Re: [Catalyst] HTTP authentication with DBIx::Class
Hi, thanks for confirming, that I didn't miss anything. I have – for now – resolved to something similar: my ($username,$password) = $c->req->headers->authorization_basic; my ($u,$d) = split(/\@/,$username); $c->req->headers->authorization_basic($u,$password); my $res = $c->authenticate({}, $realm); if($c->user_exists) { $c->log->debug("checking '".$c->user->domain->domain."' against '$d'"); if ($c->user->domain->domain ne $d) { $c->user->logout; $c->log->warn("invalid api http login from '".$c->req->address."'"); my $r = $c->get_auth_realm($realm); $r->credential->authorization_required_response($c, $r); return; } ... } else { $c->log->warn("invalid api http login from '".$c->req->address."'"); my $r = $c->get_auth_realm($realm); $r->credential->authorization_required_response($c, $r); return; } If I get around to it, I'll consider extending Catalyst::Authentication::Credential::HTTP because this sounds like a useful feature. -Gerhard On 2016-05-17 11:45, Dermot wrote: We had a similar problem at $work. To get what we wanted we had to stop using the HTTP plugin and do something like this (warning: hand-written, un-tested code follows) in the Root controller. my ( $username, $password ) = $c->request->headers->authorization_basic; my $logged_in_user; if ( defined $username && defined $password ) { some_method_in_users_that_concatenates_and_athenticates($username, $password); } if ($logged_in_user) { $c->stash(user => $logged_in_user; ... } else { $c->response->header('WWW-Authenticate' => 'Basic realm="MyRealm"); $c->response->content_type('text/plain'); $c->response->status(401); $c->detach(); } HTH, Dermot On 13 May 2016 at 16:32, Gerhard Jungwirth <gjungwi...@sipwise.com <mailto:gjungwi...@sipwise.com>> wrote: Hi, I am using Catalyst::Authentication::Store::DBIx::Class and Catalyst::Authentication::Credential::HTTP with the following configuration: my_realm => { credential => { class => 'HTTP', type => 'basic', username_field => 'username', password_field => 'password', password_type => 'clear', }, store => { class => 'DBIx::Class', user_model => 'DB::my_user_table', }, }, Which works great. The thing is: I want the user to authenticate in the form "username@domain:password" using HTTP Basic Authentication, where username and domain are checked against separate fields in my DBIx::Class table. (Ideally, domain is checked against a related table in my schema) Is that supported? If not, can it be added? If not, how do you suggest I implement that? Thanks and Cheers, Gerhard ___ List: Catalyst@lists.scsys.co.uk <mailto:Catalyst@lists.scsys.co.uk> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] HTTP authentication with DBIx::Class
We had a similar problem at $work. To get what we wanted we had to stop using the HTTP plugin and do something like this (warning: hand-written, un-tested code follows) in the Root controller. my ( $username, $password ) = $c->request->headers->authorization_basic; my $logged_in_user; if ( defined $username && defined $password ) { some_method_in_users_that_concatenates_and_athenticates($username, $password); } if ($logged_in_user) { $c->stash(user => $logged_in_user; ... } else { $c->response->header('WWW-Authenticate' => 'Basic realm="MyRealm"); $c->response->content_type('text/plain'); $c->response->status(401); $c->detach(); } HTH, Dermot On 13 May 2016 at 16:32, Gerhard Jungwirth <gjungwi...@sipwise.com> wrote: > Hi, > > I am using Catalyst::Authentication::Store::DBIx::Class and > Catalyst::Authentication::Credential::HTTP with the following > configuration: > > my_realm => { > credential => { > class => 'HTTP', > type => 'basic', > username_field => 'username', > password_field => 'password', > password_type => 'clear', > }, > store => { > class => 'DBIx::Class', > user_model => 'DB::my_user_table', > }, > }, > > Which works great. The thing is: I want the user to authenticate in the > form "username@domain:password" using HTTP Basic Authentication, where > username and domain are checked against separate fields in my DBIx::Class > table. (Ideally, domain is checked against a related table in my schema) > > Is that supported? If not, can it be added? If not, how do you suggest I > implement that? > > Thanks and Cheers, > Gerhard > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] HTTP authentication with DBIx::Class
Hi, I am using Catalyst::Authentication::Store::DBIx::Class and Catalyst::Authentication::Credential::HTTP with the following configuration: my_realm => { credential => { class => 'HTTP', type => 'basic', username_field => 'username', password_field => 'password', password_type => 'clear', }, store => { class => 'DBIx::Class', user_model => 'DB::my_user_table', }, }, Which works great. The thing is: I want the user to authenticate in the form "username@domain:password" using HTTP Basic Authentication, where username and domain are checked against separate fields in my DBIx::Class table. (Ideally, domain is checked against a related table in my schema) Is that supported? If not, can it be added? If not, how do you suggest I implement that? Thanks and Cheers, Gerhard ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst authentication w/ CAS
Hmm, I have now (sorry, didn't occur to me to look there). If I create a new skeleton app using that, it kicks out to our CAS server as expected, but after authenticating there I end up in the if( $c->authenticate ) else block with Access Denied. So I have two things to sort out now: 1) find the difference between the example app below and mine that allows it to successfully call CAS, and 2) determine why $c->authenticate is being evaluated as false. Aloha, -baron On Wed, 9 Sep 2015, David Schmidt wrote: Have you looked at the test application of the CAS module? https://metacpan.org/source/KKANE/Catalyst-Authentication-Credential-CAS-0.05/t/lib/MyApp/lib/MyApp.pm On 9 September 2015 at 05:40, Baron Fujimoto <catalystframework@monkeybutt.com> wrote: Hello, ObWarning: Total Catalyst noob here. I'm fairly familiar with Perl, but am just getting started with Catalyst. I'm more used to back-end, or command line type perl applications and utilities, but now I'm trying to develop a fairly simple web application and my survey of options turned up Catalyst. So far I've run through the tutorials up through Authorization at <https://metacpan.org/pod/Catalyst::Manual::Tutorial>, though I won't pretend I've grokked most of it yet. One of the reasons I've decided to try Catalyst, is that I would like to authenticate the app's users with JASIG's CAS, and I noted that there's a Catalyst::Authentication::Credential::CAS module. Is there a more fleshed out example of using this than in the metacpan documentation? I'm starting with trying to add CAS authentication to what is basically the Tutorial's Hello World app at the end of <https://metacpan.org/pod/Catalyst::Manual::Tutorial::02_CatalystBasics> Per the Authentication tutorial and the documentation for Catalyst::Authentication::Credential::CAS, I have the following in lib/MyApp.pm: use Catalyst qw/ -Debug ConfigLoader Static::Simple StackTrace Authentication Session Session::Store::File Session::State::Cookie /; ... # modified to match the style in the AuthN tutorial __PACKAGE__->config( 'Plugin::Authentication' => { default_realm => 'default', default => { credential => { class => 'CAS', uri=> 'https://cas.example.com/cas', #username_field => 'username', # optional #version=> '2.0', # optional }, }, #store => { # ... #}, }, ); And in lib/MyApp/Controller/Root.pm: When the development server reloads, I get the following output: [debug] Debug messages enabled [debug] Statistics enabled [debug] Loaded Config ".../MyApp/myapp.conf" [debug] Setting up auth realm default [debug] No Store specified for realm "default", using the Null store. Global symbol "$c" requires explicit package name at +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 74. Global symbol "$c" requires explicit package name at +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 74. Global symbol "$c" requires explicit package name at +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 75. Global symbol "$c" requires explicit package name at +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 76. BEGIN not safe after errors--compilation aborted at +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 79. I had commented out 'store' in the Plugin::Authentication config hash since I wasn't sure what to use there yet, and at least it seems nominally ok with a "Null" store for now. I'm not sure why the global symbol errors though, since since $c is used in the other methods. I apologize for what are probably very basic questions, but I would appreciate any guidance here. Aloha, -baron ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst authentication w/ CAS
Have you looked at the test application of the CAS module? https://metacpan.org/source/KKANE/Catalyst-Authentication-Credential-CAS-0.05/t/lib/MyApp/lib/MyApp.pm On 9 September 2015 at 05:40, Baron Fujimoto <catalystframework@monkeybutt.com> wrote: > Hello, > > ObWarning: Total Catalyst noob here. I'm fairly familiar with Perl, but > am just getting started with Catalyst. I'm more used to back-end, or > command line type perl applications and utilities, but now I'm trying to > develop a fairly simple web application and my survey of options turned > up Catalyst. So far I've run through the tutorials up through > Authorization at <https://metacpan.org/pod/Catalyst::Manual::Tutorial>, > though I won't pretend I've grokked most of it yet. > > One of the reasons I've decided to try Catalyst, is that I would like to > authenticate the app's users with JASIG's CAS, and I noted that there's a > Catalyst::Authentication::Credential::CAS module. > > Is there a more fleshed out example of using this than in the metacpan > documentation? > > I'm starting with trying to add CAS authentication to what is basically > the Tutorial's Hello World app at the end of > <https://metacpan.org/pod/Catalyst::Manual::Tutorial::02_CatalystBasics> > > Per the Authentication tutorial and the documentation for > Catalyst::Authentication::Credential::CAS, I have the following in > lib/MyApp.pm: > > > use Catalyst qw/ > -Debug > ConfigLoader > Static::Simple > > StackTrace > > Authentication > > Session > Session::Store::File > Session::State::Cookie > /; > > ... > # modified to match the style in the AuthN tutorial > __PACKAGE__->config( > 'Plugin::Authentication' => { > default_realm => 'default', > default => { > credential => { > class => 'CAS', > uri=> 'https://cas.example.com/cas', > #username_field => 'username', # optional > #version=> '2.0', # optional > }, > }, > #store => { > # ... > #}, > }, > ); > > And in lib/MyApp/Controller/Root.pm: > > When the development server reloads, I get the following output: > > [debug] Debug messages enabled > [debug] Statistics enabled > [debug] Loaded Config ".../MyApp/myapp.conf" > [debug] Setting up auth realm default > [debug] No Store specified for realm "default", using the Null store. > Global symbol "$c" requires explicit package name at > +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 74. > Global symbol "$c" requires explicit package name at > +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 74. > Global symbol "$c" requires explicit package name at > +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 75. > Global symbol "$c" requires explicit package name at > +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 76. > BEGIN not safe after errors--compilation aborted at > +.../MyApp/script/../lib/MyApp/Controller/Root.pm line 79. > > I had commented out 'store' in the Plugin::Authentication config hash > since I wasn't sure what to use there yet, and at least it seems nominally > ok with a "Null" store for now. > > I'm not sure why the global symbol errors though, since since $c is used > in the other methods. > > I apologize for what are probably very basic questions, but I would > appreciate any guidance here. > > Aloha, > -baron > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] C::Authentication::Credential::MultiFactors and C::Authentication::Progressive
On Jul 23, 2013, at 12:58 AM, Ferruccio Zamuner nonsolos...@diff.org wrote: Hi, I'm a bit confused about user case when I can use Catalyst::Authentication::Realm::Progressive or when I can use Catalyst::Authentication::Credential::MultiFactor When have I to prefer one of them? They both look entirely similar. I'd prefer Catalyst::Authentication::Realm::Progressive, as it's already shipped with the auth plugin (and likely to be better maintained). Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] C::Authentication::Credential::MultiFactors and C::Authentication::Progressive
Hi, I'm a bit confused about user case when I can use Catalyst::Authentication::Realm::Progressive or when I can use Catalyst::Authentication::Credential::MultiFactor When have I to prefer one of them? Thank you in advance, \ferz Links: http://search.cpan.org/~bobtfish/Catalyst-Plugin-Authentication/lib/Catalyst/Authentication/Realm/Progressive.pm http://search.cpan.org/~tengu/Catalyst-Authentication-Credential-MultiFactor/lib/Catalyst/Authentication/Credential/MultiFactor.pm ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Missing Catalyst/Plugin/Authentication/Roles.pm
