From: Kennedy Clark Date: Sat, 28 Feb 2009 16:25:50 +0000 (+0000) Subject: Misc edits to fix ... X-Git-Tag: v5.8005~201 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Manual.git;a=commitdiff_plain;h=fbbb908469adb8ac7d9ec2b72df2722587c765e7 Misc edits to fix & adjust things found during testing all the code from Part 3 through Part 8 --- diff --git a/lib/Catalyst/Manual/Tutorial/Authentication.pod b/lib/Catalyst/Manual/Tutorial/Authentication.pod index 54cca78..26faef3 100644 --- a/lib/Catalyst/Manual/Tutorial/Authentication.pod +++ b/lib/Catalyst/Manual/Tutorial/Authentication.pod @@ -67,6 +67,7 @@ You can checkout the source code for this example from the catalyst subversion repository as per the instructions in L. + =head1 BASIC AUTHENTICATION This section explores how to add authentication logic to a Catalyst @@ -294,19 +295,25 @@ backed session store). =head2 Configure Authentication -Although C<__PACKAGE__-Econfig(name =E 'value');> is still -supported, newer Catalyst applications tend to place all configuration -information in C and automatically load this information -into Cconfig> using the +Although C<__PACKAGE__-Econfig(name =E 'value');> is still +supported, newer Catalyst applications tend to place all configuration +information in C and automatically load this information +into Cconfig> using the L plugin. -First, as noted in Part 3 of the tutorial, Catalyst has recently -switched from a default config file format of YAML to -C (an apache-like format). In case you are using a -version of Catalyst earlier than v5.7014, delete the C, or -convert it to .conf format using the TIP in -L; then simply follow the -directions below to create a new C file. +As discussed in Part 3 of the tutorial, Catalyst has recently +switched from a default config file format of YAML to +L (an apache-like format). In case +you are using a version of Catalyst earlier than v5.7014, delete the +C, or convert it to .conf format using the TIP in +L +then simply follow the directions below to create a new C +file. Although we will use the C format here because +YAML files can be difficult to cut and paste in certain environments, +you are free to use any format supported by +L and +L -- Catalyst will transparently handle the +different formats. Here, we need to load several parameters that tell L @@ -350,10 +357,6 @@ C file and update it to match: Inline comments in the code above explain how each field is being used. -Note that you can use many other config file formats with catalyst. -See L -for details. - =head2 Add Login and Logout Controllers @@ -362,16 +365,16 @@ Use the Catalyst create script to create two stub controller files: $ script/myapp_create.pl controller Login $ script/myapp_create.pl controller Logout -B You could easily use a single controller here. For example, -you could have a C controller with both C and C -actions. Remember, Catalyst is designed to be very flexible, and leaves -such matters up to you, the designer and programmer. +You could easily use a single controller here. For example, you could +have a C controller with both C and C actions. +Remember, Catalyst is designed to be very flexible, and leaves such +matters up to you, the designer and programmer. -Then open C, locate the C method (or C if you are using an -older version of Catalyst) that was automatically inserted by the -helpers when we created the Login controller above, and update the -definition of C to match: +Then open C, locate the +C method (or C if you +are using an older version of Catalyst) that was automatically +inserted by the helpers when we created the Login controller above, +and update the definition of C to match: =head2 index @@ -412,13 +415,13 @@ will stay at the login page and receive an error message. If the C and C values are not present in the form, the user will be taken to the empty login form. -Note that we could have used something like C, +Note that we could have used something like "C", however, it is generally recommended (partly for historical reasons, and partly for code clarity) only to use C in C, and then mainly to generate the 404 not found page for the application. -Instead, we are using C here to +Instead, we are using "C" here to specifically match the URL C. C actions (aka, "literal actions") create URI matches relative to the namespace of the controller where they are defined. Although C supports @@ -579,8 +582,8 @@ running) and restart it: B If you are having issues with authentication on Internet Explorer, be sure to check the system clocks on both your server and client machines. Internet