Re: [Catalyst] Authentication for web services (slightly off topic)
Thanks to Andrew Page for this suggestion. By running the Catalyst server and using wget to get the page the Controller recognises the username and password wget --http-user=sage --http-password=s3cr3t http://linux:8001/svc/status output Authorization [sage][s3cr3t] If I run the Catalyst server and then run my test as follows. CATALYST_SERVER=http://linux:8001 make test Then the output is Authorization [][] So, it appears that the problem is with my test script not passing the credentials to the Catalyst App. I will carry on working on this but any other suggestions are welcome. Regards Ian Ian Docherty wrote: Now this should work, but I can't make it do so. I can't read the authorization username/password In my test I have -- use strict; use warnings; use lib 't/lib'; use Test::More tests = 1; my $mech = WWW::Test::Mechanize-new; $mech-credentials('admin','s3cr3t'); $mech-get_ok(http://localhost/svc/status;); ok ($mech, 'Can mechanize'); 1; -- In my controller I have -- sub auto : Private { my ($self, $c) = @_; my ($username, $password) = $c-req-headers-authorization_basic; print STDERR Authorization [$username][$password]\n; } -- Which gives the output -- [Wed Jan 23 22:29:13 2008] 01_test.t: Use of uninitialized value in concatenation (.) or string at /var/.../Controller/Svc.pm line 44. [Wed Jan 23 22:29:13 2008] 01_test.t: Use of uninitialized value in concatenation (.) or string at /var/.../Controller/Svc.pm line 44. Authorization [][] -- In other words I can't seem to get access to the username password Regards Ian ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Authentication for web services (slightly off topic)
Ian Docherty wrote: Now this should work, but I can't make it do so. I can't read the authorization username/password In my test I have -- use strict; use warnings; use lib 't/lib'; use Test::More tests = 1; my $mech = WWW::Test::Mechanize-new; $mech-credentials('admin','s3cr3t'); $mech-get_ok(http://localhost/svc/status;); ok ($mech, 'Can mechanize'); 1; -- In my controller I have -- sub auto : Private { my ($self, $c) = @_; my ($username, $password) = $c-req-headers-authorization_basic; print STDERR Authorization [$username][$password]\n; } -- Which gives the output -- [Wed Jan 23 22:29:13 2008] 01_test.t: Use of uninitialized value in concatenation (.) or string at /var/.../Controller/Svc.pm line 44. [Wed Jan 23 22:29:13 2008] 01_test.t: Use of uninitialized value in concatenation (.) or string at /var/.../Controller/Svc.pm line 44. Authorization [][] -- In other words I can't seem to get access to the username password Regards Ian ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Authentication for web services (slightly off topic)
Problem solved with an upgrade to Test::WWW::Mechanize::Catalyst 0.41 and Test::WWW::Mechanize 1.18 Ian Docherty wrote: Now this should work, but I can't make it do so. I can't read the authorization username/password In my test I have -- use strict; use warnings; use lib 't/lib'; use Test::More tests = 1; my $mech = WWW::Test::Mechanize-new; $mech-credentials('admin','s3cr3t'); $mech-get_ok(http://localhost/svc/status;); ok ($mech, 'Can mechanize'); 1; -- In my controller I have -- sub auto : Private { my ($self, $c) = @_; my ($username, $password) = $c-req-headers-authorization_basic; print STDERR Authorization [$username][$password]\n; } -- Which gives the output -- [Wed Jan 23 22:29:13 2008] 01_test.t: Use of uninitialized value in concatenation (.) or string at /var/.../Controller/Svc.pm line 44. [Wed Jan 23 22:29:13 2008] 01_test.t: Use of uninitialized value in concatenation (.) or string at /var/.../Controller/Svc.pm line 44. Authorization [][] -- In other words I can't seem to get access to the username password Regards Ian ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: white-labelling [Catalyst]
Interesting term, 'white labelling'; where do you get it from. It's a fairly standard term for the process. One origin I've come across is it comes from manufacturers selling products with plain white labels to supermarkets, who would then brand them as own-brand products. However these days it applies in all industries where such practices are common, for example white-label credit cards are common. Good web examples would be LOVEFiLM ( www.lovefilm.com ) providing a DVD rental service under several other brands :- http://www.tescodvdrental.com/ http://dvd.easycinema.com/ http://www.odeondirect.com/ A client wants something similar so I am interested in the issue. The sites will have some