Hi, I stumbled upon a feature of the Authentication Plugin today (Yes I was the guy who used Ash's cardboard cutout programmer service earlier today on #catalyst, so thanks again, Ash ;-)
My configuration was something like this: authentication: default_realm: users realms: users: credential: class: Password user_field: login password_field: password password_type: clear store: class: DBIx::Class user_class: MyAppDB::Users role_class: MyAppDB::Roles role_field: title role_relation: user_roles user_role_user_field: user_id but the $userinfo hash I passed to the authenticate() method looked like this my $userinfo = { username => $login, password => $password} Thus, Catalyst logged in the first user in the MyAppDB::Users table if I provided the correct password regardless of what I supplied as a login (ok, the latter is obvious). Does the plugin try to DWIM by using the first user it happens to stumble upon and using his primary key as the login field? This is what I suspect because the (test-)user in question happened to have "1" as his primary key as well as in the 'login'-column. Maybe this is because of my limited idea of what $userinfo can be, but wouldn't a warning be suitable in such a case? Thanks, Jochen _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/