kiffin.gish at planet
Feb 1, 2010, 1:25 PM
Post #5 of 6
(873 views)
Permalink
|
Yeah, that's what I suspected, but I feel more confident hearing it from
an expert, thanks.
On Mon, 2010-02-01 at 23:09 +0200, Bogdan Lucaciu wrote:
> Well, $c->authenticate is a more complex process, it does a number of
> operations , one of which is calling check_password.
>
> $c->authenticate calls $realm->authenticate which calls
> $credential->authenticate which fetches a new user object from the
> store and then calls check_password to see if the stored password
> (hash) matches the provided password.
>
> Considering you just want to check the password and not reauthenticate
> the user, using check_password is less overhead, saves you a trip to
> the database, and it's probably cleaner.
>
> Otherwise I doubt there's any side-efect in calling $c->authenticate
> directly, and the performance overhead is probably not important, as
> you would probably need to run this code quite rarely. And it's
> probably more readable for people not knowing the Authentication
> internals
>
> On Mon, Feb 1, 2010 at 10:34 PM, Kiffin Gish <kiffin.gish [at] planet> wrote:
> > Thanks Bogdan, works like a charm!
> >
> > I noticed that the following also works:
> >
> > $c->authenticate( { username => $username, password => $password_old },
> > 'users');
> >
> > Do they result in the same actions?
> >
> > On Mon, 2010-02-01 at 18:25 +0200, Bogdan Lucaciu wrote:
> >> I think you're best off using 'check_password' from Credential::Password
> >>
> >> Take a look at it:
> >> http://cpansearch.perl.org/src/FLORA/Catalyst-Plugin-Authentication-0.10016/lib/Catalyst/Authentication/Credential/Password.pm
> >>
> >> Assuming the user is authenticated, you should try:
> >>
> >> $c->get_auth_realm('default')->credential->check_password($c->user,
> >> {password=>$pass});
> >>
> >>
> >>
> >> On Mon, Feb 1, 2010 at 5:47 PM, Kiffin Gish <kiffin.gish [at] planet> wrote:
> >> > I want to give users the ability to change their password via the usual
> >> > web form:
> >> >
> >> > current password: _______
> >> > new password: _______
> >> > re-type: _______
> >> >
> >> > How do I check that the current password is has been typed in correctly,
> >> > and if it is, how do I put the new password into effect (as if he/she
> >> > has re-logged in with it)?
> >> >
> >> > Is this something that $c->authenticate can help me with, how then?
> >> >
> >> > --
> >> > Kiffin Gish <kiffin.gish [at] planet>
> >> > Gouda, The Netherlands
> >> >
> >> >
> >> > _______________________________________________
> >> > List: Catalyst [at] lists
> >> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> >> > Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
> >> > Dev site: http://dev.catalyst.perl.org/
> >> >
> >>
> >>
> >>
> >
> >
> > --
> > Kiffin Gish <Kiffin.Gish [at] planet>
> > Gouda, The Netherlands
> >
> >
> >
> > _______________________________________________
> > List: Catalyst [at] lists
> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> > Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
> > Dev site: http://dev.catalyst.perl.org/
> >
>
>
>
--
Kiffin Gish <Kiffin.Gish [at] planet>
Gouda, The Netherlands
_______________________________________________
List: Catalyst [at] lists
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst [at] lists/
Dev site: http://dev.catalyst.perl.org/
|