Explorer is very picky about -timestamps for cookies. Note that you can quickly sync an Ubuntu -system with the following command: +timestamps for cookies. You can quickly sync an Ubuntu system with +the following command: sudo ntpdate ntp.ubuntu.com @@ -623,12 +626,14 @@ from cleartext passwords to SHA-1 password hashes. B This section is optional. You can skip it and the rest of the tutorial will function normally. -Note that even with the techniques shown in this section, the browser +Be aware that even with the techniques shown in this section, the browser still transmits the passwords in cleartext to your application. We are just avoiding the I of cleartext passwords in the database by using a SHA-1 hash. If you are concerned about cleartext passwords between the browser and your application, consider using SSL/TLS, made -easy with the Catalyst plugin Catalyst::Plugin:RequireSSL. +easy with the Catalyst plugin Catalyst::Plugin:RequireSSL. You should +also consider adding a "salt" mechanism to your hashed passwords to +mitigate the risk of a "rainbow table" crack against your passwords. =head2 Get a SHA-1 Hash for the Password @@ -729,7 +734,7 @@ running) and restart it: $ script/myapp_server.pl You should now be able to go to L and -login as before. When done, click the "Logout" link on the login page +login as before. When done, click the "logout" link on the login page (or point your browser at L). @@ -740,10 +745,10 @@ variables in a way that is very similar to C, but it will remain set across multiple requests. Once the value is read, it is cleared (unless reset). Although C has nothing to do with authentication, it does leverage the same session plugins. Now that -those plugins are enabled, let's go back and improve the "delete +those plugins are enabled, let's go back and update the "delete and redirect with query parameters" code seen at the end of the L part of the -tutorial. +tutorial to take advantage of C. First, open C and modify C to match the following (everything after the model search line of code @@ -755,12 +760,12 @@ has changed): =cut - sub delete : Local { - # $id = primary key of book to delete - my ($self, $c, $id) = @_; + sub delete :Chained('object') :PathPart('delete') :Args(0) { + my ($self, $c) = @_; - # Search for the book and then delete it - $c->model('DB::Books')->search({id => $id})->delete_all; + # Use the book object saved by 'object' and delete it along + # with related 'book_authors' entries + $c->stash->{object}->delete; # Use 'flash' to save information across requests until it's read $c->flash->{status_msg} = "Book deleted"; @@ -790,10 +795,10 @@ Cspan class="message"E> line. =head2 Try Out Flash -Restart the development server and point your browser to -L to create an extra -several books. Click the "Return to list" link and delete one of the -"Test" books you just added. The C mechanism should retain our +Restart the development server, log in, and then point your browser to +L to create an extra +several books. Click the "Return to list" link and delete one of the +"Test" books you just added. The C mechanism should retain our "Book deleted" status message across the redirect. B While C will save information across multiple requests, @@ -807,13 +812,12 @@ information. =head2 Switch To Flash-To-Stash -Although the a use of flash above is certainly an improvement over the -C we employed in Part 4 of the tutorial, the +Although the a use of flash above works well, the C statement is a little ugly. A nice alternative is to use the C feature that automatically copies the content of flash to stash. This makes your controller and template code work regardless of where it was directly access, a -forward, or a redirect. To enable C, you can either +forward, or a redirect. To enable C, you can either set the value in C by changing the default C<__PACKAGE__-Econfig> setting to something like: diff --git a/lib/Catalyst/Manual/Tutorial/Authorization.pod b/lib/Catalyst/Manual/Tutorial/Authorization.pod index 0773675..818a8f2 100644 --- a/lib/Catalyst/Manual/Tutorial/Authorization.pod +++ b/lib/Catalyst/Manual/Tutorial/Authorization.pod @@ -89,7 +89,7 @@ Edit C and add C to the list: Session Session::Store::FastMmap Session::State::Cookie - /; + /); B As discussed in MoreCatalystBasics, different versions of C have used a variety of methods to load the plugins. @@ -261,10 +261,10 @@ running) and restart it: Now trying going to L and you should be taken to the login page (you might have to C or -C your browser and/or click the "Logout" link on the book +C your browser