Mailing List Archive: HTTP authentication with DBIx::Class

HTTP authentication with DBIx::Class

May 13, 2016, 8:32 AM

Post #1 of 3 (1536 views)

Hi,

I am using Catalyst::Authentication::Store::DBIx::Class and
Catalyst::Authentication::Credential::HTTP with the following configuration:

my_realm => {
credential => {
class => 'HTTP',
type => 'basic',
username_field => 'username',
password_field => 'password',
password_type => 'clear',
},
store => {
class => 'DBIx::Class',
user_model => 'DB::my_user_table',
},
},

Which works great. The thing is: I want the user to authenticate in the
form "username@domain:password" using HTTP Basic Authentication, where
username and domain are checked against separate fields in my
DBIx::Class table. (Ideally, domain is checked against a related table
in my schema)

Is that supported? If not, can it be added? If not, how do you suggest I
implement that?

Thanks and Cheers,
Gerhard

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: HTTP authentication with DBIx::Class [ In reply to ]

paikkos at gmail

May 17, 2016, 2:45 AM

Post #2 of 3 (1490 views)

Permalink

We had a similar problem at $work. To get what we wanted we had to stop
using the HTTP plugin and do something like this (warning: hand-written,
un-tested code follows) in the Root controller.

my ( $username, $password ) = $c->request->headers->authorization_basic;
my $logged_in_user;
if ( defined $username && defined $password ) {
some_method_in_users_that_concatenates_and_athenticates($username,
$password);
}

if ($logged_in_user) {
$c->stash(user => $logged_in_user;
...
}
else {
$c->response->header('WWW-Authenticate' => 'Basic realm="MyRealm");
$c->response->content_type('text/plain');
$c->response->status(401);
$c->detach();
}

HTH,
Dermot

On 13 May 2016 at 16:32, Gerhard Jungwirth <gjungwirth@sipwise.com> wrote:

> Hi,
>
> I am using Catalyst::Authentication::Store::DBIx::Class and
> Catalyst::Authentication::Credential::HTTP with the following
> configuration:
>
> my_realm => {
> credential => {
> class => 'HTTP',
> type => 'basic',
> username_field => 'username',
> password_field => 'password',
> password_type => 'clear',
> },
> store => {
> class => 'DBIx::Class',
> user_model => 'DB::my_user_table',
> },
> },
>
> Which works great. The thing is: I want the user to authenticate in the
> form "username@domain:password" using HTTP Basic Authentication, where
> username and domain are checked against separate fields in my DBIx::Class
> table. (Ideally, domain is checked against a related table in my schema)
>
> Is that supported? If not, can it be added? If not, how do you suggest I
> implement that?
>
> Thanks and Cheers,
> Gerhard
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>

Re: HTTP authentication with DBIx::Class [ In reply to ]

gjungwirth at sipwise

May 23, 2016, 5:58 AM

Post #3 of 3 (1475 views)

Permalink

Hi,

thanks for confirming, that I didn't miss anything. I have – for now –
resolved to something similar:

my ($username,$password) = $c->req->headers->authorization_basic;
my ($u,$d) = split(/\@/,$username);
$c->req->headers->authorization_basic($u,$password);
my $res = $c->authenticate({}, $realm);

if($c->user_exists) {
$c->log->debug("checking '".$c->user->domain->domain."' against '$d'");
if ($c->user->domain->domain ne $d) {
$c->user->logout;
$c->log->warn("invalid api http login from
'".$c->req->address."'");
my $r = $c->get_auth_realm($realm);
$r->credential->authorization_required_response($c, $r);
return;
}
...
} else {
$c->log->warn("invalid api http login from '".$c->req->address."'");
my $r = $c->get_auth_realm($realm);
$r->credential->authorization_required_response($c, $r);
return;
}

If I get around to it, I'll consider extending
Catalyst::Authentication::Credential::HTTP because this sounds like a
useful feature.

-Gerhard

On 2016-05-17 11:45, Dermot wrote:
> We had a similar problem at $work. To get what we wanted we had to
> stop using the HTTP plugin and do something like this (warning:
> hand-written, un-tested code follows) in the Root controller.
>
> my ( $username, $password ) = $c->request->headers->authorization_basic;
> my $logged_in_user;
> if ( defined $username && defined $password ) {
> some_method_in_users_that_concatenates_and_athenticates($username,
> $password);
> }
>
> if ($logged_in_user) {
> $c->stash(user => $logged_in_user;
> ...
> }
> else {
> $c->response->header('WWW-Authenticate' => 'Basic realm="MyRealm");
> $c->response->content_type('text/plain');
> $c->response->status(401);
> $c->detach();
> }
>
>
> HTH,
> Dermot
>
> On 13 May 2016 at 16:32, Gerhard Jungwirth <gjungwirth@sipwise.com
> <mailto:gjungwirth@sipwise.com>> wrote:
>
> Hi,
>
> I am using Catalyst::Authentication::Store::DBIx::Class and
> Catalyst::Authentication::Credential::HTTP with the following
> configuration:
>
> my_realm => {
> credential => {
> class => 'HTTP',
> type => 'basic',
> username_field => 'username',
> password_field => 'password',
> password_type => 'clear',
> },
> store => {
> class => 'DBIx::Class',
> user_model => 'DB::my_user_table',
> },
> },
>
> Which works great. The thing is: I want the user to authenticate
> in the form "username@domain:password" using HTTP Basic
> Authentication, where username and domain are checked against
> separate fields in my DBIx::Class table. (Ideally, domain is
> checked against a related table in my schema)
>
> Is that supported? If not, can it be added? If not, how do you
> suggest I implement that?
>
> Thanks and Cheers,
> Gerhard
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk <mailto:Catalyst@lists.scsys.co.uk>
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
>
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/