[Catalyst] Authentication gotchas
Yuval Kogman
nothingmuch at woobling.org
Fri Dec 16 14:17:21 CET 2005
On Fri, Dec 16, 2005 at 10:42:46 +0000, Nigel Metheringham wrote:
> The authentication documentation examples, including the one in the
> advent calendar:-
> http://catalyst.perl.org/calendar/2005/14
>
> pretty much all have the same set of example code, eg:-
> use Catalyst qw/Authentication
> ...
>
> sub login : Local {
> my ($self, $c) = @_;
>
> if ( my $user = $c->req->param("user")
> and my $password = $c->req->param("password") )
> {
> if ( $c->login( $user, $password ) ) {
> $c->res->body( "hello " . $c->user->name );
> } else {
> # login incorrect
> }
> }
> else {
> # invalid form input
> }
> }
>
> Unfortunately as written these tend to do interesting and unintended
> things if you put them into the main app module. [Hint: what class is
> $c? What happens when the login method calls $c->login($user,
> $pass)?? ]
Yeah, that's a hell of a gotcha... I always place the login action
in MyApp::Controller::Auth, but that should be documented.
I think the problem is actually with Catalyst though - there's no
benefit in mushing the plugin and action namespaces together, in my
opinion.
Perhaps it's too late for that now, though.
--
() Yuval Kogman <nothingmuch at woobling.org> 0xEBD27418 perl hacker &
/\ kung foo master: /me tips over a cow: neeyah!!!!!!!!!!!!!!!!!!!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.rawmode.org/pipermail/catalyst/attachments/20051216/9ee1f00e/attachment.pgp
More information about the Catalyst
mailing list