X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthentication.pod;h=499aa5346472935ed63cae375ff2be9b553b51a8;hp=8c247262dfd5ef19116deba708c8abc01e97211b;hb=94d8da411a980c822af29da44d4cbf62a72c25c1;hpb=2d0526d162eaee76807a5f7534820429c0395a03 diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod index 8c24726..499aa53 100644 --- a/lib/Catalyst/Manual/Tutorial/Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod @@ -1,11 +1,11 @@ =head1 NAME -Catalyst::Manual::Tutorial::Authentication - Catalyst Tutorial - Part 4: Authentication +Catalyst::Manual::Tutorial::Authentication - Catalyst Tutorial - Part 5: Authentication =head1 OVERVIEW -This is B for the Catalyst tutorial. +This is B for the Catalyst tutorial. L @@ -21,57 +21,51 @@ L =item 3 -L +L =item 4 -B +L =item 5 -L +B =item 6 -L +L =item 7 -L +L =item 8 -L +L =item 9 -L +L -=back +=item 10 +L -=head1 IMPORTANT NOTE +=back -Since this tutorial was written, there has been a new Authentication -API released (Catalyst::Plugin::Authentication version 0.1 and later). -Some of this tutorial does not work with this API, and requires -minimal changes. For an example application that uses the new API see -L. It -is recommended that you read this tutorial first, and then download -the source code linked above to understand the differences. =head1 DESCRIPTION Now that we finally have a simple yet functional application, we can focus on providing authentication (with authorization coming next in -Part 5). +Part 6). This part of the tutorial is divided into two main sections: 1) basic, cleartext authentication and 2) hash-based authentication. You can checkout the source code for this example from the catalyst subversion repository as per the instructions in -L +L. =head1 BASIC AUTHENTICATION @@ -83,7 +77,7 @@ application. First, we add both user and role information to the database (we will add the role information here although it will not be used until the -authorization section, Part 5). Create a new SQL script file by opening +authorization section, Part 6). Create a new SQL script file by opening C in your editor and insert: -- @@ -127,58 +121,34 @@ Then load this into the C database with the following command: =head2 Add User and Role Information to DBIC Schema -This step adds DBIC-based classes for the user-related database tables -(the role information will not be used until Part 5): - -Edit C and update the contents to match (only the -C [qw/Book BookAuthor Author User UserRole Role/]> line -has changed): - - package MyAppDB; - - =head1 NAME - - MyAppDB -- DBIC Schema Class - - =cut - - # Our schema needs to inherit from 'DBIx::Class::Schema' - use base qw/DBIx::Class::Schema/; - - # Need to load the DB Model classes here. - # You can use this syntax if you want: - # __PACKAGE__->load_classes(qw/Book BookAuthor Author User UserRole Role/); - # Also, if you simply want to load all of the classes in a directory - # of the same name as your schema class (as we do here) you can use: - # __PACKAGE__->load_classes(qw//); - # But the variation below is more flexible in that it can be used to - # load from multiple namespaces. - __PACKAGE__->load_classes({ - MyAppDB => [qw/Book BookAuthor Author User UserRole Role/] - }); - - 1; +Although we could manually edit the DBIC schema information to include +the new tables added in the previous step, let's use the C +option on the DBIC model helper to do most of the work for us: + $ script/myapp_create.pl model DB DBIC::Schema MyApp::Schema create=static dbi:SQLite:myapp.db + exists "/root/dev/MyApp/script/../lib/MyApp/Model" + exists "/root/dev/MyApp/script/../t" + Dumping manual schema for MyApp::Schema to directory /root/dev/MyApp/script/../lib ... + Schema dump completed. + exists "/root/dev/MyApp/script/../lib/MyApp/Model/DB.pm" + $ + $ ls lib/MyApp/Schema + Authors.pm BookAuthors.pm Books.pm Roles.pm UserRoles.pm Users.pm -=head2 Create New "Result Source Objects" +Notice how the helper has added three new table-specific result source +files to the C directory. And, more +importantly, even if there were changes to the existing result source +files, those changes would have only been written above the C<# DO NOT +MODIFY THIS OR ANYTHING ABOVE!> comment and your hand-edited +enhancements would have been preserved. -Create the following three files with the content shown below. +Speaking of "hand-edit ted enhancements," we should now add +relationship information to the three new result source files. Edit +each of these files and add the following information between the C<# +DO NOT MODIFY THIS OR ANYTHING ABOVE!