Re: [Catalyst] Trusting $c->req->uri after login
Nevermind, I'd already done thought about this. Please ignore: if ( !$c->user_exists ) { $c->log->debug('***User not found, forwarding to /login') if $c->debug(); # $c->uri_for will return the URL for the current action namespace, # so, if you request /customers/faxes, we'll get /customers/faxes # that way we don't trust $c->req->uri, even though looking at the code # Catalyst it's OK $c->log->debug( 'Saving previous URI: ' . $c->uri_for() ) if $c->debug(); $c->flash->{redirect_after_login} = $c->uri_for(); $c->response->redirect( $c->uri_for('/login') ); $c->detach(); } ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Trusting $c->req->uri after login
Hi all, Can I trust this to use use to redirect a user after login (session expired etc) or should I validate it against $c->uri_for() Thanks. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] New design
nice! On 23/07/2013, Mark Keating wrote: > The nice chaps at Evozon have recently been making design mocks for a > bunch of Perl sites and they have come up with a fresh look for > Catalyst. Take a look and let me know what you guys think. > > http://www.mdk.me.uk/community/mocks/Catalyst.jpg > > Kind regards > > Mark > > -- > Mark Keating BA (Hons), Writer, Photographer, Cat-Herder. > Managing Director: http://www.shadow.cat > For more that I do visit: http://www.mdk.me > > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Using Progressive realms when username and password fields are all different
> Does something like this fix the problem? > > --- Password.pm 2012-06-29 11:23:51.0 +0100 > +++ Password-new.pm 2012-06-29 11:33:40.0 +0100 > @@ -34,6 +34,14 @@ > sub authenticate { > my ( $self, $c, $realm, $authinfo ) = @_; > > + my $password_field = $self->_config->{'password_field'}; > + if ($password_field ne 'password' > + and defined $authinfo->{password}) { > + $authinfo = {%{$authinfo}}; > + $authinfo->{$password_field} = $authinfo->{password}; > + delete $authinfo->{password}; > + } > + > ## because passwords may be in a hashed format, we have to make > sure that we remove the > ## password_field before we pass it to the user routine, as some > auth modules use > ## all data passed to them to find a matching user... I've raised: https://rt.cpan.org/Ticket/Display.html?id=78115 The main problem is that and the fact that username_field is missing. I'd like to do ->authenticate( { username => $blah, password => $blah2 }) if username_field and/or password_field is in the config, map those to above values, if not just use the default. Otherwise there's no way you can use a Progressive realm with non-consistent user/pass field names in your DB. I could add a viewbut it's not my DB. Silly or sane? -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Using Progressive realms when username and password fields are all different
On 28 June 2012 23:08, Tim Anderson wrote: > That keys in the hash reference you are passing to the authenticate function > should match the keys in your CcAgent model, plus the password field you > defined in your config... something like this: > > # Attempt to log the user in > > if ( > $c->authenticate( > { > login => $username, > passwd => $password > }, > 'progressive_oauth' > ) > ) > { > Thanks Tim. Yes, I know that but then the other two realms will fail and that's the point of progressive. I want to call one ->authenticate which tries all the realms I've defined in progressive_oauth. Gavin. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Using Progressive realms when username and password fields are all different
