package Catalyst::Plugin::Authentication::Credential::Password; use strict; use warnings; use Catalyst::Authentication::Credential::Password (); ## BACKWARDS COMPATIBILITY - all subs below here are deprecated ## They are here for compatibility with older modules that use / inherit from C::P::A::Password ## login()'s existance relies rather heavily on the fact that only Credential::Password ## is being used as a credential. This may not be the case. This is only here ## for backward compatibility. It will go away in a future version ## login should not be used in new applications. sub login { my ( $c, $user, $password, @rest ) = @_; unless ( defined($user) or $user = $c->request->param("login") || $c->request->param("user") || $c->request->param("username") ) { $c->log->debug( "Can't login a user without a user object or user ID param") if $c->debug; return; } unless ( defined($password) or $password = $c->request->param("password") || $c->request->param("passwd") || $c->request->param("pass") ) { $c->log->debug("Can't login a user without a password") if $c->debug; return; } unless ( Scalar::Util::blessed($user) and $user->isa("Catalyst::Authentication::User") ) { if ( my $user_obj = $c->get_user( $user, $password, @rest ) ) { $user = $user_obj; } else { $c->log->debug("User '$user' doesn't exist in the default store") if $c->debug; return; } } if ( $c->_check_password( $user, $password ) ) { $c->set_authenticated($user); $c->log->debug("Successfully authenticated user '$user'.") if $c->debug; return 1; } else { $c->log->debug( "Failed to authenticate user '$user'. Reason: 'Incorrect password'") if $c->debug; return; } } ## also deprecated. Here for compatibility with older credentials which do not inherit from C::P::A::Password sub _check_password { my ( $c, $user, $password ) = @_; if ( $user->supports(qw/password clear/) ) { return $user->password eq $password; } elsif ( $user->supports(qw/password crypted/) ) { my $crypted = $user->crypted_password; return $crypted eq crypt( $password, $crypted ); } elsif ( $user->supports(qw/password hashed/) ) { my $d = Digest->new( $user->hash_algorithm ); $d->add( $user->password_pre_salt || '' ); $d->add($password); $d->add( $user->password_post_salt || '' ); my $stored = $user->hashed_password; my $computed = $d->clone()->digest; my $b64computed = $d->clone()->b64digest; return ( ( $computed eq $stored ) || ( unpack( "H*", $computed ) eq $stored ) || ( $b64computed eq $stored) || ( $b64computed.'=' eq $stored) ); } elsif ( $user->supports(qw/password salted_hash/) ) { require Crypt::SaltedHash; my $salt_len = $user->can("password_salt_len") ? $user->password_salt_len : 0; return Crypt::SaltedHash->validate( $user->hashed_password, $password, $salt_len ); } elsif ( $user->supports(qw/password self_check/) ) { # while somewhat silly, this is to prevent code duplication return $user->check_password($password); } else { Catalyst::Exception->throw( "The user object $user does not support any " . "known password authentication mechanism." ); } } __PACKAGE__; __END__ =pod =head1 NAME Catalyst::Plugin::Authentication::Credential::Password - Compatibility shim =head1 DESCRIPTION THIS IS A COMPATIBILITY SHIM. It allows old configurations of Catalyst Authentication to work without code changes. B Please see L for more information. =head1 METHODS =head2 login( ) =cut