp.ubuntu.com
 
-Now trying going to L<http://localhost:3000/books/list> and you should
-be redirected to the login page, hitting Shift+Reload if necessary (the
-"You are already logged in" message should I<not> appear -- if it does,
-click the C<logout> button and try again). Note the C<***Root::auto User
-not found...> debug message in the development server output.  Enter
-username C<test01> and password C<mypass>, and you should be taken to
-the Book List page.
+Or possibly try C<sudo ntpdate -u ntp.ubuntu.com> (to us an 
+unpriviledged port) or C<sudo ntpdate pool.ntp.org> (to try a 
+different server in case the Ubuntu NTP server is down).
+
+Now trying going to L<http://localhost:3000/books/list> and you should 
+be redirected to the login page, hitting Shift+Reload or Ctrl+Reload 
+if necessary (the "You are already logged in" message should I<not> 
+appear -- if it does, click the C<logout> button and try again). Note 
+the C<***Root::auto User not found...> debug message in the 
+development server output.  Enter username C<test01> and password 
+C<mypass>, and you should be taken to the Book List page.
 
 Open C<root/src/books/list.tt2> and add the following lines to the
 bottom (below the closing </table> tag):
 
     <p>
       <a href="[% c.uri_for('/login') %]">Login</a>
-      <a href="[% c.uri_for('form_create') %]">Create</a>
+      <a href="[% c.uri_for(c.controller.action_for('form_create')) %]">Create</a>
     </p>
 
 Reload your browser and you should now see a "Login" and "Create" links
@@ -661,12 +626,16 @@ from cleartext passwords to SHA-1 password hashes.
 B<Note:> This section is optional.  You can skip it and the rest of the
 tutorial will function normally.
 
-Note that even with the techniques shown in this section, the browser
+Be aware that even with the techniques shown in this section, the browser
 still transmits the passwords in cleartext to your application.  We are
 just avoiding the I<storage> of cleartext passwords in the database by
 using a SHA-1 hash. If you are concerned about cleartext passwords
 between the browser and your application, consider using SSL/TLS, made
-easy with the Catalyst plugin Catalyst::Plugin:RequireSSL.
+easy with the Catalyst plugin Catalyst::Plugin:RequireSSL.  You should
+also consider adding a "salt" mechanism to your hashed passwords to 
+mitigate the risk of a "rainbow table" crack against your passwords (see
+L<Catalyst::Authentication::Credential::Password|Catalyst::Authentication::Credential::Password>
+for more information on using a salt value).
 
 
 =head2 Get a SHA-1 Hash for the Password
@@ -711,7 +680,7 @@ Then use the following command to update the SQLite database:
 
     $ sqlite3 myapp.db < myapp03.sql
 
-B<Note:> We are using SHA-1 hashes here, but many other hashing
+B<Note:> We are using SHA-1 hashes here, but many other hashing 
 algorithms are supported.  See C<Digest> for more information.
 
 
@@ -721,6 +690,8 @@ C<Catalyst::Plugin::Authentication::Store::DBIC>
 Edit C<myapp.conf> and update it to match (the C<password_type> and
 C<password_hash_type> are new, everything else is the same):
 
+    # rename this file to MyApp.yml and put a : in front of "name" if
+    # you want to use yaml like in old versions of Catalyst
     name MyApp
     <authentication>
         default_realm dbic
@@ -751,14 +722,12 @@ C<password_hash_type> are new, everything else is the same):
                     # NOTE: Omit 'MyApp::Model' here just as you would when using
                     # '$c->model("DB::Users)'
                     user_class DB::Users
-                    # This is the name of the field in your 'users' table that
-                    # contains the user's name
-                    id_field username
                 </store>
             </dbic>
         </realms>
     </authentication>
 
+
 =head2 Try Out the Hashed Passwords
 
 Press C<Ctrl-C> to kill the previous server instance (if it's still
@@ -767,7 +736,7 @@ running) and restart it:
     $ script/myapp_server.pl
 
 You should now be able to go to L<http://localhost:3000/books/list> and
-login as before.  When done, click the "Logout" link on the login page
+login as before.  When done, click the "logout" link on the login page
 (or point your browser at L<http://localhost:3000/logout>).
 
 
@@ -778,55 +747,60 @@ variables in a way that is very similar to C<stash>, but it will
 remain set across multiple requests.  Once the value is read, it
 is cleared (unless reset).  Although C<flash> has nothing to do with
 authentication, it does leverage the same session plugins.  Now that
-those plugins are enabled, let's go back and improve the "delete
+those plugins are enabled, let's go back and update the "delete
 and redirect with query parameters" code seen at the end of the
 L<Basic CRUD|Catalyst::Manual::Tutorial::BasicCRUD> part of the
-tutorial.
+tutorial to take advantage of C<flash>.
 