and/or click the "User Logout" link on the book list page). Try logging in with both C and C (both use a password of C) and notice how the roles information -updates at the bottom of the "Book List" page. Also try the C +updates at the bottom of the "Book List" page. Also try the "User Logout" link on the book list page. Now the "url_create" URL will work if you are already logged in as user @@ -273,7 +273,7 @@ C. Try: http://localhost:3000/books/url_create/test/1/6 -while logged in as each user. Use one of the 'Logout' links (or go to +while logged in as each user. Use one of the "logout" links (or go to L in your browser directly) when you are done. diff --git a/lib/Catalyst/Manual/Tutorial/BasicCRUD.pod b/lib/Catalyst/Manual/Tutorial/BasicCRUD.pod index b6afd45..de04465 100644 --- a/lib/Catalyst/Manual/Tutorial/BasicCRUD.pod +++ b/lib/Catalyst/Manual/Tutorial/BasicCRUD.pod @@ -1,4 +1,4 @@ - =head1 NAME +=head1 NAME Catalyst::Manual::Tutorial::BasicCRUD - Catalyst Tutorial - Part 4: Basic CRUD @@ -209,10 +209,11 @@ Next, use your browser to enter the following URL: http://localhost:3000/books/url_create/TCPIP_Illustrated_Vol-2/5/4 -Your browser should display "Added book 'TCPIP_Illustrated_Vol-2' by -'Stevens' with a rating of 5." along with a dump of the new book model -object. You should also see the following DBIC debug messages displayed -in the development server log messages if you have DBIC_TRACE set: +Your browser should display "Added book 'TCPIP_Illustrated_Vol-2' by +'Stevens' with a rating of 5." along with a dump of the new book model +object as it was returned by DBIC. You should also see the following +DBIC debug messages displayed in the development server log messages +if you have DBIC_TRACE set: INSERT INTO books (rating, title) VALUES (?, ?): `5', `TCPIP_Illustrated_Vol-2' INSERT INTO book_authors (author_id, book_id) VALUES (?, ?): `4', `6' @@ -342,47 +343,47 @@ initial version of the C method (the one using the C<:Local> attribute), you will notice that it produced output similar to the following: - [debug] Loaded Path actions: - .-------------------------------------+--------------------------------------. - | Path | Private | - +-------------------------------------+--------------------------------------+ - | / | /default | - | / | /index | - | /books | /books/index | - | /books/list | /books/list | - | /books/url_create | /books/url_create | - '-------------------------------------+--------------------------------------' + [debug] Loaded Path actions: + .-------------------------------------+--------------------------------------. + | Path | Private | + +-------------------------------------+--------------------------------------+ + | / | /default | + | / | /index | + | /books | /books/index | + | /books/list | /books/list | + | /books/url_create | /books/url_create | + '-------------------------------------+--------------------------------------' Now start the development server with our basic chained method in place and the startup debug output should change to something along the lines of the following: - [debug] Loaded Path actions: - .-------------------------------------+--------------------------------------. - | Path | Private | - +-------------------------------------+--------------------------------------+ - | / | /default | - | / | /index | - | /books | /books/index | - | /books/list | /books/list | - '-------------------------------------+--------------------------------------' - - [debug] Loaded Chained actions: - .-------------------------------------+--------------------------------------. - | Path Spec | Private | - +-------------------------------------+--------------------------------------+ - | /books/url_create/*/*/* | /books/url_create | - '-------------------------------------+--------------------------------------' + [debug] Loaded Path actions: + .-------------------------------------+--------------------------------------. + | Path | Private | + +-------------------------------------+--------------------------------------+ + | / | /default | + | / | /index | + | /books | /books/index | + | /books/list | /books/list | + '-------------------------------------+--------------------------------------' + + [debug] Loaded Chained actions: + .