differences such as CSS but access the same application. If you can get it just down to CSS changes, you could probably just put a conditional in where you load the CSS files (testing the hostname used to access the site). It's likely that sooner or later though you're going to need actual template changes, in which case you could just use an alternate view in Catalyst pointing to a separate set of templates. You probably want to experiment a little as it depends where you want the balance between separate and common stuff. Too much common stuff and it gets harder to customise the look and feel for a client to what they'd like. Too much separation means more maintenance work when improving your application. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] warning
Octavian Rasnita ha scritto: From: [EMAIL PROTECTED] Try setting the cookie to a more reasonable second count (1 day) and see if that resolves your issue. All of the browsers handle extended cookies a bit differently and while one setting may work on IE, the smae may cause a nocookie on firefox. I really believe your problem is one of cookie expiration (or content length) and not one where you have to mess around setting the domain again (that problem is solved for you -- stop looking for zebras). But if I do that and a client will close the browser without logging off, somebody else could open the browser and the app will recognize him as the owner of the account, so it could be a big security issue. That's why I need to have cookies which are not saved and used after the browser was closed. Can I set the expiry date and avoid that security risk? Thank you. Octavian ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ I'm not 100% sure, but probably you could achieve that by setting the expiry date in the past. HTH -- Marcello Romani Responsabile IT Ottotecnica s.r.l. http://www.ottotecnica.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst article on the next Gentoo Newsletter
Hello! I'm planning an article which will likely appear in the next Gentoo Newsletter. It will mainly cover the Catalyst, DBIx::Class and related Gentoo ebuilds. However, if somebody thinks there's something (else) I should cover, please let me know. Thanks you, Michele. -- Michele Beltrame http://www.cattlegrid.info/ ICQ 76660101 - MSN [EMAIL PROTECTED] ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Automated testing of Captcha?
Hi! He wanted to get $c-captcha_string from *outside* of the Catalyst app. You don't have $c there. Also, he never said he was using Catalyst::Plugin::Captcha. Well, if he's completely outside the App, then this is likely not possible at all (if the CAPTCHA is well crafted). Isn't no-access-to-non-humans the whole point of the CAPTHA? Michele. -- Michele Beltrame http://www.cattlegrid.info/ ICQ 76660101 - MSN [EMAIL PROTECTED] ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] warning
From: Marcello Romani [EMAIL PROTECTED] But if I do that and a client will close the browser without logging off, somebody else could open the browser and the app will recognize him as the owner of the account, so it could be a big security issue. That's why I need to have cookies which are not saved and used after the browser was closed. Can I set the expiry date and avoid that security risk? Thank you. I'm not 100% sure, but probably you could achieve that by setting the expiry date in the past. HTH Thanks for the idea. I will try it, although I think it might invalidate the cookie. Octavian ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] installing Catalyst::Plugin::Authentication::Store::LDAP
Hi, I tried to install Catalyst::Plugin::Authentication::Store::LDAP but it fails during t/01-pre_realms_api.t test. The message is: IO::Socket::INET: connect: timeout at t\01-pre_realms_api.t line 23. Both on Solaris10 and windows. Do I miss something? I noticed it fails also with CPAN Testers. -- Radek ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Accessing $schema in Model glue class
Like many, I have a MyApp::Model::Schema class that uses Catalyst::Model::DBIC::Schema as glue between my Catalyst app and my DBIx::Class model. AFAICT, MyApp::Model::Schema class would be a good place to issue a $schema-default_resultset_attributes( { cache_object ... } ) call which is needed by DBIx::Class::Cursor::Cached. Is there an easy way to access $schema from within MyApp::Model::Schema? I suppose $c is not available when MyApp::Model::Schema is set up, is it? I'm using Catalyst::Plugin::Cache::Memcached which already provides a cache() method that would be perfect to set as cache_object ... So what I basically want to do is add something like this to MyApp::Model::Schema $schema-default_resultset_attributes( { cache_object = $c-cache } ); Any ideas? --Tobias ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Hair-pulling over YAML config
