Re: [Catalyst] Extending C::Plugin::Authentication::Store::DBIC for additional constraints

2007-03-26 Thread Ashvin Kumar 

Doran L. Barton wrote:


Not long ago, Fernan Aguero proclaimed...
 


Certainly not what you were asking (subclassing
store::dbic), but  ...


sub login : Local {
   my ( $self, $c ) = @_; 

   my $username = $c->req->params->{username} || ""; 
   my $password = $c->req->params->{password} || ""; 


   my $model = $c->model('Users');

   if ( $username && $password ) {

 # attempt to login
 if ( $c->login( $username, $password ) ) {

   # now we check site_id
   $ok = $model->search(
 { username => $username,
   password => $password,
   site_id  => $site_id } )->count();
 
   $c->logout unless $ok > 0;


 }
   



This is an interesting strategy. The only thing I question is the
$c->login() call because the username field is not unique (there could be
more than one 'johndoe' in the table).

After I posted my original question, I started wondering about
concatenating the username and site_id together. I have a feeling this
won't fly well inside DBIx::Class, but in theory if I declare the user
field to be "username || '#' || site_id" and call the login() using
$username . '#' . $c->stash->{'site_id'}, the resulting SELECT in sql would
find the unique row. Of course, that all falls apart in the ORM, most
likely. 
 

We had a similar requirement, and came to a slightly different solution 
than proposed by Fernan. Instead of authenticating on username/password, 
we authenticated based on user_id/password where user_id is the primary 
key and guaranteed to be unique.


In the login subroutine, we pulled the user object based on the username 
param and the site_id, and then called $c->login with the user object's 
id and the password param. In code-speak:


In our setup:

__PACKAGE__->config->{ authentication }{ dbic } = {
   user_class=> 'MyModel::users'
   user_field => 'id',# guaranteed to be unique
   password_field => 'password',
};

Our login function:

sub login : Local {
   my ( $self, $c ) = @_;

   my $username = $c->req->params->{ username } || '';
   my $password = $c->req->params->{ password } || '';
   my $site_id  = $c->req->params->{ site_id };

   if ( $username && $password ) {
   my $user_obj = $c->model( 'MyModel::users' )->search(
   {
   username => $username,
   site_id  => $site_id,
   }
   )->first;

   if ( $user_obj && $c->login( $user_obj->id, $password ) ) {
   # user's logged in...  
   }

   }
}

This process takes an extra query since the authentication class does 
it's own query as well, but it solves the problem. I hope that helps.


Ashvin

___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

[Catalyst] Re: Session Problem with IE

2007-03-26 Thread Fayland Lam 
wp wrote:
> hello everyone, i'm new from china, i must say this mail-list helped me
> a lot.
> 
> I have a problem in using Session in catalyst;
> 
> I use plugins as follows:
> Session
> Session::Store::FastMmap
> Session::State::Cookie
> 
> This problem happens when i call "delete_session" method in
> "logout"(this is my own action).
> 
> When I test with firefox, there is no problem.
> 
> but when i test the website in IE, after "logout", session is deleted on
> the server side, but the cookie on the client is still exist. So I can
> not login again.


well, in Session::State::Cookie, I see something like set the expires as
0 (means it will expire after browser closed).
maybe I should suggest to change the sessionid as '' instead of set
expire as 0?

Regards,


> 
> How can I expire the cookie on the IE client? Is the delete_session
> method right?
> 
> ___
> List: Catalyst@lists.rawmode.org
> Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/
> 


___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: Session Problem with IE

2007-03-26 Thread Octavian Rasnita 

From: "Fayland Lam" <[EMAIL PROTECTED]>


wp wrote:

hello everyone, i'm new from china, i must say this mail-list helped me
a lot.

I have a problem in using Session in catalyst;

I use plugins as follows:
Session
Session::Store::FastMmap
Session::State::Cookie

This problem happens when i call "delete_session" method in
"logout"(this is my own action).

When I test with firefox, there is no problem.

but when i test the website in IE, after "logout", session is deleted on
the server side, but the cookie on the client is still exist. So I can
not login again.



well, in Session::State::Cookie, I see something like set the expires as
0 (means it will expire after browser closed).
maybe I should suggest to change the sessionid as '' instead of set
expire as 0?



Yes, it would be better.
I also have a similar issue.

I have set the expire time of the cookie to 0 and the expire time of the 
session to 2 hours.
After those 2 hours expire, when the user accesses the site, the session is 
expired and it prompts the user for a username and password.


This is OK, but if the user tries to login in that moment, he cannot do it, 
no matter how many times he tries.

For beeing able to login, he must first delete the IE cookies.

I have verified, and after the session is deleted, the cookie is still sent 
by the server application, however, cookie_expires => 0 has a different 
effect. It doesn't send a cookie without an expiration date (a session 
cookie) but it sends a cookie with the current date and time as an 
expiration date.


If the time set on the server is the same as the time set on the client 
computer, there is no issue, because that cookie will not be sent by the 
browser to the server (it is already expired), but if the time on the server 
is ahead with a few minutes, that cookie is stored by the browser on the 
client's hard disk, and it is sent to the server if the user tries to login 
in those minutes.


