Catalyst: Difference between revisions

From RavenWiki
Jump to navigationJump to search
mNo edit summary
(Add 'missing slash' patch; note dep on UNIVERSAL::require)
Line 5: Line 5:
Note that it requires the [[Ucam-WebAuth-AA Perl module]] which, to avoid a bug leading to warning messages when using the plugin, should be at least version 1.02.
Note that it requires the [[Ucam-WebAuth-AA Perl module]] which, to avoid a bug leading to warning messages when using the plugin, should be at least version 1.02.


Jon Warbrick has discovered that by default Catalyst's session cookies do not expire at the end of the session, but instead have a two hour lifetime.  This can be confusing for users.  I'll look at how this might be tackled in the plugin, but meanwhile, adding the following stanza to your Catalyst app's config file (my_app.yml) should solve this issue:
Jon Warbrick has discovered that by default Catalyst's session cookies do not expire at the end of the session, but instead have a two hour lifetime.  This can be confusing for users.  I'll look at how this might be tackled in the plugin, but meanwhile, adding the following stanza to your Catalyst app's config file (my_app.yml) should solve this issue:


  session:
  session:
     cookie_expires: 0
     cookie_expires: 0
Note the following from [[User:jw35|jw35]]:
I've just got to the bottom of a bug, manifesting in your Catalyst/Raven
plugin and caused by an unfortunate interaction between Catalyst and
Ucam::WebAuth::AA.
In essence, Catalyst returns 'http://foo.com?a=b' as $c->request->uri when
actually asked for 'http://foo.com/?a=b' (note the extra '/'). Becasue of
this, if you protect the root of a site with your plugin then
authentication fails if the first thing you access is the root URL,
becasue it appears that the URL in the ticket doesn't match the requested
URL. Thanks to a bug in Ucam::WebAuth::AA, this failure doesn't produce a
useful error message :-((
The patch below works around the problem, though I'm not convinced it
really the right way to fix it.
*** Raven.pm.orig      2006-10-10 15:15:28.000000000 +0100
--- Raven.pm    2006-10-10 15:16:03.000000000 +0100
***************
*** 237,243 ****
  sub this_url {
      my $self = shift;
!    return $self->context->request->uri;
  }
  # We don't need to supply a secure() method since it is only used
--- 237,248 ----
  sub this_url {
      my $self = shift;
!    my $url = $self->context->request->uri;
!    unless ($url->path) {
!        $url = $url->clone;
!        $url->path('/');
!    }
!    return $url;
  }
  # We don't need to supply a secure() method since it is only used
Note also that the module depends on UNIVERSAL::require but doesn't mention this in it's dependancies.

Revision as of 12:32, 22 December 2006

A Ucam-Webauth authentication plugin for Catalyst has been written by Michael Gray from Engineering. It's available at

http://www2.eng.cam.ac.uk/~mjg17/perl/Catalyst-Plugin-Authentication-Credential-Raven-0.01.tar.gz

Note that it requires the Ucam-WebAuth-AA Perl module which, to avoid a bug leading to warning messages when using the plugin, should be at least version 1.02.

Jon Warbrick has discovered that by default Catalyst's session cookies do not expire at the end of the session, but instead have a two hour lifetime. This can be confusing for users. I'll look at how this might be tackled in the plugin, but meanwhile, adding the following stanza to your Catalyst app's config file (my_app.yml) should solve this issue: 

session:
    cookie_expires: 0

Note the following from jw35: 

I've just got to the bottom of a bug, manifesting in your Catalyst/Raven
plugin and caused by an unfortunate interaction between Catalyst and
Ucam::WebAuth::AA.

In essence, Catalyst returns 'http://foo.com?a=b' as $c->request->uri when
actually asked for 'http://foo.com/?a=b' (note the extra '/'). Becasue of
this, if you protect the root of a site with your plugin then
authentication fails if the first thing you access is the root URL,
becasue it appears that the URL in the ticket doesn't match the requested
URL. Thanks to a bug in Ucam::WebAuth::AA, this failure doesn't produce a
useful error message :-((

The patch below works around the problem, though I'm not convinced it
really the right way to fix it.

*** Raven.pm.orig       2006-10-10 15:15:28.000000000 +0100
--- Raven.pm    2006-10-10 15:16:03.000000000 +0100
***************
*** 237,243 ****

  sub this_url {
      my $self = shift;
!     return $self->context->request->uri;
  }

  # We don't need to supply a secure() method since it is only used
--- 237,248 ----

 sub this_url {
      my $self = shift;
!     my $url = $self->context->request->uri;
!     unless ($url->path) {
!         $url = $url->clone;
!         $url->path('/');
!     }
!     return $url;
  }

  # We don't need to supply a secure() method since it is only used

Note also that the module depends on UNIVERSAL::require but doesn't mention this in it's dependancies.

Retrieved from "https://wiki.cam.ac.uk/wiki/raven/index.php?title=Catalyst&oldid=1572"