Hello Catalyst mavens, I'm working through the SneakyCat tutorial in chapter 8 of the The Definitive Guide to Catalyst. I've created and edited the files as described in the book, but when I start the development server, it complains that it can't find Catalyst::Plugin::Authentication::Roles.pm: jsocial@linux-b0go:‾/SneakyCat script/sneakycat_server.pl -r -d Can't locate Catalyst/Plugin/Authentication/Roles.pm in @INC (@INC contains: /home/jsocial/SneakyCat/script/../lib /home/jsocial/perl5/lib/perl5/i586-linux-thread-multi /home/jsocial/perl5/lib/perl5 /usr/lib/perl5/site_perl/5.14.2/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.14.2 /usr/lib/perl5/vendor_perl/5.14.2/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.14.2 /usr/lib/perl5/5.14.2/i586-linux-thread-multi /usr/lib/perl5/5.14.2 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/site_perl/5.14.2/Class/Load.pm line 177. Compilation failed in require at /home/jsocial/perl5/lib/perl5/Catalyst/Restarter/Forking.pm line 20. Sure enough, it seems not to be on my machine: jsocial@linux-b0go:‾/perl5/lib/perl5/Catalyst/Plugin/Authentication ls Credential Internals.pod Store User User.pm But when I try to install it, CPAN says it doesn't know anything about it: jsocial@linux-b0go:~ cpan Catalyst::Plugin::Authentication::Roles Reading '/home/jsocial/.cpan/Metadata' Database was generated on Sun, 07 Jul 2013 16:41:02 GMT Warning: Cannot install Catalyst::Plugin::Authentication::Roles, don't know what it is. I haven't been able to find anything indicating there's been a relevant change in the distribution since the book was published. I'm running Perl 5.14.2 and Catalyst 5.9. I would appreciate any suggestions. DP ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Missing Catalyst/Plugin/Authentication/Roles.pm
It might be a mistake in the book, the module's name is Catalyst::Plugin::Authorization::Roles. BR Alex On 2013-07-09 11:59, Drew Poulin wrote: Hello Catalyst mavens, I'm working through the SneakyCat tutorial in chapter 8 of the The Definitive Guide to Catalyst. I've created and edited the files as described in the book, but when I start the development server, it complains that it can't find Catalyst::Plugin::Authentication::Roles.pm: jsocial@linux-b0go:‾/SneakyCat script/sneakycat_server.pl -r -d Can't locate Catalyst/Plugin/Authentication/Roles.pm in @INC (@INC contains: /home/jsocial/SneakyCat/script/../lib /home/jsocial/perl5/lib/perl5/i586-linux-thread-multi /home/jsocial/perl5/lib/perl5 /usr/lib/perl5/site_perl/5.14.2/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.14.2 /usr/lib/perl5/vendor_perl/5.14.2/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.14.2 /usr/lib/perl5/5.14.2/i586-linux-thread-multi /usr/lib/perl5/5.14.2 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/site_perl/5.14.2/Class/Load.pm line 177. Compilation failed in require at /home/jsocial/perl5/lib/perl5/Catalyst/Restarter/Forking.pm line 20. Sure enough, it seems not to be on my machine: jsocial@linux-b0go:‾/perl5/lib/perl5/Catalyst/Plugin/Authentication ls Credential Internals.pod Store User User.pm But when I try to install it, CPAN says it doesn't know anything about it: jsocial@linux-b0go:~ cpan Catalyst::Plugin::Authentication::Roles Reading '/home/jsocial/.cpan/Metadata' Database was generated on Sun, 07 Jul 2013 16:41:02 GMT Warning: Cannot install Catalyst::Plugin::Authentication::Roles, don't know what it is. I haven't been able to find anything indicating there's been a relevant change in the distribution since the book was published. I'm running Perl 5.14.2 and Catalyst 5.9. I would appreciate any suggestions. DP ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ *** T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *** Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *** ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Missing Catalyst/Plugin/Authentication/Roles.pm
Thanks very much. Your suggestion prompted me to look again at the use Catalyst qw/ /; statement in the main package, and I had typed Authentication::Roles by mistake. The book's instructions are fine. All's well. DP On Jul 9, 2013, at 7:19 PM, Alexander Hartmaier wrote: It might be a mistake in the book, the module's name is Catalyst::Plugin::Authorization::Roles. BR Alex On 2013-07-09 11:59, Drew Poulin wrote: Hello Catalyst mavens, I'm working through the SneakyCat tutorial in chapter 8 of the The Definitive Guide to Catalyst. I've created and edited the files as described in the book, but when I start the development server, it complains that it can't find Catalyst::Plugin::Authentication::Roles.pm: jsocial@linux-b0go:‾/SneakyCat script/sneakycat_server.pl -r -d Can't locate Catalyst/Plugin/Authentication/Roles.pm in @INC (@INC contains: /home/jsocial/SneakyCat/script/../lib /home/jsocial/perl5/lib/perl5/i586-linux-thread-multi /home/jsocial/perl5/lib/perl5 /usr/lib/perl5/site_perl/5.14.2/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.14.2 /usr/lib/perl5/vendor_perl/5.14.2/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.14.2 /usr/lib/perl5/5.14.2/i586-linux-thread-multi /usr/lib/perl5/5.14.2 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/site_perl/5.14.2/Class/Load.pm line 177. Compilation failed in require at /home/jsocial/perl5/lib/perl5/Catalyst/Restarter/Forking.pm line 20. Sure enough, it seems not to be on my machine: jsocial@linux-b0go:‾/perl5/lib/perl5/Catalyst/Plugin/Authentication ls Credential Internals.pod Store User User.pm But when I try to install it, CPAN says it doesn't know anything about it: jsocial@linux-b0go:~ cpan Catalyst::Plugin::Authentication::Roles Reading '/home/jsocial/.cpan/Metadata' Database was generated on Sun, 07 Jul 2013 16:41:02 GMT Warning: Cannot install Catalyst::Plugin::Authentication::Roles, don't know what it is. I haven't been able to find anything indicating there's been a relevant change in the distribution since the book was published. I'm running Perl 5.14.2 and Catalyst 5.9. I would appreciate any suggestions. DP ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ *** T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *** Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *** ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst::Authentication::Store::DBI::ButMaintained
Hi, I am trying to use Catalyst::Authentication::Store::DBI::ButMaintained. The problem of that module is that it says that it requires Catalyst::Model::DBI, but actually it requires a model named DBI.pm which is strange. I corrected it and now it can work with a model with any name, which inherits from both Catalyst::Model::DBI and Catalyst::Model::Adaptor (if the model has a dbh() method), so it can also be used with a standalone lib. I tried to contact the author on the email I found in the POD documentation and sent him the patch, but my message came back with an error. I can use my patched version, but maybe it could be helpful for others also. If somebody know how I can contact the author, please tell me. It would be strange to make another module ::ButMaintained::ButReallyMaintained :-) Thanks. --Octavian ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] OpenID authentication just redirects back to the login page
I am trying to add OpenID logins to my site. I've looked at several examples of this, but whenever I run if ($c-authenticate({ openid_identifier = $openid_url }, 'openid')) { ... } It redirects to the OpenID provider, and then redirects back to the login page with added URL paramaters (oic.time, openid-check, openid.assoc_handle, openid.claimed_id, openid.identity, etc.) This doesn't seem like it's doing what it's supposed to be. Any idea's what's happening? ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication just redirects back to the login page
On 14 May 2012, at 16:37, Robert Rothenberg wrote: Any idea's what's happening? No, as we have no idea what code is executing, or how that code has been configured. Need debug logs from the app and details about your auth config to even start guessing, sorry! Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication just redirects back to the login page
On 14/05/12 17:34 Tomas Doran wrote: On 14 May 2012, at 16:37, Robert Rothenberg wrote: Any idea's what's happening? No, as we have no idea what code is executing, or how that code has been configured. Need debug logs from the app and details about your auth config to even start guessing, sorry! Thankls. Details below. The __PACKAGE__-config()'s authentication section includes as a realm: authentication = { default_realm = 'users', realms= { openid = { credential = { class = 'OpenID', }, ua_class = LWPx::ParanoidAgent, ua_args = { whitelisted_hosts = [qw/ 127.0.0.1 localhost /], }, }, users = { # [Snip!] } The users authentication works, BTW. I am trying to add an option for OpenID. The Login controller's index method has the code: my $username = lc($c-request-params-{username} // q{}); my $password = $c-request-params-{password}// q{}; my $openid_url = $c-req-params-{openid_identifier} // q{}; if ($openid_url ne q{}) { try { if ($c-authenticate({ openid_identifier = $openid_url }, 'openid')) { $log-debug(URL = . $c-user-url); # TODO if this works, fetch the user w/ $c-user-url? } else { $log-warn(Failed login '${openid_url}'); $c-response-status(HTTP_UNAUTHORIZED); $c-stash( error_msg = $c-loc(Bad OpenID login), ); } } catch { $log-error(Login failure - ${ARG}); $c-stash( error_msg = $c-loc(Login failure.), ); }; } elsif (($username ne q{}) ($password ne q{})) { if ($c-authenticate({ username = $username, password = $password, deleted = 0} )) { # [snip!] } } FWIW, I tried moving the code to a login method in the Root controller, out of cargo-cultish insecurity. Same problem. Debug logs (with specific details omitted for security, replaced with [snip!]): [info] MyApp powered by Catalyst 5.90011 HTTP::Server::PSGI: Accepting connections at http://0:3000/ [info] *** Request 1 (0.007/s) [24751] [Mon May 14 17:49:18 2012] *** [debug] Path is login [debug] POST request for login from 127.0.0.1 [debug] Body Parameters are: .--+--. | Parameter| Value| +--+--+ | openid_identifier| https://www.google.com/accounts/o8/- | | | id | | password | | | submit | Login| | username | | '--+--' [error] Login failure - catalyst_detach [debug] Redirecting to https://www.google.com/accounts/o8/ud?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Flogin%3Fopenid-check%3D1%26oic.time%3D1337014159-f5836e98720e6c263f84openid.claimed_id=[snip!] [debug] Response Code: 302; Content-Type: text/html; charset=utf-8; Content-Length: 725 [info] Request took 0.284954s (3.509/s) .+---. | Action | Time | ++---+ | /auto | 0.000248s | | /login/index | 0.276124s | | /end | 0.000382s | '+---' [info] *** Request 2 (0.014/s) [24751] [Mon May 14 17:49:19 2012] *** [debug] Path is login [debug] GET request for login from 127.0.0.1 [debug] Query Parameters are: .--+--. | Parameter| Value| +--+--+ | oic.time | 1337014159-f5836e98720e6c263f84 | | openid-check | 1| | openid.assoc_handle | AMlYA9Um_a-[snip!]- | | | pyPPsyVmYE88zfk2YyrwH| | openid.claimed_id| https://www.google.com/accounts/o8/- | |
Re: [Catalyst] OpenID authentication just redirects back to the login page
On 14/05/12 17:34 Tomas Doran wrote: On 14 May 2012, at 16:37, Robert Rothenberg wrote: Any idea's what's happening? No, as we have no idea what code is executing, or how that code has been configured. Need debug logs from the app and details about your auth config to even start guessing, sorry! Well, I figured out the problem. Basically, I checked that username/password were set and assumed if they weren't that it was a new login page. So I separated the methods that displayed the login page vs handling the arguments, and used progressive realms. It works now. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst::Plugin::Authentication set_authenticated
Hi, Is the set_authenticated method really private? I am puzzled because in the documentation for Catalyst::Plugin::Authentication there is an example using this method - $user = $c-find_user({ id = $id }); $c-set_authenticated($user); # logs the user in and calls persist_user Yet, later on it is listed as an internal method, with the usual caveats - INTERNAL METHODS These methods are for Catalyst::Plugin::Authentication INTERNAL USE only. Please do not use them in your own code, whether application or credential / store modules. If you do, you will very likely get the nasty shock of having to fix / rewrite your code when things change. They are documented here only for reference. $c-set_authenticated( $user, $realmname ) Well, I am using it anyway! Thanks, Bill. Aptina (UK) Limited, Century Court, Millennium Way, Bracknell, Berkshire, RG12 2XT. Registered in England No. 06570543. This e-mail and any attachments contain confidential information and are solely for the review and use of the intended recipient. If you have received this e-mail in error, please notify the sender and destroy this e-mail and any copies. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication set_authenticated
I'm using it in ShinyCMS, with the same concerns. Discussion in #catalyst when I was writing that bit of the code didn't really reach a conclusion on whether it was 'safe' to use it, but nobody had a better suggestion. Regards, Denny -- Sent from my phone. Please excuse terseness, typos and top-posting. Bill Corr bc...@aptina.com wrote: Hi, Is the set_authenticated method really private? I am puzzled because in the documentation for Catalyst::Plugin::Authentication there is an example using this method - $user = $c-find_user({ id = $id }); $c-set_authenticated($user); # logs the user in and calls persist_user Yet, later on it is listed as an internal method, with the usual caveats - INTERNAL METHODS These methods are for Catalyst::Plugin::Authentication INTERNAL USE only. Please do not use them in your own code, whether application or credential / store modules. If you do, you will very likely get the nasty shock of having to fix / rewrite your code when things change. They are documented here only for reference. $c-set_authenticated( $user, $realmname ) Well, I am using it anyway! Thanks, Bill. Aptina (UK) Limited, Century Court, Millennium Way, Bracknell, Berkshire, RG12 2XT. Registered in England No. 06570543. This e-mail and any attachments contain confidential information and are solely for the review and use of the intended recipient. If you have received this e-mail in error, please notify the sender and destroy this e-mail and any copies. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication set_authenticated