On 28 June 2012 21:50, Tim Anderson wrote: > Gavin, > > Assuming you are using the Authentication plugin, you can define multiple > realm objects, each of which allows you to specify the columns to be used > for username and password. The documentation is pretty good on this one, > and it's working well for me. > > http://search.cpan.org/~bobtfish/Catalyst-Plugin-Authentication-0.10020/lib/Catalyst/Plugin/Authentication.pm#CONFIGURATION > > Does that help? Hi Tim, That's what I already have. I have 3 realms defined and then a Progressive realm listing them: class Progressive realms customers_oauth realms partners_oauth realms admins_oauth type customer type partner type admin class Password password_type clear username_field useralias password_field uipass class DBIx::Class user_model A2BillingDB::CcCard class Password password_type clear username_field login password_field passwd class DBIx::Class user_model A2BillingDB::CcAgent class Password password_type hashed password_hash_type Whirlpool username_field login password_field pwd_encoded class DBIx::Class user_model A2BillingDB::CcUiAuthen So I do: # Get the username and password from form my $username = $c->request->params->{username}; my $password = $c->request->params->{password}; my $signin = $c->request->params->{signin}; if ($signin) { # If the username and password values were found in form if ( $username && $password ) { # Attempt to log the user in if ( $c->authenticate( { username => $username, password => $password }, 'progressive_oauth' ) ) { I would expect me passing in username and password like above to then map that to the config that defines username_field and password_field but instead I get: Thu Jun 28 22:50:22 2012] [error] Failed to load user data. You passed [password,realm,type,username] to authenticate() but your user source (A2BillingDB::CcAgent) only has these columns: [id,datecreation,active,login,passwd,location,language,id_tariffgroup,options,credit,currency,locale,commission,vat,banner,perms,lastname,firstname,address,city,state,country,zipcode,phone,email,fax,company,com_balance,threshold_remittance,bank_info] Check your authenticate() call. Thanks. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Using Progressive realms when username and password fields are all different
Hi all, I have three realms; customers, resellers and admins. Each auth table in these realms is not consistent and uses different username_filed and password_field names. I can't change this. Now the normal way is to do: if ( $c->authenticate( { username => $username, password => $password }, 'progressive_test' ) ) { This fails as no realms have username and password as the actual column names. I wanted DWIM here so when I pass in username the auth framework actually uses what I've set in my config using username_field and password_field like so: class Password password_type clear username_field useralias password_field uipass class DBIx::Class user_model CustomerDB::Account Ideas? -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk/api ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst OAuth2 framework released
Hi all, Just posted this: http://www.surevoip.co.uk/blog/2012/05/28/surevoip-api-major-components-open-sourced/ The code is on the blog and will be put out to the CPAN later today. We sponsored it, but it was written by the ShadowCat Systems guys. Thanks! -- http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Re: I want to sponsor some Open Source awesomeness (mst words :-) )
Thanks all. I have someone now! -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] I want to sponsor some Open Source awesomeness (mst words :-) )
Hi all, I want to sponsor some libs/modules in Net::SureVoIP::API for the CPAN and GitHub, but don't want to write it myself for obvious testing reasons. These are the docs (written by me): http://www.surevoip.co.uk/support/wiki/api_documentation Support resources are: http://www.surevoip.co.uk/support/wiki/api_documentation#support It's all written in Catalyst by me to date. t0m is getting sponsored for tons of log::stash::* things for a event notification framework which also allows use of zeromq to power WebHooks as they are now getting called. SC/mst etc. are doing an OAuth2 consumer and provider for Catalyst and CPAN too. Currently offering a new iPad but happy to provide something else or cash. Thanks, Gavin. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Controller: find_meta not found
