Hashing passwords on user creation.

Jan. 4th, 2007 at 9:53 AM

If you use Catalyst auth with hashed passwords, here's how to create the digest in your DBIx::Class user class automatically.

sub store_column {
my ($self,$col,$val)= @_;
$val=Digest::SHA::sha1_hex($val) if ($col eq 'password');
return $self->next::method($col,$val);
}

Comments

( 3 comments — Leave a comment )

(Anonymous)

Jan. 4th, 2007 01:48 pm (UTC)

Auth needs create_user()

The Auth stores in Catalyst do an excellent job of abstracting the authorization of users. The ability for stores to declare and support things like hashed passwords, picking the alg, adding pre/port salt make it a dream: to authenticate users.

Now, when starting a project, I still have to make magic, the same kind of magic, to create new users in the store along with picking the same hash alg, the same pre/post salt options, etc. That seems like an accident waiting to happen.

IMHO, the Auth::Store needs a create_user method, so the same password options used to auth users can also be used to create users/passwords in the store.

Maybe I'm way off base. :-)

Link | Reply | Thread

(Anonymous)

Jan. 18th, 2007 09:23 pm (UTC)

Re: Auth needs create_user()

Does not really fit into all backends well -- one of the things that make the auth modules "a dream" to use is the way all of the backends have one solid API to access them. Start pushing changes in the API that are only supported on a few of the back ends and you lose the magic.

Link | Reply | Parent | Thread

sianamber

Dec. 13th, 2009 10:50 am (UTC)

Happy Birthday!

Data89, web data extraction.

Link | Reply | Thread

( 3 comments — Leave a comment )