projects / catagits/Catalyst-Runtime.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
coverage all passes
[catagits/Catalyst-Runtime.git] / lib / Catalyst / Manual / Tutorial / Authentication.pod
CommitLineData
4d583dd8 1=head1 NAME
2
64ccd8a8 3Catalyst::Manual::Tutorial::Authentication - Catalyst Tutorial - Part 4: Authentication
4d583dd8 4
5
4d583dd8 6=head1 OVERVIEW
7
8This is B<Part 4 of 9> for the Catalyst tutorial.
9
64ccd8a8 10L<Tutorial Overview|Catalyst::Manual::Tutorial>
4d583dd8 11
12=over 4
13
14=item 1
15
16L<Introduction|Catalyst::Manual::Tutorial::Intro>
17
18=item 2
19
20L<Catalyst Basics|Catalyst::Manual::Tutorial::CatalystBasics>
21
22=item 3
23
64ccd8a8 24L<Basic CRUD|Catalyst::Manual::Tutorial_BasicCRUD>
4d583dd8 25
26=item 4
27
28B<Authentication>
29
30=item 5
31
32L<Authorization|Catalyst::Manual::Tutorial::Authorization>
33
34=item 6
35
36L<Debugging|Catalyst::Manual::Tutorial::Debugging>
37
38=item 7
39
40L<Testing|Catalyst::Manual::Tutorial::Testing>
41
42=item 8
43
44L<AdvancedCRUD|Catalyst::Manual::Tutorial::AdvancedCRUD>
45
46=item 9
47
71dedf57 48L<Appendices|Catalyst::Manual::Tutorial::Appendicies>
4d583dd8 49
50=back
51
52
4d583dd8 53=head1 DESCRIPTION
54
64ccd8a8 55Now that we finally have a simple yet functional application, we can
71dedf57 56focus on providing authentication (with authorization coming next in
57Part 5).
4d583dd8 58
64ccd8a8 59This part of the tutorial is divided into two main sections: 1) basic,
60cleartext authentication and 2) hash-based authentication.
4d583dd8 61
64ccd8a8 62B<TIP>: Note that all of the code for this part of the tutorial can be
63pulled from the Catalyst Subversion repository in one step with the
64following command:
4d583dd8 65
66 svn checkout http://dev.catalyst.perl.org/repos/Catalyst/trunk/examples/Tutorial@###
67 IMPORTANT: Does not work yet. Will be completed for final version.
68
69
4d583dd8 70=head1 BASIC AUTHENTICATION
71
71dedf57 72This section explores how to add authentication logic to a Catalyst
73application.
4d583dd8 74
75=head2 Add Users and Roles to the Database
76
71dedf57 77First, we add both user and role information to the database (we will
78add the role information here although it will not be used until the
64ccd8a8 79authorization section, Part 5). Create a new SQL script file by opening
80C<myapp02.sql> in your editor and insert:
4d583dd8 81
82 --
83 -- Add users and roles tables, along with a many-to-many join table
84 --
85 CREATE TABLE users (
86 id INTEGER PRIMARY KEY,
87 username TEXT,
88 password TEXT,
89 email_address TEXT,
90 first_name TEXT,
91 last_name TEXT,
92 active INTEGER
93 );
94 CREATE TABLE roles (
95 id INTEGER PRIMARY KEY,
96 role TEXT
97 );
98 CREATE TABLE user_roles (
99 user_id INTEGER,
100 role_id INTEGER,
101 PRIMARY KEY (user_id, role_id)
102 );
103 --
104 -- Load up some initial test data
105 --
106 INSERT INTO users VALUES (1, 'test01', 'mypass', 't01@na.com', 'Joe', 'Blow', 1);
107 INSERT INTO users VALUES (2, 'test02', 'mypass', 't02@na.com', 'Jane', 'Doe', 1);
108 INSERT INTO users VALUES (3, 'test03', 'mypass', 't03@na.com', 'No', 'Go', 0);
109 INSERT INTO roles VALUES (1, 'user');
110 INSERT INTO roles VALUES (2, 'admin');
111 INSERT INTO user_roles VALUES (1, 1);
112 INSERT INTO user_roles VALUES (1, 2);
113 INSERT INTO user_roles VALUES (2, 1);
114 INSERT INTO user_roles VALUES (3, 1);
115
116Then load this into the C<myapp.db> database with the following command:
117
118 $ sqlite3 myapp.db < myapp02.sql
119
120
71dedf57 121=head2 Add User and Role Information to DBIC Schema
4d583dd8 122
64ccd8a8 123This step adds DBIC-based classes for the user-related database tables
71dedf57 124(the role information will not be used until Part 5):
4d583dd8 125
64ccd8a8 126Edit C<lib/MyAppDB.pm> and update the contents to match (only the
127C<MyAppDB =E<gt> [qw/Book BookAuthor Author User UserRole Role/]> line
128has changed):
4d583dd8 129
130 package MyAppDB;
131
132 =head1 NAME
133
134 MyAppDB -- DBIC Schema Class
135
136 =cut
137
138 # Our schema needs to inherit from 'DBIx::Class::Schema'
139 use base qw/DBIx::Class::Schema/;
140
141 # Need to load the DB Model classes here.