On Wed, Oct 5, 2011 at 5:42 AM, Denny 2...@denny.me wrote: Discussion in #catalyst when I was writing that bit of the code didn't really reach a conclusion on whether it was 'safe' to use it, but nobody had a better suggestion. Set up a separate authentication realm that doesn't require a password. my $auth_config = { default_realm = 'normal', realms = { normal = { credential = { class = 'Password', password_field = 'password', password_type = 'self_check', }, store = { class = 'DBIx::Class', user_model = 'MyDB::User', }, }, nopass = { credential = { class = 'Password', password_type = 'none', }, store = { class = 'DBIx::Class', user_model = 'MyDB::User', }, }, }, }; $c-authenticate({ id = $id },'nopass'); -- Stephen Clouse stephenclo...@gmail.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] progressive authentication via db LDAP
On 28 Jan 2011, at 16:34, piccard wrote: So put that logic in your domain model (i.e. DB row class), where it belongs? sorry, I'm not sure what u mean (new to Catalyst and DBIx). I need progressive authentication. No, you don't. First it should check against the db and then against the LDAP-dir, but using the roles from the db. If I'm going to put the new 'check_password' inside the Result Class I'm not able to to check also against the LDAP-Dir: Yes you are - it's just code... Make the check_password method in the result class do the right thing for you. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] progressive authentication via db LDAP
So put that logic in your domain model (i.e. DB row class), where it belongs? sorry, I'm not sure what u mean (new to Catalyst and DBIx). I need progressive authentication. First it should check against the db and then against the LDAP-dir, but using the roles from the db. If I'm going to put the new 'check_password' inside the Result Class I'm not able to to check also against the LDAP-Dir: __PACKAGE__-add_columns( 'user_password' = { encode_check_method = __PACKAGE__-check_password, ... sub check_password { my ($self, $pw); ... LDAP-check ... } ... or do you mean just shifting the new class to another place? from store = { ... store_user_class ='DW::Authentication::Store::DBIx::Class::User', ... }, to store = { ... store_user_class ='DW::Schema::Result::DBIx::Class::User', ... }, ??? also I would like to know if it's possible to read the configuration from a Model/ResultClass or another class, like the one above 'DW::Authentication::Store::DBIx::Class::User'? thank u very much :-) ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] progressive authentication via db LDAP
You set it in the config, you implement a check_password method in your user object (which goes and checks the password from LDAP), you're done. For anybody who is working on the same problem, this solution worked 4 me: + set the extended classin the config via the store_user_class-key credential = { class = 'Password', password_type = 'self_check', password_field = 'user_password' }, store = { class = 'DBIx::Class', user_model = 'DB::User', store_user_class ='DW::Authentication::Store::DBIx::Class::User', role_relation = 'roles', role_field = 'role_category', use_userdata_from_session = '1' }, + the new class which includes the new check_password-method (i.e. authenticate via LDAP but use the roles inside the DB) package DW::Authentication::Store::DBIx::Class::User; use strict; use warnings; use Moose; use MooseX::NonMoose; use namespace::autoclean; extends qw/Catalyst::Authentication::Store::DBIx::Class::User/; sub check_password { my ( $self, $password ) = @_; # i.e. LDAP-auth return 1; } __PACKAGE__-meta-make_immutable; 1; ... thanx 2 t0m;-) ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] progressive authentication via db LDAP
On 26 Jan 2011, at 13:48, piccard wrote: You set it in the config, you implement a check_password method in your user object (which goes and checks the password from LDAP), you're done. For anybody who is working on the same problem, this solution worked 4 me: + set the extended classin the config via the store_user_class-key I don't think you even need to go that far.. The DBIx::Class::User module will delegate any unknown methods onto your user row.. So you should just be able to add your check_password method onto the row object, without having a custom user_class.. Then you get the initial advantage I was promoting (i.e. your database model is internally consistent, and you can use check_password outside of a Catalyst context if you want to), and you have less code... Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] progressive authentication via db LDAP
I don't think you even need to go that far.. The DBIx::Class::User module will delegate any unknown methods onto your user row.. So you should just be able to add your check_password method onto the row object, without having a custom user_class.. Then you get the initial advantage I was promoting (i.e. your database model is internally consistent, and you can use check_password outside of a Catalyst context if you want to), and you have less code... yes, u are absolutly right. tested it like this and it worked. __PACKAGE__-add_columns( 'user_password' = { encode_check_method = __PACKAGE__-check_password, ... sub check_password { my ($self, $pw); ... } but ... I decided to go for the new extended class because I still need progressive Auth, means, some users are only in the DB (including their password) and some are only in the LDAP-Dir. So, if I go for the example above a normal PasswordCheck against the DB wouldn't be possible anymore, right? ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] progressive authentication via db LDAP
On 26 Jan 2011, at 16:27, piccard wrote: but ... I decided to go for the new extended class because I still need progressive Auth, means, some users are only in the DB (including their password) and some are only in the LDAP-Dir. So, if I go for the example above a normal PasswordCheck against the DB wouldn't be possible anymore, right? So put that logic in your domain model (i.e. DB row class), where it belongs? Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] progressive authentication via db LDAP
Hi, Is there a possibilty to map the keys, so they also work for a LDAP-authentication? Yes, there is. You'll need to patch the code, but the patch would be very welcome upstream. Add an authinfo_remap key to the config, and the code... if ( my $map = $self-config-{authinfo_remap}-{$realm-name} ) { foreach my $from (keys %$map) { $auth-{$map-{$from}} = delete $auth-{$from}; } } or something similar... Add a couple of tests to that, and you're done.. thank u for your suggestion, maybe I'll try it, when I've got a little more time ;-) In view of that, I've got one more question. What I would really need, is a password authentification against LDAP and if successful, get the user and his roles from the database. So, is it possible to split up this process and still use methods like check_any_user_role()? thanx :-D Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] progressive authentication via db LDAP
On 25 Jan 2011, at 10:01, piccard wrote: In view of that, I've got one more question. What I would really need, is a password authentification against LDAP and if successful, get the user and his roles from the database. So, is it possible to split up this process and still use methods like check_any_user_role()? I don't think you want the authentication framework to be doing that for you. If that's what you're _actually_ doing, then putting the authentication logic into your user class makes much more sense, and makes your data model much more consistent... Otherwise you have to replicate the authentication framework if you ever want to log a user in (or simulate a 'proper' user, or change password, or..) outside the context of the Catalyst application. The authentication framework already provides this sort of hook for you, with the self_check configuration option, which says that the user class is responsible for checking it's own password. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] progressive authentication via db LDAP
Am 25.01.2011 11:16, schrieb Tomas Doran: On 25 Jan 2011, at 10:01, piccard wrote: In view of that, I've got one more question. What I would really need, is a password authentification against LDAP and if successful, get the user and his roles from the database. So, is it possible to split up this process and still use methods like check_any_user_role()? I don't think you want the authentication framework to be doing that for you. If that's what you're _actually_ doing, then putting the authentication logic into your user class makes much more sense, and makes your data model much more consistent... Otherwise you have to replicate the authentication framework if you ever want to log a user in (or simulate a 'proper' user, or change password, or..) outside the context of the Catalyst application. I'm not sure if I will really run into these problems. I've tried it so far this way: a user authenticates hisself succesfully via LDAP. afterwards the user will be logged out immediately. then a dbix find_or_create-routine is going to fetch the user-object which I'll use to reauthenticate via DB. so I think this could work properly and at least I've got all the goodies the authentication-framwork provides. what do you think? unfortunately I'm using a 'dirty' hack to authenticate (the DB shouldn't safe LDAP-passwords): my $user = $c-model('DB::User')-find_or_create({ user_identification = $username }); $c-session-{__user} = { $user-get_columns }; I would prefer using $c-set_authenticated( $user, 'dbAuth'); but somehow it doesn't work for me. I think I just use the wrong user-object. The authentication framework already provides this sort of hook for you, with the self_check configuration option, which says that the user class is responsible for checking it's own password. I'm not sure how this should work. the doc says 'self_check indicates that the password should be passed to the check_password() routine on the user object returned from the store'. How or in which way I can set the hook? ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] progressive authentication via db LDAP
Hello, like in the def. guide 2 catalyst described I've tested a progressive authentication via DB and LDAP, which worked just fine :-D But now I have to use an already existing DB, which has different column-names. As long as I authenticate via a DB everything works, because I can pass the the column-name as keys: if ($c-authenticate({ user_identification = $username, user_password = $password } )) { Unfortunalty the auth-call doesn't work for the LDAP-auth any more. Is there a possibilty to map the keys, so they also work for a LDAP-authentication? Or do I have to duplicate my code and pass the realm, like: if ($c-authenticate({ username = $username, password = $password }, 'ldapAuth' )) { thanx :-D ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst + Authentication + MongoDB
On Wed, Dec 15, 2010 at 10:10 PM, Pavel A. Karoukin wrote: Any idea where I should start with implementing authentication + authorization with MongoDB as backend? You mean, a backend for session storage? http://search.cpan.org/perldoc?Catalyst::Plugin::Session::Store::MongoDB Actually, I was looking for backend for Authentication plugin, but I will need one for sessions too at some point. Thank you! As for Authentication plugin - I ended up using Catalyst::Authentication::Store::FromSub::Hash (probably it will help someone). It's pretty easy to integrate it with MongoDB model - just create auth() method in your model. Regards, Pavel ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst + Authentication + MongoDB
Hello, Any idea where I should start with implementing authentication + authorization with MongoDB as backend? Regards, Pavel ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst + Authentication + MongoDB
On Wed, Dec 15, 2010 at 10:10 PM, Pavel A. Karoukin wrote: Any idea where I should start with implementing authentication + authorization with MongoDB as backend? You mean, a backend for session storage? http://search.cpan.org/perldoc?Catalyst::Plugin::Session::Store::MongoDB -- Bogdan Lucaciu ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Authentication::Credential::OAuth
you can also read http://www.catalystframework.org/calendar/2009/4 but as far as I know, the OAuth credential doesn't (yet) properly work with Facebook, there should be a new release soon fixing that. On Wed, Nov 24, 2010 at 1:27 AM, Hernan Lopes hernanlo...@gmail.com wrote: To integrate facebook login onto your site, Have you tried Catalyst::Authentication::Credential::FBConnect ? It works and lets you access users facebook id from $c-user-session_uid as documented 1. You need to register under http://developers.facebook.com and register a new application. You must include the exact address you will use on the machine for it to work ie. http://localhost:3000/; 2. you need to configure include these onto your myapp.conf Plugin::Authentication default_realm facebook realms facebook credential class FBConnect api_key my_app_key secret my_app_secret app_namemy_app_name /credential /facebook /realms /Plugin::Authentication 3. you need a piece of javascript from facebook to create login button (replace with your appId/fb_app_id as below): sub login_facebook : Path('/loginfacebook') : Args(0) { my ( $self, $c ) = @_; my $fb_app_id = ''; $c-stash( template = \FBLOGIN pfb:login-button autologoutlink=true/fb:login-button/p pfb:like/fb:like/p div id=fb-root/div script window.fbAsyncInit = function() { FB.init({appId: '$fb_app_id', status: true, cookie: true, xfbml: true}); FB.Event.subscribe('auth.sessionChange', function(response) { if (response.session) { // A user has logged in, and a new cookie has been saved window.location=/fblogin; //redirects user to our facebook login so we can validate him and get his user id. } else { // The user has logged out, and the cookie has been cleared window.location=/; } }); }; (function() { var e = document.createElement('script'); e.type = 'text/javascript'; e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js'; e.async = true; document.getElementById('fb-root').appendChild(e); }()); /script FBLOGIN ); } 4. then , i created an action /fblogin to register facebook credentials internally when user logs in (see in the js) sub fbauthenticate :Path('/fblogin') :Args(0) { my ($self, $c) = @_; if ($c-authenticate()) { $c-log-debug($c-user-session_uid); $c-log-debug($c-user-session_key); $c-log-debug($c-user-session_expires); } $c-res-redirect('/'); } So remember, register at the http://developer.facebook.com with the same url your application will use, include ports if its not 80 --Hernan On Tue, Nov 23, 2010 at 8:32 PM, Blaine Everingham grandmasterbla...@hotmail.com wrote: Hi, I was wondering if anyone has a simple example of using OAuth with facebook to allow user login, to your software. I keep getting the error oauth_parameters_absent:scope, but Catalyst::Authentication::Credential::OAuth document does not outline where you are supposed to enter this. Thanks, Blaine ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ -- Bogdan Lucaciu http://www.sinapticode.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] Catalyst::Authentication::Credential::OAuth