-------------------------------------+--------------------------------------. + | Path Spec | Private | + +-------------------------------------+--------------------------------------+ + | /books/url_create/*/*/* | /books/url_create | + '-------------------------------------+--------------------------------------' C has disappeared form the "Loaded Path actions" section but it now shows up under the newly created "Loaded Chained actions" -section. And, the "/*/*/*" portion clearly shows that we have -specified that 3 arguments are required. +section. And, the "/*/*/*" portion clearly shows our requirement for +three arguments. As with our non-chained version of C, use your browser to enter the following URL: - http://localhost:3000/books/url_create/TCPIP_Illustrated_Vol-2/5/4 + http://localhost:3000/books/url_create/TCPIP_Illustrated_Vol-2/5/4 You should see the same "Added book 'TCPIP_Illustrated_Vol-2' by 'Stevens' with a rating of 5." along with a dump of the new book model @@ -397,28 +398,28 @@ little more of the power of chaining. First, open C in your editor and add the following method: - =head2 base - - Can place common logic to start chained dispatch here - - =cut - - sub base :Chained('/') :PathPart('books') :CaptureArgs(0) { - my ($self, $c) = @_; - - # Store the resultset in stash so it's available for other methods - $c->stash->{resultset} = $c->model('DB::Books'); - - # Print a message to the debug log - $c->log->debug('*** INSIDE BASE METHOD ***'); - } - -Here we print a log message and store the resultset in + =head2 base + + Can place common logic to start chained dispatch here + + =cut + + sub base :Chained('/') :PathPart('books') :CaptureArgs(0) { + my ($self, $c) = @_; + + # Store the resultset in stash so it's available for other methods + $c->stash->{resultset} = $c->model('DB::Books'); + + # Print a message to the debug log + $c->log->debug('*** INSIDE BASE METHOD ***'); + } + +Here we print a log message and store the DBIC resultset in C<$c-Estash-E{resultset}> so that it's automatically available for other actions that chain off C. If your controller always needs a book ID as it's first argument, you could have the base method capture that argument (with C<:CaptureArgs(1)>) and use it to pull the -book object with that ID from the database and leave it in the stash for +book object with C<-Efind($id)> and leave it in the stash for later parts of your chains to then act upon. Because we have several actions that don't need to retrieve a book (such as the C we are working with now), we will instead add that functionality @@ -430,30 +431,30 @@ C to match the following: sub url_create :Chained('base') :PathPart('url_create') :Args(3) { -Next, let's try out our refactored chain. Restart the development -server and notice that our "Loaded Chained actions" section has -changed slightly: - - [debug] Loaded Chained actions: - .-------------------------------------+--------------------------------------. - | Path Spec | Private | - +-------------------------------------+--------------------------------------+ - | /books/url_create/*/*/* | /books/base (0) | - | | => /books/url_create | - '-------------------------------------+--------------------------------------' +Next, try out the refactored chain by restarting the development +server. Notice that our "Loaded Chained actions" section has changed +slightly: + + [debug] Loaded Chained actions: + .-------------------------------------+--------------------------------------. + | Path Spec | Private | + +-------------------------------------+--------------------------------------+ + | /books/url_create/*/*/* | /books/base (0) | + | | => /books/url_create | + '-------------------------------------+--------------------------------------' The "Path Spec" is the same, but now it maps to two Private actions as we would expect. Once again, enter the following URL into your browser: - http://localhost:3000/books/url_create/TCPIP_Illustrated_Vol-2/5/4 + http://localhost:3000/books/url_create/TCPIP_Illustrated_Vol-2/5/4 The same "Added book 'TCPIP_Illustrated_Vol-2' by 'Stevens' with a -rating of 5." and dump of the new book object should appear. Also -notice the extra debug message in the development server output from -the C method. Click the "Return to list" link, you should find -that there are now eight books shown. +rating of 5" message and dump of the new book object should appear. +Also notice the extra debug message in the development server output +from the C method. Click the "Return to list" link, you should +find that there are now eight books shown. =head1 MANUALLY BUILDING A CREATE FORM @@ -552,17 +553,17 @@ it. Then restart the server: Notice that the server startup log reflects the two new chained methods that we added: - [debug] Loaded Chained actions: - .