142 # You can use this syntax if you want:
143 # __PACKAGE__->load_classes(qw/Book BookAuthor Author User UserRole Role/);
144 # Also, if you simply want to load all of the classes in a directory
145 # of the same name as your schema class (as we do here) you can use:
146 # __PACKAGE__->load_classes(qw//);
147 # But the variation below is more flexible in that it can be used to
148 # load from multiple namespaces.
149 __PACKAGE__->load_classes({
150 MyAppDB => [qw/Book BookAuthor Author User UserRole Role/]
151 });
152
153 1;
154
155
156=head2 Create New "Result Source Objects"
157
158Create the following three files with the content shown below.
159
160C<lib/MyAppDB/User.pm>:
161
162 package MyAppDB::User;
163
164 use base qw/DBIx::Class/;
165
166 # Load required DBIC stuff
167 __PACKAGE__->load_components(qw/PK::Auto Core/);
168 # Set the table name
169 __PACKAGE__->table('users');
170 # Set columns in table
171 __PACKAGE__->add_columns(qw/id username password email_address first_name last_name/);
172 # Set the primary key for the table
173 __PACKAGE__->set_primary_key('id');
174
175 #
176 # Set relationships:
177 #
178
179 # has_many():
180 # args:
181 # 1) Name of relationship, DBIC will create accessor with this name
182 # 2) Name of the model class referenced by this relationship
183 # 3) Column name in *foreign* table
184 __PACKAGE__->has_many(map_user_role => 'MyAppDB::UserRole', 'user_id');
185
186
187 =head1 NAME
188
189 MyAppDB::User - A model object representing a person with access to the system.
190
191 =head1 DESCRIPTION
192
193 This is an object that represents a row in the 'users' table of your application
194 database. It uses DBIx::Class (aka, DBIC) to do ORM.
195
196 For Catalyst, this is designed to be used through MyApp::Model::MyAppDB.
197 Offline utilities may wish to use this class directly.
198
199 =cut
200
201 1;
202
203
204C<lib/MyAppDB/Role.pm>:
205
206 package MyAppDB::Role;
207
208 use base qw/DBIx::Class/;
209
210 # Load required DBIC stuff
211 __PACKAGE__->load_components(qw/PK::Auto Core/);
212 # Set the table name
213 __PACKAGE__->table('roles');
214 # Set columns in table
215 __PACKAGE__->add_columns(qw/id role/);
216 # Set the primary key for the table
217 __PACKAGE__->set_primary_key('id');
218
219 #
220 # Set relationships:
221 #
222
223 # has_many():
224 # args:
225 # 1) Name of relationship, DBIC will create accessor with this name
226 # 2) Name of the model class referenced by this relationship
227 # 3) Column name in *foreign* table
228 __PACKAGE__->has_many(map_user_role => 'MyAppDB::UserRole', 'role_id');
229
230
231 =head1 NAME
232
233 MyAppDB::Role - A model object representing a class of access permissions to
234 the system.
