On 14/05/12 17:34 Tomas Doran wrote:
>
> On 14 May 2012, at 16:37, Robert Rothenberg wrote:
>>
>> Any idea's what's happening?
>
> No, as we have no idea what code is executing, or how that code has been
> configured.
>
> Need debug logs from the app and details about your auth config to even
> start guessing, sorry!
Thankls. Details below.
The __PACKAGE__->config()'s authentication section includes as a realm:
authentication => {
default_realm => 'users',
realms=> {
openid => {
credential => {
class => 'OpenID',
},
ua_class => "LWPx::ParanoidAgent",
ua_args => {
whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
},
},
users => {
# [Snip!]
}
The users authentication works, BTW. I am trying to add an option for
OpenID. The Login controller's index method has the code:
my $username = lc($c->request->params->{username} // q{});
my $password = $c->request->params->{password}// q{};
my $openid_url = $c->req->params->{openid_identifier} // q{};
if ($openid_url ne q{}) {
try {
if ($c->authenticate({ openid_identifier => $openid_url },
'openid')) {
$log->debug("URL = " . $c->user->url);
# TODO if this works, fetch the user w/ $c->user->url?
} else {
$log->warn("Failed login '${openid_url}'");
$c->response->status(HTTP_UNAUTHORIZED);
$c->stash(
error_msg => $c->loc("Bad OpenID login"),
);
}
} catch {
$log->error("Login failure - ${ARG}");
$c->stash(
error_msg => $c->loc("Login failure."),
);
};
}
elsif (($username ne q{}) && ($password ne q{})) {
if ($c->authenticate({ username => $username,
password => $password,
deleted => 0} )) {
# [snip!]
}
}
FWIW, I tried moving the code to a login method in the Root controller, out
of cargo-cultish insecurity. Same problem.
Debug logs (with specific details omitted for security, replaced with
"[snip!]"):
[info] MyApp powered by Catalyst 5.90011
HTTP::Server::PSGI: Accepting connections at http://0:3000/
[info] *** Request 1 (0.007/s) [24751] [Mon May 14 17:49:18 2012] ***
[debug] Path is "login"
[debug] "POST" request for "login" from "127.0.0.1"
[debug] Body Parameters are:
.--+--.
| Parameter| Value|
+--+--+
| openid_identifier| https://www.google.com/accounts/o8/- |
| | id |
| password | |
| submit | Login|
| username | |
'--+--'
[error] Login failure - catalyst_detach
[debug] Redirecting to
"https://www.google.com/accounts/o8/ud?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.return_to=http%3A%2F%2Flocalhost%3A3000%2Flogin%3Fopenid-check%3D1%26oic.time%3D1337014159-f5836e98720e6c263f84&openid.claimed_id=[snip!]
[debug] Response Code: 302; Content-Type: text/html; charset=utf-8;
Content-Length: 725
[info] Request took 0.284954s (3.509/s)
.+---.
| Action | Time |
++---+
| /auto | 0.000248s |
| /login/index | 0.276124s |
| /end | 0.000382s |
'+---'
[info] *** Request 2 (0.014/s) [24751] [Mon May 14 17:49:19 2012] ***
[debug] Path is "login"
[debug] "GET" request for "login" from "127.0.0.1"
[debug] Query Parameters are:
.--+--.
| Parameter| Value|
+--+--+
| oic.time | 1337014159-f5836e98720e6c263f84 |
| openid-check | 1|
| openid.assoc_handle | AMlYA9Um_a-[snip!]- |
| | pyPPsyVmYE88zfk2YyrwH|
| openid