> comment and the closing C<1;>: -C: +C: - package MyAppDB::User; - - use base qw/DBIx::Class/; - - # Load required DBIC stuff - __PACKAGE__->load_components(qw/PK::Auto Core/); - # Set the table name - __PACKAGE__->table('users'); - # Set columns in table - __PACKAGE__->add_columns(qw/id username password email_address first_name last_name/); - # Set the primary key for the table - __PACKAGE__->set_primary_key('id'); - # # Set relationships: # @@ -188,41 +158,19 @@ C: # 1) Name of relationship, DBIC will create accessor with this name # 2) Name of the model class referenced by this relationship # 3) Column name in *foreign* table - __PACKAGE__->has_many(map_user_role => 'MyAppDB::UserRole', 'user_id'); - - - =head1 NAME - - MyAppDB::User - A model object representing a person with access to the system. - - =head1 DESCRIPTION - - This is an object that represents a row in the 'users' table of your application - database. It uses DBIx::Class (aka, DBIC) to do ORM. - - For Catalyst, this is designed to be used through MyApp::Model::MyAppDB. - Offline utilities may wish to use this class directly. + __PACKAGE__->has_many(map_user_role => 'MyApp::Schema::UserRoles', 'user_id'); - =cut - - 1; + # many_to_many(): + # args: + # 1) Name of relationship, DBIC will create accessor with this name + # 2) Name of has_many() relationship this many_to_many() is shortcut for + # 3) Name of belongs_to() relationship in model class of has_many() above + # You must already have the has_many() defined to use a many_to_many(). + __PACKAGE__->many_to_many(roles => 'map_user_role', 'role'); -C: +C: - package MyAppDB::Role; - - use base qw/DBIx::Class/; - - # Load required DBIC stuff - __PACKAGE__->load_components(qw/PK::Auto Core/); - # Set the table name - __PACKAGE__->table('roles'); - # Set columns in table - __PACKAGE__->add_columns(qw/id role/); - # Set the primary key for the table - __PACKAGE__->set_primary_key('id'); - # # Set relationships: # @@ -232,42 +180,11 @@ C: # 1) Name of relationship, DBIC will create accessor with this name # 2) Name of the model class referenced by this relationship # 3) Column name in *foreign* table - __PACKAGE__->has_many(map_user_role => 'MyAppDB::UserRole', 'role_id'); - - - =head1 NAME - - MyAppDB::Role - A model object representing a class of access permissions to - the system. - - =head1 DESCRIPTION - - This is an object that represents a row in the 'roles' table of your - application database. It uses DBIx::Class (aka, DBIC) to do ORM. - - For Catalyst, this is designed to be used through MyApp::Model::MyAppDB. - "Offline" utilities may wish to use this class directly. - - =cut - - 1; + __PACKAGE__->has_many(map_user_role => 'MyApp::Schema::UserRoles', 'role_id'); -C: +C: - package MyAppDB::UserRole; - - use base qw/DBIx::Class/; - - # Load required DBIC stuff - __PACKAGE__->load_components(qw/PK::Auto Core/); - # Set the table name - __PACKAGE__->table('user_roles'); - # Set columns in table - __PACKAGE__->add_columns(qw/user_id role_id/); - # Set the primary key for the table - __PACKAGE__->set_primary_key(qw/user_id role_id/); - # # Set relationships: # @@ -277,41 +194,33 @@ C: # 1) Name of relationship, DBIC will create accessor with this name # 2) Name of the model class referenced by this relationship # 3) Column name in *this* table - __PACKAGE__->belongs_to(user => 'MyAppDB::User', 'user_id'); + __PACKAGE__->belongs_to(user => 'MyApp::Schema::Users', 'user_id'); # belongs_to(): # args: # 1) Name of relationship, DBIC will create accessor with this name # 2) Name of the model class referenced by this relationship # 3) Column name in *this* table - __PACKAGE__->belongs_to(role => 'MyAppDB::Role', 'role_id'); - - - =head1 NAME - - MyAppDB::UserRole - A model object representing the JOIN between Users and Roles. - - =head1 DESCRIPTION - - This is an object that represents a row in the 'user_roles' table of your application - database. It uses DBIx::Class (aka, DBIC) to do ORM. - - You probably won't need to use this class directly -- it will be automatically - used by DBIC where joins are needed. - - For Catalyst, this is designed to be used through MyApp::Model::MyAppDB. - Offline utilities may wish to use this class directly. - - =cut - - 1; + __PACKAGE__->belongs_to(role => 'MyApp::Schema::Roles', 'role_id'); + -The code for these three result source classes is obviously very familiar to the C, C, and C classes created in Part 2. +The code for these three sets of updates is obviously very similar to +the edits we made to the C, C, and C +classes created in Part 3. + +Note that we do not need to make any change to the +C schema file. It simply tells DBIC to +load all of the result class files it finds in below the +C directory, so it will automatically pick +up our new table information. =head2 Sanity-Check Reload of Development Server -We aren't ready to try out the authentication just yet; we only want to do a quick check to be sure our model loads correctly. Press C to kill the previous server instance (if it's still running) and restart it: +We aren't ready to try out the authentication just yet; we only want +to do a quick check to be sure our model loads correctly. Press +C to kill the previous server instance (if it's still running) +and restart it: $ script/myapp_server.pl @@ -323,102 +232,127 @@ Look for the three new model