 First, open C<lib/MyApp/Controller/Books.pm> and modify C<sub delete>
 to match the following (everything after the model search line of code
 has changed):
 
     =head2 delete
-
+    
     Delete a book
-
+    
     =cut
-
-    sub delete : Local {
-        # $id = primary key of book to delete
-        my ($self, $c, $id) = @_;
-
-        # Search for the book and then delete it
-        $c->model('DB::Books')->search({id => $id})->delete_all;
-
+    
+    sub delete :Chained('object') :PathPart('delete') :Args(0) {
+        my ($self, $c) = @_;
+    
+        # Use the book object saved by 'object' and delete it along
+        # with related 'book_authors' entries
+        $c->stash->{object}->delete;
+    
         # Use 'flash' to save information across requests until it's read
         $c->flash->{status_msg} = "Book deleted";
-
+    
         # Redirect the user back to the list page
-        $c->response->redirect($c->uri_for('/books/list'));
+        $c->response->redirect($c->uri_for($self->action_for('list')));
     }
 
-Next, open C<root/lib/site/layout> and update the TT code to pull from
+Next, open C<root/src/wrapper.tt2> and update the TT code to pull from
 flash vs. the C<status_msg> query parameter:
 
-    <div id="header">[% PROCESS site/header %]</div>
-
+    ...
     <div id="content">
-    <span class="message">[% status_msg || c.flash.status_msg %]</span>
-    <span class="error">[% error_msg %]</span>
-    [% content %]
-    </div>
+        [%# Status and error messages %]
+        <span class="message">[% status_msg || c.flash.status_msg %]</span>
+        <span class="error">[% error_msg %]</span>
+        [%# This is where TT will stick all of your template's contents. -%]
+        [% content %]
+    </div><!-- end content -->
+    ...
 
-    <div id="footer">[% PROCESS site/footer %]</div>
+Although the sample above only shows the C<content> div, leave the 
+rest of the file intact -- the only change we made to the C<wrapper.tt2>
+was to add "C<|| c.request.params.status_msg>" to the 
+C<E<lt>span class="message"E<gt>> line.
 
 
 =head2 Try Out Flash
 
-Restart the development server and point your browser to
-L<http://localhost:3000/books/url_create/Test/1/4> to create an extra
-several books.  Click the "Return to list" link and delete one of the
-"Test" books you just added.  The C<flash> mechanism should retain our
+Restart the development server, log in, and then point your browser to 
+L<http://localhost:3000/books/url_create/Test/1/4> to create an extra 
+several books.  Click the "Return to list" link and delete one of the 
+"Test" books you just added.  The C<flash> mechanism should retain our 
 "Book deleted" status message across the redirect.
 
 B<NOTE:> While C<flash> will save information across multiple requests,
@@ -837,15 +811,15 @@ after that first time (unless you reset it).  Please refer to
 L<Catalyst::Plugin::Session|Catalyst::Plugin::Session> for additional
 information.
 
+
 =head2 Switch To Flash-To-Stash
 
-Although the a use of flash above is certainly an improvement over the
-C<status_msg> we employed in Part 4 of the tutorial, the C<status_msg
-|| c.flash.status_msg> statement is a little ugly. A nice
+Although the a use of flash above works well, the 
+C<status_msg || c.flash.status_msg> statement is a little ugly. A nice
 alternative is to use the C<flash_to_stash> feature that automatically
-copies the content of flash to stash.  This makes your code controller
+copies the content of flash to stash.  This makes your controller
 and template code work regardless of where it was directly access, a
-forward, or a redirect. To enable C<flash_to_stash>, you can either
+forward, or a redirect.  To enable C<flash_to_stash>, you can either
 set the value in C<lib/MyApp.pm> by changing the default
 C<__PACKAGE__-E<gt>config> setting to something like:
 
@@ -864,8 +838,8 @@ The C<__PACKAGE__-E<gt>config> option is probably preferable here
 since it's not something you will want to change at runtime without it
 possibly breaking some of your code.
 
-Then edit C<root/lib/site/layout> and change the C<status_msg> line
-to look like the following:
+Then edit C<root/src/wrapper.tt2> and change the C<status_msg> line
+to match the following:
 
     <span class="message">[% status_msg %]</span>
 
@@ -882,7 +856,7 @@ Kennedy Clark, C<hkclark@gmail.com>
 
 Please report any errors, issues or suggestions to the author.  The
 most recent version of the Catalyst Tutorial can be found at
-L<http://dev.catalyst.perl.org/repos/Catalyst/trunk/Catalyst-Manual/lib/Catalyst/Manual/Tutorial/>.
+L<http://dev.catalyst.perl.org/repos/Catalyst/Catalyst-Manual/5.70/trunk/lib/Catalyst/Manual/Tutorial/>.
 
 Copyright 2006-2008, Kennedy Clark, under Creative Commons License
-(L<http://creativecommons.org/licenses/by-nc-sa/2.5/>).
+(L<http://creativecommons.org/licenses/by-sa/3.0/us/>).