Carl Vincent [EMAIL PROTECTED] writes: Hi everyone, I've just spent an inordinate amount of time debugging a problem which was actually caused by my Yaml config file not parsing properly. Catalyst isn't helping much - all it does is skip out the line of debug that says [debug] Loaded Config ... and that's easy to overlook. I discovered that when the file is loaded in Config::Any, if there's an error with the parsing it just skips it and doesn't bother to alert anyone. Is there a smart way to test for your config file failing to parse? I tend to add a unit test for this (using Test::YAML::Valid). Here's one from Angerwhale: use strict; use warnings; use Test::More tests = 2; use Test::YAML::Valid; ok(-e 'angerwhale.yml'); yaml_file_ok('angerwhale.yml','angerwhale.yml validates'); Regards, Jonathan Rockway ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Hair-pulling over YAML config
I'm not really sure why this thread was resurrected from almost a year ago... but... Carl Vincent [EMAIL PROTECTED] writes: I've just spent an inordinate amount of time debugging a problem which was actually caused by my Yaml config file not parsing properly. Catalyst isn't helping much - all it does is skip out the line of debug that says [debug] Loaded Config ... and that's easy to overlook. I discovered that when the file is loaded in Config::Any, if there's an error with the parsing it just skips it and doesn't bother to alert anyone. FYI, Config::Any 0.10 will now die on bogus config files. [EMAIL PROTECTED]:~$ perl -MConfig::Any -e 'Config::Any-load_files( { files = [shift], use_ext = 1 } );' t.yml Error parsing file: t.yml at -e line 1 -Brian ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Accessing $schema in Model glue class
Quoting Tobias Kremer [EMAIL PROTECTED]: AFAICT, MyApp::Model::Schema class would be a good place to issue a $schema-default_resultset_attributes( { cache_object ... } ) call which is needed by DBIx::Class::Cursor::Cached. Is there an easy way to access $schema from within MyApp::Model::Schema? Realizing that MyApp::Model::Schema is already just a subclass of C::M::DBIC::Schema (doh!) I came up with the following solution that just overrides new(): sub new { my $self = shift-NEXT::new(@_); $self-schema-default_resultset_attributes( { ... } ); return $self; } --Tobias ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] LDAP
Hi, I've been playing around with the LDAP stuff in Catalyst, we have a need to share user data externally for authentication reasons and currently believe LDAP is a good solution for this. To this end I've got C:P:Auth:Store:LDAP correctly authenticating users against a LDAP database. I've also got C:Model:LDAP pulling users out of the DB so that we can display names next to user-submitted content. Now to get to this stage I've got two lots of configuration, and effectively two chunks of code doing very similar jobs. I now need to add a custom method, and can't see anyway outside of doing it twice. Next up I want to link my DBIC schema to the LDAP stuff so I can automatically inflate users, however on this project we have some chunks of code that work outside Catalyst using the same schema, so I can't link them to the Catalyst Model. Ideally what I need here is some kind of generic ORM layer, an a thinner Catalyst Model which uses it. So anybody else got any experiences to share here? Is there some easy way to achieve what I want that I've missed? Anybody got code to share? Thanks Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
LDAP Injection [Catalyst]
Oh another LDAP subject that I meant to mention - LDAP Injection. It's something that's been mentioned regarding our use of LDAP. For example C:P:Auth:Store:LDAP suggests using a filter like: ((objectClass=posixAccount)(uid=%s)) Then does: $filter =~ s/\%s/$replace/g; Which on a casual glance would seem to be a possibility for a LDAP-injection attack. The problems due to SQL Injection are well known and nobody would write similar code to interact with a DB. However there seems to be little in CPAN that acknowledges the risks of LDAP Injection. I suspect that Net::LDAP doesn't help here, there is a reference to making use of Net::LDAP::Filter to specify queries that will be properly escaped - however there isn't an example in the POD (hell I glanced at the source and couldn't be entirely sure). So again is this an area that anybody has considered and has some experience to share? Thanks again, Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] Road Map doc complete
