[SP-pm] Ajuda para entender o Catalyst::Plugin::Authentication
Hernan Lopes
hernanlopes at gmail.com
Wed Dec 15 08:38:40 PST 2010
vc tem que fazer o seguinte:
1. create a database
2. create tables:
CREATE TABLE users
(
id serial NOT NULL,
nome text,
sobrenome text,
is_deleted integer DEFAULT 0,
endereco text,
created date DEFAULT now(),
username text,
"password" text,
telefone text,
email character varying(255),
CONSTRAINT users_pkey PRIMARY KEY (id)
);
CREATE TABLE roles
(
id integer NOT NULL,
"role" text,
CONSTRAINT role_pkey PRIMARY KEY (id)
);
CREATE TABLE users_to_roles
(
user_id integer NOT NULL,
role_id integer NOT NULL,
CONSTRAINT users_to_roles_pkey PRIMARY KEY (user_id, role_id),
CONSTRAINT users_to_roles_role_id_fkey FOREIGN KEY (role_id)
REFERENCES roles (id) MATCH SIMPLE
ON UPDATE NO ACTION ON DELETE NO ACTION,
CONSTRAINT users_to_roles_user_id_fkey FOREIGN KEY (user_id)
REFERENCES users (id) MATCH SIMPLE
ON UPDATE NO ACTION ON DELETE NO ACTION
);
2.1 add some data onto db:
insert into roles (id, role) values (1, 'admin');
insert into roles (id, role) values (2, 'gerente');
insert into roles (id, role) values (3, 'banidos');
insert into roles (id, role) values (4, 'funcionario');
insert into roles (id, role) values (5, 'secretaria');
insert into users (nome, sobrenome, is_deleted, endereco, username,
password, email) values ('joe', 'silva', '0', '-', 'joe', 'silva', '
joe at silva.net');
insert into users (nome, sobrenome, is_deleted, endereco, username,
password, email) values ('maria', 'gomes', '0', '-', 'maria', 'gomes', '
mariagomes at hotmail.com');
insert into users (nome, sobrenome, is_deleted, endereco, username,
password, email) values ('admin', 'admin', '0', '-', 'admin', 'admin', '
admin at admins.com');
insert into users_to_roles ( role_id, user_id ) values (1, 3);
insert into users_to_roles ( role_id, user_id ) values (2, 1);
insert into users_to_roles ( role_id, user_id ) values (2, 2);
3. create a default catalyst app
catalyst.pl Example::Catalyst::Auth
cd Example-Catalyst-Auth/
4. create TT view
script/example_catalyst_auth_create.pl view TT
5. open TT.pm file to edit
vim lib/Example/Catalyst/Auth/View/TT.pm
6. insert the following into your TT.pm
package Example::Catalyst::Auth::View::TT;
use warnings;
use strict;
use base 'Catalyst::View::TT';
__PACKAGE__->config(
# Set to 1 for detailed timer stats in your HTML as comments
TIMER => 0,
# This is your wrapper template located in the 'root/src'
WRAPPER => 'wrapper.tt2',
# Change default TT extension
TEMPLATE_EXTENSION => '.tt2',
# Set the location for TT files
INCLUDE_PATH => [
Example::Catalyst::Auth->path_to( 'root', ),
],
);
__PACKAGE__->meta->make_immutable;
1;
7. now open the main ap config
vim lib/Example/Catalyst/Auth.pm
8. and insert inside your __PACKAGE__->config() :
default_view => 'TT',
ENCODING => 'utf-8',
8.1 and also declare these inside your use Catalyst qw//:
Unicode
StackTrace
Authentication
Authorization::Roles
8.2 and insert the Auth configuration also.. on that same file:
__PACKAGE__->config->{'Plugin::Authentication'} = {
default => {
class => 'SimpleDB',
# user_model => 'DBICSchemamodel::Users',
user_model => 'DBICSchemamodel::User',
password_type => 'clear',
user_role_user_field => 'user_id',
user_role_role_field => 'role_id',
},
};
8.3 and also insert the Store config
__PACKAGE__->config->{'Plugin::Cache'}{backend} = { #DEFAULT backend
store => "FastMmap",
class => "Cache::FastMmap",
storage => "/tmp/cache",
expires => 3600,
};
8. create the wrapper:
vim root/wrapper.tt2
9. and insert this content:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
</head>
<body>
[%content%]
</body>
</html>
10. now lets modify our Root controller.
