FAQ
I want to give users the ability to change their password via the usual
web form:

current password: _______
new password: _______
re-type: _______

How do I check that the current password is has been typed in correctly,
and if it is, how do I put the new password into effect (as if he/she
has re-logged in with it)?

Is this something that $c->authenticate can help me with, how then?

--
Kiffin Gish <kiffin.gish@planet.nl>
Gouda, The Netherlands

Search Discussions

  • Bogdan Lucaciu at Feb 1, 2010 at 4:25 pm
    I think you're best off using 'check_password' from Credential::Password

    Take a look at it:
    http://cpansearch.perl.org/src/FLORA/Catalyst-Plugin-Authentication-0.10016/lib/Catalyst/Authentication/Credential/Password.pm

    Assuming the user is authenticated, you should try:

    $c->get_auth_realm('default')->credential->check_password($c->user,
    {password=>$pass});


    On Mon, Feb 1, 2010 at 5:47 PM, Kiffin Gish wrote:
    I want to give users the ability to change their password via the usual
    web form:

    current password: _______
    new password: ? ? _______
    re-type: ? ? ? ? ?_______

    How do I check that the current password is has been typed in correctly,
    and if it is, how do I put the new password into effect (as if he/she
    has re-logged in with it)?

    Is this something that $c->authenticate can help me with, how then?

    --
    Kiffin Gish <kiffin.gish@planet.nl>
    Gouda, The Netherlands


    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/


    --
    Bogdan Lucaciu
    Operations Manager, Sinapticode
    http://www.sinapticode.com
  • Kiffin Gish at Feb 1, 2010 at 8:34 pm
    Thanks Bogdan, works like a charm!

    I noticed that the following also works:

    $c->authenticate( { username => $username, password => $password_old },
    'users');

    Do they result in the same actions?
    On Mon, 2010-02-01 at 18:25 +0200, Bogdan Lucaciu wrote:
    I think you're best off using 'check_password' from Credential::Password

    Take a look at it:
    http://cpansearch.perl.org/src/FLORA/Catalyst-Plugin-Authentication-0.10016/lib/Catalyst/Authentication/Credential/Password.pm

    Assuming the user is authenticated, you should try:

    $c->get_auth_realm('default')->credential->check_password($c->user,
    {password=>$pass});


    On Mon, Feb 1, 2010 at 5:47 PM, Kiffin Gish wrote:
    I want to give users the ability to change their password via the usual
    web form:

    current password: _______
    new password: _______
    re-type: _______

    How do I check that the current password is has been typed in correctly,
    and if it is, how do I put the new password into effect (as if he/she
    has re-logged in with it)?

    Is this something that $c->authenticate can help me with, how then?

    --
    Kiffin Gish <kiffin.gish@planet.nl>
    Gouda, The Netherlands


    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/

    --
    Kiffin Gish <Kiffin.Gish@planet.nl>
    Gouda, The Netherlands
  • Bogdan Lucaciu at Feb 1, 2010 at 9:09 pm
    Well, $c->authenticate is a more complex process, it does a number of
    operations , one of which is calling check_password.

    $c->authenticate calls $realm->authenticate which calls
    $credential->authenticate which fetches a new user object from the
    store and then calls check_password to see if the stored password
    (hash) matches the provided password.

    Considering you just want to check the password and not reauthenticate
    the user, using check_password is less overhead, saves you a trip to
    the database, and it's probably cleaner.

    Otherwise I doubt there's any side-efect in calling $c->authenticate
    directly, and the performance overhead is probably not important, as
    you would probably need to run this code quite rarely. And it's
    probably more readable for people not knowing the Authentication
    internals
    On Mon, Feb 1, 2010 at 10:34 PM, Kiffin Gish wrote:
    Thanks Bogdan, works like a charm!

    I noticed that the following also works:

    $c->authenticate( { username => $username, password => $password_old },
    'users');

    Do they result in the same actions?
    On Mon, 2010-02-01 at 18:25 +0200, Bogdan Lucaciu wrote:
    I think you're best off using 'check_password' from Credential::Password

    Take a look at it:
    http://cpansearch.perl.org/src/FLORA/Catalyst-Plugin-Authentication-0.10016/lib/Catalyst/Authentication/Credential/Password.pm

    Assuming the user is authenticated, you should try:

    $c->get_auth_realm('default')->credential->check_password($c->user,
    {password=>$pass});


    On Mon, Feb 1, 2010 at 5:47 PM, Kiffin Gish wrote:
    I want to give users the ability to change their password via the usual
    web form:

    current password: _______
    new password: ? ? _______
    re-type: ? ? ? ? ?_______

    How do I check that the current password is has been typed in correctly,
    and if it is, how do I put the new password into effect (as if he/she
    has re-logged in with it)?