objects in the startup debug output: +-------------------------------------------------------------------+----------+ | MyApp::Controller::Books | instance | | MyApp::Controller::Root | instance | - | MyApp::Model::MyAppDB | instance | - | MyApp::Model::MyAppDB::Author | class | - | MyApp::Model::MyAppDB::Book | class | - | MyApp::Model::MyAppDB::BookAuthor | class | - | MyApp::Model::MyAppDB::Role | class | - | MyApp::Model::MyAppDB::User | class | - | MyApp::Model::MyAppDB::UserRole | class | + | MyApp::Model::DB | instance | + | MyApp::Model::DB::Author | class | + | MyApp::Model::DB::Books | class | + | MyApp::Model::DB::BookAuthors | class | + | MyApp::Model::DB::Roles | class | + | MyApp::Model::DB::Users | class | + | MyApp::Model::DB::UserRoles | class | | MyApp::View::TT | instance | '-------------------------------------------------------------------+----------' ... -Again, notice that your "result source" classes have been "re-loaded" by Catalyst under C. +Again, notice that your "result class" classes have been "re-loaded" +by Catalyst under C. =head2 Include Authentication and Session Plugins -Edit C and update it as follows (everything below C is new): +Edit C and update it as follows (everything below +C is new): - use Catalyst qw/ + __PACKAGE__->setup(qw/ -Debug ConfigLoader Static::Simple - + StackTrace - + Authentication - + Session Session::Store::FastMmap Session::State::Cookie - /; + /); + +B As discussed in MoreCatalystBasics, different versions of +C have used a variety of methods to load the plugins. +You put the plugins in the C statement if you prefer. -The C plugin supports -Authentication while the C plugins are required to maintain -state across multiple HTTP requests. +The C plugin supports Authentication while the +C plugins are required to maintain state across multiple HTTP +requests. -Note that the only required Authentication class is the main -one. This is a change that occured in version 0.09999_01 -of the C plugin. You B to specify a -particular Authentication::Store or Authentication::Credential plugin. -Instead, indicate the Store and Credential you want to use in your application +Note that the only required Authentication class is the main one. This +is a change that occurred in version 0.09999_01 of the +C plugin. You B to specify a particular +Authentication::Store or Authentication::Credential plugin. Instead, +indicate the Store and Credential you want to use in your application configuration (see below). -Note that there are several -options for L +Note that there are several options for +L (L is generally a good choice if you are on Unix; try L if you are on Win32) -- consult L and its subclasses -for additional information and options (for example to use a -database-backed session store). +for additional information and options (for example to use a database- +backed session store). =head2 Configure Authentication Although C<__PACKAGE__-Econfig(name =E 'value');> is still supported, newer Catalyst applications tend to place all configuration -information in C and automatically load this information into -Cconfig> using the -L plugin. Here, we need -to load several parameters that tell +information in C and automatically load this information +into Cconfig> using the +L plugin. + +First, as noted in Part 3 of the tutorial, Catalyst has recently +switched from a default config file format of YAML to +C (an apache-like format). In case you are using a +version of Catalyst earlier than v5.7014, delete the C, or +convert it to .conf format using the TIP in +L; then simply follow the +directions below to create a new C file. + +Here, we need to load several parameters that tell L -where to locate information in your database. To do this, edit the -C YAML and update it to match: - - --- - name: MyApp - authentication: - default_realm: dbic - realms: - dbic: - credential: - class: Password - password_field: password - password_type: self_check - store: - class: DBIx::Class - # This is the model object created by Catalyst::Model::DBIC from your - # schema (you created 'MyAppDB::User' but as the Catalyst startup - # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User'). - # NOTE: Omit 'MyApp::Model' to avoid a component lookup issue in Catalyst 5.66 - user_class: MyApp::Users - # This is the name of the field in your 'users' table that contains the user's name - id_field: username - role_relation: roles - role_field: rolename - ignore_fields_in_find: [ 'remote_name' ] +where to locate information in your database. To do this, edit the +C file and update it to match: + + # rename this file to MyApp.yml and put a : in front of "name" if + # you want to use yaml like in old versions of Catalyst + name MyApp + + default_realm dbic + + + + # Note: this first definition would be the same as setting + # __PACKAGE__->config->{authentication}->{realms}->{dbic} + # ->{credential} = 'Password' in lib/MyApp.pm + # + # Specify that we are going to do