> With a very simple catalyst app this happens: > > Array found where operator expected at > /opt/perl/5.10/lib/site_perl/5.10.1/Catalyst/Controller.pm line 215, at end > of line > (Missing operator before ?) > Undefined subroutine &Catalyst::Controller::find_meta called at > /opt/perl/5.10/lib/site_perl/5.10.1/Catalyst/Controller.pm line 199. > Compilation failed in require at > /opt/perl/5.10/lib/site_perl/5.10.1/Module/Runtime.pm line 317. > at /opt/perl/5.10/lib/site_perl/5.10.1/Catalyst/Script/Server.pm line 239 > > > If I comment out the 'use namespace::clean' at the top of Catalyst::Controller > everything is fine (or seems fine). > > If I downgrade Class::Load, Module::Runtime, Module::Implementation, and > MooseX::MethodAttributes everything is fine with the app w/o changes to > Catalyst code. > I'm getting this as well on perlbrew 5.10.1 and it's just started happening. I'm trying to trace back to how/when: [ghenry@dax-xen SureVoIP-API]$ CATALYST_DEBUG=1 DBIC_TRACE=1 script/surevoip_api_server.pl Array found where operator expected at /home/ghenry/perl5/lib/perl5/Catalyst/Controller.pm line 215, at end of line (Missing operator before ?) String found where operator expected at /home/ghenry/surevoip/surevoip-api-git/SureVoIP-API/script/../lib/SureVoIP/API/Controller/SMS.pm line 19, near "has 'sms_form'" (Do you need to predeclare has?) syntax error at /home/ghenry/surevoip/surevoip-api-git/SureVoIP-API/script/../lib/SureVoIP/API/Controller/SMS.pm line 19, near "has 'sms_form'" BEGIN not safe after errors--compilation aborted at /home/ghenry/surevoip/surevoip-api-git/SureVoIP-API/script/../lib/SureVoIP/API/Controller/SMS.pm line 44. Compilation failed in require at /home/ghenry/perl5/lib/perl5/Catalyst/Utils.pm line 287. Compilation failed in require at /home/ghenry/perl5/lib/perl5/Module/Runtime.pm line 317. at /home/ghenry/perl5/lib/perl5/Catalyst/Script/Server.pm line 239 I'm on the latest Cat and MooseX::MethodAttributes, but will check for downgrades like you did. If I do: perlbrew switch perl-5.14.2 I get: [ghenry@dax-xen SureVoIP-API]$ CATALYST_DEBUG=1 DBIC_TRACE=1 script/surevoip_api_server.pl Segmentation fault If I do: [ghenry@dax-xen SureVoIP-API]$ perl -Ilib -c lib/SureVoIP/API/Controller/SMS.pm lib/SureVoIP/API/Controller/SMS.pm syntax OK I can at least run perltidy and do a syntax check. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst::Action::REST, HATEOAS and gathering OPTIONS for a site map
Hi all, As part of the HATEOAS (Hypermedia as The Engine Of Application State) restful requirement, I wondered if it was a good idea to add a ->sitemap type option which does the same as _return_options which sets the "Allow" header but returns a data structure of all the links and methods available for each class? I planned to use similar for returning a site map at say '/' in order to provide as much in-band client information as possible. Thoughts? Thanks, Gavin. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] OAuth 2.0 for a RESTful API?
Hi all, Has anyone done this yet or wish to work together on a plugin? Cheers. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst As OAuth Service Provider
Is anyone any further with this? I'm looking at OAuth 2.0 for our RESTful API. Gavin. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Re: DBIC_TRACE=1 and Progressive Realms not moving on with HTTP basic auth
Turns out this won't work due to the fact that ->detach is called in Credential::HTTP On 12 October 2011 00:15, Gavin Henry wrote: > Hi all, > > I'm opening up an existing DB that has various types of users and am using: > > default_realm progressive > > > class Progressive > realms admins > realms resellers > realms customers > > > with basic HTTP auth. > > I can see the dbic traces but they only ever try the admins realm. If > each of the above realms are dbic stores, should I expect to see 3 > different selects? > > Thanks. > > -- > http://www.suretecsystems.com/services/openldap/ > http://www.surevoip.co.uk > -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] DBIC_TRACE=1 and Progressive Realms not moving on with HTTP basic auth
Hi all, I'm opening up an existing DB that has various types of users and am using: default_realm progressive class Progressive realms admins realms resellers realms customers with basic HTTP auth. I can see the dbic traces but they only ever try the admins realm. If each of the above realms are dbic stores, should I expect to see 3 different selects? Thanks. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] RESTful example apps?