235
236 =head1 DESCRIPTION
237
238 This is an object that represents a row in the 'roles' table of your
239 application database. It uses DBIx::Class (aka, DBIC) to do ORM.
240
241 For Catalyst, this is designed to be used through MyApp::Model::MyAppDB.
242 "Offline" utilities may wish to use this class directly.
243
244 =cut
245
246 1;
247
248
249C<lib/MyAppDB/UserRole.pm>:
250
251 package MyAppDB::UserRole;
252
253 use base qw/DBIx::Class/;
254
255 # Load required DBIC stuff
256 __PACKAGE__->load_components(qw/PK::Auto Core/);
257 # Set the table name
258 __PACKAGE__->table('user_roles');
259 # Set columns in table
260 __PACKAGE__->add_columns(qw/user_id role_id/);
261 # Set the primary key for the table
262 __PACKAGE__->set_primary_key(qw/user_id role_id/);
263
264 #
265 # Set relationships:
266 #
267
268 # belongs_to():
269 # args:
270 # 1) Name of relationship, DBIC will create accessor with this name
271 # 2) Name of the model class referenced by this relationship
272 # 3) Column name in *this* table
273 __PACKAGE__->belongs_to(user => 'MyAppDB::User', 'user_id');
274
275 # belongs_to():
276 # args:
277 # 1) Name of relationship, DBIC will create accessor with this name
278 # 2) Name of the model class referenced by this relationship
279 # 3) Column name in *this* table
280 __PACKAGE__->belongs_to(role => 'MyAppDB::Role', 'role_id');
281
282
283 =head1 NAME
284
285 MyAppDB::UserRole - A model object representing the JOIN between Users and Roles.
286
287 =head1 DESCRIPTION
288
289 This is an object that represents a row in the 'user_roles' table of your application
290 database. It uses DBIx::Class (aka, DBIC) to do ORM.
291
292 You probably won't need to use this class directly -- it will be automatically
293 used by DBIC where joins are needed.
294
295 For Catalyst, this is designed to be used through MyApp::Model::MyAppDB.
296 Offline utilities may wish to use this class directly.
297
298 =cut
299
300 1;
301
302The code for these three result source classes is obviously very familiar to the C<Book>, C<Author>, and C<BookAuthor> classes created in Part 2.
303
304
305=head2 Sanity-Check Reload of Development Server
306
307We aren't ready to try out the authentication just yet; we only want to do a quick check to be sure our model loads correctly. Press C<Ctrl-C> to kill the previous server instance (if it's still running) and restart it:
308
309 $ script/myapp_server.pl
310
311Look for the three new model objects in the startup debug output:
312
313 ...
314 .-------------------------------------------------------------------+----------.
315 | Class | Type |
316 +-------------------------------------------------------------------+----------+
317 | MyApp::Controller::Books | instance |
318 | MyApp::Controller::Root | instance |
319 | MyApp::Model::MyAppDB | instance |
320 | MyApp::Model::MyAppDB::Author | class |
321 | MyApp::Model::MyAppDB::Book | class |
322 | MyApp::Model::MyAppDB::BookAuthor | class |
323 | MyApp::Model::MyAppDB::Role | class |
324 | MyApp::Model::MyAppDB::User | class |
325 | MyApp::Model::MyAppDB::UserRole | class |
326 | MyApp::View::TT | instance |
327 '-------------------------------------------------------------------+----------'
328 ...
329
330Again, notice that your "result source" classes have been "re-loaded" by Catalyst under C<MyApp::Model>.
