subject:"\[Catalyst\] Legacy porting to auto\-authenticate a logged in user"

Re: [Catalyst] Legacy porting to auto-authenticate a logged in user

2007-12-23 Thread Ashley Pond V

You've hit it. You are better than my Teddy bear lately. I wasn't  
thinking straight. Since the password is coming from the DB instead  
of a user form, it's already in SHA1 so it should be treated for the  
sake of authentication as clear since SHA1 != SHA1(SHA1).


Thanks and to Peter for the other ideas for future debuggery, so to  
speak!


-Ashley

On Dec 23, 2007, at 10:29 AM, Jay K wrote:


Hi Ashley,

My guess is that your password hashing type in the db is different
from the password hashing type you defined for the Password  
credential.


Since your database does store the password in plaintext - why not set
password type to 'clear' - and set the password_field to password.
This should cause authentication to happen against your unencrypted
password and should work.

Jay


On Dec 23, 2007, at 10:10 AM, Ashley Pond V wrote:


Thanks for the idea. Didn't work. After following the code trail
back through a few namespaces and lots of config v class_data v 
eyes glaze over, I fixed it by setting the password_type to "none"
and merely authenticating on the "username."

This is fine in this case but it's obviously less than ideal. If
anyone has insight into what I'm doing wrong with my original
version, I'd love to hear it.

WORKING VERSION (username isn't guaranteed unique so I went with the
Id instead):

 $c->authenticate({ acctid => $user->acctid })
  or die "RC_403: " . $user->username . ": " . $user->acctid . "
failed to authenticate";

authentication:
  default_realm: users
  realms:
users:
  credential:
class: Password
password_type: none
#password_hash_type: SHA-1
#password_field: crypt_passwd
 store:
   class: DBIx::Class
   user_class: DB::User
   id_field: acctid


On Dec 22, 2007, at 3:44 AM, Peter Edwards wrote:


Try

   $c->authenticate({ acctid => $user->username,
  password => $user->password })
   or die "RC_403: " . $user->username . " failed to
authenticate";

Regards, Peter


-----Original Message-
From: Ashley Pond V [mailto:[EMAIL PROTECTED]
Sent: 22 December 2007 08:08
To: The elegant MVC web framework
Subject: [Catalyst] Legacy porting to auto-authenticate a logged in
user

I have what I first thought was a gimme (this is only tangentially
related to the questions I asked a few days ago; same app, different
DB and part). Legacy porting of a "login" with Authenticate where I
already have the user id and everything verified. I have tried many
permutations of arguments and setup.

The user has already logged into the legacy part of the app. So this
is the code that is not working but I think should.

   my $user_id = ...legacy fetch; working fine
   my $user = $c->model("DB::User")->find($user_id)
   or die "RC_403: No such user for id $user_id"; # also working
fine

   # this dies, I've verified the $user, username, and password are
correct
   $c->authenticate({ username => $user->username,
  password => $user->password })
   or die "RC_403: " . $user->username . " failed to
authenticate";

So. why? The legacy setup is a little strange so I think that  
must be

it. The user table's DBIC looks like this (password is plaintext,
legacy, and crypt_passwd is sha1 of it)-

 package MyApp::DB::User;
 use base qw/DBIx::Class/;
 __PACKAGE__->load_components(qw/PK::Auto Core/);
 __PACKAGE__->table('foo.account');
 __PACKAGE__->add_columns(qw/ acctid email fname lname password
crypt_passwd /);
 __PACKAGE__->set_primary_key('acctid');

 sub username {
 +shift->email;
 };

My config looks like this-

 authentication:
   default_realm: users
   realms:
 users:
   credential:
 class: Password
 password_field: crypt_passwd
 password_type: hashed
 password_hash_type: SHA-1
   store:
 class: DBIx::Class
 user_class: DB::User
 id_field: acctid


Thanks for looking!
-Ashley


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/ 
[EMAIL PROTECTED]/

Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/ 
[EMAIL PROTECTED]/

Dev site: http://dev.catalyst.perl.org/



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/ 
[EMAIL PROTECTED]/

Dev site: http://dev

Re: [Catalyst] Legacy porting to auto-authenticate a logged in user

2007-12-23 Thread Jay K


Hi Ashley,

My guess is that your password hashing type in the db is different
from the password hashing type you defined for the Password credential.

