Don't load password when password_type is 'none'

for example when used for authorization

diff --git a/Changes b/Changes
index 45027a9..2d6d73c 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,5 +1,8 @@
 Revision history for Perl extension Catalyst::Plugin::Authentication
 
+    - Don't load password when password_type is 'none',
+      for example when used for authorization
+
 0.10023 11 Jan 2013
    - Add Howto on using the auth from the proxy server with
      ::Credential::Remote (Robert Rothenberg)

diff --git a/lib/Catalyst/Authentication/Credential/Password.pm b/lib/Catalyst/Authentication/Credential/Password.pm
index 0ce16c7..a9d8da5 100644 (file)
--- a/lib/Catalyst/Authentication/Credential/Password.pm
+++ b/lib/Catalyst/Authentication/Credential/Password.pm
@@ -59,12 +59,13 @@ sub check_password {
     if ($self->_config->{'password_type'} eq 'self_check') {
         return $user->check_password($authinfo->{$self->_config->{'password_field'}});
     } else {
+        return 1
+            if $self->_config->{'password_type'} eq 'none';
+
         my $password = $authinfo->{$self->_config->{'password_field'}};
         my $storedpassword = $user->get($self->_config->{'password_field'});
 
-        if ($self->_config->{'password_type'} eq 'none') {
-            return 1;
-        } elsif ($self->_config->{'password_type'} eq 'clear') {
+        if ($self->_config->{'password_type'} eq 'clear') {
             # FIXME - Should we warn in the $storedpassword undef case,
             #         as the user probably fluffed the config?
             return unless defined $storedpassword;