Thank you very much for this information. I was pulling my hair out trying OAuth as I thought FBConnect was being depreciated. Date: Wed, 24 Nov 2010 10:12:27 +0200 Subject: Re: [Catalyst] Catalyst::Authentication::Credential::OAuth From: bog...@sinapticode.ro To: catalyst@lists.scsys.co.uk you can also read http://www.catalystframework.org/calendar/2009/4 but as far as I know, the OAuth credential doesn't (yet) properly work with Facebook, there should be a new release soon fixing that. On Wed, Nov 24, 2010 at 1:27 AM, Hernan Lopes hernanlo...@gmail.com wrote: To integrate facebook login onto your site, Have you tried Catalyst::Authentication::Credential::FBConnect ? It works and lets you access users facebook id from $c-user-session_uid as documented 1. You need to register under http://developers.facebook.com and register a new application. You must include the exact address you will use on the machine for it to work ie. http://localhost:3000/; 2. you need to configure include these onto your myapp.conf Plugin::Authentication default_realm facebook realms facebook credential class FBConnect api_key my_app_key secret my_app_secret app_namemy_app_name /credential /facebook /realms /Plugin::Authentication 3. you need a piece of javascript from facebook to create login button (replace with your appId/fb_app_id as below): sub login_facebook : Path('/loginfacebook') : Args(0) { my ( $self, $c ) = @_; my $fb_app_id = ''; $c-stash( template = \FBLOGIN pfb:login-button autologoutlink=true/fb:login-button/p pfb:like/fb:like/p div id=fb-root/div script window.fbAsyncInit = function() { FB.init({appId: '$fb_app_id', status: true, cookie: true, xfbml: true}); FB.Event.subscribe('auth.sessionChange', function(response) { if (response.session) { // A user has logged in, and a new cookie has been saved window.location=/fblogin; //redirects user to our facebook login so we can validate him and get his user id. } else { // The user has logged out, and the cookie has been cleared window.location=/; } }); }; (function() { var e = document.createElement('script'); e.type = 'text/javascript'; e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js'; e.async = true; document.getElementById('fb-root').appendChild(e); }()); /script FBLOGIN ); } 4. then , i created an action /fblogin to register facebook credentials internally when user logs in (see in the js) sub fbauthenticate :Path('/fblogin') :Args(0) { my ($self, $c) = @_; if ($c-authenticate()) { $c-log-debug($c-user-session_uid); $c-log-debug($c-user-session_key); $c-log-debug($c-user-session_expires); } $c-res-redirect('/'); } So remember, register at the http://developer.facebook.com with the same url your application will use, include ports if its not 80 --Hernan On Tue, Nov 23, 2010 at 8:32 PM, Blaine Everingham grandmasterbla...@hotmail.com wrote: Hi, I was wondering if anyone has a simple example of using OAuth with facebook to allow user login, to your software. I keep getting the error oauth_parameters_absent:scope, but Catalyst::Authentication::Credential::OAuth document does not outline where you are supposed to enter this. Thanks, Blaine ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ -- Bogdan Lucaciu http://www.sinapticode.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk
[Catalyst] Catalyst::Authentication::Credential::OAuth
Hi, I was wondering if anyone has a simple example of using OAuth with facebook to allow user login, to your software. I keep getting the error oauth_parameters_absent:scope, but Catalyst::Authentication::Credential::OAuth document does not outline where you are supposed to enter this. Thanks, Blaine ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Authentication::Credential::OAuth
To integrate facebook login onto your site, Have you tried Catalyst::Authentication::Credential::FBConnect ? It works and lets you access users facebook id from $c-user-session_uid as documented 1. You need to register under http://developers.facebook.com and register a new application. You must include the exact address you will use on the machine for it to work ie. http://localhost:3000/; 2. you need to configure include these onto your myapp.conf Plugin::Authentication default_realm facebook realms facebook credential class FBConnect api_key my_app_key secret my_app_secret app_namemy_app_name /credential /facebook /realms /Plugin::Authentication 3. you need a piece of javascript from facebook to create login button (replace with your appId/fb_app_id as below): sub login_facebook : Path('/loginfacebook') : Args(0) { my ( $self, $c ) = @_; my $fb_app_id = ''; $c-stash( template = \FBLOGIN pfb:login-button autologoutlink=true/fb:login-button/p pfb:like/fb:like/p div id=fb-root/div script window.fbAsyncInit = function() { FB.init({appId: '$fb_app_id', status: true, cookie: true, xfbml: true}); FB.Event.subscribe('auth.sessionChange', function(response) { if (response.session) { // A user has logged in, and a new cookie has been saved window.location=/fblogin; //redirects user to our facebook login so we can validate him and get his user id. } else { // The user has logged out, and the cookie has been cleared window.location=/; } }); }; (function() { var e = document.createElement('script'); e.type = 'text/javascript'; e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js'; e.async = true; document.getElementById('fb-root').appendChild(e); }()); /script FBLOGIN ); } 4. then , i created an action /fblogin to register facebook credentials internally when user logs in (see in the js) sub fbauthenticate :Path('/fblogin') :Args(0) { my ($self, $c) = @_; if ($c-authenticate()) { $c-log-debug($c-user-session_uid); $c-log-debug($c-user-session_key); $c-log-debug($c-user-session_expires); } $c-res-redirect('/'); } So remember, register at the http://developer.facebook.com with the same url your application will use, include ports if its not 80 --Hernan On Tue, Nov 23, 2010 at 8:32 PM, Blaine Everingham grandmasterbla...@hotmail.com wrote: Hi, I was wondering if anyone has a simple example of using OAuth with facebook to allow user login, to your software. I keep getting the error oauth_parameters_absent:scope, but Catalyst::Authentication::Credential::OAuth document does not outline where you are supposed to enter this. Thanks, Blaine ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] Catalyst-Authentication-Store-DBIx-Class-User v0.1400 - patch
-Original Message- From: Tomas Doran [mailto:bobtf...@bobtfish.net] Sent: 16 November 2010 15:41 To: The elegant MVC web framework Cc: Anthony Gladdish Subject: Re: [Catalyst] Catalyst-Authentication-Store-DBIx-Class-User v0.1400 - patch On 16 Nov 2010, at 15:28, Anthony Gladdish wrote: The from_session() method has a call to load() with no $c param. It did previously, and this change is breaking my own authentication tests. Catalyst-Authentication-Store-DBIx-Class 0.1400 test suite passes on my attached patch, and my own authentication tests are now passing. Is there any reason why $c has been ommited here? No, it's a bug. Can this patch be merged in please? Can you extract a test from your tests and add it to the patch? That'll stop the issue ever re-occurring.. Failing test case and it's patch attached. Thanks, Anthony Cat-Auth-Store-DBIC-0.1400.patch Description: Cat-Auth-Store-DBIC-0.1400.patch ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst-Authentication-Store-DBIx-Class-User v0.1400 - patch
On 17 Nov 2010, at 14:53, Anthony Gladdish wrote: Failing test case and it's patch attached. Thanks very much! I've released the new version just now.. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst-Authentication-Store-DBIx-Class-User v0.1400 - patch
Hi, If you look at the diff for Catalyst-Authentication-Store-DBIx-Class 0.1083 to 0.1400 for Catalyst-Authentication-Store-DBIx-Class-User: http://search.cpan.org/diff?from=Catalyst-Authentication-Store-DBIx-Class-0.1083to=Catalyst-Authentication-Store-DBIx-Class-0.1400w=1#lib/Catalyst/Authentication/Store/DBIx/Class/User.pm The from_session() method has a call to load() with no $c param. It did previously, and this change is breaking my own authentication tests. Catalyst-Authentication-Store-DBIx-Class 0.1400 test suite passes on my attached patch, and my own authentication tests are now passing. Is there any reason why $c has been ommited here? Can this patch be merged in please? Regards, Anthony Gladdish Cat-Auth-Store-DBIC-User.pm.patch Description: Cat-Auth-Store-DBIC-User.pm.patch ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst-Authentication-Store-DBIx-Class-User v0.1400 - patch
On 16 Nov 2010, at 15:28, Anthony Gladdish wrote: The from_session() method has a call to load() with no $c param. It did previously, and this change is breaking my own authentication tests. Catalyst-Authentication-Store-DBIx-Class 0.1400 test suite passes on my attached patch, and my own authentication tests are now passing. Is there any reason why $c has been ommited here? No, it's a bug. Can this patch be merged in please? Can you extract a test from your tests and add it to the patch? That'll stop the issue ever re-occurring.. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst::Authentication::Store::DBIx::Class upgrade - authentication fails
Hi, Upgrading Catalyst::Authentication::Store::DBIx::Class 0.1083 to 0.1200+, I get error: u2: , Can't call method can on an undefined value at /opt/netskills/apps/lib/perl5/site_perl/5.8.8/Catalyst/Authentication/Store/DBIx/Class/User.pm line 261.. 1. My yaml config: authentication: default_realm: 'users' realms: users: credential: class: 'Password' password_type: 'self_check' store: class: N::E2::Core::Person' user_model: 'E2::Person' 2. Catalyst::Authentication::Store:: N::E2::Core::Person package Catalyst::Authentication::Store:: N::E2::Core::Person; use strict; use warnings; use base qw/Catalyst::Authentication::Store::DBIx::Class/; our $VERSION= 0.01; sub new { my ( $class, $config, $app ) = @_; $config-{user_class} = 'E2::Person'; $config-{store_user_class} = 'Catalyst::Authentication::Store::N::E2::Core::Person::User'; $config-{role_relation}= 'authactions'; $config-{role_field} = 'name'; return $class-SUPER::new( $config, $app ); } __PACKAGE__; __END__ 3. Catalyst::Authentication::Store:: N::E2::Core::Person::User package Catalyst::Authentication::Store:: N::E2::Core::Person::User; use strict; use warnings; use base qw/Catalyst::Authentication::Store::DBIx::Class::User/; use base qw/Class::Accessor::Fast/; use Data::Dump; sub load { my ($self, $authinfo, $c) = @_; # Store supports finding by id, username. if ( exists( $authinfo-{'id'} ) ) { my $u = $self-user_model-find($authinfo-{'id'}); $self-_user( $u ); } elsif ( exists( $authinfo-{'username'} ) ) { my $u; eval { $u = $self-user_model-find({ username = $authinfo-{'username'}}); }; warn u2: $u, $@ \n\n; eval { $self-_user( $u ); }; warn db2: $@ \n\n\n; } if ($self-get_object) { return $self; } else { return undef; } } 1; __END__ 4. Logging in user in controller: if ( $c-authenticate({ username = $uname, password = $pword, }) ) { # } This is someone else's code I'm attempting to fix. Can anyone spot why this is occurring and how I might be able to fix? Regards, Anthony ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst::Authentication::Credentials::OpenID, extensions and Config::General
The example given in Config::General format in the CONFIGURATION section of the Catalyst::Authentication::Credentials::OpenID doesn't seem to yield the structure that is expected by the module. The Perl-example looks like this: extensions = [ 'http://openid.net/extensions/sreg/1.1', { required = 'email', optional = 'fullname,nickname,timezone', }, ], And the corresponding Config::General snippet looks like this: extensions http://openid.net/extensions/sreg/1.1 required email optional fullname,nickname,timezone /extensions Which is parsed into a hash-ref, not an array-ref with a scalar and a hash-ref - so it doesn't work; I get this error: Not an ARRAY reference at /usr/share/perl5/Catalyst/Authentication/Credential/OpenID.pm line 77. I tried various variations to coax Config::General into generating the structure expected by the module, but failed - and resorted to using a YAML configuration file. I am wondering how to express the structure in Config::General syntax? (This is using Catalyst::Authentication::Credentials::OpenID 0.16 and Config::General 2.40). Best regards, Adam -- My internal clock is on Tokyo time.Adam Sjøgren a...@koldfront.dk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Authentication::Credentials::OpenID, extensions and Config::General
On Thu, Jul 8, 2010 at 2:22 PM, Adam Sjøgren a...@koldfront.dk wrote: The example given in Config::General format in the CONFIGURATION section of the Catalyst::Authentication::Credentials::OpenID doesn't seem to yield the structure that is expected by the module. If you, or anyone, provides a better example, I'll gladly add it. I'm not familiar with Config::General (the example config is from a patch). -Ashley ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