password-based auth + class Password + # This is the name of the field in the users table with the + # password stored in it + password_field password + # We are using an unencrypted password for now + password_type clear + + + # Use DBIC to retrieve username, password & role information + class DBIx::Class + # This is the model object created by Catalyst::Model::DBIC + # from your schema (you created 'MyApp::Schema::User' but as + # the Catalyst startup debug messages show, it was loaded as + # 'MyApp::Model::DB::Users'). + # NOTE: Omit 'MyApp::Model' here just as you would when using + # '$c->model("DB::Users)' + user_class DB::Users + + + + Inline comments in the code above explain how each field is being used. -B: Although YAML uses a very simple and easy-to-ready format, it -does require the use of a consistent level of indenting. Be sure you -line up everything on a given 'level' with the same number of indents. -Also, be sure not to use C characters (YAML does not support them -because they are handled inconsistently across editors). +Note that you can use many other config file formats with catalyst. +See L +for details. =head2 Add Login and Logout Controllers @@ -428,18 +362,16 @@ Use the Catalyst create script to create two stub controller files: $ script/myapp_create.pl controller Login $ script/myapp_create.pl controller Logout -B: You could easily use a single controller here. For example, +B You could easily use a single controller here. For example, you could have a C controller with both C and C actions. Remember, Catalyst is designed to be very flexible, and leaves such matters up to you, the designer and programmer. -Then open C, locate the C method (this was automatically inserted by the helpers when we -created the Login controller above), and delete this line: - - $c->response->body('Matched MyApp::Controller::Login in Login.'); - -Then update it to match: +Then open C, locate the C method (or C if you are using an +older version of Catalyst) that was automatically inserted by the +helpers when we created the Login controller above, and update the +definition of C to match: =head2 index @@ -447,7 +379,7 @@ Then update it to match: =cut - sub index : Private { + sub index :Path :Args(0) { my ($self, $c) = @_; # Get the username and password from form @@ -457,8 +389,8 @@ Then update it to match: # If the username and password values were found in form if ($username && $password) { # Attempt to log the user in - if ($c->authenticate({ username => $username, - password => $password} )) { + if ($c->authenticate({ username => $username, + password => $password } )) { # If successful, then let them use the application $c->response->redirect($c->uri_for('/books/list')); return; @@ -473,32 +405,31 @@ Then update it to match: } This controller fetches the C and C values from the -login form and attempts to authenticate the user. If successful, it -redirects the user to the book list page. If the login fails, the user -will stay at the login page but receive an error message. If the -C and C values are not present in the form, the +login form and attempts to authenticate the user. If successful, it +redirects the user to the book list page. If the login fails, the user +will stay at the login page and receive an error message. If the +C and C values are not present in the form, the user will be taken to the empty login form. -Note that we could have used something like C; -however, the use of C actions is discouraged because it does -not receive path args as with other actions. The recommended practice -is to only use C in C. - -Another option would be to use something like -C (where the C<...> refers to the login -code shown in C above). We are using C here to specifically match the URL C. -C actions (aka, "literal actions") create URI matches relative to -the namespace of the controller where they are defined. Although -C supports arguments that allow relative and absolute paths to be -defined, here we use an empty C definition to match on just the -name of the controller itself. The method name, C, is arbitrary. -We make the match even more specific with the C<:Args(0)> action -modifier -- this forces the match on I C, not +Note that we could have used something like C, +however, it is generally recommended (partly for historical reasons, +and partly for code clarity) only to use C in +C, and then mainly to generate the 404 not +found page for the application. + +Instead, we are using C here to +specifically match the URL C. C actions (aka, "literal +actions") create URI matches relative to the namespace of the +controller where they are defined. Although C supports +arguments that allow relative and absolute paths to be defined, here +we use an empty C definition to match on just the name of the +controller itself. The method name, C, is arbitrary. We make +the match even more specific with the C<:Args(0)> action modifier -- +this forces the match on I C, not C. -Next, update the corresponding method in C -to match: +Next, update the corresponding method in +C to match: =head2 index @@ -506,7 +437,7 @@ to match: =cut - sub index : Private { + sub index :Path :Args(0) { my ($self, $c) = @_; # Clear the user's state @@ -516,8 +447,8 @@ to match: $c->response->redirect($c->uri_for('/')); } -As with the login controller, be sure to delete the -C<$c->response->body('Matched MyApp::Controller::Logout in Logout.');> +As with the login controller, be sure to delete the +C<$c-Eresponse-Ebody('Matched MyApp::Controller::Logout in Logout.');> line of the C. @@ -528,7 +459,7 @@ Create a login form by opening C and inserting: [% META title = 'Login' %] -
