Provided by: libcatalyst-plugin-authentication-perl_0.10023-4_all bug

NAME

       Catalyst::Authentication::Credential::Password - Authenticate a user with a password.

SYNOPSIS

           use Catalyst qw/
             Authentication
             /;

           package MyApp::Controller::Auth;

           sub login : Local {
               my ( $self, $c ) = @_;

               $c->authenticate( { username => $c->req->param('username'),
                                   password => $c->req->param('password') });
           }

DESCRIPTION

       This authentication credential checker takes authentication information (most often a
       username) and a password, and attempts to validate the password provided against the user
       retrieved from the store.

CONFIGURATION

           # example
           __PACKAGE__->config('Plugin::Authentication' =>
                       {
                           default_realm => 'members',
                           realms => {
                               members => {

                                   credential => {
                                       class => 'Password',
                                       password_field => 'password',
                                       password_type => 'hashed',
                                       password_hash_type => 'SHA-1'
                                   },
                                   ...

       The password module is capable of working with several different password
       encryption/hashing algorithms. The one the module uses is determined by the credential
       configuration.

       Those who have used Catalyst::Plugin::Authentication prior to the 0.10 release should note
       that the password field and type information is no longer part of the store configuration
       and is now part of the Password credential configuration.

       class
           The classname used for Credential. This is part of Catalyst::Plugin::Authentication
           and is the method by which Catalyst::Authentication::Credential::Password is loaded as
           the credential validator. For this module to be used, this must be set to 'Password'.

       password_field
           The field in the user object that contains the password. This will vary depending on
           the storage class used, but is most likely something like 'password'. In fact, this is
           so common that if this is left out of the config, it defaults to 'password'. This
           field is obtained from the user object using the get() method. Essentially:
           $user->get('passwordfieldname'); NOTE If the password_field is something other than
           'password', you must be sure to use that same field name when calling
           $c->authenticate().

       password_type
           This sets the password type.  Often passwords are stored in crypted or hashed formats.
           In order for the password module to verify the plaintext password passed in, it must
           be told what format the password will be in when it is retrieved from the user object.
           The supported options are:

           none    No password check is done. An attempt is made to retrieve the user based on
                   the information provided in the $c->authenticate() call. If a user is found,
                   authentication is considered to be successful.

           clear   The password in user is in clear text and will be compared directly.

           self_check
                   This option indicates that the password should be passed to the
                   check_password() routine on the user object returned from the store.

           crypted The password in user is in UNIX crypt hashed format.

           salted_hash
                   The password in user is in salted hash format, and will be validated using
                   Crypt::SaltedHash.  If this password type is selected, you should also provide
                   the password_salt_len config element to define the salt length.

           hashed  If the user object supports hashed passwords, they will be used in conjunction
                   with Digest. The following config elements affect the hashed configuration:

                   password_hash_type
                           The hash type used, passed directly to "new" in Digest.

                   password_pre_salt
                           Any pre-salt data to be passed to "add" in Digest before processing
                           the password.

                   password_post_salt
                           Any post-salt data to be passed to "add" in Digest after processing
                           the password.

USAGE

       The Password credential module is very simple to use. Once configured as indicated above,
       authenticating using this module is simply a matter of calling $c->authenticate() with an
       authinfo hashref that includes the password element. The password element should contain
       the password supplied by the user to be authenticated, in clear text. The other
       information supplied in the auth hash is ignored by the Password module, and simply passed
       to the auth store to be used to retrieve the user. An example call follows:

           if ($c->authenticate({ username => $username,
                                  password => $password} )) {
               # authentication successful
           } else {
               # authentication failed
           }

METHODS

       There are no publicly exported routines in the Password module (or indeed in most
       credential modules.)  However, below is a description of the routines required by
       Catalyst::Plugin::Authentication for all credential modules.

   new( $config, $app, $realm )
       Instantiate a new Password object using the configuration hash provided in $config. A
       reference to the application is provided as the second argument.  Note to credential
       module authors: new() is called during the application's plugin setup phase, which is
       before the application specific controllers are loaded. The practical upshot of this is
       that things like $c->model(...) will not function as expected.

   authenticate( $authinfo, $c )
       Try to log a user in, receives a hashref containing authentication information as the
       first argument, and the current context as the second.

   check_password( )
perl v5.36.0                                20Catalyst::Authentication::Credential::Password(3pm)