I'm trying to log in to the MojoMojo Wiki to remove the bullet points, but something seems to be up with it. I'm authenticating, I get no errors, it returns me to the main page, and it still shows the 'login' link. Same here. Regards, Peter ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] warning
Carl Franks [EMAIL PROTECTED] wrote on 01/24/2008 01:44:33 AM: On 24/01/2008, Octavian Rasnita [EMAIL PROTECTED] wrote: I hope I will be able to test why Firefox isn't working. Our client told that it used to work last year and now it is not working. The only change I've made was to remove the domain specification from the cookie, for making it work with more domain names. Now I put it to set the cookie_domain in Root.pm and he says that the login is working again so I assumed that the domain is important for Firefox. I recommend that if you can't replicate the client's problem, go to the client's site (or vnc in), view the problem yourself, and diagnose it from there. It won't be the first time a user's forgotten how to log-in to a system over the holidays - and then happened to get it right after support had made an inconsequential change! Also check for a brain dead proxy server (or transparent proxy server) on the client side that be eating your cookies. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Road Map doc complete
On Jan 24, 2008 7:34 AM, Peter Edwards [EMAIL PROTECTED] wrote: I'm trying to log in to the MojoMojo Wiki to remove the bullet points, but something seems to be up with it. I'm authenticating, I get no errors, it returns me to the main page, and it still shows the 'login' link. Same here. Regards, Peter Sorry guys, we upgraded to the new auth and it worked in initial testing and then in live it broke and I didn't follow through with my testing. jayk++ for upgrading the auth jshirley-- for failing to test thoroughly. Fixed now though, happy wikiing. -J -- J. Shirley :: [EMAIL PROTECTED] :: Killing two stones with one bird... http://www.toeat.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Road Map doc complete
The Road Map, IMHO, is supposed to be a higher level view of what direction Catalyst development is taking. I manually created it from the existing Road Map on Trac and the tickets on Trac. Maybe you should open a Trac ticket? On Jan 24, 2008 10:00 AM, Zbigniew Lukasiak [EMAIL PROTECTED] wrote: I vaguely remember plans for a $c-req-list_param('users') and $c-req-single_param( 'username' ) so that the security problem of snippets like: my $user = $rs-create({ is_admin = 0, username = $c-req-param('username'), }); would be more clear. I think this should go somewhere on the wiki, if not on the Road Map directly then perhaps to a linked page. What do you think? I would add it myself - but I am not sure which version it was planned for and what the exact names were. Cheers, Zbigniew ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Road Map doc complete
Fix confirmed. I'm logged in now. Thanks for getting it fixed so quickly! N Fixed now though, happy wikiing. -J ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Accessing $schema in Model glue class (solved?)
Quoting Tobias Kremer [EMAIL PROTECTED]: Realizing that MyApp::Model::Schema is already just a subclass of C::M::DBIC::Schema (doh!) I came up with the following solution that just overrides new(): Hmmm ... Could somebody take a look at the following version I came up with and tell me if using Urbia2-cache (from Catalyst::Plugin::Cache::Memcached) in this context is okay: # in MyApp::Model::Schema (which ISA Catalyst::Model::DBIC::Schema) sub new { my $self = shift-NEXT::new(@_); $self-schema-default_resultset_attributes( { cache_object = Urbia2-cache } ); return $self; } Thanks a lot and sorry for braindumping to the list :) --Tobias ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Potential MojoMojo bug
In reviewing the road map I created on the MojoMojo (henceforth MM) wiki, I noticed that things in the changelogs are being identified by MM as pages to be created. For example: FastCGI is changed to Fast CGI and is notated as a page that doesn't exist (click here to create). DispatchType::Chained is changed to Dispatch Type::Chained and Dispatch Type is notated as a page that doesn't exist (click here to create). Is this the CamelCode bug I saw being discussed earlier? ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] installing Catalyst::Plugin::Authentication::Store::LDAP