I don't know what happen on the server, but it doesn't work right. I think 
that the application should see that the session with the id specified by 
the cookie has expired, and it should let the user in if the login went 
successfully.
However, the user cannot login, and it needs to wait until that cookie 
expires, or go and delete all the browser cookies manually before logging in 
again.


It should be very good if this bug could be solved, and if more details or 
tests are needed, I could help.


Octavian


___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

[Catalyst] Re: C::C::FB and captchas or similar

2007-03-26 Thread A. Pagaltzis 
Hi Octavian,

* Octavian Rasnita <[EMAIL PROTECTED]> [2007-03-19 18:40]:
> The most important things that come to my mind, are the
> following:

that’s a bloody excellent list! It really deserves to end up
somewhere more easily found than the web archive of a mailing
list.

If you don’t have a good place to publish it (or don’t want to do
so), would you mind me doing some editorial cleanup and posting
it (with prominent attribution, including a link or whatever
you’d like to supply, if so) on my weblog?

Regards,
-- 
Aristotle Pagaltzis // 

___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Problem with POST from IE and Catalyst::Engine::HTTP

2007-03-26 Thread Wade . Stuart 






apv <[EMAIL PROTECTED]> wrote on 03/23/2007 09:06:00 PM:

> On Mar 23, 2007, at 6:41 PM, Andy Grundman wrote:
> > On Mar 23, 2007, at 6:27 PM, Ashley Pond V wrote:
> >> Oh, to add confusion upon confusion. It works fine across my
> >> Airport. Safari won't load it on the computer which is running the
> >> server, but Safari on the computer in the other room has no
> >> trouble at all with the test server at the exact same URI.
> >
> > And what if you manually use http://localhost:3000 or http://
> > 1.2.3.4:3000 where 1.2.3.4 is your IP address?
>
> Nice. You solved it after all. http://localhost:3000/ works fine on
> the box running the script.

Looks like may have been running into the os x firewall,   it defends the
external IP but does not block on loopback (127.0.0.1/localhost) and
hostname.local resolves to the current interface ip.



___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Slight return: error using session and authn plug-ins under apache

2007-03-26 Thread Yuval Kogman 
Upgrade Tie::RefHash::Weak for thread supportg

On Sun, Mar 25, 2007 at 19:09:27 -0700, apv wrote:
> I found this somewhat unresolved thread -- 
> http://lists.rawmode.org/pipermail/catalyst/2006-July/008854.html -- when 
> having the same problem, approximately, after updating my OS X today.
> 
> Turned out, for me, to be the Storable install got itself or its libraries 
> confused/remapped. I was able to fix it with reinstalling Storable *and* 
> DBIx::Class::Serialize::Storable. Both cases I did a "force 
> install" at the cpan prompt b/c they were up to date, just linked in, I 
> think, the wrong lib.
> 
> Related error string for searches:
>   Caught exception in engine "Can't store CODE items at…
> 
> 
> –Ashley
> --
> http://ashleypond.com/v/ · http://sedition.com/ · http://querylog.com/
> 
> 
> 
> 
> ___
> List: Catalyst@lists.rawmode.org
> Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/

-- 
  Yuval Kogman <[EMAIL PROTECTED]>
http://nothingmuch.woobling.org  0xEBD27418


___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: C::C::FB and captchas or similar

2007-03-26 Thread Octavian Rasnita 
Yes you can do it. And also thanks for cleaning a little the text, because 
my english is not excelent.

No need to put a link to a web page.

Octavian

- Original Message - 
From: "A. Pagaltzis" <[EMAIL PROTECTED]>

To: "The elegant MVC web framework" 
Sent: Monday, March 26, 2007 5:45 PM
Subject: [Catalyst] Re: C::C::FB and captchas or similar



Hi Octavian,

* Octavian Rasnita <[EMAIL PROTECTED]> [2007-03-19 18:40]:

The most important things that come to my mind, are the
following:


that’s a bloody excellent list! It really deserves to end up
somewhere more easily found than the web archive of a mailing
list.

If you don’t have a good place to publish it (or don’t want to do
so), would you mind me doing some editorial cleanup and posting
it (with prominent attribution, including a link or whatever
you’d like to supply, if so) on my weblog?

Regards,
--
Aristotle Pagaltzis // 

___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: 
http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/ 



___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/

[Catalyst] Insecure dependency while running a cat app under Apache2

2007-03-26 Thread Jonas Alves 

Hi,
When I try to run my catalyst app under Apache2 I get this error message:

[error] Caught exception in MyApp::Controller::Login->form "Insecure
dependency in eval while running setgid at
/usr/local/share/perl/5.8.7/CGI/FormBuilder/Field.pm line 412."

It runs ok in the development server. Is Apache trying to run my app in
taint mode? Why?
Here is my Apache configuration:


   ServerName  myapp.dev
   DocumentRoot /servers/sites/myapp/root
   
   use lib '/servers/sites/myapp/lib';
   use MyApp;
   
   
   SetHandler modperl
   PerlResponseHandler MyApp
   
   
   SetHandler default-handler
   


Hope someone can welp me with this...

Thanks
--
Jonas
___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/