Since your database does store the password in plaintext - why not set
password type to 'clear' - and set the password_field to password.
This should cause authentication to happen against your unencrypted
password and should work.

Jay


On Dec 23, 2007, at 10:10 AM, Ashley Pond V wrote:


Thanks for the idea. Didn't work. After following the code trail
back through a few namespaces and lots of config v class_data v 
eyes glaze over, I fixed it by setting the password_type to "none"
and merely authenticating on the "username."

This is fine in this case but it's obviously less than ideal. If
anyone has insight into what I'm doing wrong with my original
version, I'd love to hear it.

WORKING VERSION (username isn't guaranteed unique so I went with the
Id instead):

 $c->authenticate({ acctid => $user->acctid })
  or die "RC_403: " . $user->username . ": " . $user->acctid . "
failed to authenticate";

authentication:
  default_realm: users
  realms:
users:
  credential:
class: Password
password_type: none
#password_hash_type: SHA-1
#password_field: crypt_passwd
 store:
   class: DBIx::Class
   user_class: DB::User
   id_field: acctid


On Dec 22, 2007, at 3:44 AM, Peter Edwards wrote:


Try

   $c->authenticate({ acctid => $user->username,
  password => $user->password })
   or die "RC_403: " . $user->username . " failed to
authenticate";

Regards, Peter


-Original Message-----
From: Ashley Pond V [mailto:[EMAIL PROTECTED]
Sent: 22 December 2007 08:08
To: The elegant MVC web framework
Subject: [Catalyst] Legacy porting to auto-authenticate a logged in
user

I have what I first thought was a gimme (this is only tangentially
related to the questions I asked a few days ago; same app, different
DB and part). Legacy porting of a "login" with Authenticate where I
already have the user id and everything verified. I have tried many
permutations of arguments and setup.

The user has already logged into the legacy part of the app. So this
is the code that is not working but I think should.

   my $user_id = ...legacy fetch; working fine
   my $user = $c->model("DB::User")->find($user_id)
   or die "RC_403: No such user for id $user_id"; # also working
fine

   # this dies, I've verified the $user, username, and password are
correct
   $c->authenticate({ username => $user->username,
  password => $user->password })
   or die "RC_403: " . $user->username . " failed to
authenticate";

So. why? The legacy setup is a little strange so I think that must be
it. The user table's DBIC looks like this (password is plaintext,
legacy, and crypt_passwd is sha1 of it)-

 package MyApp::DB::User;
 use base qw/DBIx::Class/;
 __PACKAGE__->load_components(qw/PK::Auto Core/);
 __PACKAGE__->table('foo.account');
 __PACKAGE__->add_columns(qw/ acctid email fname lname password
crypt_passwd /);
 __PACKAGE__->set_primary_key('acctid');

 sub username {
 +shift->email;
 };

My config looks like this-

 authentication:
   default_realm: users
   realms:
 users:
   credential:
 class: Password
 password_field: crypt_passwd
 password_type: hashed
 password_hash_type: SHA-1
   store:
 class: DBIx::Class
 user_class: DB::User
 id_field: acctid


Thanks for looking!
-Ashley


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/


---
America will never be destroyed from the outside. If we falter and
lose our freedoms, it will be because we destroyed ourselves. --
Abraham Lincoln



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

RE: [Catalyst] Legacy porting to auto-authenticate a logged in user

2007-12-23 Thread Peter Edwards

Oh well, worth a shot.
I had a similar problem and ended up in the bowels of the auth code with the
perl debugger to try and figure out the correct params. I also wanted to be
able to hook up to a legacy passwd db and it was a bit tricky to get it
working.
If you want to try this, stick a
  $DB::single = 1;
in your site_perl library Catalyst/Plugin/Authentication.pm in sub
authenticate()
and then run the test server with perl -d scripts/myapp_server.pl.
Use your web browser to try and login, and in the debugger step into the
auth handling to see what is going on.
There's a page I wrote on using the perl debugger with Catalyst that may
help: http://dev.catalyst.perl.org/wiki/DebugSample

Regards, Peter
http://perl.dragonstaff.co.uk

-Original Message-
From: Ashley Pond V [mailto:[EMAIL PROTECTED] 
Sent: 23 December 2007 17:11
To: The elegant MVC web framework
Subject: Re: [Catalyst] Legacy porting to auto-authenticate a logged in user

Thanks for the idea. Didn't work. After following the code trail back  
through a few namespaces and lots of config v class_data v  eyes  
glaze over, I fixed it by setting the password_type to "none" and  
merely authenticating on the "username."