Hi, I was wondering if any one has any example code implement a REST API in Catalyst? Thanks. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Empty pdf file/ using Catalyst::View::PDF::Reuse
Hi, I've used PDF::Reuse a lot, not with Cat though. The template should be a PDF file and then you can write over it and output a new one. So without checking the pod for this view is your template right? Try it outside Cat first or using a test you've written. Thanks, Gavin. On 06/03/2010, Lupin Deterd wrote: > Hi, > I'm using View::PDF::Reuse to create/generate pdf, and though it > successfully create one but it's empty, following is code/template. > > -- code -- > { >$c->stash->{list} = ['one', 'two', 'three', 'four']; >$c->stash->{pdf_disposition} = 'attachment'; >$c->stash->{pdf_filename}= 'receipt.pdf'; >$c->stash->{pdf_template}= 'order/receipt.tt2'; >$c->detach( $c->view('PDF::Reuse') ); > >} > > -- template/receipt.tt2 -- > > [% pdf.prFont('Helvetica-Bold') %] > [% pdf.prFontSize(50) %] > > > [% y = 500 %] > [% FOREACH item IN list %] > [% pdf.prText(100,y,item) %] > [% y = y - 13 %] > [% END %] > > > Thanks in advance for any hints. > > lupin > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Signup/Wizards recommendations
On 8 March 2010 18:43, Kiffin Gish wrote: > I've got a simple registration based on mojomojo which works just fine. > Have a look there for more details. Will do, thanks. -- http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Signup/Wizards recommendations
Hi all, I was wondering what you'd recommend for a 2-3 page registration/signup process. I use dbic and formhandler and trying to decide on whether I should do this all on one page like the Google/ebay signup or to the "Next page" option. I've been following http://www.catalyzed.org/2010/03/an-introduction-to-formhandler.html and what to do things the same way. But, If I go for the later do you store partial progress signups in a table or keep all the vars in hidden fields etc.? I've got, user/company contact details, password etc. and then the product and some other details, so may be a 3 page sign up or one long page with dojo parts. Would chained be good for this: signup/step1/start etc. Most of my work has always been single page with Dojo parts, so not sure what others do or recommend. Any advice much appreciated. Thanks, Gavin. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Handel shopping cart?
> I guess that almost no one is, take a look on archive starting at this thread: > > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/msg08339.html Thanks, Will do! -- http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Handel shopping cart?
Hi, We're looking at using this for ourselves and wondered who else has? Thanks. -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] New Apress book shipping now from Amazon.com
Got mine yesterday finally from Amazon. Ordered it ages ago. Can't wait to get into it! Cheers. -- http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] New Apress book on Safari Books Online
Amazon uk keep delaying my order. It's definitely out right? Thanks. On 21/07/2009, Kieren Diment wrote: > > On 22/07/2009, at 7:49 AM, Meeko wrote: > >> Does anyone know if/whether the new Apress book "The Definitive >> Guide to >> Catalyst" will appear on O'Reilly Safari Books Online? I have a >> Safari >> subscription, and prefer reading my tech books there. I would >> really like >> to read the new book, and I keep checking every few days to see if >> it has >> appeared but so far it hasn't. >> I was just wondering if anyone knows how long it usually takes books >> to >> appear there, and if or when the new Catalyst book will appear. I >> see lots >> of Apress books on Safari, so I know their books do appear, so I'm >> hoping >> the new Catalyst books makes it soon. >> > > > I asked the boss, and will get back to you when he replies! > > > > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] PDF creation in Catalyst?