We should create one index page (And test the view we setup is working)
We should create one hidden page, which will show only when logged in.
vim lib/Example/Catalyst/Auth/Controller/Root.pm
10.1 declare use HTML::FormHandler
use HTML::FormHandler;
11. delete index action and add the following:
sub auto :Private {
my ($self, $c) =@_;
if ( $c->action eq $c->controller('root')->action_for('login')
|| $c->action eq $c->controller('root')->action_for('index')
) {
return 1;
}
# If a user doesn't exist, force login
if (
!$c->user_exists
or (
(
!$c->check_user_roles('admin')
and !$c->check_user_roles('gerente')
and !$c->check_user_roles('funcionario')
)
)
)
{
# Redirect the user to the login page
$c->forward('login');
# Return 0 to cancel 'post-auto' processing and prevent use of
application
return 0;
}
# User found, so return 1 to continue with processing after this 'auto'
return 1;
}
sub index :Path :Args(0) {
my ( $self, $c ) = @_;
$c->stash(template => \'Welcome please <a href="/login">login</a>'); #or
i could use: template => 'index.tt2', and create that file inside myapp/root
}
sub hidden_page :Path('/hidden_page') :Args(0) {
my ( $self, $c ) = @_;
$c->stash( template => \'CONTEÚDO ESCONDIDO' );
}
sub login : Path('/login') : Args(0) {
my ( $self, $c ) = @_;
my $form = HTML::FormHandler->new({
field_list => [
username => {
type => 'Text',
label => 'Login',
required => 1,
required_message => 'Campo Requerido',
},
password => {
type => 'Password',
label => 'Password',
required => 1,
required_message => 'Campo Requerido',
},
submit => {
type => 'Submit',
value => 'Login',
},
],
});
$c->stash( template => \$form->render);
# Get the username and password from form
my $username = $c->request->params->{username} || undef;
my $password = $c->request->params->{password} || undef;
# If the username and password values were found in form
if ( defined($username) && defined($password) ) {
# Attempt to log the user in
if (
$c->authenticate(
{
username => $username,
password => $password
}
)
)
{
$c->forward('hidden_page');
return;
}
else {
# Set an error message
$c->stash->{error_msg} =
"Login desconhecido. Verifique seu login e senha e tente novamente. ";
}
}
# If either of above don't work out, send to the login page
$c->detach('index') if ($c->user_exists);
}
sub logout : Path('/logout') : Args(0) {
my ( $self, $c ) = @_;
# Clear the user's state
$c->logout;
# Send the user to the starting point
$c->response->redirect( $c->uri_for('/') );
}
12. now create your schema:
script/example_catalyst_auth_create.pl model DBICSchemamodel DBIC::Schema
Example::Catalyst::Auth::DBSchema create=static dbi:Pg:dbname=test_auth
dblogin password
13. add many_to_many relationships to model User
vim lib/Example/Catalyst/Auth/DBSchema/Result/User.pm
14. insert before make_immutable or 1
__PACKAGE__->many_to_many('roles', 'users_to_roles' => 'role');
15. add many_to_many relationships to model Role
vim lib/Example/Catalyst/Auth/DBSchema/Result/Role.pm
14. insert before make_immutable or 1
__PACKAGE__->many_to_many('users', 'users_to_roles' => 'user');
2010/12/15 Luis Motta Campos <luismottacampos at yahoo.co.uk>
> On 15 Dec 2010, at 16:27, Jonhnes Lopes wrote:
> > Valeu pela dica Lindolfo mas, tenho que fazer pelo metodo mais dificil
> mesmo,
> > porque depois vou ter que implementar a criptografia, então acho melhor
> apanhar
> > logo pra aprender o Authentication. Mas, obrigado mesmo pela dica.
>
> Ahn... criptografia para a WWW é, até onde eu sei, um problema da camada de
> transporte. Por quê você está tentando encriptar as credenciais na camada de
> sessão?
>
> Putamplexos
> --
> Luis Motta Campos is a software engineer,
> Perl Programmer, foodie and photographer.
>
> =begin disclaimer
> Sao Paulo Perl Mongers: http://sao-paulo.pm.org/
> SaoPaulo-pm mailing list: SaoPaulo-pm at pm.org
> L<http://mail.pm.org/mailman/listinfo/saopaulo-pm>
> =end disclaimer
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/saopaulo-pm/attachments/20101215/8b1b1782/attachment-0001.html>
More information about the SaoPaulo-pm
mailing list