331
332
333=head2 Include Authentication and Session Plugins
334
335Edit C<lib/MyApp.pm> and update it as follows (everything below C<DefaultEnd> is new):
336
337 use Catalyst qw/
338 -Debug
339 ConfigLoader
340 Static::Simple
341
4d583dd8 342 StackTrace
343 DefaultEnd
344
345 Authentication
346 Authentication::Store::DBIC
347 Authentication::Credential::Password
348
349 Session
350 Session::Store::FastMmap
351 Session::State::Cookie
352 /;
353
64ccd8a8 354The three C<Authentication> plugins work together to support
355Authentication while the C<Session> plugins are required to maintain
356state across multiple HTTP requests. Note that there are several
357options for L<Session::Store|Catalyst::Plugin::Session::Store> (although
358L<Session::Store::FastMmap|Catalyst::Plugin::Session::Store::FastMmap>
359is generally a good choice if you are on Unix; try
360L<Cache::FileCache|Catalyst::Plugin::Cache::FileCache> if you are on
361Win32) -- consult L<Session::Store|Catalyst::Plugin::Session::Store> and
362its subclasses for additional information.
4d583dd8 363
4d583dd8 364=head2 Configure Authentication
365
64ccd8a8 366Although C<__PACKAGE__-E<gt>config(name =E<gt> 'value');> is still
367supported, newer Catalyst applications tend to place all configuration
368information in C<myapp.yml> and automatically load this information into
369C<MyApp-E<gt>config> using the
370L<ConfigLoader|Catalyst::Plugin::ConfigLoader> plugin.
4d583dd8 371
372Edit the C<myapp.yml> YAML and update it to match:
373
374 ---
375 name: MyApp
376 authentication:
377 dbic:
378 # Note this first definition would be the same as setting
379 # __PACKAGE__->config->{authentication}->{dbic}->{user_class} = 'MyAppDB::User'
380 # in lib/MyApp.pm (IOW, each hash key becomes a "name:" in the YAML file).
381 #
382 # This is the model object created by Catalyst::Model::DBIC from your
383 # schema (you created 'MyAppDB::User' but as the Catalyst startup
384 # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User').
385 # NOTE: Omit 'MyAppDB::Model' to avoid a component lookup issue in Catalyst 5.66
386 user_class: MyAppDB::User
387 # This is the name of the field in your 'users' table that contains the user's name
388 user_field: username
389 # This is the name of the field in your 'users' table that contains the password
390 password_field: password
391 # Other options can go here for hashed passwords
392
393Inline comments in the code above explain how each field is being used.
394
64ccd8a8 395B<TIP>: Although YAML uses a very simple and easy-to-ready format, it
396does require the use of a consistent level of indenting. Be sure you
397line up everything on a given 'level' with the same number of indents.
398Also, be sure not to use C<tab> characters (YAML does not support them
399because they are handled inconsistently across editors).
4d583dd8 400
4d583dd8 401=head2 Add Login and Logout Controllers
402
403Use the Catalyst create script to create two stub controller files:
404
405 $ script/myapp_create.pl controller Login
406 $ script/myapp_create.pl controller Logout
407
64ccd8a8 408B<NOTE>: You could easily use a single controller here. For example,
409you could have a C<User> controller with both C<login> and C<logout>
410actions. Remember, Catalyst is designed to be very flexible, and leaves
411such matters up to you, the designer and programmer.
4d583dd8 412
413Then open C<lib/MyApp/Controller/Login.pm> and add:
414
415 =head2 default
416
417 Login logic
418
419 =cut
420
421 sub default : Private {
422 my ($self, $c) = @_;
423
424 # Get the username and password from form
425 my $username = $c->request->params->{username} || "";
426 my $password = $c->request->params->{password} || "";
427
428 # If the username and password values were found in form
429 if ($username && $password) {
430 # Attempt to log the user in
431 if ($c->login($username, $password)) {
432 # If successful, then let them use the application
433 $c->response->redirect($c->uri_for('/books/list'));
434 return;
435 } else {
436 # Set an error message
437 $c->stash->{error_msg} = "Bad username or password.";
438 }
439 }
440
441 # If either of above don't work out, send to the login page
442 $c->stash->{template} = 'login.tt2';
443 }
444
64ccd8a8 445This controller fetches the C<username> and C<password> values from the
446login form and attempts to perform a login. If successful, it redirects
447the user to the book list page. If the login fails, the user will stay
448at the login page but receive an error message. If the C<username> and
449C<password> values are not present in the form, the user will be taken
450to the empty login form.