-------------------------------------+--------------------------------------. - | Path Spec | Private | - +-------------------------------------+--------------------------------------+ - | /books/form_create | /books/base (0) | - | | => /books/form_create | - | /books/form_create_do | /books/base (0) | - | | => /books/form_create_do | - | /books/url_create/*/*/* | /books/base (0) | - | | => /books/url_create | - '-------------------------------------+--------------------------------------' + [debug] Loaded Chained actions: + .-------------------------------------+--------------------------------------. + | Path Spec | Private | + +-------------------------------------+--------------------------------------+ + | /books/form_create | /books/base (0) | + | | => /books/form_create | + | /books/form_create_do | /books/base (0) | + | | => /books/form_create_do | + | /books/url_create/*/*/* | /books/base (0) | + | | => /books/url_create | + '-------------------------------------+--------------------------------------' Point your browser to L and enter "TCP/IP Illustrated, Vol 3" for the title, a rating of 5, and an @@ -652,13 +653,13 @@ use C<$self-Eaction_for('_method_name_')>. =item * If you are referring to a method in a different controller, you need -to include that as an argument to C, as in +to include that controller's name as an argument to C, as in C<$c-Econtroller('_controller_name_')-Eaction_for('_method_name_')>. =back -B You should use more than just a simple link with your -applications. Consider using some sort of of confirmation page +B In general, you should use more than just a simple link with +your applications. Consider using some sort of of confirmation page (typically with unique actions in your controller for both the confirmation and the actual delete operation). Also, you should try to use an HTTP POST operation (versus the GET used here) for @@ -668,16 +669,17 @@ database). =head2 Add a Common Method to Retrieve a Book for the Chain -As mentioned earlier, since we have a mixture of actions that operate on -a single book ID and others that do no, we should not have C +As mentioned earlier, since we have a mixture of actions that operate +on a single book ID and others that do no, we should not have C capture the book ID, find the corresponding book in the database and save it in the stash for later links in the chain. However, just -because that logic does not belong in C doesn't mean that we can't -create another location to centralize that logic. In our case, we will -create a method called C that will store the specific book in -the stash. Chains that always operate on a single existing book can -chain off this method, but methods such as C that don't -operate on an existing book can chain directly off base. +because that logic does not belong in C doesn't mean that we +can't create another location to centralize the book lookup code. In +our case, we will create a method called C that will store the +specific book in the stash. Chains that always operate on a single +existing book can chain off this method, but methods such as +C that don't operate on an existing book can chain +directly off base. To add the C method, edit C and add the following code: @@ -690,6 +692,7 @@ and add the following code: =cut sub object :Chained('base') :PathPart('id') :CaptureArgs(1) { + # $id = primary key of book to delete my ($self, $c, $id) = @_; # Find the book object and store it in the stash @@ -717,7 +720,7 @@ or as a hashref: $c->stash({object => $c->stash->{resultset}->find($id), another_thing => 1}); -Either format works, but the C<$c-Estash(name => value);> +Either format works, but the C<$c-Estash(name =E value);> style is growing in popularity -- you may which to use it all the time (even when you are only setting a single value). @@ -734,7 +737,6 @@ following method: =cut sub delete :Chained('object') :PathPart('delete') :Args(0) { - # $id = primary key of book to delete my ($self, $c) = @_; # Use the book object saved by 'object' and delete it along @@ -750,8 +752,7 @@ following method: This method first deletes the book object saved by the C method. However, it also removes the corresponding entry from the -C table. Note that C will cascade to also delete -the related join table entries in C. +C table with a cascading delete. Then, rather than forwarding to a "delete done" page as we did with the earlier create example, it simply sets the C to display a @@ -774,7 +775,7 @@ it. Then restart the server: The C method now appears in the "Loaded Chained actions" section of the startup debug output: - [debug] Loaded Chained actions: + [debug] Loaded Chained actions: .