This is fine in this case but it's obviously less than ideal. If  
anyone has insight into what I'm doing wrong with my original  
version, I'd love to hear it.

WORKING VERSION (username isn't guaranteed unique so I went with the  
Id instead):

   $c->authenticate({ acctid => $user->acctid })
or die "RC_403: " . $user->username . ": " . $user->acctid .  
" failed to authenticate";

  authentication:
default_realm: users
realms:
  users:
credential:
  class: Password
  password_type: none
#password_hash_type: SHA-1
#password_field: crypt_passwd
   store:
 class: DBIx::Class
 user_class: DB::User
 id_field: acctid

On Dec 22, 2007, at 3:44 AM, Peter Edwards wrote:

> Try
>
> $c->authenticate({ acctid => $user->username,
>password => $user->password })
> or die "RC_403: " . $user->username . " failed to  
> authenticate";
>

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Legacy porting to auto-authenticate a logged in user

2007-12-23 Thread Ashley Pond V

Thanks for the idea. Didn't work. After following the code trail back  
through a few namespaces and lots of config v class_data v  eyes  
glaze over, I fixed it by setting the password_type to "none" and  
merely authenticating on the "username."


This is fine in this case but it's obviously less than ideal. If  
anyone has insight into what I'm doing wrong with my original  
version, I'd love to hear it.


WORKING VERSION (username isn't guaranteed unique so I went with the  
Id instead):


  $c->authenticate({ acctid => $user->acctid })
   or die "RC_403: " . $user->username . ": " . $user->acctid .  
" failed to authenticate";


 authentication:
   default_realm: users
   realms:
 users:
   credential:
 class: Password
 password_type: none
#password_hash_type: SHA-1
#password_field: crypt_passwd
  store:
class: DBIx::Class
user_class: DB::User
id_field: acctid


On Dec 22, 2007, at 3:44 AM, Peter Edwards wrote:


Try

$c->authenticate({ acctid => $user->username,
   password => $user->password })
or die "RC_403: " . $user->username . " failed to  
authenticate";


Regards, Peter


-Original Message-
From: Ashley Pond V [mailto:[EMAIL PROTECTED]
Sent: 22 December 2007 08:08
To: The elegant MVC web framework
Subject: [Catalyst] Legacy porting to auto-authenticate a logged in  
user


I have what I first thought was a gimme (this is only tangentially
related to the questions I asked a few days ago; same app, different
DB and part). Legacy porting of a "login" with Authenticate where I
already have the user id and everything verified. I have tried many
permutations of arguments and setup.

The user has already logged into the legacy part of the app. So this
is the code that is not working but I think should.

my $user_id = ...legacy fetch; working fine
my $user = $c->model("DB::User")->find($user_id)
or die "RC_403: No such user for id $user_id"; # also working
fine

# this dies, I've verified the $user, username, and password are
correct
$c->authenticate({ username => $user->username,
   password => $user->password })
or die "RC_403: " . $user->username . " failed to  
authenticate";


So. why? The legacy setup is a little strange so I think that must be
it. The user table's DBIC looks like this (password is plaintext,
legacy, and crypt_passwd is sha1 of it)-

  package MyApp::DB::User;
  use base qw/DBIx::Class/;
  __PACKAGE__->load_components(qw/PK::Auto Core/);
  __PACKAGE__->table('foo.account');
  __PACKAGE__->add_columns(qw/ acctid email fname lname password
crypt_passwd /);
  __PACKAGE__->set_primary_key('acctid');

  sub username {
  +shift->email;
  };

My config looks like this-

  authentication:
default_realm: users
realms:
  users:
credential:
  class: Password
  password_field: crypt_passwd
  password_type: hashed
  password_hash_type: SHA-1
store:
  class: DBIx::Class
  user_class: DB::User
  id_field: acctid