On 01/24/2008 07:07 AM, rahed wrote: Hi, I tried to install Catalyst::Plugin::Authentication::Store::LDAP but it fails during t/01-pre_realms_api.t test. The message is: IO::Socket::INET: connect: timeout at t\01-pre_realms_api.t line 23. Both on Solaris10 and windows. Do I miss something? I noticed it fails also with CPAN Testers. you did not miss anything. There are tests for this timeout issue in svn already but I am waiting on some other issues before making a new release of ::Store::LDAP. The tests try and access openldap.org and timeout if they can't reach it. So you can safely ignore those test failures for now. -- Peter Karman . [EMAIL PROTECTED] . http://peknet.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Potential MojoMojo bug
Is this the CamelCode bug I saw being discussed earlier? The 'parsing code fragments in pre for WikiLinks' issue? Yes. I believe marcus has a fix. -- Mike Whitaker| Yahoo! UK Ltd - internal CMS team [EMAIL PROTECTED] | Perl developer, writer, guitarist, photographer Y!: tuxservers | Blog: http://perlent.blogspot.com/ IRC: Penfold | CatSwag: http://www.cafepress.com/catalystdev ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: LDAP Injection [Catalyst]
quote who=Carl Johnstone Oh another LDAP subject that I meant to mention - LDAP Injection. It's something that's been mentioned regarding our use of LDAP. For example C:P:Auth:Store:LDAP suggests using a filter like: ((objectClass=posixAccount)(uid=%s)) Then does: $filter =~ s/\%s/$replace/g; Which on a casual glance would seem to be a possibility for a LDAP-injection attack. It doesn't matter, it will get rejected as a bad filter: [EMAIL PROTECTED] ~]$ ldapsearch -x ((objectClass=posixAccount)(uid==234%20%/ad)$1\\)) # extended LDIF # # LDAPv3 # base dc=suretecsystems, dc=com (default) with scope subtree # filter: ((objectClass=posixAccount)(uid==234%)\)) # requesting: ALL # ldapsearch: ldap_search_ext: Bad search filter (-7) The problems due to SQL Injection are well known and nobody would write similar code to interact with a DB. However there seems to be little in CPAN that acknowledges the risks of LDAP Injection. I suspect that Net::LDAP doesn't help here, there is a reference to making use of Net::LDAP::Filter to specify queries that will be properly escaped - however there isn't an example in the POD (hell I glanced at the source and couldn't be entirely sure). So again is this an area that anybody has considered and has some experience to share? Thanks again, Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] installing Catalyst::Plugin::Authentication::Store::LDAP
On 01/24/2008 03:45 PM, Andrew Peebles wrote: Peter Karman wrote: On 01/24/2008 02:49 PM, Andrew Peebles wrote: perl -MCPAN -e 'install Catalyst::Authentication::Store::LDAP' CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Wed, 23 Jan 2008 23:30:57 GMT Warning: Cannot install Catalyst::Authentication::Store::LDAP, don't know what it is. you forgot the ::Plugin part My original email stated the error message coming from Catalyst, I just cut-n-pasted it: [warn] Store class Catalyst::Authentication::Store::LDAP not found, trying deprecated ::Plugin:: style naming. Then I tried to install the package listed in the warning ... ??? what does your config and 'use Catalyst qw( ... )' look like? The default Authentication plugin will try and load the Store and Credential plugins from the config, IIRC. -- Peter Karman . [EMAIL PROTECTED] . http://peknet.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] installing Catalyst::Plugin::Authentication::Store::LDAP
On 01/24/2008 03:22 PM, Jonathan Rockway wrote: Peter Karman [EMAIL PROTECTED] writes: On 01/24/2008 02:49 PM, Andrew Peebles wrote: perl -MCPAN -e 'install Catalyst::Authentication::Store::LDAP' CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Wed, 23 Jan 2008 23:30:57 GMT Warning: Cannot install Catalyst::Authentication::Store::LDAP, don't know what it is. you forgot the ::Plugin part Isn't that deprecated? not when trying to install from CPAN, AFAIK. The name of the package is Catalyst::Plugin::Authentication::Store::LDAP. That's why CPAN claims not to know about Catalyst::Authentication::Store::LDAP. The deprecated ::Plugin part comes into play when the base C::P::Authentication plugin tries to load Store and Credential classes. But hey. I'm just a lowly maintainer. I could be way off on all this. :) -- Peter Karman . [EMAIL PROTECTED] . http://peknet.com/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] installing Catalyst::Plugin::Authentication::Store::LDAP