-------------------------------------+--------------------------------------. | Path Spec | Private | +-------------------------------------+--------------------------------------+ @@ -807,9 +808,11 @@ prior step -- it is still referencing the delete action: http://localhost:3000/books/delete/6 -What if the user were to press reload with this URL still active? In -this case the redundant delete is harmless, but in other cases this -could clearly be extremely dangerous. +What if the user were to press reload with this URL still active? In +this case the redundant delete is harmless (although it does generate +an exception screen, it doesn't perform any undesirable actions on the +application or database), but in other cases this could clearly be +extremely dangerous. We can improve the logic by converting to a redirect. Unlike C<$c-Eforward('list'))> or C<$c-Edetach('list'))> that perform @@ -829,8 +832,7 @@ C method to match: =cut sub delete :Chained('object') :PathPart('delete') :Args(0) { - # $id = primary key of book to delete - my ($self, $c, $id) = @_; + my ($self, $c) = @_; # Use the book object saved by 'object' and delete it along # with related 'book_authors' entries @@ -841,7 +843,7 @@ C method to match: # Redirect the user back to the list page. Note the use # of $self->action_for as earlier in this section (BasicCRUD) - $c->response->redirect($c->uri_for($self->action_for('list')); + $c->response->redirect($c->uri_for($self->action_for('list'))); } @@ -875,8 +877,7 @@ method to match the following: =cut sub delete :Chained('object') :PathPart('delete') :Args(0) { - # $id = primary key of book to delete - my ($self, $c, $id) = @_; + my ($self, $c) = @_; # Use the book object saved by 'object' and delete it along # with related 'book_authors' entries diff --git a/lib/Catalyst/Manual/Tutorial/Testing.pod b/lib/Catalyst/Manual/Tutorial/Testing.pod index 7f55817..35a4695 100644 --- a/lib/Catalyst/Manual/Tutorial/Testing.pod +++ b/lib/Catalyst/Manual/Tutorial/Testing.pod @@ -86,19 +86,6 @@ for errors: # in t/controller_Books.t at line 8. # Looks like you failed 1 test of 3. -B Depending on the versions of various modules you have -installed, you might get some C warnings -- you can -ignore these. If you are following along in Ubuntu 8.10, you can -prevent them by adding C above line 49 in -C to match the following: - - ... - { no strict qw( refs ); - no warnings; - $argnames = \@{"$class\::BASEARGS"} || [ ]; - } - ... - The redirection used by the Authentication plugins will cause several failures in the default tests. You can fix this by making the following changes: @@ -111,13 +98,13 @@ to: ok( request('/login')->is_success, 'Request should succeed' ); -2) Change the Cis_success> to -Cis_redirect> in C. +2) Change the "Cis_success>" to +"Cis_redirect>" in C. -3) Change the Cis_success> to -Cis_redirect> in C. +3) Change the "Cis_success>" to +"Cis_redirect>" in C. -4) Add C to the top of C. +4) Add "C" to the top of C. As you can see in the C command line above, the C<--lib> option is used to set the location of the Catalyst C directory. With this @@ -129,6 +116,19 @@ environment variable. For example: $ CATALYST_DEBUG=0 prove --lib lib t +B Depending on the versions of various modules you have +installed, you might get some C warnings -- you can +ignore these. If you are following along in Ubuntu 8.10, you can +prevent them by adding C above line 49 in +C to match the following: + + ... + { no strict qw( refs ); + no warnings; + $argnames = \@{"$class\::BASEARGS"} || [ ]; + } + ... + During the C and C tests, you might notice the C warning message. To execute the Pod-related tests, add C to the C @@ -242,7 +242,7 @@ editor and enter the following: $_->content_contains("Book List", "Check for book list title") for $ua1, $ua2; # Make sure the appropriate logout buttons are displayed - $_->content_contains("/logout\">Logout", + $_->content_contains("/logout\">User Logout", "Both users should have a 'User Logout'") for $ua1, $ua2; $ua1->content_contains("/books/form_create\">Create", "Only 'test01' should have a create link"); @@ -334,6 +334,12 @@ failed test: This will cause the full HTML returned by the request to be displayed. +Another approach to see the full HTML content at the failure point in +a series of tests would be to insert a "C<$DB::single=1;> right above +the location of the failure and run the test under the perl debugger +(with C<-d>) as shown above. Then you can use the debugger to explore +the state of the application right before or after the failure. + =head1 SUPPORTING BOTH PRODUCTION AND TEST DATABASES