Hi,
thanks for confirming, that I didn't miss anything. I have – for now –
resolved to something similar:
my ($username,$password) = $c->req->headers->authorization_basic;
my ($u,$d) = split(/\@/,$username);
$c->req->headers->authorization_basic($u,$password);
my $res = $c->authenticate({}, $realm);
if($c->user_exists) {
$c->log->debug("checking '".$c->user->domain->domain."' against '$d'");
if ($c->user->domain->domain ne $d) {
$c->user->logout;
$c->log->warn("invalid api http login from
'".$c->req->address."'");
my $r = $c->get_auth_realm($realm);
$r->credential->authorization_required_response($c, $r);
return;
}
...
} else {
$c->log->warn("invalid api http login from '".$c->req->address."'");
my $r = $c->get_auth_realm($realm);
$r->credential->authorization_required_response($c, $r);
return;
}
If I get around to it, I'll consider extending
Catalyst::Authentication::Credential::HTTP because this sounds like a
useful feature.
-Gerhard
On 2016-05-17 11:45, Dermot wrote:
We had a similar problem at $work. To get what we wanted we had to
stop using the HTTP plugin and do something like this (warning:
hand-written, un-tested code follows) in the Root controller.
my ( $username, $password ) = $c->request->headers->authorization_basic;
my $logged_in_user;
if ( defined $username && defined $password ) {
some_method_in_users_that_concatenates_and_athenticates($username,
$password);
}
if ($logged_in_user) {
$c->stash(user => $logged_in_user;
...
}
else {
$c->response->header('WWW-Authenticate' => 'Basic realm="MyRealm");
$c->response->content_type('text/plain');
$c->response->status(401);
$c->detach();
}
HTH,
Dermot
On 13 May 2016 at 16:32, Gerhard Jungwirth <[email protected]
<mailto:[email protected]>> wrote:
Hi,
I am using Catalyst::Authentication::Store::DBIx::Class and
Catalyst::Authentication::Credential::HTTP with the following
configuration:
my_realm => {
credential => {
class => 'HTTP',
type => 'basic',
username_field => 'username',
password_field => 'password',
password_type => 'clear',
},
store => {
class => 'DBIx::Class',
user_model => 'DB::my_user_table',
},
},
Which works great. The thing is: I want the user to authenticate
in the form "username@domain:password" using HTTP Basic
Authentication, where username and domain are checked against
separate fields in my DBIx::Class table. (Ideally, domain is
checked against a related table in my schema)
Is that supported? If not, can it be added? If not, how do you
suggest I implement that?
Thanks and Cheers,
Gerhard
_______________________________________________
List: [email protected] <mailto:[email protected]>
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive:
http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