Yeah, have to agrre with that. We use PDF::Reuse a lot with Catalyst. Gavin. On 10/23/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >>And in case you want PNG or PDF output, you'll need just a few >> lines... > > Funnily enough, JJ was mentioning at Birmingham.pm last night that he > generates PDF docs from a Catalyst View using PDF::Reuse to merge > field data to PDF templates. You can generate the templates from Word > then saving with PDFMaker. > Check out PDF::Reuse::Tutorial for details > http://search.cpan.org/perldoc?PDF::Reuse::Tutorial > > Regards, > Peter > http://perl.dragonstaff.co.uk > > > > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst in Linux Magazine
Hi, Nice tutorial and article on Catalyst in the current issue: http://www.linux-magazine.com/resources/current_issue (not available online unfortunately). Gavin. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Password policy support for Catalyst::Authentication::Store::LDAP
> New-style auth uses authenticate(). > > I -think- it should be possible for any true value to be passed back out, > so instead of 'return 1' you could return an object that describes the > current status of the account? > Sounds good to me. -- http://www.suretecsystems.com/services/openldap/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Password policy support for Catalyst::Authentication::Store::LDAP
2008/6/20 Buchan Milne <[EMAIL PROTECTED]>: > In our internal management web app (which has only been feasible due to > Catalyst), we authenticate against our OpenLDAP (2.3) infrastructure. > > Due to various security requirements (SAOX etc.), we are required to have > password expiration etc. So, we implemented password policies a while back > using OpenLDAP's slapo-ppolicy overlay > (http://www.openldap.org/software/man.cgi?query=slapo-ppolicy&sektion=5&apropos=0&manpath=OpenLDAP+2.3-Release) > > Net::LDAP recently added support for the Password Policy control, so at least > this is now feasible (without hacking Net::LDAP, which is where I got stuck > on the previous attempt). > > I think I may be able to provide a patch for Authentication::Store::LDAP, > however, the first problem is that Catalyst::Authentication (like many other > authentication frameworks) assumes the result of an authentication will > always only be a boolean, and thus doesn't make provision for situations such > as: > -The account is locked out (the password may have been correct, but the user > can't authenticate) > -The password was reset and needs to be changed (so, authenticate them but > allow for a means to send them to a password changing facility) > -The password will expire soon > etc. > > I wouldn't like to try and propose a solution for Catalyst::Authentication > (yet), but I can try and provide input on any proposed solution. > Can't you still return a true/false and then provide/use an error method which will then contain the reason for failure, which include the response from ppolicy? -- http://www.suretecsystems.com/services/openldap/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst and PayPal
> Zbigniew Lukasiak wrote: >> On Mon, Apr 21, 2008 at 1:43 PM, Kieren Diment <[EMAIL PROTECTED]> wrote: >> >>> On 21 Apr 2008, at 21:22, Angel Kolev wrote: >>> >>> Hi fellas. I plan to include PayPal payment possibility in my cat website. Is there >>> any plugin/tool that works with the paypal developers toolkit >>> https://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/software_dev_kit_php-outside >>> Can anyone give me a direction >>> http://search.cpan.org/~mock/Business-PayPal/ # simplest >>> http://search.cpan.org/~scottw/Business-PayPal-API # newest and >>> probably >>> most complete >>> http://search.cpan.org/~sherzodr/Business-PayPal-IPN # most reviewed >>> on >>> cpanratings. >>> >>> Whichever one you go with a base controller (e.g. >>> Catalyst::Controller::Business::Paypal) onto cpan would be appreciated. >>> >> >> I am not so sure if the, often repeated here, advice to build >> everything as a base controller is a good one. Let's say you would >> like to use the PayPal thing and FormFu - and bang you are dealing >> with the tricky area of Multiple Inheritance. 'Composition over >> Inheritance' is popular in other circles. >> >> > I dont need FormFu, because i will use Template toolkit only. May be > Catalyst::Controller::Business::Paypal is good enough solution. Im not > familiar with paypal, but can i test some payments without "real" money > transactions? > There's already one in Catalyst SVN. We use it and have added to it for https://www.flexitimemanager.net See: http://dev.catalyst.perl.org/repos/Catalyst/trunk/Catalyst-Model-PayPal-IPN/ It does the form data and encryption too. See the docs for it I did. Gavin. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Show Catalyst info page
> I just found that cat 5.7 Ánd 5.12 have many differences. > For example, action stats changed and old version has broken. > > I want to do a back compatibility with 5.7/ > I can get $Catalyst::VERSION in controller, but I don't know where to find > it in "c." for TT Template. > If I can retrieve c.catalyst.version in TT than I can use conditional > blocks for 5.7 and 5.12 http://search.cpan.org/~mramberg/Catalyst-View-TT-0.26/lib/Catalyst/View/TT.pm#CATALYST_VAR To set the var, if that's what you mean. > > Or may be someone already done the universal stats? > > P.s. > And I have an idea to make an CatInfo page such as phpinfo. It will be > useful to have all information about > Catalyst environment in -Debug mode / Like loaded modules and versions etc? I remember seeing this on the list or on Chisel Wrights website and use it somewhere myself: 177 =head2 modules 178 179 =cut 180 181 sub modules : Local { 182 my ( $self, $c ) = @_; 183 $c->stash->{template} = 'admin/modules.tt'; 184 my $inc_data; 185 186 my @inc_loaded = grep { s/\//::/g; s/\.pm//g; } sort keys %INC; 187 188 for my $module_name (@inc_loaded) { 189 eval { 190 $inc_data->{ $module_name } = $module_name->VERSION(); 191 }; 192 push @{$c->stash->{loaded_module_data}}, 193 { 194 name=> $module_name, 195 version => $inc_data->{ $module_name }, 196 }; 197 } 198 } 199 200 =head podhtml 201 202 Convert our loaded modules to html for reading 203 204 =cut 205 206 sub podhtml : Local Args(1) { 207 my ( $self, $c, $pm ) = @_; 208 209 my $podtohtml = Pod::Simple::HTML->new(); 210 211 $pm =~ s/::/\//g; 212 $pm .= '.pm'; 213 214 $c->res->body( $podtohtml->parse_from_file($INC{$pm}) ); 215 $c->res->content_type('text/html'); 216 } ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Re: Catalyst and Web Services?