On 31 May 2010, at 05:16, w...@serensoft.com wrote: Okay, we should uninstall the deprecated modules just to be sure our dependencies are all clean, and we should use Catalyst::Authentication instead of Catalyst::Plugin::Authentication... Erm, no. You still use Catalyst::Plugin::Authentication So I've got two questions: A) How do you uninstall these deprecated Catalyst modules? You don't. Why do you think you need to? Just don't use them in your app and they won't be loaded. B) How do we make sure we're using the recommended Store/Credential modules? This isn't something we specify via use Catalyst qw/blah/ I take it. Correct, you specify it by the authentication config (as documented in the Authentication plugin) And is this also true for Session modules? E.g. is C::P::Session::Store::DBIC deprecated in favor of something like C::Session::Store::DBIx::Class, etc? No. Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
On 31 May 2010, at 17:36, w...@serensoft.com wrote: Thanks for your patience, Tom Sahib. :) We've been getting up to speed via the (Packt Publishing) book Catalyst: Accelerating Perl Web Application Development by Jonathan Rockway, using the paradigm introduced on p74. That's where we went astray: Yes, that book is now horribly out of date :( Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
Okay, we should uninstall the deprecated modules just to be sure our dependencies are all clean, and we should use Catalyst::Authentication instead of Catalyst::Plugin::Authentication... So I've got two questions: A) How do you uninstall these deprecated Catalyst modules? $ cd cpan_home/build $ cd Catalyst-Plugin-Authentication-Store-DBIC-0.11-i_lwDv $ perl Makefile.PL $ make uninstall Uninstall is unsafe and deprecated, the uninstallation was not performed. We will show what would have been done. ERROR: no packlist file found: '/usr/local/lib/perl/5.10.0/auto/Catalyst/Plugin/Authentication/Store/DBIC/.packlist' make: *** [uninstall_from_sitedirs] Error 2 B) How do we make sure we're using the recommended Store/Credential modules? This isn't something we specify via use Catalyst qw/blah/ I take it. And is this also true for Session modules? E.g. is C::P::Session::Store::DBIC deprecated in favor of something like C::Session::Store::DBIx::Class, etc? On Sun, May 9, 2010 at 7:07 PM, J. Shirley jshir...@gmail.com wrote: Catalyst::Plugin::Authentication is the right module to use. The old Store and Credential modules were under Catalyst::Plugin::Authentication but current modules are under the Catalyst::Authentication namespace. So, what you should do is install Catalyst::Authentication::Store::DBIx::Class (and preferably uninstall the deprecated Catalyst::Plugin::Authentication::Store::DBIC version). -- will trillich It's only by saying 'no' that you can concentrate on the things that are really important. -- Steve Jobs ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
Thanks Jay, that worked nicely! On Sun, May 16, 2010 at 08:34, Jay Kuri j...@ion0.com wrote: Hi Paul, It's actually pretty easy. Define a many_to_many relationship in your user to your role data. Then use that instead of your 'has_many' in your Auth config. That's really it. Jay On May 11, 2010, at 2:11 PM, Paul Makepeace wrote: On Sun, May 9, 2010 at 18:25, Paul Makepeace pa...@paulm.com wrote: [snip to the most puzzling stuff] Finally, we have our roles via a join: user -- user_role -- role. It seems like role_field is expecting a string but it's here getting an integer. Is there anyway of having go further into the role table with that integer key and compare on role.role? We used to use, __PACKAGE__-config-{authorization}-{dbic} = { role_class = 'DBIC_Readonly::Role', role_field = 'role', role_rel = 'map_user_role', # DBIx::Class only user_role_user_field = 'user', }; Now, __PACKAGE__-config-{authentication} = { default_realm = 'members', realms = { members = { credential = { class = 'Password', password_field = 'password', password_type = 'clear', }, store = { class = 'DBIx::Class', user_model = 'DBIC_Readonly::User', role_relation = 'map_user_role', role_field = 'role', }, }, }, }; with, (unchanged), User.pm, __PACKAGE__-has_many(map_user_role = 'IDL::Schema::UserRole' = 'user'); Anyone have an idea here? Any more info I can provide? I'm assuming this isn't a functional regression but I'm at a loss what to do here. I could change user_role to have strings instead of an FK to role but would rather not as we lose some protection against bad role names/data integrity. Paul ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
On 18 May 2010, at 20:31, Paul Makepeace wrote: Thanks Jay, that worked nicely! Doc patch to make this more clear worthwhile? Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
Hi Paul, It's actually pretty easy. Define a many_to_many relationship in your user to your role data. Then use that instead of your 'has_many' in your Auth config. That's really it. Jay On May 11, 2010, at 2:11 PM, Paul Makepeace wrote: On Sun, May 9, 2010 at 18:25, Paul Makepeace pa...@paulm.com wrote: [snip to the most puzzling stuff] Finally, we have our roles via a join: user -- user_role -- role. It seems like role_field is expecting a string but it's here getting an integer. Is there anyway of having go further into the role table with that integer key and compare on role.role? We used to use, __PACKAGE__-config-{authorization}-{dbic} = { role_class = 'DBIC_Readonly::Role', role_field = 'role', role_rel = 'map_user_role',# DBIx::Class only user_role_user_field = 'user', }; Now, __PACKAGE__-config-{authentication} = { default_realm = 'members', realms = { members = { credential = { class = 'Password', password_field = 'password', password_type = 'clear', }, store = { class = 'DBIx::Class', user_model = 'DBIC_Readonly::User', role_relation = 'map_user_role', role_field = 'role', }, }, }, }; with, (unchanged), User.pm, __PACKAGE__-has_many(map_user_role = 'IDL::Schema::UserRole' = 'user'); Anyone have an idea here? Any more info I can provide? I'm assuming this isn't a functional regression but I'm at a loss what to do here. I could change user_role to have strings instead of an FK to role but would rather not as we lose some protection against bad role names/data integrity. Paul ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
On Sun, May 9, 2010 at 18:25, Paul Makepeace pa...@paulm.com wrote: [snip to the most puzzling stuff] Finally, we have our roles via a join: user -- user_role -- role. It seems like role_field is expecting a string but it's here getting an integer. Is there anyway of having go further into the role table with that integer key and compare on role.role? We used to use, __PACKAGE__-config-{authorization}-{dbic} = { role_class = 'DBIC_Readonly::Role', role_field = 'role', role_rel = 'map_user_role', # DBIx::Class only user_role_user_field = 'user', }; Now, __PACKAGE__-config-{authentication} = { default_realm = 'members', realms = { members = { credential = { class = 'Password', password_field = 'password', password_type = 'clear', }, store = { class = 'DBIx::Class', user_model = 'DBIC_Readonly::User', role_relation = 'map_user_role', role_field = 'role', }, }, }, }; with, (unchanged), User.pm, __PACKAGE__-has_many(map_user_role = 'IDL::Schema::UserRole' = 'user'); Anyone have an idea here? Any more info I can provide? I'm assuming this isn't a functional regression but I'm at a loss what to do here. I could change user_role to have strings instead of an FK to role but would rather not as we lose some protection against bad role names/data integrity. Paul ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
I'm puzzled with this warning since there's nothing I can see in the docs of the latest version that suggests we should be using another module (cf. Catalyst::Plugin::Authentication::Store::DBIC which is very clear). What's the story here? What's the best course of action for Catalyst authentication? (Yuval pointed me at another module at YAPC::NA last year but that conversion got shelved I've forgotten the details now...) Thanks, Paul ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
On May 9, 2010, at 4:49 PM, Paul Makepeace wrote: I'm puzzled with this warning since there's nothing I can see in the docs of the latest version that suggests we should be using another module (cf. Catalyst::Plugin::Authentication::Store::DBIC which is very clear). What's the story here? What's the best course of action for Catalyst authentication? (Yuval pointed me at another module at YAPC::NA last year but that conversion got shelved I've forgotten the details now...) Thanks, Paul It's moderately confusing, so don't feel bad but you can certainly provide some doc patches to make it more clear. Specifically, what you are looking at is the authentication modules and not *the* authentication plugin. Catalyst::Plugin::Authentication is the right module to use. The old Store and Credential modules were under Catalyst::Plugin::Authentication but current modules are under the Catalyst::Authentication namespace. So, what you should do is install Catalyst::Authentication::Store::DBIx::Class (and preferably uninstall the deprecated Catalyst::Plugin::Authentication::Store::DBIC version). That should fix up any issue you have with using ::NEXT. (For the record, the deprecation notice points which module you should be using but doesn't explain why: http://search.cpan.org/~mstrout/Catalyst-Plugin-Authentication-Store-DBIC-0.11/lib/Catalyst/Plugin/Authentication/Store/DBIC.pm#DEPRECATED) Hope this helps, -Jay ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
On Sun, May 9, 2010 at 17:01, Florian Ragwitz r...@debian.org wrote: On Sun, May 09, 2010 at 04:49:21PM -0700, Paul Makepeace wrote: I'm puzzled with this warning since there's nothing I can see in the docs of the latest version that suggests we should be using another module (cf. Catalyst::Plugin::Authentication::Store::DBIC which is very clear). What's the story here? What's the best course of action for Catalyst authentication? Catalyst::Plugin::Authentication is what people are supposed to be using. It's not deprecated or anything. Also, the latest version of it doesn't use NEXT. If you made sure you really have the latest version installed, my guess would be that there's an older installed version somewhere else in @INC, shadowing the new one. Ah, you're right, we have a local copy in our app (that I wrote! Duh) Running perl -MV=Catalyst::Plugin::Authentication will tell. Hmm, how's this supposed to work? $ perl -MV=Catalyst::Plugin::Authentication Can't locate V.pm in @INC Thanks! Paul ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
On Sun, May 09, 2010 at 05:23:37PM -0700, Paul Makepeace wrote: On Sun, May 9, 2010 at 17:01, Florian Ragwitz r...@debian.org wrote: Running perl -MV=Catalyst::Plugin::Authentication will tell. Hmm, how's this supposed to work? $ perl -MV=Catalyst::Plugin::Authentication Can't locate V.pm in @INC By installing V.pm from cpan :) -- BOFH excuse #257: That would be because the software doesn't work. signature.asc Description: Digital signature ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication uses NEXT, which is deprecated.
On Sun, May 9, 2010 at 17:07, J. Shirley jshir...@gmail.com wrote: On May 9, 2010, at 4:49 PM, Paul Makepeace wrote: I'm puzzled with this warning since there's nothing I can see in the docs of the latest version that suggests we should be using another module (cf. Catalyst::Plugin::Authentication::Store::DBIC which is very clear). What's the story here? What's the best course of action for Catalyst authentication? (Yuval pointed me at another module at YAPC::NA last year but that conversion got shelved I've forgotten the details now...) Thanks, Paul It's moderately confusing, so don't feel bad but you can certainly provide some doc patches to make it more clear. Specifically, what you are looking at is the authentication modules and not *the* authentication plugin. Catalyst::Plugin::Authentication is the right module to use. The old Store and Credential modules were under Catalyst::Plugin::Authentication but current modules are under the Catalyst::Authentication namespace. So, what you should do is install Catalyst::Authentication::Store::DBIx::Class (and preferably uninstall the deprecated Catalyst::Plugin::Authentication::Store::DBIC version). Thanks; I think this much was actually clear and that my issue was forgetting we had our local hacked version of C::P::A. No NEXT warnings any more! I'm doing this now, if ($c-authenticate( { password = $password, dbix_class = { searchargs = [ { -or = [ username = $username, email = $username ] }, {} ] } })) { Is there an easier* way of checking username email against the same 'username' form? Seems like the old user_field = [qw/username email/] has gone. * OK I guess this isn't very hard --- Finally, we have our roles via a join: user -- user_role -- role. It seems like role_field is expecting a string but it's here getting an integer. Is there anyway of having go further into the role table with that integer key and compare on role.role? We used to use, __PACKAGE__-config-{authorization}-{dbic} = { role_class = 'DBIC_Readonly::Role', role_field = 'role', role_rel = 'map_user_role',# DBIx::Class only user_role_user_field = 'user', }; Now, __PACKAGE__-config-{authentication} = { default_realm = 'members', realms = { members = { credential = { class = 'Password', password_field = 'password', password_type = 'clear', }, store = { class = 'DBIx::Class', user_model = 'DBIC_Readonly::User', role_relation = 'map_user_role', role_field = 'role', }, }, }, }; with, (unchanged), User.pm, __PACKAGE__-has_many(map_user_role = 'IDL::Schema::UserRole' = 'user'); Paul ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Login authentication using C::HTML::FormBuilder ...