    Is this something that $c->authenticate can help me with, how then?

    --
    Kiffin Gish <kiffin.gish@planet.nl>
    Gouda, The Netherlands


    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/

    --
    Kiffin Gish <Kiffin.Gish@planet.nl>
    Gouda, The Netherlands



    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/


    --
    Bogdan Lucaciu
    Operations Manager, Sinapticode
    http://www.sinapticode.com
  • Kiffin Gish at Feb 1, 2010 at 9:25 pm
    Yeah, that's what I suspected, but I feel more confident hearing it from
    an expert, thanks.

    On Mon, 2010-02-01 at 23:09 +0200, Bogdan Lucaciu wrote:
    Well, $c->authenticate is a more complex process, it does a number of
    operations , one of which is calling check_password.

    $c->authenticate calls $realm->authenticate which calls
    $credential->authenticate which fetches a new user object from the
    store and then calls check_password to see if the stored password
    (hash) matches the provided password.

    Considering you just want to check the password and not reauthenticate
    the user, using check_password is less overhead, saves you a trip to
    the database, and it's probably cleaner.

    Otherwise I doubt there's any side-efect in calling $c->authenticate
    directly, and the performance overhead is probably not important, as
    you would probably need to run this code quite rarely. And it's
    probably more readable for people not knowing the Authentication
    internals
    On Mon, Feb 1, 2010 at 10:34 PM, Kiffin Gish wrote:
    Thanks Bogdan, works like a charm!

    I noticed that the following also works:

    $c->authenticate( { username => $username, password => $password_old },
    'users');

    Do they result in the same actions?
    On Mon, 2010-02-01 at 18:25 +0200, Bogdan Lucaciu wrote:
    I think you're best off using 'check_password' from Credential::Password

    Take a look at it:
    http://cpansearch.perl.org/src/FLORA/Catalyst-Plugin-Authentication-0.10016/lib/Catalyst/Authentication/Credential/Password.pm

    Assuming the user is authenticated, you should try:

    $c->get_auth_realm('default')->credential->check_password($c->user,
    {password=>$pass});


    On Mon, Feb 1, 2010 at 5:47 PM, Kiffin Gish wrote:
    I want to give users the ability to change their password via the usual
    web form:

    current password: _______
    new password: _______
    re-type: _______

    How do I check that the current password is has been typed in correctly,
    and if it is, how do I put the new password into effect (as if he/she
    has re-logged in with it)?

    Is this something that $c->authenticate can help me with, how then?

    --
    Kiffin Gish <kiffin.gish@planet.nl>
    Gouda, The Netherlands


    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/

    --
    Kiffin Gish <Kiffin.Gish@planet.nl>
    Gouda, The Netherlands



    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/

    --
    Kiffin Gish <Kiffin.Gish@planet.nl>
    Gouda, The Netherlands
  • Nigel Metheringham at Feb 2, 2010 at 8:54 am

    On 1 Feb 2010, at 21:09, Bogdan Lucaciu wrote:
    Considering you just want to check the password and not reauthenticate
    the user, using check_password is less overhead, saves you a trip to
    the database, and it's probably cleaner.

    Otherwise I doubt there's any side-efect in calling $c->authenticate
    directly, and the performance overhead is probably not important, as
    you would probably need to run this code quite rarely. And it's
    probably more readable for people not knowing the Authentication
    internals
    Its worth pointing out that
    http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication::Internals
    does not document the check_password method, and so those
    implementing credentials may not implement it.

    I'd go with $c->authenticate as it is a documented route into the
    API and should be handled by all credential modules.

    Nigel.
    --
    [ Nigel Metheringham Nigel.Metheringham@InTechnology.com ]
    [ - Comments in this message are my own and not ITO opinion/policy - ]

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedFeb 1, '10 at 3:47p
activeFeb 2, '10 at 8:54a
posts6
users3
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2022 Grokbase