Peter Karman wrote: On 01/24/2008 03:45 PM, Andrew Peebles wrote: Peter Karman wrote: On 01/24/2008 02:49 PM, Andrew Peebles wrote: perl -MCPAN -e 'install Catalyst::Authentication::Store::LDAP' CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Wed, 23 Jan 2008 23:30:57 GMT Warning: Cannot install Catalyst::Authentication::Store::LDAP, don't know what it is. you forgot the ::Plugin part My original email stated the error message coming from Catalyst, I just cut-n-pasted it: [warn] Store class "Catalyst::Authentication::Store::LDAP" not found, trying deprecated ::Plugin:: style naming. Then I tried to install the package listed in the warning ... ??? what does your config and 'use Catalyst qw( ... )' look like? The default Authentication plugin will try and load the Store and Credential plugins from the config, IIRC. use Catalyst qw/ -Debug ConfigLoader Static::Simple StackTrace Authentication Authentication::Store::LDAP Authentication::Credential::Password Authorization::Roles Authorization::ACL Session Session::Store::FastMmap Session::State::Cookie /; Config in the yml file, pretty much cut-n-paste from the new doc ... class: Password for credentials and class: LDAP for store a ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] installing Catalyst::Plugin::Authentication::Store::LDAP
Peter Karman [EMAIL PROTECTED] writes: On 01/24/2008 03:22 PM, Jonathan Rockway wrote: Peter Karman [EMAIL PROTECTED] writes: On 01/24/2008 02:49 PM, Andrew Peebles wrote: perl -MCPAN -e 'install Catalyst::Authentication::Store::LDAP' CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Wed, 23 Jan 2008 23:30:57 GMT Warning: Cannot install Catalyst::Authentication::Store::LDAP, don't know what it is. you forgot the ::Plugin part Isn't that deprecated? not when trying to install from CPAN, AFAIK. The name of the package is Catalyst::Plugin::Authentication::Store::LDAP. That's why CPAN claims not to know about Catalyst::Authentication::Store::LDAP. The deprecated ::Plugin part comes into play when the base C::P::Authentication plugin tries to load Store and Credential classes. If I'm reading this correctly, this isn't correct. PAUSE builds an index of all modules in a distribution, and you can trigger the distribution to install by naming any module in the dist on the command line. For example, I can say cpan -i Angerwhale::Controller::Root to install the distribution called Angerwhale. That's because the PAUSE index says that Angerwhale::Controller::Root is in the dist called Angerwhale. (If there weren't an Angerwhale.pm with a package Angerwhale; line in that dist, then cpan Angerwhale wouldn't work. Everything is based on the module names; you can call your distribution pink_hello_kitteh_12345435.tar.Z if you feel like it.) Just FYI. Regards, Jonathan Rockway ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] installing Catalyst::Plugin::Authentication::Store::LDAP
Hi all, I can shed some light here. As of Catalyst::Plugin::Authentication version 0.10003 - the default naming for stores and credentials is Catalyst::Authentication::Store::XYZ and Catalyst::Authentication::Credential::XYZ The Store and Credential modules that have been updated to work with realms are not loaded as Catalyst Plugins, and the fact that the namespace indicated plugin was confusing people. As of 0.10003 - the default action is to look for modules using the correct namespace, and if not found, fall back to the old namespace. That is all the debug message is saying, that it fell back to the old-style of naming. It's not an error and will not break anything. The debug message is there in case you are intending to load a Catalyst::Authentication::XYZ module and your app is not finding it... which could cause problems if an older module is being found and loaded instead. If the debug message really bothers you, you can specify the full module name (prefixed with +) instead of just 'Password' or 'Store::LDAP'. Hope that clears things up, Jay On Jan 24, 2008, at 1:49 PM, Andrew Peebles wrote: rahed wrote: On 1/24/08, Peter Karman [EMAIL PROTECTED] wrote: you did not miss anything. There are tests for this timeout issue in svn already but I am waiting on some other issues before making a new release of ::Store::LDAP. The tests try and access openldap.org and timeout if they can't reach it. So you can safely ignore those test failures for now. Thank you, I will gladly be ignorant. What's this about? [warn] Store class Catalyst::Authentication::Store::LDAP not found, trying deprecated ::Plugin:: style naming. This is a clean install of Cat (yesterday) ... perl -MCPAN -e 'install Catalyst::Authentication::Store::LDAP' CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Wed, 23 Jan 2008 23:30:57 GMT Warning: Cannot install Catalyst::Authentication::Store::LDAP, don't know what it is. Try the command ?? ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ --- America will never be destroyed from the outside. If we falter and lose our freedoms, it will be because we destroyed ourselves. -- Abraham Lincoln ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] TTSite help