I'm using C::HTML::FormBuilder for a simple login form and would like to use the standard $c-authenticate() for validation. This means that I either have to pass ctx = $c to $form-process(), more tightly coupling the controller to the form, or do all of the $c-authenticate() stuff after $form-validated(), making my controller fatter. Is there another way of accomplishing this more elegantly, or is one of these options acceptable? Just curious is all. -- Kiffin Gish kiffin.g...@planet.nl Gouda, The Netherlands ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] ldap authentication/db authorization
Steve Rippl wrote on 2009-08-09: Hello! I have a question that is hopefully trivial for someone here, but I haven't seen any examples. I have an app I'm building, used by folks in an Active Directory network. It's got a DBIx model and I'd like to use that for role based authorization and getting staff members grade/building info etc (it's a school district), but I'd like to (just) authenticate against ldap. I don't want to store any user/role data there (obviously their username is in there and it matches what I have in the db), simply try to bind against it as the user, then get store data from the database. This way they can use their network passwords and I don't have to fill AD with application specific info. Make sense? Easy to do? So far I'm doing it all via the db... name WsdSis authentication default_realm dbic realms dbic credential class Password password_type clear /credential store user_class DB::Staff role_relation roles role_field role /store /dbic /realms /authentication ... and ... use Catalyst qw/ -Debug ConfigLoader Static::Simple StackTrace Authentication Authorization::Roles Session Session::Store::FastMmap Session::State::Cookie /; ... What would these look like if I'm able to squeeze the ldap plugin in there? Can I have 2 Authentication::Store backends in there? TIA, Steve -- Steve Rippl Technology Director Woodland School District 360 225 9451 x326 Hey Steve, I do this in my app. The way I do is it I have two authentication realms - LDAP and DBIC. I authenticate against the LDAP realm first, and if that is successful I do a find_or_create with the user info on my user DB table, so any first-time users get a user created in the DBIC realm with default roles and whatnot. Then I authenticate against the DBIC realm. I do that last because $c-user will contain the most recently authenticated user, so in this case $c-user would be your DB::Staff object. HTH Byron ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ldap authentication/db authorization
Byron Young wrote: Hey Steve, I do this in my app. The way I do is it I have two authentication realms - LDAP and DBIC. I authenticate against the LDAP realm first, and if that is successful I do a find_or_create with the user info on my user DB table, so any first-time users get a user created in the DBIC realm with default roles and whatnot. Then I authenticate against the DBIC realm. I do that last because $c-user will contain the most recently authenticated user, so in this case $c-user would be your DB::Staff object. HTH Byron Thanks for the response. Makes perfect sense, but I'm having a problem with the call to $c-authenticate when I add the realm. $c-authenticate({ username = $username, password = $password }, 'ldap') throws an error about not using a string as HASH ref (I've got my ldap settings under realms - ldap). Using $c-authenticate({ username = $username, password = $password, realm = $realm }) seems to work, except it's not authenticating correctly and seems to use dbic by default when I don't have a default realm set (I set $realm = 'ldap' before the auth call). What syntax are using? Many thanks, Steve -- Steve Rippl Technology Director Woodland School District 360 225 9451 x326 ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] ldap authentication/db authorization
Steve Rippl wrote on 2009-08-10: Byron Young wrote: Hey Steve, I do this in my app. The way I do is it I have two authentication realms - LDAP and DBIC. I authenticate against the LDAP realm first, and if that is successful I do a find_or_create with the user info on my user DB table, so any first-time users get a user created in the DBIC realm with default roles and whatnot. Then I authenticate against the DBIC realm. I do that last because $c-user will contain the most recently authenticated user, so in this case $c-user would be your DB::Staff object. HTH Byron Thanks for the response. Makes perfect sense, but I'm having a problem with the call to $c-authenticate when I add the realm. $c-authenticate({ username = $username, password = $password }, 'ldap') throws an error about not using a string as HASH ref (I've got my ldap settings under realms - ldap). Using $c-authenticate({ username = $username, password = $password, realm = $realm }) seems to work, except it's not authenticating correctly and seems to use dbic by default when I don't have a default realm set (I set $realm = 'ldap' before the auth call). What syntax are using? Many thanks, Steve Same as you: $c-authenticate({id = $username, password = $password}, 'ldap') Not sure why that doesn't work for you. What's in your ldap realm config? Maybe you have a problem with the way the config is being parsed. Byron ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ldap authentication/db authorization
Byron Young wrote: Same as you: $c-authenticate({id = $username, password = $password}, 'ldap') Not sure why that doesn't work for you. What's in your ldap realm config? Maybe you have a problem with the way the config is being parsed. Byron OK, I did have a mistake in the realm config. It's working now... thanks again! Steve -- Steve Rippl Technology Director Woodland School District 360 225 9451 x326 ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] ldap authentication/db authorization
Hello! I have a question that is hopefully trivial for someone here, but I haven't seen any examples. I have an app I'm building, used by folks in an Active Directory network. It's got a DBIx model and I'd like to use that for role based authorization and getting staff members grade/building info etc (it's a school district), but I'd like to (just) authenticate against ldap. I don't want to store any user/role data there (obviously their username is in there and it matches what I have in the db), simply try to bind against it as the user, then get store data from the database. This way they can use their network passwords and I don't have to fill AD with application specific info. Make sense? Easy to do? So far I'm doing it all via the db... name WsdSis authentication default_realm dbic realms dbic credential class Password password_type clear /credential store user_class DB::Staff role_relation roles role_field role /store /dbic /realms /authentication ... and ... use Catalyst qw/ -Debug ConfigLoader Static::Simple StackTrace Authentication Authorization::Roles Session Session::Store::FastMmap Session::State::Cookie /; ... What would these look like if I'm able to squeeze the ldap plugin in there? Can I have 2 Authentication::Store backends in there? TIA, Steve -- Steve Rippl Technology Director Woodland School District 360 225 9451 x326 ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication and LWPx-ParanoidAgent
On Mon, Jul 20, 2009 at 4:30 PM, Zbigniew Lukasiakzzb...@gmail.com wrote: On Sat, Jul 18, 2009 at 9:14 PM, Tatsuhiko Miyagawamiyag...@gmail.com wrote: Brad just uploaded the module to CPAN. Unfortunately it still fails everywhere: http://matrix.cpantesters.org/?dist=LWPx-ParanoidAgent+1.06 I've analyzed the failure and posted a patch at: https://rt.cpan.org/Ticket/Display.html?id=48345 Cheers, Zbigniew http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication and LWPx-ParanoidAgent
Sorry - OK - so this was not the really the problem, my analysis below was wrong. But still the tests of Catalyst-Authentication-Credential-OpenID fail and I would like someone to confirm that. z...@zby:~/progs/tmp/Catalyst-Authentication-Credential-OpenID-0.13$ make test 2 errors PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e test_harness(0, 'inc', 'blib/lib', 'blib/arch') t/00.load.t t/live_app.t t/pod-coverage.t t/pod.t t/00.load.t ... ok t/live_app.t .. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/17 subtests t/pod-coverage.t .. ok t/pod.t ... ok Test Summary Report --- t/live_app.t(Wstat: 1280 Tests: 17 Failed: 5) Failed tests: 9-10, 12, 16-17 Non-zero exit status: 5 Files=4, Tests=20, 10 wallclock secs ( 0.05 usr 0.01 sys + 4.03 cusr 0.34 csys = 4.43 CPU) Result: FAIL z...@zby:~/progs/tmp/Catalyst-Authentication-Credential-OpenID-0.13$ The errors file is not attached - because it is above the quota and requires moderation - but I can send it to anyone off the list. The relevant versions prereqs: z...@zby:~/progs/tmp/Catalyst-Authentication-Credential-OpenID-0.13$ perl Makefile.PL Cannot determine perl version info from lib/Catalyst/Authentication/Credential/OpenID.pm *** Module::AutoInstall version 1.03 *** Checking for Perl dependencies... [Core Features] - LWPx::ParanoidAgent...loaded. (1.06 = 1.03) - Test::More ...loaded. (0.86 = 0.42) - Net::OpenID::Server...loaded. (1.02 = 1.02) - Test::WWW::Mechanize ...loaded. (1.20 = 1.20) - Net::DNS ...loaded. (0.63) - IO::Socket::INET ...loaded. (1.31) - parent ...loaded. (0.221 = 0.2) - Class::Accessor::Fast ...loaded. (0.33) - HTML::Parser ...loaded. (3.60 = 3) - LWP::UserAgent ...loaded. (5.824) - Cache::FastMmap...loaded. (1.30 = 1.28) - Catalyst ...loaded. (5.80007 = 5.7) - Catalyst::Devel...loaded. (1.17 = 1) - Crypt::DH ...loaded. (0.06 = 0.05) - Net::OpenID::Consumer ...loaded. (1.03 = 1.03) - Catalyst::Authentication::User::Hash ...loaded. (0) - Catalyst::Plugin::Session::Store::FastMmap ...loaded. (0.11 = 0.05) - Catalyst::Plugin::Session::State::Cookie ...loaded. (0.11 = 0.08) - Catalyst::Engine::HTTP ...loaded. (0) *** Module::AutoInstall configuration finished. Writing Makefile for Catalyst::Authentication::Credential::OpenID z...@zby:~/progs/tmp/Catalyst-Authentication-Credential-OpenID-0.13$ Cheers, Zbigniew On Mon, Jul 20, 2009 at 9:28 PM, Zbigniew Lukasiakzzb...@gmail.com wrote: Next thing is that LWPx::ParanoidAgent does not set attributes from the call to 'new'. It is not documented there - so I guess this is fair from the side of LWPx::ParanoidAgent - but in line 62 in Catalyst::Authentication::Credential::OpenID there is: ua = $self-_config-{ua_class}-new(%{$self-_config-{ua_args} || {}}), so there is some misunderstanding between those two modules. But it would be nice if LWPx::ParanoidAgent did work like this. Cheers, Z. On Mon, Jul 20, 2009 at 4:30 PM, Zbigniew Lukasiakzzb...@gmail.com wrote: On Sat, Jul 18, 2009 at 9:14 PM, Tatsuhiko Miyagawamiyag...@gmail.com wrote: Brad just uploaded the module to CPAN. Unfortunately it still fails everywhere: http://matrix.cpantesters.org/?dist=LWPx-ParanoidAgent+1.06 Here are my results: perl -Ilib t/00-all.t . . . Three 1-second redirect tarpits (tolerance 2)... 2.008 secs ok 25 ok 26 ok 27 5 second tarpit (tolerance 2)... not ok 28 # Failed test at t/00-all.t line 180. 3 second tarpit (tolerance 4)... ok 29 Killing child pid: 7392 # Looks like you failed 1 test of 29. I hope you can get in touch with Brad again. I understand that this is most probably just test error - and forcing the installation is not a problem for people who analyze it, but if I included this in other module - then the dependency would hide where the problem comes from. So I am still not ready to add OpenID to the CatalystX::SimpleLogin project. Cheers, Zbigniew http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ -- Zbigniew Lukasiak http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ -- Zbigniew Lukasiak http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication and LWPx-ParanoidAgent
On Sat, Jul 18, 2009 at 9:14 PM, Tatsuhiko Miyagawamiyag...@gmail.com wrote: Brad just uploaded the module to CPAN. Unfortunately it still fails everywhere: http://matrix.cpantesters.org/?dist=LWPx-ParanoidAgent+1.06 Here are my results: perl -Ilib t/00-all.t . . . Three 1-second redirect tarpits (tolerance 2)... 2.008 secs ok 25 ok 26 ok 27 5 second tarpit (tolerance 2)... not ok 28 # Failed test at t/00-all.t line 180. 3 second tarpit (tolerance 4)... ok 29 Killing child pid: 7392 # Looks like you failed 1 test of 29. I hope you can get in touch with Brad again. I understand that this is most probably just test error - and forcing the installation is not a problem for people who analyze it, but if I included this in other module - then the dependency would hide where the problem comes from. So I am still not ready to add OpenID to the CatalystX::SimpleLogin project. Cheers, Zbigniew http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication and LWPx-ParanoidAgent
Next thing is that LWPx::ParanoidAgent does not set attributes from the call to 'new'. It is not documented there - so I guess this is fair from the side of LWPx::ParanoidAgent - but in line 62 in Catalyst::Authentication::Credential::OpenID there is: ua = $self-_config-{ua_class}-new(%{$self-_config-{ua_args} || {}}), so there is some misunderstanding between those two modules. But it would be nice if LWPx::ParanoidAgent did work like this. Cheers, Z. On Mon, Jul 20, 2009 at 4:30 PM, Zbigniew Lukasiakzzb...@gmail.com wrote: On Sat, Jul 18, 2009 at 9:14 PM, Tatsuhiko Miyagawamiyag...@gmail.com wrote: Brad just uploaded the module to CPAN. Unfortunately it still fails everywhere: http://matrix.cpantesters.org/?dist=LWPx-ParanoidAgent+1.06 Here are my results: perl -Ilib t/00-all.t . . . Three 1-second redirect tarpits (tolerance 2)... 2.008 secs ok 25 ok 26 ok 27 5 second tarpit (tolerance 2)... not ok 28 # Failed test at t/00-all.t line 180. 3 second tarpit (tolerance 4)... ok 29 Killing child pid: 7392 # Looks like you failed 1 test of 29. I hope you can get in touch with Brad again. I understand that this is most probably just test error - and forcing the installation is not a problem for people who analyze it, but if I included this in other module - then the dependency would hide where the problem comes from. So I am still not ready to add OpenID to the CatalystX::SimpleLogin project. Cheers, Zbigniew http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ -- Zbigniew Lukasiak http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication and LWPx-ParanoidAgent
On Sat, Jul 18, 2009 at 2:27 AM, Tatsuhiko Miyagawamiyag...@gmail.com wrote: I actually applied the same patch against its SVN repository a few weeks ago. I'll poke Brad to make a new release on CPAN. http://code.sixapart.com/svn/LWPx-ParanoidAgent/trunk/ Thanks - that's great! While we are at it - it seems that there is also problem with the Crypt::DH package (which is another dependency)- this is nicely explained in DESCRIPTION in http://search.cpan.org/dist/Crypt-DH-GMP/lib/Crypt/DH/GMP.pm and it seems like a reasonable replacement. -- Zbigniew Lukasiak http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication and LWPx-ParanoidAgent
Brad just uploaded the module to CPAN. On Fri, Jul 17, 2009 at 5:27 PM, Tatsuhiko Miyagawamiyag...@gmail.com wrote: I actually applied the same patch against its SVN repository a few weeks ago. I'll poke Brad to make a new release on CPAN. http://code.sixapart.com/svn/LWPx-ParanoidAgent/trunk/ On Fri, Jul 17, 2009 at 5:17 PM, Ashleya...@sedition.com wrote: Brad Fitzpatrick and friends have done a great job getting these things together so I don't want to come off critical. The real answer here is to get ParanoidAgent fixed. If anyone can look at it and send a patch to that package, that would be the best thing. In the meanwhile I'll adjust the credential to at least be installable without failures. -- Tatsuhiko Miyagawa -- Tatsuhiko Miyagawa ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] OpenID authentication and LWPx-ParanoidAgent
