This is strange and I will need to test it.
So you say that the hash created by Digest::SHA1::sha1_hex when it is used as a
callback is different than the result of
use Digest::SHA1 qw(sha1_hex);
print sha1_hex($password);
Octavian
----- Original Message -----
From: "David Schmidt" <davew...@gmx.at>
To: "HTML Form Creation,Rendering and Validation Framework"
<html-formfu@lists.scsys.co.uk>
Sent: Friday, March 20, 2009 1:15 AM
Subject: Re: [html-formfu] applying a filter
I am using the transformer in the form where I create a new user and
insert username and password into the database.
But the password hash that is inserted into the database doesnt match
with the one I get when I execute the same command on the commandline.
2009/3/19 Octavian Râşniţă <orasn...@gmail.com>:
> If you use the Authentication plugin, it means that that password field is
> used in a login form, right?
>
> In that case, you don't need to use a transformer at all.
>
> The transformer is needed only in the form used for creating a new user,
> where the new user types the password in 2 fields that should match, and
> then the password should be transformed in sha1_hex for beeing inserted
> hashed in the database.
>
> Octavian
>
> ----- Original Message ----- From: "David Schmidt" <davew...@gmx.at>
> To: "HTML Form Creation,Rendering and Validation Framework"
> <html-formfu@lists.scsys.co.uk>
> Sent: Thursday, March 19, 2009 6:39 PM
> Subject: Re: [html-formfu] applying a filter
>
>
> I got a little problem here.
>
> in my formfu yml file I use
>
> transformers:
> - type: Callback
> callback: 'Digest::SHA::sha1_hex'
>
> and in myApp.conf
>
> <authentication>
> default_realm dbic
> <realms>
> <dbic>
> <credential>
> class Password
> password_field password
> password_type hashed
> password_hash_type SHA-1
> </credential>
> <store>
> (...)
> </store>
> </dbic>
> </realms>
> </authentication>
>
> but the hashes dont match.
>
> This hash is inserted (providing password "oioioioi")
> 0c15f7b5ddad2ba75792b5d30d62ada2e7bda995
>
> But *** perl -MDigest::SHA -e "print
> Digest::SHA::sha1_hex('oioioioi')" *** returns
>
> 4a8737e65bd1312a45201bee99649b26e0eb3a22
>
> I am not the best of debuggers so I am a bit stuck
>
> as a workaround I am changing the password field manually with
> add_valid before I update the model (just as you tried)
> but I really want the transformer to work, any hints?
> my $account = $c->model('myDB::Accounts')->new_result({});
> $form->add_valid("password", sha1_hex($form->param('password')));
> $form->model->update($account);
>
> On Thu, Mar 19, 2009 at 4:36 PM, David Schmidt <davew...@gmx.at> wrote:
>>
>> sweet :)
>>
>> I was just about to comment on your solution for hashing the pw before
>> update/insert but transformers seem to be what should be used for that
>> kind of problem.
>>
>> thanks
>>
>> 2009/3/19 Octavian Râşniţă <orasn...@gmail.com>:
>>>
>>> I found a good solution for that, not by using a filter, but a
>>> transformer.
>>>
>>> But it can be done directly without creating a custom module, like:
>>>
>>> <element>
>>> type Password
>>> name password
>>> label_xml Password<sup>*</sup>:
>>> filter TrimEdges
>>> constraint Required
>>> <transformers>
>>> type Callback
>>> callback Digest::SHA1::sha1_hex
>>> </transformers>
>>> </element>
>>>
>>> The method Digest::SHA1::sha1_hex can be used directly as a callback
>>> method.
>>>
>>> Octavian
>>>
>>> ----- Original Message ----- From: "David Schmidt" <davew...@gmx.at>
>>> To: "HTML Form Creation,Rendering and Validation Framework"
>>> <html-formfu@lists.scsys.co.uk>
>>> Sent: Thursday, March 19, 2009 4:43 PM
>>> Subject: Re: [html-formfu] applying a filter
>>>
>>>
>>> I wrote my own Filter
>>>
>>> lib/HTML/FormFu/Filter/myApp/Digest_SHA.pm
>>>
>>> package HTML::FormFu::Filter::myApp::Digest_SHA;
>>> use strict;
>>> use warnings;
>>> use base 'HTML::FormFu::Filter';
>>> use Digest::SHA qw/sha1_hex/;
>>>
>>> sub filter {
>>> my ( $self, $value, $params ) = @_;
>>> return sha1_hex($value);
>>> }
>>>
>>> 1;
>>>
>>> and in my create.yml
>>>
>>> - type: Password
>>> name: password
>>> filters:
>>> - type: "myApp::Digest_SHA"
>>>
>>>
>>> works fine, but since I also use the repeat_password constraint and
>>> the filter is applied before passwords are compared I will not use
>>> this approach and rather change the password prior to
>>> updating/inserting into the database.
>>>
>>> On Sun, Jan 11, 2009 at 10:21 AM, Octavian Rasnita <orasn...@gmail.com>
>>> wrote:
>>>>
>>>> Hello,
>>>>
>>>> I am trying to find the best way of storing an encrypted password in the
>>>> database (when creating a new user for example).
>>>>
>>>> I thought that using a filter might be the best way for this and using a
>>>> callback would be enough:
>>>>
>>>> <filters>
>>>> type Callback
>>>> callback Digest::SHA1::sha1_hex
>>>> </filters>
>>>>
>>>> The single problem is that it doesn't work.
>>>>
>>>> Digest::SHA1::sha1_hex returns the encrypted string, so it should work,
>>>> but
>>>> I don't know why, it doesn't.
>>>>
>>>> I have also tried to use a 'use Digest::SHA1;' in MyApp.pm, even though
>>>> without it it didn't give any error, however it still doesn't work, and
>>>> the
>>>> unencrypted string is inserted in the database.
>>>>
>>>> The code I use for inserting the user is:
>>>>
>>>> if ($form->submitted_and_valid) {
>>>> my $user = $form->param_value('user');
>>>> my $email = $form->param_value('email');
>>>> my $hash = sha1_hex($user . $email . time());
>>>>
>>>> my $new_user = $c->model("DB::TempUser")->new_result({hash => $hash});
>>>> $form->process;
>>>> $form->model->update($new_user);
>>>> }
>>>>
>>>> Am I doing something wrong, or the filter can't be used for what I want?
>>>>
>>>> Thanks.
>>>>
>>>> Octavian
>>>>
>>>>
>>>> _______________________________________________
>>>> HTML-FormFu mailing list
>>>> HTML-FormFu@lists.scsys.co.uk
>>>> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>>>>
>>>
>>>
>>>
>>> --
>>> David Schmidt | http://www.fm5.at
>>>
>>> _______________________________________________
>>> HTML-FormFu mailing list
>>> HTML-FormFu@lists.scsys.co.uk
>>> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>>>
>>> _______________________________________________
>>> HTML-FormFu mailing list
>>> HTML-FormFu@lists.scsys.co.uk
>>> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>>>
>>
>>
>>
>> --
>> David Schmidt | http://www.fm5.at
>>
>
>
>
> --
> David Schmidt | http://www.fm5.at
>
> _______________________________________________
> HTML-FormFu mailing list
> HTML-FormFu@lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>
>
> _______________________________________________
> HTML-FormFu mailing list
> HTML-FormFu@lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
>
--
David Schmidt | http://www.fm5.at
_______________________________________________
HTML-FormFu mailing list
HTML-FormFu@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
_______________________________________________
HTML-FormFu mailing list
HTML-FormFu@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