Hello! I'm writing my first Catalyst application using TTSite and I'm running into this error: [debug] Rendering template students/list.tt2 [error] Couldn't render template file error - students/list.tt2: not found If anyone has run into a problem like this please help :) Thank you! Jennifer ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] TTSite help
On Jan 24, 2008 3:09 PM, Jennifer Ahn [EMAIL PROTECTED] wrote: Hello! I'm writing my first Catalyst application using TTSite and I'm running into this error: [debug] Rendering template students/list.tt2 [error] Couldn't render template file error - students/list.tt2: not found If anyone has run into a problem like this please help :) Thank you! Jennifer Where did you write out your students/list.tt2 file? TTSite puts all of its templates under root/src rather than just root/ So, you'll need to have root/src/students/list.tt2 in there. -J -- J. Shirley :: [EMAIL PROTECTED] :: Killing two stones with one bird... http://www.toeat.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] TTSite help
list.tt2 is under /root/src/students J. Shirley wrote: On Jan 24, 2008 3:09 PM, Jennifer Ahn [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hello! I'm writing my first Catalyst application using TTSite and I'm running into this error: [debug] Rendering template students/list.tt2 [error] Couldn't render template file error - students/list.tt2: not found If anyone has run into a problem like this please help :) Thank you! Jennifer Where did you write out your students/list.tt2 file? TTSite puts all of its templates under root/src rather than just root/ So, you'll need to have root/src/students/list.tt2 in there. -J -- J. Shirley :: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] :: Killing two stones with one bird... http://www.toeat.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] TTSite help
On Thu Jan 24 15:41 , Jennifer Ahn <[EMAIL PROTECTED]> sent: list.tt2 is under /root/src/students J. Shirley wrote: On Jan 24, 2008 3:09 PM, Jennifer Ahn [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello! I'm writing my first Catalyst application using TTSite and I'm running into this error: [debug] Rendering template "students/list.tt2" [error] Couldn't render template "file error - students/list.tt2: not found" If anyone has run into a problem like this please help :) Thank you! Jennifer Where did you write out your students/list.tt2 file? TTSite puts all of its templates under root/src rather than just root/ So, you'll need to have root/src/students/list.tt2 in there. -J -- J. Shirley :: [EMAIL PROTECTED] [EMAIL PROTECTED] :: Killing two stones with one bird... http://www.toeat.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ Do you mean '/root/' at the top level of the filesystem? The templates are found under the directory named 'root' in the Catalyst app directory. I'm just making sure this is clear, because there is a /root/ at the top fs level, and I can understand that as one possible source of confusion. Mike ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] TTSite help
the template file is here: MyApp/root/src/students/list.tt2 this is what i had in my original Students controller class that got me to that error: $c-stash-{template} = 'students/list.tt2' When i changed the path to include 'src': $c-stash-{template} = 'src/students/list.tt2' it worked!! this is weird because i configured my TT.pm to include the path to my 'src' directory: __PACKAGE__-config({ CATALYST_VAR = 'Catalyst', INCLUDE_PATH = [ AdminApp-path_to( 'root', 'src' ), AdminApp-path_to( 'root', 'lib' ) ], ... any ideas as to why it's not looking under 'src'? thanks, jennifer [EMAIL PROTECTED] wrote: On Thu Jan 24 15:41 , Jennifer Ahn sent: list.tt2 is under /root/src/students J. Shirley wrote: On Jan 24, 2008 3:09 PM, Jennifer Ahn [EMAIL PROTECTED] javascript:top.opencompose('[EMAIL PROTECTED]','','','') [EMAIL PROTECTED] javascript:top.opencompose('[EMAIL PROTECTED]','','','') wrote: Hello! I'm writing my first Catalyst application using TTSite