Hi there, It seems that http://matrix.cpantesters.org/?dist=LWPx-ParanoidAgent+1.05 fails on every front (and if you check the history it wasn't much better in previous releases). So what you guys use as the LWP agent for OpenID authentication? -- Zbigniew Lukasiak http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication and LWPx-ParanoidAgent
On Fri, Jul 17, 2009 at 11:33 PM, Zbigniew Lukasiak wrote: It seems that http://matrix.cpantesters.org/?dist=LWPx-ParanoidAgent+1.05 fails on every front (and if you check the history it wasn't much better in previous releases). So what you guys use as the LWP agent for OpenID authentication? Hey, I use the package in Debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518685 From the changelog: * Explicitly require LWP::Debug so LWP::Debug::debug is available. From the diff file: --- liblwpx-paranoidagent-perl-1.04.orig/lib/LWPx/ParanoidAgent.pm +++ liblwpx-paranoidagent-perl-1.04/lib/LWPx/ParanoidAgent.pm @@ -1,5 +1,6 @@ package LWPx::ParanoidAgent; require LWP::UserAgent; +require LWP::Debug; Enjoy :) -- Bogdan Lucaciu Operations Manager, Sinapticode http://www.sinapticode.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication and LWPx-ParanoidAgent
Yep. Sorry. I am working on a new one. Just keep getting stuck trying to update the tests to run correctly. I'll commit to getting a new one out this weekend even if I have to TODO the live tests for now. The real issue here though is that using LWP::UA instead of ParanoidAgent is a security problem. Someone can point your openid form at a tarpit provider. So I would definitely *not* use this in production without it but recent updates to LWP broke ParanoidAgent which relies on some deprecated debug behavior. Brad Fitzpatrick and friends have done a great job getting these things together so I don't want to come off critical. The real answer here is to get ParanoidAgent fixed. If anyone can look at it and send a patch to that package, that would be the best thing. In the meanwhile I'll adjust the credential to at least be installable without failures. -Ashley On Jul 17, 2009, at 1:33 PM, Zbigniew Lukasiak wrote: Hi there, It seems that http://matrix.cpantesters.org/?dist=LWPx-ParanoidAgent +1.05 fails on every front (and if you check the history it wasn't much better in previous releases). So what you guys use as the LWP agent for OpenID authentication? -- Zbigniew Lukasiak http://brudnopis.blogspot.com/ http://perlalchemy.blogspot.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/ catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] OpenID authentication and LWPx-ParanoidAgent
I actually applied the same patch against its SVN repository a few weeks ago. I'll poke Brad to make a new release on CPAN. http://code.sixapart.com/svn/LWPx-ParanoidAgent/trunk/ On Fri, Jul 17, 2009 at 5:17 PM, Ashleya...@sedition.com wrote: Brad Fitzpatrick and friends have done a great job getting these things together so I don't want to come off critical. The real answer here is to get ParanoidAgent fixed. If anyone can look at it and send a patch to that package, that would be the best thing. In the meanwhile I'll adjust the credential to at least be installable without failures. -- Tatsuhiko Miyagawa ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication apparently not reading config
Jason McIntosh wrote: As far as I can tell, the version numbers of all modules involved match. (Using latest CPAN or Debian versions of all modules.) Any advice as to where to look next would be enormously appreciated. My only real suggestion is to throw some dumping / debugging into the _authentication_initialize routine of Catalyst/Plugin/Authentication.pm to work out how/why it isn't finding your realms hash.. Also, does the config printed in the debug screen match what you expect for auth config, or does it look incorrect in any way? Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication apparently not reading config
On Fri, Jun 5, 2009 at 6:56 AM, Tomas Doranbobtf...@bobtfish.net wrote: My only real suggestion is to throw some dumping / debugging into the _authentication_initialize routine of Catalyst/Plugin/Authentication.pm to work out how/why it isn't finding your realms hash.. Thank you, this was the nudge I needed. My problem was that the call to setup() had somehow wandered too high up in my application's main module code, so that it was getting called too early. No idea _how_ that happened, but it all makes sense from there. -- Jason McIntosh Appleseed Software Consulting http://appleseed-sc.com Email: j...@appleseed-sc.com Jabber: j...@appleseed-sc.com AIM:zendonut Cell: 617-792-3829 ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Plugin::Authentication apparently not reading config
Howdy all, I'm quite perplexed about some behavior from Plugin::Authentication. I'm trying to get a Catalyst app running on a new machine, but Authentication isn't reading any realms from my config. The config file is definitely getting read otherwise, and I can see my authentication realms definition sitting there in the Config session of Catalyst's in-browser error screen while I'm trying to debug this, but as far as I can tell the Auth module just isn't reading it. I'm debugging with this line: use Data::Dumper; die Dumper ( $c-auth_realms ); On the original machine, this prints a nice, full hashref containing all my realms info. On the new machine, this prints {}. So, the Authentication plugin is loading (and giving $c the auth_realms method), but it's not reading my config at all, apparently. This is the config I'm feeding it (exact same code in both machines): __PACKAGE__-config-{'Plugin::Authentication'} = { default_realm = 'members', members = { credential = { class = 'Password', password_field = 'password', password_type = 'clear', }, store = { class = 'DBIx::Class', user_class = 'NEADB::User', id_field = 'id', } } }; Even if I paste in the example config from Plugin::Authentication's man page, the return value of $c-auth_realms is still an empty hashref. As far as I can tell, the version numbers of all modules involved match. (Using latest CPAN or Debian versions of all modules.) Any advice as to where to look next would be enormously appreciated. -- Jason McIntosh Appleseed Software Consulting http://appleseed-sc.com Email: j...@appleseed-sc.com Jabber: j...@appleseed-sc.com AIM:zendonut Cell: 617-792-3829 ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] RESTful authentication
Christian Lackas wrote: I already did some googling, but did not find a satisfying answer yet. What is state-of-the-art approach to control access to REST resources. When you say 'REST resources', I'm guessing you mean some sort of API, rather than a normal person facing site which happens to be restful.. Use HTTP headers. http://user:p...@host/webdisk/data/path/to/file I think that's very ugly, but workable. http://user:p...@host/webdisk/TOKEN/data/path/to/file This is horrible if the TOKEN changes. Does Catalyst provide any plugins for this? Could not find anything on CPAN. I just use HTTP basic or digest auth. Works well, very standard, no messing around, supported by everything.. Of course, just making a /login URI which returns you a cookie you provide back to other URIs to get access isn't directly non-RESTFul in itself... Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Issue with Catalyst:Can't locate object method get_user via package Catalyst::Plugin::Authentication::Store::DBIC
kakim...@tpg.com.au wrote: When was http://search.cpan.org/~hkclark/Catalyst-Manual-5.7020/lib/Catalyst/Manual/Tutorial/Authentication.pod; updated? Does it reflect the latest modules? Please revert. Yes, the latest documentation reflects the latest code. And I don't see any reason to revert it - the authentication changeover happened mid 2007 (and was clearly documented in the authentication module), and there is still backwards compatibility. What are you actually asking for here / how do you think we can improve the documentation to make things more clear? Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Issue with Catalyst:Can't locate object method get_user via package Catalyst::Plugin::Authentication::Store::DBIC
When was http://search.cpan.org/~hkclark/Catalyst-Manual-5.7020/lib/Catalyst/Manual/Tutorial/Authentication.pod; updated? Does it reflect the latest modules? Please revert. Kieren Diment diment at gmail.com Thu May 15 14:13:12 BST 2008 * Previous message: [Catalyst] Issue with Catalyst:Can't locate object method get_user via package Catalyst::Plugin::Authentication::Store::DBIC * Next message: [Catalyst] uri_for() doesn't encode to utf8 first argument * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] On 15 May 2008, at 08:08, kakimoto at tpg.com.au wrote: [error] Caught exception in gozila::Controller::Login- index Can't locate object method get_user via package Catalyst::Plugin::Authentication::Store::DBIC at /Library/Perl/5.8.8/Catalyst/Authentication/Realm.pm line 85. I have tried looking at the source codes of the packages indicated in the error, reinstalled the packages via perl -MCPAN -eshell and it still fails. Have a look at http://dev.catalyst.perl.org/repos/Catalyst/trunk/ examples/NewAuthApp which is a simple authentication application I wrote against the new Auth API. The tutorial uses the old API and needs to be updated. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication overrides $c-req-user
On 2009-02-21 01:49:51 +, Tomas Doran wrote: Attached is a set of patches to add support for $c-req-remote_user, including a basic test. Good stuff, thanks. I've branched 5.80 trunk and applied your Runtime change, and then I've fiddled the 'do we warn' logic to be a bit safer. Have a look and let me know what you think? Yeah, the 'do we warn' logic was a bit hairy. I used caller because the engines would trigger the warning when they call $c-req-user (every request), even with an empty REMOTE_USER environment variable. Is anything in the current test suite triggering the new warning? If so, can you switch it over to be calling -remote_user instead, and can you add a call to read -user which provokes the warning, and test you get the expected warning (see t/deprecated.t r9354 - you could just add the warning test here/to that app which already has its global logger overridden?) There were no tests for $c-req-user. I've committed a test to t/deprecated.t that currently fails due to the problem above (we should only get one warning); please let me know if you have any suggestions. Thanks, -- Daniel Westermann-Clark ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication overrides $c-req-user
On 20 Feb 2009, at 22:57, Daniel Westermann-Clark wrote: On 2009-02-11 21:53:48 +, Tomas Doran wrote: Why not just add a remote_user() method on $c-req instead? It's a little more typing, but is more explicit about where the value comes from and doesn't potentially break any existing apps. Patches on 5.80 welcome :) Attached is a set of patches to add support for $c-req-remote_user, including a basic test. Good stuff, thanks. I've branched 5.80 trunk and applied your Runtime change, and then I've fiddled the 'do we warn' logic to be a bit safer. Have a look and let me know what you think? http://dev.catalystframework.org/repos/Catalyst/Catalyst-Runtime/5.80/ branches/deprecate_req_user/ Test for the new functionality looks fine. There is also a deprecation warning for non-Catalyst packages calling $c-req-user. Is anything in the current test suite triggering the new warning? If so, can you switch it over to be calling -remote_user instead, and can you add a call to read -user which provokes the warning, and test you get the expected warning (see t/deprecated.t r9354 - you could just add the warning test here/to that app which already has its global logger overridden?) I'm not sure about the engine patches, but it seemed like a forward-compatible way to add support now for the new method. They look totally sane to me. Lets get Runtime right and a nod from andyg before applying them however :) Feel free to supply another patch against the branch, or hop on irc and grab a commit bit so you can commit yourself? Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication overrides $c-req-user
On Tue, Feb 10, 2009 at 9:46 PM, Daniel Westermann-Clark d...@pobox.comwrote: Hi, At work we use, among other things, the value of REMOTE_USER in the request environment to authenticate users using our single-sign on system. We access this via $c-req-user, which the various engines set using the data available to them. However, Catalyst::Plugin::Authentication-set_authenticate overrides this value with the blessed user object in addition to setting $c-user. Looking at the commit logs, it looks like this has been true since 2005 but I'm having a hard time finding a reason why. Also, Catalyst::Request lists $c-req-user as deprecated. If it were to be removed, how would one access the value in an engine-agnostic way? I'm not familiar with $c-req-user, but isn't REMOTE_USER a header you can read with $c-req-header('remote_user'), or whatever header name is being passed around? ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication overrides $c-req-user
On 2009-02-11 10:06:42 +0100, Rodrigo wrote: I'm not familiar with $c-req-user, but isn't REMOTE_USER a header you can read with $c-req-header('remote_user'), or whatever header name is being passed around? Some authentication schemes might provide headers containing the username, but REMOTE_USER is different. It's not available as a header. Regardless, is there a reason it should be a string at first and then an object? It's inconsistent and causes a loss of information about the request. If no one is using this behavior, I'd be happy to provide patches to deprecate or remove it. -- Daniel Westermann-Clark ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication overrides $c-req-user
Daniel Westermann-Clark wrote on 02/11/2009 02:53 PM: On 2009-02-11 10:06:42 +0100, Rodrigo wrote: I'm not familiar with $c-req-user, but isn't REMOTE_USER a header you can read with $c-req-header('remote_user'), or whatever header name is being passed around? Some authentication schemes might provide headers containing the username, but REMOTE_USER is different. It's not available as a header. Regardless, is there a reason it should be a string at first and then an object? It's inconsistent and causes a loss of information about the request. If no one is using this behavior, I'd be happy to provide patches to deprecate or remove it. Why not just add a remote_user() method on $c-req instead? It's a little more typing, but is more explicit about where the value comes from and doesn't potentially break any existing apps. -- Peter Karman . pe...@peknet.com . http://peknet.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication overrides $c-req-user
On 11 Feb 2009, at 21:37, Peter Karman wrote: Daniel Westermann-Clark wrote on 02/11/2009 02:53 PM: If no one is using this behavior, I'd be happy to provide patches to deprecate or remove it. Why not just add a remote_user() method on $c-req instead? It's a little more typing, but is more explicit about where the value comes from and doesn't potentially break any existing apps. +1 for remote_user Catalyst::Request's user method has been marked as deprecated in the docs since 2006 please make calling it issue a warning once per- request, so that it can killed outright some time in the future. Patches on 5.80 welcome :) Cheers t0m ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst::Plugin::Authentication - please help test new release.