4d583dd8 451
452Next, create a corresponding method in C<lib/MyApp/Controller/Logout.pm>:
453
454 =head2 default
455
456 Logout logic
457
458 =cut
459
460 sub default : Private {
461 my ($self, $c) = @_;
462
463 # Clear the user's state
464 $c->logout;
465
71dedf57 466 # Send the user to the starting point
4d583dd8 467 $c->response->redirect($c->uri_for('/'));
468 }
469
470
471=head2 Add a Login Form TT Template Page
472
473Create a login form by opening C<root/src/login.tt2> and inserting:
474
475 [% META title = 'Login' %]
476
477 <!-- Login form -->
478 <form method="post" action=" [% Catalyst.uri_for('/login') %] ">
479 <table>
480 <tr>
481 <td>Username:</td>
482 <td><input type="text" name="username" size="40" /></td>
483 </tr>
484 <tr>
485 <td>Password:</td>
486 <td><input type="password" name="password" size="40" /></td>
487 </tr>
488 <tr>
489 <td colspan="2"><input type="submit" name="submit" value="Submit" /></td>
490 </tr>
491 </table>
492 </form>
493
494
495=head2 Add Valid User Check
496
64ccd8a8 497We need something that provides enforcement for the authentication
498mechanism -- a I<global> mechanism that prevents users who have not
499passed authentication from reaching any pages except the login page.
500This is generally done via an C<auto> action/method (prior to Catalyst
501v5.66, this sort of thing would go in C<MyApp.pm>, but starting in
502v5.66, the preferred location is C<lib/MyApp/Controller/Root.pm>).
4d583dd8 503
71dedf57 504Edit the existing C<lib/MyApp/Controller/Root.pm> class file and insert
505the following method:
4d583dd8 506
507 =head2 auto
508
509 Check if there is a user and, if not, forward to login page
510
511 =cut
512
513 # Note that 'auto' runs after 'begin' but before your actions and that
514 # 'auto' "chain" (all from application path to most specific class are run)
515 sub auto : Private {
516 my ($self, $c) = @_;
517
518 # Allow unauthenticated users to reach the login page
519 if ($c->request->path =~ /login/) {
520 return 1;
521 }
522
523 # If a user doesn't exist, force login
524 if (!$c->user_exists) {
525 # Dump a log message to the development server debug output
526 $c->log->debug('***Root::auto User not found, forwarding to /login');
527 # Redirect the user to the login page
528 $c->response->redirect($c->uri_for('/login'));
529 # Return 0 to cancel 'post-auto' processing and prevent use of application
530 return 0;
531 }
532
533 # User found, so return 1 to continue with processing after this 'auto'
534 return 1;
535 }
536
64ccd8a8 537B<Note:> Catalyst provides a number of different types of actions, such
538as C<Local>, C<Regex>, and C<Private>. You should refer to
71dedf57 539L<Catalyst::Manual::Intro> for a more detailed explanation, but the
540following bullet points provide a quick introduction:
4d583dd8 541
542=over 4
543
544=item *
545
64ccd8a8 546The majority of application use C<Local> actions for items that respond
547to user requests and C<Private> actions for those that do not directly
548respond to user input.
4d583dd8 549
550=item *
551
64ccd8a8 552There are five types of C<Private> actions: C<begin>, C<end>,
553C<default>, C<index>, and C<auto>.
4d583dd8 554
555=item *
556
64ccd8a8 557Unlike the other private C<Private> actions where only a single method
558is called for each request, I<every> auto action along the chain of
559namespaces will be called.
4d583dd8 560
561=back
562
64ccd8a8 563By placing the authentication enforcement code inside the C<auto> method
564of C<lib/MyApp/Controller/Root.pm> (or C<lib/MyApp.pm>), it will be
565called for I<every> request that is received by the entire application.
