On Mar 11, 2008, at 11:37 AM, Ash Berlin wrote:
On 11 Mar 2008, at 18:33, Jim Spath wrote:
I'm currently using password authentication in a Catalyst app, but
would like to implement a way to log in as a particular user,
without knowing the password. (Please don't respond with "don't
do this"... I'm aware of the security ramifications of this kind
of functionality).
I'll already have all the information on the user, except for
their password, since we hash the password before storing it.
The end goal would be to have an authenticated session.
Thanks!
- Jim
Untested. I believe authenticate() will authenticate anything it
matches.
if ( $super_secret_your_responsibility_server_side_something )
{
$c->authenticate({ email => $c->request->body_params->
{'email'}, # unique!
});
}
else # normal login
{
$c->authenticate({ email => $c->request->body_params->
{'email'},
password => sha1_hex($c->request-
>body_params->{'password'})
});
}
*WARNING* might not work with the new auth framework. But here's
some code:
sub login_as : Local Args(1) {
my ($self, $c, $user_id) = @_;
$c->res->redirect($c->uri_for()) if $user_id =~ /\D/;
my $user = $c->model('DBIC::User')->find($user_id);
if ($user) {
$c->set_authenticated($c->find_user({ id => $user->email}));
$c->flash(message => "Logged in as @{[$user->email]}");
}
return $c->res->redirect('/');
}
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