Hiya There have been some fairly major changes to the way that the authentication backwards compatibility is structured recently. This will affect you if your application is still using a Catalyst::Plugin::Authentication::Store::XXX or a Catalyst::Plugin::Authentication::Credential::XXX plugin. I'm reasonably sure that it's all working as expected, but I want to get as much testing as possible before pushing up a release which will install by default for people to reduce the possibility of it causing issues for anybody. To that end, I've pushed a dev release up to CPAN: http://search.cpan.org/CPAN/authors/id/B/BO/BOBTFISH/Catalyst-Plugin- Authentication-0.10009_01.tar.gz I'm going to perform some smoke testing of the store and credential plugins, but we also need some real testing on people's real applications. Therefore, please please please download and test this dev release with _your_ applications, and let us know if it works as expected in your environment, especially if you're still using an old-style authentication store or credential. Thanks in advance t0m P.S. Apologies if this mail produced a strange feeling of deja vous in you - yes I am doing almost the same thing for both auth and sessions currently! ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst::Authentication::Credential::OpenID update; 2.0 + SREG
http://search.cpan.org/perldoc? Catalyst::Authentication::Credential::OpenID Catalyst::Authentication::Credential::OpenID now supports -- thanks to Martin Atkins -- OpenID 2.0 as well as 1.1. Thanks to a patch from Menno Blom, C::A::C::OpenID also loads Simple Registration (SREG) data when it's present/configured. I am not using this in the wild right now so I'd really appreciate any bug/problem tickets or Pod patches. If there are OpenID extensions other than SREG which anyone is using, please let me know so I can look at them and see if/how they can be supported. -Ashley ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Plugin::Authentication vs Authentiaction
Hello! Trying to use Catalyst::Authentication::Credential::Authen::Simple (::RADIUS, but it does not matter), I've found that I've got two Authentication directories, one is under Plugin. What's worse, Catalyst does not load Catalyst::Authentication::Credential::Authen::Simple automatically, and fails when I put it into use Catalyst qw/ / because it searches only Catalust/Plugin What am I doing wrong? I don't want just put a bunch of symlinks. Catalyst runtime 5.7015 Alex. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication vs Authentiaction
2008/11/10 Alex Povolotsky [EMAIL PROTECTED]: Hello! Trying to use Catalyst::Authentication::Credential::Authen::Simple (::RADIUS, but it does not matter), I've found that I've got two Authentication directories, one is under Plugin. What's worse, Catalyst does not load Catalyst::Authentication::Credential::Authen::Simple automatically, and fails when I put it into use Catalyst qw/ / because it searches only Catalust/Plugin What am I doing wrong? I don't want just put a bunch of symlinks. The fine manual states: If your plugin starts with a name other than Catalyst::Plugin::, you can fully qualify the name by using a unary plus. So you'd do: use Catalyst qw/ Foo # loads C::Plugin::Foo +Catalyst::Authentication::Credential::Authen::Simple # loads the module you wanted /; /joel ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication vs Authentiaction
Joel Bernstein wrote: 2008/11/10 Alex Povolotsky [EMAIL PROTECTED]: Hello! Trying to use Catalyst::Authentication::Credential::Authen::Simple (::RADIUS, but it does not matter), I've found that I've got two Authentication directories, one is under Plugin. What's worse, Catalyst does not load Catalyst::Authentication::Credential::Authen::Simple automatically, and fails when I put it into use Catalyst qw/ / because it searches only Catalust/Plugin What am I doing wrong? I don't want just put a bunch of symlinks. The fine manual states: If your plugin starts with a name other than Catalyst::Plugin::, you can fully qualify the name by using a unary plus. So you'd do: use Catalyst qw/ Foo # loads C::Plugin::Foo +Catalyst::Authentication::Credential::Authen::Simple # loads the module you wanted /; That's not enough. Apparently, Plugin::Authentication is different from Authentication, and slightly not compartible. Alex. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication vs Authentiaction
2008/11/10 Alex Povolotsky [EMAIL PROTECTED]: Joel Bernstein wrote: The fine manual states: If your plugin starts with a name other than Catalyst::Plugin::, you can fully qualify the name by using a unary plus. So you'd do: use Catalyst qw/ Foo # loads C::Plugin::Foo +Catalyst::Authentication::Credential::Authen::Simple # loads the module you wanted /; That's not enough. Apparently, Plugin::Authentication is different from Authentication, and slightly not compartible. Er... what? That's nothing to do with what you asked. Why are you loading Plugin::Authentication if you don't want to use it? I answered your question of how do I load C::Authentication::Blah via use Catalyst qw();. If you'd like a different answer, ask a different question. /joel ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication vs Authentiaction
2008/11/10 Joel Bernstein [EMAIL PROTECTED]: 2008/11/10 Alex Povolotsky [EMAIL PROTECTED]: Joel Bernstein wrote: The fine manual states: If your plugin starts with a name other than Catalyst::Plugin::, you can fully qualify the name by using a unary plus. So you'd do: use Catalyst qw/ Foo # loads C::Plugin::Foo +Catalyst::Authentication::Credential::Authen::Simple # loads the module you wanted /; That's not enough. Apparently, Plugin::Authentication is different from Authentication, and slightly not compartible. Er... what? That's nothing to do with what you asked. Why are you loading Plugin::Authentication if you don't want to use it? I answered your question of how do I load C::Authentication::Blah via use Catalyst qw();. If you'd like a different answer, ask a different question. So, strictly speaking, my answer to your question of how do I load a plugin not called C::Plugin::Blah was accurate. In fact, interms of how to load the auth backends, it's completely false. And I do understand your question now. The answer is, Catalyst::Authentication::Credential::Authen::Simple is not a plugin. So you don't load it like a Plugin since you *don't* want MyApp-isa(Catalyst::Authentication::Credential::Authen::Simple) to be true. What you do is, load C::Plugin::Authentication, and then in your application config you have a section for Plugin::Authentication which tells it, among other things, which backends for its various modular features to load. See TFM for C::Plugin::Authentication and the Cookbook. HTH, and sorry for the confusion earlier. /joel ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication vs Authentiaction
Joel Bernstein wrote: 2008/11/10 Alex Povolotsky [EMAIL PROTECTED]: Joel Bernstein wrote: The fine manual states: If your plugin starts with a name other than Catalyst::Plugin::, you can fully qualify the name by using a unary plus. So you'd do: use Catalyst qw/ Foo # loads C::Plugin::Foo +Catalyst::Authentication::Credential::Authen::Simple # loads the module you wanted /; That's not enough. Apparently, Plugin::Authentication is different from Authentication, and slightly not compartible. Er... what? That's nothing to do with what you asked. Why are you loading Plugin::Authentication if you don't want to use it? I answered your question of how do I load C::Authentication::Blah via use Catalyst qw();. If you'd like a different answer, ask a different question. Reasking. I did not want just load plugin for fun. I wanted to use two authentication realms, one with Credential::Password and Store::DBIx::Class, the other with Credential::Authen::Simple and Store::Null However, since I have (don't know why exactly) both Catalyst::Authentication and Catalyst::Plugin::Authentication, I seems to have problems setting all of those to work together. Alex. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication vs Authentiaction
Alex Povolotsky escribió: Hello! Trying to use Catalyst::Authentication::Credential::Authen::Simple (::RADIUS, but it does not matter), I've found that I've got two diAuthentication rectories, one is under Plugin. What's worse, Catalyst does not load Catalyst::Authentication::Credential::Authen::Simple automatically, and fails when I put it into use Catalyst qw/ / because it searches only Catalust/Plugin What happens when you run Catalyst::Authentication::Credential::Authen::Simple tests on your setup? In the tests should be a mini app that authenticates with C::A::C::Authen::Simple (see the t/lib/AuthTestApp2 and AuthTestApp3). See the code if you're having problems. Also, in examples dir there is an example application. Are you on the latest version of Catalyst::Plugin::Authentication? I think your problems are because the Authentication plugin components where moved to a new namespace (without Plugin in the middle). Note: Patches welcome ;) Jose Luis Martinez [EMAIL PROTECTED] ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication vs Authentiaction
On Nov 10, 2008, at 8:46 AM, Alex Povolotsky wrote: That's not enough. Apparently, Plugin::Authentication is different from Authentication, and slightly not compartible. Alex, The Authentication modules underwent a significant overhaul a while back. In the old scheme, there were many authentication plugins. In the new scheme, the only plugin is Catalyst::Plugin::Authentication There are a few Catalyst::Plugin::Authentication modules that provide some backwards compatibility but I believe that at this point, Catalyst::Plugin::Authentication::* is deprecated, and the older Plugins likely won't work with the new scheme. So if you have the choice between Catalyst::Authentication::something and Catalyst::Plugin::Authentication::something, use the former and not the later. In the new scheme, the storage and credential modules are brought in through the configuration of Catalyst::Plugin::Authentication - take a look at its documentation to see how this is done. They don't appear in the plugin list at all, only Catalyst::Plugin::Authentication does Catalyst::Plugin::Authentication's documentation gives a good overview of how to use it and what to pay attention to and what to ignore: http://search.cpan.org/dist/Catalyst-Plugin-Authentication/lib/Catalyst/Plugin/Authentication.pm There's no reason that Catalyst would load Catalyst::Authentication::Credential::Authen::Simple automatically - only some users need it - and putting it in the plugin list won't help because it's not a plugin. Its documentation shows how to configure Catalyst::Plugin::Authentication to use it http://search.cpan.org/dist/Catalyst-Authentication-Credential-Authen-Simple/lib/Catalyst/Authentication/Credential/Authen/Simple.pm - john romkey http://dot.romkey.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication vs Authentiaction
John Romkey wrote: On Nov 10, 2008, at 8:46 AM, Alex Povolotsky wrote: That's not enough. Apparently, Plugin::Authentication is different from Authentication, and slightly not compartible. Alex, The Authentication modules underwent a significant overhaul a while back. In the old scheme, there were many authentication plugins. In the new scheme, the only plugin is Catalyst::Plugin::Authentication Thanks everyone. It was, of course, my fault. I've used login instead of username in attempt to authenticate. Alex. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Plugin::Authentication vs Authentiaction
John Romkey wrote: On Nov 10, 2008, at 8:46 AM, Alex Povolotsky wrote: That's not enough. Apparently, Plugin::Authentication is different from Authentication, and slightly not compartible. Alex, The Authentication modules underwent a significant overhaul a while back. In the old scheme, there were many authentication plugins. In the new scheme, the only plugin is Catalyst::Plugin::Authentication There are a few Catalyst::Plugin::Authentication modules that provide some backwards compatibility but I believe that at this point, Catalyst::Plugin::Authentication::* is deprecated, and the older Plugins likely won't work with the new scheme. So if you have the choice between Catalyst::Authentication::something and Catalyst::Plugin::Authentication::something, use the former and not the later. In the new scheme, the storage and credential modules are brought in through the configuration of Catalyst::Plugin::Authentication - take a look at its documentation to see how this is done. They don't appear in the plugin list at all, only Catalyst::Plugin::Authentication does Thanks a lot, things become much less clear. Now, after some cleaning up of configs, everything gets loaded fine; however, [debug] Unable to locate user matching user info provided while realm has store of Null, and find_user has no ability to fail. I'm trying to understand this. Alex. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: LDAP store patches (Was: Re: [Catalyst] mix authentication stores)
Tomas Doran wrote on 9/30/08 9:27 PM: On 1 Oct 2008, at 03:11, Peter Karman wrote: Tomas Doran wrote on 9/30/08 8:24 PM: so if anyone reading could poke the Store::LDAP maintainer and get them to join the thread (and respond to my patches!), that'd be awesome... that'd be me. Hi! I've seen the tickets; haven't yet read the patches, but in general the feature ideas look sane. If someone else has time to look at the patches, I likely won't get to it for a few more days. No huge rush, I'm just totally spoilt by the Moose community where you end up finding a bug, writing a test case, and then finding it's been fixed in trunk already. As long as you're around and alive, have seen my patches 'in theory' and will get to them at some point then I'm more than happy to await your leisure.. and finally, time made itself available. committed to cat svn as r8570 and uploaded just now to pause as 0.1004. Thanks for the patches. -- Peter Karman . http://peknet.com/ . [EMAIL PROTECTED] ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] mix authentication stores
Matt S Trout escribió: Catalyst::Authentication::Credential::Authen::Simple should do the trick. http://search.cpan.org/~jlmartin/Catalyst-Authentication-Credential-Authen-Simple-0.02/lib/Catalyst/Authentication/Credential/Authen/Simple.pm becasue Authen::Simple does support LDAP. Fucking awesome. Thanks. :) This needs to be more widely publicised, do you think you could do doc patches fr C::P::Authentication and a wiki write up? :) I'll try to get some time to do it... Jose Luis Martinez [EMAIL PROTECTED] ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] mix authentication stores
Tomas Doran escribió: Unfortunately, there is no such thing as an LDAP credential module on CPAN at the moment. Catalyst::Authentication::Credential::Authen::Simple should do the trick. http://search.cpan.org/~jlmartin/Catalyst-Authentication-Credential-Authen-Simple-0.02/lib/Catalyst/Authentication/Credential/Authen/Simple.pm becasue Authen::Simple does support LDAP. Regards, Jose Luis Martinez [EMAIL PROTECTED] ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] mix authentication stores
Hi, is it possible to use ldap to authenticate and dbic (a database) to handle the user role relation ? So that it works like it resides all in one storage backend. If yes how do I configure that in the $application.conf ? Stephan ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] mix authentication stores
Not directly... it's not even possible in DBIC to have relationships between different databases, which is essentially what you're talking about doing. You can accomplish the same thing client-side if you write your own user store module(s), which is not fundamentally difficult. I have done a similar thing for our Cat application; we authenticate via Unix accounts (/etc/passwd), or DBIC, or LDAP or (insert other yet-to-exist authentication methods). The user roles are all defined in the database. The user store documentation available on CPAN describes how to write modules such that they will interface with Catalyst properly, and it's not very difficult. I did my first one in half a day, having practically zero experience with catalyst internals at the time. (I have since rewritten it a time or two, and each iteration is better and cleaner, as you would expect). -- Jonathan Stephan Jennewein wrote: Hi, is it possible to use ldap to authenticate and dbic (a database) to handle the user role relation ? So that it works like it resides all in one storage backend. If yes how do I configure that in the $application.conf ? Stephan ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ -- Inbound and outbound email scanned for spam and viruses by the DoubleCheck Email Manager: http://www.doublecheckemail.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] mix authentication stores
On Tue, Sep 30, 2008 at 08:58:04PM +0200, Stephan Jennewein wrote: Hi, is it possible to use ldap to authenticate and dbic (a database) to handle the user role relation ? So that it works like it resides all in one storage backend. If yes how do I configure that in the $application.conf ? LDAP credential. DBIx::Class store. See authentication docs for how to configure each. -- Matt S Trout Need help with your Catalyst or DBIx::Class project? Technical Directorhttp://www.shadowcat.co.uk/catalyst/ Shadowcat Systems Ltd. Want a managed development or deployment platform? http://chainsawblues.vox.com/http://www.shadowcat.co.uk/servers/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/