and I'm running into this error: [debug] Rendering template students/list.tt2 [error] Couldn't render template file error - students/list.tt2: not found If anyone has run into a problem like this please help :) Thank you! Jennifer Where did you write out your students/list.tt2 file? TTSite puts all of its templates under root/src rather than just root/ So, you'll need to have root/src/students/list.tt2 in there. -J -- J. Shirley :: [EMAIL PROTECTED] javascript:top.opencompose('[EMAIL PROTECTED]','','','') [EMAIL PROTECTED] javascript:top.opencompose('[EMAIL PROTECTED]','','','') :: Killing two stones with one bird... http://www.toeat.com parse.pl?redirect=http%3A%2F%2Fwww.toeat.com ___ List: Catalyst@lists.scsys.co.uk javascript:top.opencompose('Catalyst@lists.scsys.co.uk','','','') Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst parse.pl?redirect=http%3A%2F%2Flists.scsys.co.uk%2Fcgi-bin%2Fmailman%2Flistinfo%2Fcatalyst Searchable archive: http://www.mail-archive.com/ parse.pl?redirect=http%3A%2F%2Fwww.mail-archive.com%2Fcatalyst%40lists.scsys.co.uk%2Fcatalyst@lists.scsys.co.uk javascript:top.opencompose('catalyst@lists.scsys.co.uk','','','')/ Dev site: http://dev.catalyst.perl.org/ parse.pl?redirect=http%3A%2F%2Fdev.catalyst.perl.org%2F ___ List: Catalyst@lists.scsys.co.uk javascript:top.opencompose('Catalyst@lists.scsys.co.uk','','','') Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst parse.pl?redirect=http%3A%2F%2Flists.scsys.co.uk%2Fcgi-bin%2Fmailman%2Flistinfo%2Fcatalyst Searchable archive: http://www.mail-archive.com/ parse.pl?redirect=http%3A%2F%2Fwww.mail-archive.com%2Fcatalyst%40lists.scsys.co.uk%2Fcatalyst@lists.scsys.co.uk javascript:top.opencompose('catalyst@lists.scsys.co.uk','','','')/ Dev site: http://dev.catalyst.perl.org/ parse.pl?redirect=http%3A%2F%2Fdev.catalyst.perl.org%2F Do you mean '/root/' at the top level of the filesystem? The templates are found under the directory named 'root' in the Catalyst app directory. I'm just making sure this is clear, because there is a /root/ at the top fs level, and I can understand that as one possible source of confusion. Mike ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Automated testing of Captcha?
On Thu, Jan 24, 2008 at 12:07:15PM +0100, Michele Beltrame wrote: Hi! He wanted to get $c-captcha_string from *outside* of the Catalyst app. You don't have $c there. Also, he never said he was using Catalyst::Plugin::Captcha. Well, if he's completely outside the App, then this is likely not possible at all (if the CAPTCHA is well crafted). Isn't no-access-to-non-humans the whole point of the CAPTHA? Outside the app class != outside the process. In the case of Catalyst::Test you're normally in-process, which is why John's solution works fine. If you're outside, then either forcing the captcha to a particular string or disabling it entirely are probably your only options - but that wasn't the case here if you read carefully :) -- Matt S Trout Need help with your Catalyst or DBIx::Class project? Technical Directorhttp://www.shadowcat.co.uk/catalyst/ Shadowcat Systems Ltd. Want a managed development or deployment platform? http://chainsawblues.vox.com/http://www.shadowcat.co.uk/servers/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Accessing $schema in Model glue class (solved?)
On Thu, Jan 24, 2008 at 05:31:59PM +0100, Tobias Kremer wrote: Quoting Tobias Kremer [EMAIL PROTECTED]: Realizing that MyApp::Model::Schema is already just a subclass of C::M::DBIC::Schema (doh!) I came up with the following solution that just overrides new(): Hmmm ... Could somebody take a look at the following version I came up with and tell me if using Urbia2-cache (from Catalyst::Plugin::Cache::Memcached) in this context is okay: # in MyApp::Model::Schema (which ISA Catalyst::Model::DBIC::Schema) sub new { my $self = shift-NEXT::new(@_); my ($app, $config) = @_; $self-schema-default_resultset_attributes( { cache_object = $app-cache } ); return $self; } Above is going to be more easily reusable. The Takkle setup (for which Cursor::Cached was originally written, thanks to them for sponsoring my work on it) also checks a $app-config key to decide whether to use the app cache so we can keep sessions in memcache but use Cache::Null for the DBIC stuff during testing. -- Matt S Trout Need help with your Catalyst or DBIx::Class project? Technical Directorhttp://www.shadowcat.co.uk/catalyst/ Shadowcat Systems Ltd. Want a managed development or deployment platform? http://chainsawblues.vox.com/http://www.shadowcat.co.uk/servers/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/