X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2FAuthentication.pod;h=8c247262dfd5ef19116deba708c8abc01e97211b;hp=46b061c7a605081a3af6a466b80d309d8d87025b;hb=2d0526d162eaee76807a5f7534820429c0395a03;hpb=5e6026272f809951ac22fae43b73d2c1dc79c7fc diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod index 46b061c..8c24726 100644 --- a/lib/Catalyst/Manual/Tutorial/Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod @@ -50,6 +50,16 @@ L =back +=head1 IMPORTANT NOTE + +Since this tutorial was written, there has been a new Authentication +API released (Catalyst::Plugin::Authentication version 0.1 and later). +Some of this tutorial does not work with this API, and requires +minimal changes. For an example application that uses the new API see +L. It +is recommended that you read this tutorial first, and then download +the source code linked above to understand the differences. + =head1 DESCRIPTION Now that we finally have a simple yet functional application, we can @@ -339,23 +349,32 @@ Edit C and update it as follows (everything below C is StackTrace Authentication - Authentication::Store::DBIC - Authentication::Credential::Password Session Session::Store::FastMmap Session::State::Cookie /; -The three C plugins work together to support +The C plugin supports Authentication while the C plugins are required to maintain -state across multiple HTTP requests. Note that there are several -options for L +state across multiple HTTP requests. + +Note that the only required Authentication class is the main +one. This is a change that occured in version 0.09999_01 +of the C plugin. You B to specify a +particular Authentication::Store or Authentication::Credential plugin. +Instead, indicate the Store and Credential you want to use in your application +configuration (see below). + +Note that there are several +options for L (L is generally a good choice if you are on Unix; try -L if you are on -Win32) -- consult L and -its subclasses for additional information. +L if you +are on Win32) -- consult +L and its subclasses +for additional information and options (for example to use a +database-backed session store). =head2 Configure Authentication @@ -373,21 +392,25 @@ C YAML and update it to match: --- name: MyApp authentication: - dbic: - # Note this first definition would be the same as setting - # __PACKAGE__->config->{authentication}->{dbic}->{user_class} = 'MyAppDB::User' - # in lib/MyApp.pm (IOW, each hash key becomes a "name:" in the YAML file). - # + default_realm: dbic + realms: + dbic: + credential: + class: Password + password_field: password + password_type: self_check + store: + class: DBIx::Class # This is the model object created by Catalyst::Model::DBIC from your # schema (you created 'MyAppDB::User' but as the Catalyst startup # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User'). # NOTE: Omit 'MyApp::Model' to avoid a component lookup issue in Catalyst 5.66 - user_class: MyAppDB::User + user_class: MyApp::Users # This is the name of the field in your 'users' table that contains the user's name - user_field: username - # This is the name of the field in your 'users' table that contains the password - password_field: password - # Other options can go here for hashed passwords + id_field: username + role_relation: roles + role_field: rolename + ignore_fields_in_find: [ 'remote_name' ] Inline comments in the code above explain how each field is being used. @@ -434,7 +457,8 @@ Then update it to match: # If the username and password values were found in form if ($username && $password) { # Attempt to log the user in - if ($c->login($username, $password)) { + if ($c->authenticate({ username => $username, + password => $password} )) { # If successful, then let them use the application $c->response->redirect($c->uri_for('/books/list')); return; @@ -449,11 +473,11 @@ Then update it to match: } This controller fetches the C and C values from the -login form and attempts to perform a login. If successful, it redirects -the user to the book list page. If the login fails, the user will stay -at the login page but receive an error message. If the C and -C values are not present in the form, the user will be taken -to the empty login form. +login form and attempts to authenticate the user. If successful, it +redirects the user to the book list page. If the login fails, the user +will stay at the login page but receive an error message. If the +C and C values are not present in the form, the +user will be taken to the empty login form. Note that we could have used something like C; however, the use of C actions is discouraged because it does @@ -634,6 +658,7 @@ lines to the bottom of the file: TT code, it's probably a little too subtle for use in "normal" comments. %] +

Although most of the code is comments, the middle few lines provide a "you are already logged in" reminder if the user returns to the login @@ -869,7 +894,7 @@ Kennedy Clark, C Please report any errors, issues or suggestions to the author. The most recent version of the Catalyst Tutorial can be found at -L. +L. Copyright 2006, Kennedy Clark, under Creative Commons License (L).