Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Perl Catalyst

by Your Mother (Archbishop)
on Oct 10, 2018 at 17:37 UTC ( [id://1223810]=note: print w/replies, xml ) Need Help??


in reply to Perl Catalyst

You seem to be configuring the DB column wrongly, at least, for DBIC. Try following this doc and ensuring you have the module installed: DBIx::Class::EncodedColumn::Crypt::PBKDF2. If that doesn't work, let us know and I'll try to dig deeper. Snippet from it–

__PACKAGE__->add_columns(
    'password' => {
        data_type           => 'text',
        encode_column       => 1,
        encode_class        => 'Crypt::PBKDF2',
        encode_args         => {
            hash_class => 'HMACSHA1',
            iterations => 1000
        },
        encode_check_method => 'check_password',
    }
)

[download]

Replies are listed 'Best First'.
Re^2: Perl Catalyst
by akuk (Beadle) on Oct 10, 2018 at 18:14 UTC

    Thanks for this information.

    App File, Authentication settings 

    'Plugin::Authentication' =>
    {
        default_realm => 'members',
            members => {
                credential => {
                    class => 'Password',
                    password_field => 'password',
                    password_type => 'self_check'
                },
                store => {
                    class => 'DBIx::Class',
                    user_model => 'DB::User',
                }
            }
    },

    [download]

    modified add_columns in the User

    __PACKAGE__->add_columns(
    'password' => {
        data_type           => 'varchar',
        encode_column       => 1,
        encode_class        => 'Crypt::PBKDF2',
        encode_args         => {
            hash_class => 'HMACSHA2',
            hash_args => {
                    sha_size => 512,
                },
            iterations => 10000,
            salt_len   => 10,
        },
        encode_check_method => 'check_password',
    }
);

    [download]

    data type of password field is varchar type, hence the varchar is used in the above code.

    To my surprise, when I changed the password of the user through a script, it is not encrypting the password field

    . 
    #!/usr/bin/perl
use strict;
use warnings;
use MyApp::Schema;

my $schema = MyApp::Schema->connect('dbi:mysql:database', 'root', '');
my @users = $schema->resultset('User')->all;

# Just traversing the User
foreach my $user (@users) {
    if ($user->email eq 'xyz') {
        $user->password('password');
        $user->update;
    }
}

    [download]

    when I checked the database, it stores the password in the clear text whereas it should save it in the encrypted format.

[reply]
[d/l]
[select]

      Finally, I figured it out, how to authenticate using Crypt::PBKDF2

      Just in case anyone else stuck in this loop. Here is the way 

       
# In App.pm

'Plugin::Authentication' =>
    {
        default_realm => 'members',
            members => {
                credential => {
                    class => 'Password',
                    password_field => 'password',
                    password_type => 'self_check'
                },
                store => {
                    class => 'DBIx::Class',
                    user_model => 'DB::User',
                }
            }
    },

      [download]

      And now the DB::User file 

       
     __PACKAGE__->load_components("InflateColumn::DateTime", "TimeStam
+p", "EncodedColumn");

# Pay special attention to EncodedColumn, I was using passphrase colum
+n there. That my silly mistake and it cost me hours
# and now add_columns

__PACKAGE__->add_columns(
    'password' => {
        data_type           => 'text',
        encode_column       => 1,
        encode_class        => 'Crypt::PBKDF2',
        encode_args         => {
            hash_class => 'HMACSHA2',
            hash_args => {
                    sha_size => 512,
                },
            iterations => 10000,
            salt_len   => 10,
        },
        encode_check_method => 'check_password',
    }
);

      [download]

      And this works for me. Thanks for the assistance "@Your Mother"

[reply]
[d/l]
[select]

        Thank you for digging the answer out. I was going to try later tonight so you saved me, and future seekers, the trouble. :P

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1223810]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (3)
As of 2024-04-26 04:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found