4d583dd8 566
4d583dd8 567=head2 Displaying Content Only to Authenticated Users
568
64ccd8a8 569Let's say you want to provide some information on the login page that
570changes depending on whether the user has authenticated yet. To do
571this, open C<root/src/login.tt2> in your editor and add the following
572lines to the bottom of the file:
4d583dd8 573
574 <p>
575 [%
576 # This code illustrates how certain parts of the TT
577 # template will only be shown to users who have logged in
578 %]
579 [% IF Catalyst.user %]
580 Please Note: You are already logged in as '[% Catalyst.user.username %]'.
581 You can <a href="[% Catalyst.uri_for('/logout') %]">logout</a> here.
582 [% ELSE %]
583 You need to log in to use this application.
584 [% END %]
585 [%#
586 Note that this whole block is a comment because the "#" appears
587 immediate after the "[%" (with no spaces in between). Although it
588 can be a handy way to temporarily "comment out" a whole block of
589 TT code, it's probably a little too subtle for use in "normal"
590 comments.
591 %]
592
64ccd8a8 593Although most of the code is comments, the middle few lines provide a
594"you are already logged in" reminder if the user returns to the login
595page after they have already authenticated. For users who have not yet
596authenticated, a "You need to log in..." message is displayed (note the
597use of an IF-THEN-ELSE construct in TT).
4d583dd8 598
599
600=head2 Try Out Authentication
601
64ccd8a8 602Press C<Ctrl-C> to kill the previous server instance (if it's still
603running) and restart it:
4d583dd8 604
605 $ script/myapp_server.pl
606
64ccd8a8 607B<IMPORTANT NOTE>: If you happen to be using Internet Explorer, you may
608need to use the command C<script/myapp_server.pl -k> to enable the
609keepalive feature in the development server. Otherwise, the HTTP
610redirect on successful login may not work correctly with IE (it seems to
611work without -k if you are running the web browser and development
612server on the same machine). If you are using browser a browser other
613than IE, it should work either way. If you want to make keepalive the
614default, you can edit C<script/myapp_server.pl> and change the
615initialization value for C<$keepalive> to C<1>. (You will need to do
616this every time you create a new Catalyst application or rebuild the
617C<myapp_server.pl> script.)
618
619Now trying going to L<http://localhost:3000/books/list> and you should
620be redirected to the login page, hitting Shift+Reload if necessary (the
621"You are already logged in" message should I<not> appear -- if it does,
71dedf57 622click the C<logout> button and try again). Note the C<***Root::auto User
623not found...> debug message in the development server output. Enter
624username C<test01> and password C<mypass>, and you should be taken to
625the Book List page.
4d583dd8 626
71dedf57 627Open C<root/src/books/list.tt2> and add the following lines to the
628bottom:
4d583dd8 629
630 <p>
631 <a href="[% Catalyst.uri_for('/login') %]">Login</a>
632 <a href="[% Catalyst.uri_for('form_create') %]">Create</a>
633 </p>
634
64ccd8a8 635Reload your browser and you should now see a "Login" link at the bottom
636of the page (as mentioned earlier, you can update template files without
637reloading the development server). Click this link to return to the
638login page. This time you I<should> see the "You are already logged in"
639message.
4d583dd8 640
64ccd8a8 641Finally, click the C<You can logout here> link on the C</login> page.
642You should stay at the login page, but the message should change to "You
643need to log in to use this application."
4d583dd8 644
645
4d583dd8 646=head1 USING PASSWORD HASHES
647
64ccd8a8 648In this section we increase the security of our system by converting
649from cleartext passwords to SHA-1 password hashes.
4d583dd8 650
64ccd8a8 651B<Note:> This section is optional. You can skip it and the rest of the
652tutorial will function normally.
4d583dd8 653
64ccd8a8 654Note that even with the techniques shown in this section, the browser
655still transmits the passwords in cleartext to your application. We are
656just avoiding the I<storage> of cleartext passwords in the database by
71dedf57 657using a SHA-1 hash. If you are concerned about cleartext passwords
658between the browser and your application, consider using SSL/TLS, made
659easy with the Catalyst plugin L<Catalyst::Plugin:RequireSSL>.