+ @@ -564,16 +495,16 @@ the following method: =cut # Note that 'auto' runs after 'begin' but before your actions and that - # 'auto' "chain" (all from application path to most specific class are run) + # 'auto's "chain" (all from application path to most specific class are run) # See the 'Actions' section of 'Catalyst::Manual::Intro' for more info. sub auto : Private { my ($self, $c) = @_; # Allow unauthenticated users to reach the login page. This - # allows anauthenticated users to reach any action in the Login + # allows unauthenticated users to reach any action in the Login # controller. To lock it down to a single action, we could use: # if ($c->action eq $c->controller('Login')->action_for('index')) - # to only allow unauthenticated access to the C action we + # to only allow unauthenticated access to the 'index' action we # added above. if ($c->controller eq $c->controller('Login')) { return 1; @@ -593,36 +524,55 @@ the following method: return 1; } -B Catalyst provides a number of different types of actions, such -as C, C, and C. You should refer to -L for a more detailed explanation, but the -following bullet points provide a quick introduction: + +B Catalyst provides a number of different types of actions, +such as C, C, C and the new C. You +should refer to L for +a more detailed explanation, but the following bullet points provide a +quick introduction: =over 4 =item * -The majority of application use C actions for items that respond -to user requests and C actions for those that do not directly -respond to user input. +The majority of application have traditionally used C actions +for items that respond to user requests and C actions for +those that do not directly respond to user input. =item * -There are five types of C actions: C, C, +Newer Catalyst applications tend to use C actions and the +C attribute because of their power and flexibility. You can +specify the path to match relative to the namespace of the current +module as an argument to C. For example C in +C would match on the URL +C but C would +match on C. + +=item * + +Automatic "chaining" of actions by the dispatcher is a powerful +feature that allows multiple methods to handle a single URL. See +L +for more information on chained actions. + +=item * + +There are five types of build-in C actions: C, C, C, C, and C. =item * With C, C, C, C private actions, only the most specific action of each type will be called. For example, if you -define a C action in your controller it will I a +define a C action in your controller it will I a C action in your application/root controller -- I the action in your controller will be called. =item * -Unlike the other actions where only a single method is called for each -request, I auto action along the chain of namespaces will be +Unlike the other actions where only a single method is called for each +request, I auto action along the chain of namespaces will be called. Each C action will be called I. @@ -642,23 +592,23 @@ lines to the bottom of the file:

[% - # This code illustrates how certain parts of the TT + # This code illustrates how certain parts of the TT # template will only be shown to users who have logged in %] - [% IF Catalyst.user_exists %] - Please Note: You are already logged in as '[% Catalyst.user.username %]'. - You can logout here. + [% IF c.user_exists %] + Please Note: You are already logged in as '[% c.user.username %]'. + You can logout here. [% ELSE %] You need to log in to use this application. [% END %] [%# Note that this whole block is a comment because the "#" appears - immediate after the "[%" (with no spaces in between). Although it - can be a handy way to temporarily "comment out" a whole block of - TT code, it's probably a little too subtle for use in "normal" + immediate after the "[%" (with no spaces in between). Although it + can be a handy way to temporarily "comment out" a whole block of + TT code, it's probably a little too subtle for use in "normal" comments. %] -

+

Although most of the code is comments, the middle few lines provide a "you are already logged in" reminder if the user returns to the login @@ -674,38 +624,38 @@ running) and restart it: $ script/myapp_server.pl -B: If you happen to be using Internet Explorer, you may -need to use the command C
Username: