On 11 Mar 2008, at 18:33, Jim Spath wrote:
I'm currently using password authentication in a Catalyst app, but
would like to implement a way to log in as a particular user,
without knowing the password. (Please don't respond with "don't do
this"... I'm aware of the security ramifications of this kind of
functionality).
I'll already have all the information on the user, except for their
password, since we hash the password before storing it.
The end goal would be to have an authenticated session.
Thanks!
- Jim
*WARNING* might not work with the new auth framework. But here's some
code:
sub login_as : Local Args(1) {
my ($self, $c, $user_id) = @_;
$c->res->redirect($c->uri_for()) if $user_id =~ /\D/;
my $user = $c->model('DBIC::User')->find($user_id);
if ($user) {
$c->set_authenticated($c->find_user({ id => $user->email}));
$c->flash(message => "Logged in as @{[$user->email]}");
}
return $c->res->redirect('/');
}
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