Thanks for looking!
-Ashley


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/ 
[EMAIL PROTECTED]/

Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/ 
[EMAIL PROTECTED]/

Dev site: http://dev.catalyst.perl.org/



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

RE: [Catalyst] Legacy porting to auto-authenticate a logged in user

2007-12-22 Thread Peter Edwards

Try

$c->authenticate({ acctid => $user->username,
   password => $user->password })
or die "RC_403: " . $user->username . " failed to authenticate";

Regards, Peter


-Original Message-
From: Ashley Pond V [mailto:[EMAIL PROTECTED] 
Sent: 22 December 2007 08:08
To: The elegant MVC web framework
Subject: [Catalyst] Legacy porting to auto-authenticate a logged in user

I have what I first thought was a gimme (this is only tangentially  
related to the questions I asked a few days ago; same app, different  
DB and part). Legacy porting of a "login" with Authenticate where I  
already have the user id and everything verified. I have tried many  
permutations of arguments and setup.

The user has already logged into the legacy part of the app. So this  
is the code that is not working but I think should.

my $user_id = ...legacy fetch; working fine
my $user = $c->model("DB::User")->find($user_id)
or die "RC_403: No such user for id $user_id"; # also working  
fine

# this dies, I've verified the $user, username, and password are  
correct
$c->authenticate({ username => $user->username,
   password => $user->password })
or die "RC_403: " . $user->username . " failed to authenticate";

So. why? The legacy setup is a little strange so I think that must be  
it. The user table's DBIC looks like this (password is plaintext,  
legacy, and crypt_passwd is sha1 of it)-

  package MyApp::DB::User;
  use base qw/DBIx::Class/;
  __PACKAGE__->load_components(qw/PK::Auto Core/);
  __PACKAGE__->table('foo.account');
  __PACKAGE__->add_columns(qw/ acctid email fname lname password  
crypt_passwd /);
  __PACKAGE__->set_primary_key('acctid');

  sub username {
  +shift->email;
  };

My config looks like this-

  authentication:
default_realm: users
realms:
  users:
credential:
  class: Password
  password_field: crypt_passwd
  password_type: hashed
  password_hash_type: SHA-1
store:
  class: DBIx::Class
  user_class: DB::User
  id_field: acctid


Thanks for looking!
-Ashley


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

[Catalyst] Legacy porting to auto-authenticate a logged in user

2007-12-22 Thread Ashley Pond V

I have what I first thought was a gimme (this is only tangentially  
related to the questions I asked a few days ago; same app, different  
DB and part). Legacy porting of a "login" with Authenticate where I  
already have the user id and everything verified. I have tried many  
permutations of arguments and setup.


The user has already logged into the legacy part of the app. So this  
is the code that is not working but I think should.


   my $user_id = ...legacy fetch; working fine
   my $user = $c->model("DB::User")->find($user_id)
   or die "RC_403: No such user for id $user_id"; # also working  
fine


   # this dies, I've verified the $user, username, and password are  
correct

   $c->authenticate({ username => $user->username,
  password => $user->password })
   or die "RC_403: " . $user->username . " failed to authenticate";

So… why? The legacy setup is a little strange so I think that must be  
it. The user table's DBIC looks like this (password is plaintext,  
legacy, and crypt_passwd is sha1 of it)-


 package MyApp::DB::User;
 use base qw/DBIx::Class/;
 __PACKAGE__->load_components(qw/PK::Auto Core/);
 __PACKAGE__->table('foo.account');
 __PACKAGE__->add_columns(qw/ acctid email fname lname password  
crypt_passwd /);

 __PACKAGE__->set_primary_key('acctid');

 sub username {
 +shift->email;
 };

My config looks like this-

 authentication:
   default_realm: users
   realms:
 users:
   credential:
 class: Password
 password_field: crypt_passwd
 password_type: hashed
 password_hash_type: SHA-1
   store:
 class: DBIx::Class
 user_class: DB::User
 id_field: acctid


Thanks for looking!
-Ashley


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Legacy porting to auto-authenticate a logged in user

Re: [Catalyst] Legacy porting to auto-authenticate a logged in user

RE: [Catalyst] Legacy porting to auto-authenticate a logged in user

Re: [Catalyst] Legacy porting to auto-authenticate a logged in user

RE: [Catalyst] Legacy porting to auto-authenticate a logged in user

[Catalyst] Legacy porting to auto-authenticate a logged in user

6 matches

Site Navigation

Mail list logo

Footer information