4d583dd8 660
661=head2 Get a SHA-1 Hash for the Password
662
64ccd8a8 663Catalyst uses the C<Digest> module to support a variety of hashing
664algorithms. Here we will use SHA-1 (SHA = Secure Hash Algorithm).
665First, we should compute the SHA-1 hash for the "mypass" password we are
666using. The following command-line Perl script provides a "quick and
667dirty" way to do this:
4d583dd8 668
669 $ perl -MDigest::SHA -e 'print Digest::SHA::sha1_hex("mypass"), "\n"'
670 e727d1464ae12436e899a726da5b2f11d8381b26
671 $
672
4d583dd8 673=head2 Switch to SHA-1 Password Hashes in the Database
674
64ccd8a8 675Next, we need to change the C<password> column of our C<users> table to
676store this hash value vs. the existing cleartext password. Open
677C<myapp03.sql> in your editor and enter:
4d583dd8 678
679 --
680 -- Convert passwords to SHA-1 hashes
681 --
682 UPDATE users SET password = 'e727d1464ae12436e899a726da5b2f11d8381b26' WHERE id = 1;
683 UPDATE users SET password = 'e727d1464ae12436e899a726da5b2f11d8381b26' WHERE id = 2;
684 UPDATE users SET password = 'e727d1464ae12436e899a726da5b2f11d8381b26' WHERE id = 3;
685
686Then use the following command to update the SQLite database:
687
688 $ sqlite3 myapp.db < myapp03.sql
689
64ccd8a8 690B<Note:> We are using SHA-1 hashes here, but many other hashing
691algorithms are supported. See C<Digest> for more information.
4d583dd8 692
64ccd8a8 693=head2 Enable SHA-1 Hash Passwords in
694C<Catalyst::Plugin::Authentication::Store::DBIC>
4d583dd8 695
64ccd8a8 696Edit C<myapp.yml> and update it to match (the C<password_type> and
697C<password_hash_type> are new, everything else is the same):
4d583dd8 698
699 ---
700 name: MyApp
701 authentication:
702 dbic:
703 # Note this first definition would be the same as setting
704 # __PACKAGE__->config->{authentication}->{dbic}->{user_class} = 'MyAppDB::User'
705 # in lib/MyApp.pm (IOW, each hash key becomes a "name:" in the YAML file).
706 #
707 # This is the model object created by Catalyst::Model::DBIC from your
708 # schema (you created 'MyAppDB::User' but as the Catalyst startup
709 # debug messages show, it was loaded as 'MyApp::Model::MyAppDB::User').
710 # NOTE: Omit 'MyAppDB::Model' to avoid a component lookup issue in Catalyst 5.66
711 user_class: MyAppDB::User
712 # This is the name of the field in your 'users' table that contains the user's name
713 user_field: username
714 # This is the name of the field in your 'users' table that contains the password
715 password_field: password
716 # Other options can go here for hashed passwords
717 # Enabled hashed passwords
718 password_type: hashed
719 # Use the SHA-1 hashing algorithm
720 password_hash_type: SHA-1
721
722
723=head2 Try Out the Hashed Passwords
724
64ccd8a8 725Press C<Ctrl-C> to kill the previous server instance (if it's still
726running) and restart it:
4d583dd8 727
728 $ script/myapp_server.pl
729
64ccd8a8 730You should now be able to go to L<http://localhost:3000/books/list> and
731login as before. When done, click the "Logout" link on the login page
732(or point your browser at L<http://localhost:3000/logout>).
4d583dd8 733
734=head1 AUTHOR
735
736Kennedy Clark, C<hkclark@gmail.com>
737
738Please report any errors, issues or suggestions to the author.
739
740Copyright 2006, Kennedy Clark. All rights reserved.
741
64ccd8a8 742This library is free software; you can redistribute it and/or modify it
743under the same terms as Perl itself.
4d583dd8 744
745Version: .94
746
The Perl MVC Framework (catagits@git.shadowcat.co.uk:Catalyst-Runtime.git)