> * Gavin Henry <[EMAIL PROTECTED]> [2008-02-04 12:05]: >> If you want to provide access over SSL with auth, i.e. for >> example a desktop app posting and retrieving info from/to a >> Catalyst app what's the best way? >> >> REST or SOAP? > > Well, the question youâre asking is actually REST or WS-*; SOAP > is actually just an envelope format that can be used in both > scenarios. Of course in practice no one uses SOAP for REST > because it adds no value that you canât get another way anyway. OK, thanks. > > Anyway, between WS-* and REST, the answer is clearly REST, with > the only exception being if you need to integrate with existing > infrastructure that is already heavily geared toward WS-* â in > short, youâre in a Microsoft shop. Well, it might involve an Outlook Plugin (to right-click a calendar entry), a Thunderbird plugin with/for Lightening/Sunbird and a taskbar app all using wxWidgets, connecting to the central Catalyst App. > >> I want the same users that normalling login via a web browser >> and get a cookie to be able to login via a "light" wee desktop >> app or some such? >> >> Would you create a new interface/access point on the Cat site >> and use REST or SOAP? >> >> All new to me, so excuse the dumb questions. > > I donât know what youâre doing, so I canât say if itâll work for > your case, but in the very least as a source of inspiration, take > a look at Atompub. Itâs a great example of how to structure a > REST system, and in fact, with a little creativity, it is a close > match for the great majority of scenarios in which people want to > provide an API. The advantage is that there is already a bunch of > code that implements Atompub, both on the client but also on the > server â see Catalyst::Controller::Atompub. Cool, thanks will look at that. > > But, as I said, even if it *really* doesnât fit your needs, it > gives you an idea for how a REST service should look like. It's bascially to login, retrieve some db entries and post them back authenticated with a session etc. just like a normal session/cookie web login. > > Regards, > -- > Aristotle Pagaltzis // <http://plasmasturm.org/> > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Catalyst and Web Services?
