[Catalyst] Authentication and architecture
Jon Molin
jon.molin at gmail.com
Tue Dec 20 02:19:00 CET 2005
On 12/19/05, Yuval Kogman <nothingmuch at woobling.org> wrote:
>
> On Mon, Dec 19, 2005 at 19:46:47 +0100, Jon Molin wrote:
[cuting hard in message]
For example, if you want to use sessions you load the session
> plugin, and then you load the store plugin for the backend you want
> (Session::Store::DBI, Session::Store::FastMmap, etc - but not
> Session::Store itself which is just a base class), and the state
> plugin - like Session::State::Cookie.
>
> Then the Session plugin will use Session::State::Cookie and
> Session::Store::FastMmap to manage the session automatically.
>
> Authentication is similar:
>
> use Catalyst qw/
> -Debug
>
> Session
> Session::Store::FastMmap
> Session::State::Cookie
>
> Authentication
> Authentication::Store::DBIC
> Authentication::Credential::Password
> /;
Used what you have there but swaped FastMmap for Session::Store::CDBI and
added ::ACL.
This is probably what you wanted. It means that you'll be using
> Cache::FastMmap to store the session data, cookies to maintain the
> session state across requests, DBIx::Class or Class::DBI to store
> users in a database table, and login/password to verify the users.
>
> > My plan was to have /, /login and /register
> > accessible to all and let my ::C::Member module handle all sessions,
> account
> > creation/modifications and logins/logouts.
>
> ( Are you using an up to date version of Catalyst? Please double
> check. )
I wasn't. Used debian testing giving me 5.57, but have now installed
5.61from CPAN. If ::C:: made you think I used an old version was it
just me
being lazy, the generated code was in ::Controller:: format.
package MyApp::Controller::Member;
>
> sub login : Global {
> my ( $self, $c ) = @_;
>
> $c->login; # should be enough if you use standard form
> # parameters... See
> # Catalyst::Plugin::Authentication::Credential::Password's
> # documenation
>
> $c->stash->{template} = 'login.tt'; # displays login
> # successful [% IF c.user_exists %], failed otherwise
> }
I've put this in the controller
> I think you really want Catalyst::Plugin::Authorization::ACL. This
> code should be enough to make the checks happen automatically:
I've added ACL and these, so I'll always end up at the login, untill I get
it working:
__PACKAGE__->deny_access_unless( "/", sub {0});
__PACKAGE__->allow_access_if( "/member", sub { 1 } );
__PACKAGE__->allow_access_if( "/page/default", sub { 1 } );
__PACKAGE__->allow_access_if( "end", sub { 1 } );
> $c->res->redirect( $c->uri_for( $login_path ) );
>
> but you can probably handle this better without redirects.
I suspect this is where I'm having problems now. Making it understand where
to go when it realises the user hasn't access to anything but the login and
register. Now I get this:
.----------------------+-----------------------------+--------------.
| Private | Class | Method |
+----------------------+-----------------------------+--------------+
| /default | MyApp | default |
| /end | MyApp | end |
| /begin | MyApp | begin |
| /member/name | MyApp::Controller::Member | name |
| /member/login | MyApp::Controller::Member | login |
| /member/register | MyApp::Controller::Member | register |
| /page/default | MyApp::Controller::Page | default |
'----------------------+-----------------------------+--------------'
| Path |
Private |
+-------------------------------------+---------------------------------------+
| /login |
/member/login |
| /member/name | /member/name |
| /member/register | /member/register |
| /page/default | /page/default |
'--------------------------------------+---------------------------------------'
[ ... ACL reg stuff ...]
[debug] "GET" request for "page/default" from "127.0.0.1"
[debug] Path is "page/default"
[debug] running ACL rule CODE(0x89d1a3c) defined at
/www/docs/MyApp/lib/MyApp.pm line 60 on begin
[debug] running ACL rule CODE(0x8f84808) defined at
/www/docs/MyApp/lib/MyApp.pm line 64 on end
[debug] Access to end allowed by rule CODE(0x8f84808) (defined at
/www/docs/MyApp/lib/MyApp.pm line 64)
[debug] Rendering template "index.html"
[error] Caught exception "Can't call method "name" on unblessed reference at
/usr/local/share/perl/5.8.7/Catalyst.pm line 919."
my acl rules where above and I used the login function you suggested.
If I set:
__PACKAGE__->deny_access_unless( "/", sub {1});
And try accessing page/default (just a dummy hello catalyst page) I get the
page I request, as expected since there's no longer a rule restricting it.
In http://dev.catalyst.perl.org/wiki/Faq_ref#au.1 did I see an example using
begin (guess it's the depricated way) and adding that code and keeping sub
{1} gives me the login page for all pages, like it claims to do.
What I can't understand is how to tell Authorization::ACL where to go when
login is required, I'd suspect it defaults to to /login but since that seems
like a loaded path must my guess be wrong.
> ps the example 'Hops' you link to from your first page doesn't work, I
> dunno
> > for how long it's been like that but I guess it'd be good to fix Hops or
> > temporarily remove the link as it confuses
>
> This is actually a very informative mail in general - you've really
> helped us get some direction in terms of where our documentation
> efforts should go in, how clearly we should document that things are
> deprecated, and how to improve our error handling.
>
> Thanks!
Thanks for the good reply and sorry for my huge post. Just wanted to try to
fit all in there.
I understand you're (the catalyst team) in transition, the documentation is
imo really confusing with newer plugins not listed, and examples with new
plugins linking to ones with
old.<http://search.cpan.org/dist/Catalyst/lib/Catalyst/Manual/Cookbook.pod#Authentication_with_Catalyst%3A%3APlugin%3A%3AAuthentication%3A%3ACDBI>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rawmode.org/pipermail/catalyst/attachments/20051220/cf236d46/attachment.htm
More information about the Catalyst
mailing list