Catalyst::AuthenticatiUserCCoCatalyst::Authentication::Credential::Password(3)NAMECatalyst::Authentication::Credential::Password - Authenticate a user
with a password.
SYNOPSIS
use Catalyst qw/
Authentication
/;
package MyApp::Controller::Auth;
sub login : Local {
my ( $self, $c ) = @_;
$c->authenticate( { username => $c->req->param('username'),
password => $c->req->param('password') });
}
DESCRIPTION
This authentication credential checker takes authentication information
(most often a username) and a password, and attempts to validate the
password provided against the user retrieved from the store.
CONFIGURATION
# example
__PACKAGE__->config('Plugin::Authentication' =>
{
default_realm => 'members',
realms => {
members => {
credential => {
class => 'Password',
password_field => 'password',
password_type => 'hashed',
password_hash_type => 'SHA-1'
},
...
The password module is capable of working with several different
password encryption/hashing algorithms. The one the module uses is
determined by the credential configuration.
Those who have used Catalyst::Plugin::Authentication prior to the 0.10
release should note that the password field and type information is no
longer part of the store configuration and is now part of the Password
credential configuration.
class
The classname used for Credential. This is part of
Catalyst::Plugin::Authentication and is the method by which
Catalyst::Authentication::Credential::Password is loaded as the
credential validator. For this module to be used, this must be set
to 'Password'.
password_field
The field in the user object that contains the password. This will
vary depending on the storage class used, but is most likely
something like 'password'. In fact, this is so common that if this
is left out of the config, it defaults to 'password'. This field is
obtained from the user object using the get() method. Essentially:
$user->get('passwordfieldname'); NOTE If the password_field is
something other than 'password', you must be sure to use that same
field name when calling $c->authenticate().
password_type
This sets the password type. Often passwords are stored in crypted
or hashed formats. In order for the password module to verify the
plaintext password passed in, it must be told what format the
password will be in when it is retreived from the user object. The
supported options are:
none No password check is done. An attempt is made to retrieve
the user based on the information provided in the
$c->authenticate() call. If a user is found, authentication
is considered to be successful.
clear The password in user is in clear text and will be compared
directly.
self_check
This option indicates that the password should be passed to
the check_password() routine on the user object returned
from the store.
crypted The password in user is in UNIX crypt hashed format.
salted_hash
The password in user is in salted hash format, and will be
validated using Crypt::SaltedHash. If this password type
is selected, you should also provide the password_salt_len
config element to define the salt length.
hashed If the user object supports hashed passwords, they will be
used in conjunction with Digest. The following config
elements affect the hashed configuration:
password_hash_type
The hash type used, passed directly to "new" in
Digest.
password_pre_salt
Any pre-salt data to be passed to "add" in Digest
before processing the password.
password_post_salt
Any post-salt data to be passed to "add" in Digest
after processing the password.
USAGE
The Password credential module is very simple to use. Once configured
as indicated above, authenticating using this module is simply a matter
of calling $c->authenticate() with an authinfo hashref that includes
the password element. The password element should contain the password
supplied by the user to be authenticated, in clear text. The other
information supplied in the auth hash is ignored by the Password
module, and simply passed to the auth store to be used to retrieve the
user. An example call follows:
if ($c->authenticate({ username => $username,
password => $password} )) {
# authentication successful
} else {
# authentication failed
}
METHODS
There are no publicly exported routines in the Password module (or
indeed in most credential modules.) However, below is a description of
the routines required by Catalyst::Plugin::Authentication for all
credential modules.
new( $config, $app, $realm )
Instantiate a new Password object using the configuration hash provided
in $config. A reference to the application is provided as the second
argument. Note to credential module authors: new() is called during
the application's plugin setup phase, which is before the application
specific controllers are loaded. The practical upshot of this is that
things like $c->model(...) will not function as expected.
authenticate( $authinfo, $c )
Try to log a user in, receives a hashref containing authentication
information as the first argument, and the current context as the
second.
check_password( )
perl v5.14.1Catalyst::Authentication::Credential::Password(3)