Hi All, If you want to provide access over SSL with auth, i.e. for example a desktop app posting and retrieving info from/to a Catalyst app what's the best way? REST or SOAP? I want the same users that normalling login via a web browser and get a cookie to be able to login via a "light" wee desktop app or some such? Would you create a new interface/access point on the Cat site and use REST or SOAP? All new to me, so excuse the dumb questions. Thanks. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] LDAP
> From: "Gavin Henry" <[EMAIL PROTECTED]> >> Ah, ok. What Directory server are you using btw? > > openldap Ok. If you're using a recent version you can use back-sql and make certain db tables available via LDAP. It's not the best design decision you could, but an option if you're really stuck: http://www.openldap.org/software/man.cgi?query=slapd-sql&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html Only do it if you have no other option. Gavin. > Carl > > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] LDAP
>> Externally in your organisation? > > No to an external organisation that has been contracted by us to provide and > host a web application. This application needs to share a single sign-on with applications built in-house using Catalyst. Ah, ok. What Directory server are you using btw? > >> For configuration, why don't you have one set and reference it from both *::LDAP ?? >> >> Or I am being dumb here? > > No you're right that I can combine some of the configuration and reference it accordingly. However I don't have a single obvious place to add an extra > method (although J Rockway may have a hack around that). Sounds good. > >> You're pulling LDAP users into your RDBMS? Why not keep them there? If you >> are using PostgreSQL you can use dblink-ldap as a function. Might be handy. > > No I've got data in my RDBMS that has a relationship to the data in my LDAP > directory. For example "comments" are added by users, therefore the comments > in the database have a submitter for which the details are held in LDAP. > > dblink-ldap is interesting but we're a MySQL shop. I'm also taking a look at > DBD::LDAP on CPAN which does a similar thing in perl-land. Understood. > > Carl > > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] LDAP
> Hi, > > I've been playing around with the LDAP stuff in Catalyst, we have a need > to > share user data externally for authentication reasons and currently > believe > LDAP is a good solution for this. Externally in your organisation? > > To this end I've got C:P:Auth:Store:LDAP correctly authenticating users > against a LDAP database. I've also got C:Model:LDAP pulling users out of > the > DB so that we can display names next to user-submitted content. > > Now to get to this stage I've got two lots of configuration, and > effectively > two chunks of code doing very similar jobs. I now need to add a custom > method, and can't see anyway outside of doing it twice. For configuration, why don't you have one set and reference it from both *::LDAP ?? Or I am being dumb here? > > Next up I want to link my DBIC schema to the LDAP stuff so I can > automatically inflate users, however on this project we have some chunks > of > code that work outside Catalyst using the same schema, so I can't link > them > to the Catalyst Model. Ideally what I need here is some kind of generic > ORM > layer, an a thinner Catalyst Model which uses it. You're pulling LDAP users into your RDBMS? Why not keep them there? If you are using PostgreSQL you can use dblink-ldap as a function. Might be handy. > > So anybody else got any experiences to share here? Is there some easy way > to > achieve what I want that I've missed? Anybody got code to share? > > Thanks > > Carl > > > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: LDAP Injection [Catalyst]
> Oh another LDAP subject that I meant to mention - LDAP Injection. It's > something that's been mentioned regarding our use of LDAP. > > For example C:P:Auth:Store:LDAP suggests using a filter like: > > (&(objectClass=posixAccount)(uid=%s)) > > Then does: > > $filter =~ s/\%s/$replace/g; > > > Which on a casual glance would seem to be a possibility for a > LDAP-injection > attack. It doesn't matter, it will get rejected as a bad filter: [EMAIL PROTECTED] ~]$ ldapsearch -x "(&(objectClass=posixAccount)(uid==&234%20%/ad)$1\\))" # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (&(objectClass=posixAccount)(uid==&234%)\)) # requesting: ALL # ldapsearch: ldap_search_ext: Bad search filter (-7) > > The problems due to SQL Injection are well known and nobody would write > similar code to interact with a DB. However there seems to be little in > CPAN > that acknowledges the risks of LDAP Injection. > > I suspect that Net::LDAP doesn't help here, there is a reference to making > use of Net::LDAP::Filter to specify queries that will be properly escaped > - > however there isn't an example in the POD (hell I glanced at the source > and > couldn't be entirely sure). > > So again is this an area that anybody has considered and has some > experience > to share? > > Thanks again, > > Carl > > > ___ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Locally hosted Solution?
Hi All, It's been a while since I posted. We did and look after https://www.flexitimemanager.net, which is a Cat app using dbix, Postgres, Dojo etc for a client. Have any of you guys been in a position when a clients customer requests a locally hosted version of the app? What did you offer? I was thinking about a VMWare/Xen Image with a tailored admin interface. Or something that links back to main app? Thoughts? Thanks, Gavin. -- Walking the road to enlightenment... I found a penguin and a camel on the way. Fancy a [EMAIL PROTECTED] Just ask!!! http://perlmonks.org/?node_id=386673 ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/