Thank you for remembering me about the \%params which is sent to the callback
subroutine.
In this case, which would be the recommended way to insert the hashed password
in the database?
Create an external custom transformer that uses only the value of the password
field, or applying the transformer in the controller, or something else?
I've seen recommendations for using DBIx::Class::EncodedColumn, and now it
seems mor easier to use, because the Catalyst helper that generates the result
classes accepts to add components before the Core.
However, if the old password field was generated as:
__PACKAGE__->add_columns(
'password' => {
data_type => 'CHAR',
size => 40,
}
I still don't know how I can upgrade it to be:
__PACKAGE__->add_columns(
'password' => {
data_type => 'CHAR',
size => 40,
encode_column => 1,
encode_class => 'Digest',
encode_args => {algorithm => 'SHA-1', format => 'hex'},
}
This way would be more complicated than creating a custom transformer, but
maybe it has some other benefits... I don't know.
I think that I can't use __PACKAGE__->add_columns... after the "do not modify
anything above" in the result class file, because it might try to add the same
column twice, and I don't know if there is a modify_columns() method.
Thank you for the recommendation for the best considered way.
Octavian
----- Original Message -----
From: "Carl Franks" <fireart...@gmail.com>
To: "HTML Form Creation,Rendering and Validation Framework"
<html-formfu@lists.scsys.co.uk>
Sent: Friday, March 20, 2009 10:15 AM
Subject: Re: [html-formfu] applying a filter
> 2009/3/19 David Schmidt <davew...@gmx.at>:
>> I am using the transformer in the form where I create a new user and
>> insert username and password into the database.
>> But the password hash that is inserted into the database doesnt match
>> with the one I get when I execute the same command on the commandline.
>
> Callback subroutines are passed the arguments ($value, \%params)
>
> print sha1_hex('password');
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> print sha1_hex('password', {});
> 71252337f7555e49ec5eaa05c8026c846057e404
> print sha1_hex('password', { a => 'b', c => 'd' });
> e0613e6de2ebadf9cdfe59a27b251f74ea3052cf
> print sha1_hex('password', { c => 'd', a => 'b' });
> f229018fb7726a0ecb73b3b621e1074dbb8763fd
>
> Callback.pm was never intended for use with arbitrary subroutines.
> It's unfortunate that someone tried it and thought it worked.
>
> The above code shows that it can't possibly work reliably.
> If the value for a submit button changes, it breaks your hashed-values.
> If you add a new hidden field, it breaks...
> If the order of hash keys changes (which is guaranteed with perl), it
> breaks...
>
> I'll check the docs and make sure there are no examples of this there.
>
> Carl
>
> _______________________________________________
> HTML-FormFu mailing list
> HTML-FormFu@lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
_______________________________________________
HTML-FormFu mailing list
HTML-FormFu@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
