Fix bug with cleartext password_type (bug reported to my email by crackcraft@gmail...

diff --git a/Changes b/Changes
index 7b07044..a9df2d3 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,5 +1,10 @@
 Revision history for Perl extension Catalyst::Plugin::Authentication
 
+      - Fix bug in Credential::Password with password_type: clear.
+        - Add test for this.
+      - Add mock object tests for Credential::Password with password_type: 
+        clear.
+
 0.100092
       - Release new version, no changes since dev release.     
 

diff --git a/Makefile.PL b/Makefile.PL
index 2071254..c27a65a 100644 (file)
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -15,6 +15,7 @@ requires 'Catalyst::Plugin::Session' => '0.10';
 
 test_requires 'Test::More';
 test_requires 'Test::Exception';
+test_requires 'Test::MockObject';
 
 auto_install;
 WriteAll;

diff --git a/lib/Catalyst/Authentication/Credential/Password.pm b/lib/Catalyst/Authentication/Credential/Password.pm
index a8f0c94..bd99265 100644 (file)
--- a/lib/Catalyst/Authentication/Credential/Password.pm
+++ b/lib/Catalyst/Authentication/Credential/Password.pm
@@ -64,6 +64,9 @@ sub check_password {
         if ($self->_config->{'password_type'} eq 'none') {
             return 1;
         } elsif ($self->_config->{'password_type'} eq 'clear') {
+            # FIXME - Should we warn in the $storedpassword undef case, 
+            #         as the user probably fluffed the config?
+            return unless defined $storedpassword;
             return $password eq $storedpassword;
         } elsif ($self->_config->{'password_type'} eq 'crypted') {            
             return $storedpassword eq crypt( $password, $storedpassword );

diff --git a/t/05_password.t b/t/05_password.t
index 7c38986..13fd88f 100644 (file)
--- a/t/05_password.t
+++ b/t/05_password.t
@@ -1,11 +1,44 @@
 use strict;
 use warnings;
 
-use Test::More 'no_plan';
-
+use Test::More tests => 11;
+use Test::Exception;
+use Test::MockObject;
 
+# 1,2
 my $m; BEGIN { use_ok($m = "Catalyst::Authentication::Credential::Password") }
-
 can_ok($m, "authenticate");
 
+my $app = Test::MockObject->new;
+my $realm = Test::MockObject->new;
+my $user = Test::MockObject->new;
+our ($user_get_password_field_name, $user_password );
+$user->mock('get' => sub { $user_get_password_field_name = $_[1]; return $user_password });
+
+# 3-6 # Test clear passwords if you mess up the password_field
+{
+    local $user_password = undef;        # The user returns an undef password, 
+    local $user_get_password_field_name; # as there is no field named 'mistyped'
+    my $config = { password_type => 'clear', password_field => 'mistyped' };
+    my $i; lives_ok { $i = $m->new($config, $app, $realm) } 'Construct instance';
+    ok($i, 'Have instance');
+    my $r = $i->check_password($user, { username => 'someuser', password => 'password' });
+    is($user_get_password_field_name, 'mistyped', 
+        '(Incorrect) field name from config correctly passed to user');
+    ok(! $r, 'Authentication unsuccessful' );
+}
 
+# 7-11 # Test clear passwords working, and not working
+{
+    local $user_password = 'mypassword';         
+    local $user_get_password_field_name;
+    my $config = { password_type => 'clear', password_field => 'the_password_field' };
+    my $i; lives_ok { $i = $m->new($config, $app, $realm) } 'Construct instance';
+    ok($i, 'Have instance');
+    my $r = $i->check_password($user, { username => 'someuser', the_password_field => 'mypassword' });
+    is($user_get_password_field_name, 'the_password_field', 
+        'Correct field name from config correctly passed to user');
+    ok( $r, 'Authentication successful with correct password' );
+    $r = $i->check_password($user, { username => 'someuser', the_password_field => 'adifferentpassword' });
+    ok( ! $r, 'Authentication ussuccessful with incorrect password' );
+}