/mojo-auth.pl Secret

## mojo-auth.pl
use Mojolicious::Lite;
use Digest::SHA 'sha1_hex';
use DBI;

plugin 'database' => {
  dsn      => 'dbdsn',
  username => 'dbuser',
  password => 'dbpassword',
  options  => { RaiseError => 1, pg_enable_utf8 => 1 },
  helper   => 'db',
};

my $auth_table = 'auth_user';

plugin 'authentication' => {
  load_user => sub {
    my ( $self, $uid ) = @_;
    my $sth = $self->db->prepare( "SELECT * FROM $auth_table WHERE id = ?" );
    $sth->execute( $uid );
    if ( my $res = $sth->fetchrow_hashref ) {
      return $res;
    }
    else {
      return;
    }
  },
  validate_user => sub {
    my ( $self, $username, $password ) = @_;
    # Prepare SQL query where will be checked permissions and selected username and password
    my $sth = $self->db->prepare( "SELECT a.id AS id , a.username AS username,a.password AS password
                                   FROM auth_user a, auth_user_user_permissions p
                                   WHERE username = ?
                                   AND a.id = p.user_id AND (permission_id = 58 OR permission_id = 59)
                                   AND is_staff = true AND is_active = true LIMIT 1" );
    $sth->execute( $username );
    # return undef if query result is empty
    return unless $sth;
    if (my $res = $sth->fetchrow_hashref) {
      # Generate salted password like in Django 1.2
      (my $salt = $res->{password}) =~ s/sha1\$(.*)\$.*/$1/;
      my $enpassword = "sha1\$$salt\$".sha1_hex($salt.$password);
      # Compare selected password and submited salted password
      if ($enpassword eq $res->{password}) {
        $self->session( user => $username );
        $self->flash( message => 'Welcome!', type => 'success' );
        return $res->{id};
      }
      else {
        return;
      }
    }
    else {
      return;
    }
  }
};

post '/login' => sub {
  my $self = shift;
  my $name = $self->param('name') || q{};
  my $pass = $self->param('pass') || q{};
  unless ($name =~ /^([A-Z_a-z0-9]{1,40})\z/) {
    $self->flash( message => 'Wrong credentials', type => 'danger', username => $name );
    $self->redirect_to($self->req->headers->referrer);
  }
  if ( $self->authenticate( $name, $pass ) ) {
    $self->redirect_to($self->req->headers->referrer);
  }
  else {
    $self->flash( message => 'Wrong credentials', type => 'danger', username => $name );
    $self->redirect_to($self->req->headers->referrer);
  }
 };

get '/logout' => sub {
  my $self = shift;
  $self->session( expires => 1 );
  $self->logout();
  $self->redirect_to( '/' );
};

under '/' => sub {
  my $self = shift;
  $self->render('login') and return 0 unless $self->is_user_authenticated;
  return 1;
};

get '/' => sub {
  my $self = shift;
  $self->render(template => 'index', title => 'Welcome back');
};

app->start;

__DATA__

@@index.html.ep
% layout 'default',  title => $title;
    % if ( my $message = flash 'message' and my $type = flash 'type' ) {
      <div class="alert-<%= $type %>"><%= $message %></div>
    % }
      <h4 class='text-center'><%= $title %></h4>

@@login.html.ep
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Login</title>
  </head>
  <body>
    % if ( my $message = flash 'message' and my $type = flash 'type' ) {
        <div class="alert-<%= $type %> form-login"><%= $message %></div>
    % }
    %= form_for '/login' => ( method => 'post' ) => begin
        <% my $value = flash 'username'; %>
        %= text_field 'name' => $value, placeholder => 'Username'
        %= password_field 'pass', placeholder => 'Password'
        %= submit_button 'Submit'
    % end
  </body>
</html>


@@layouts/default.html.ep
... some html ...
	use Mojolicious::Lite;
	use Digest::SHA 'sha1_hex';
	use DBI;

	plugin 'database' => {
	dsn => 'dbdsn',
	username => 'dbuser',
	password => 'dbpassword',
	options => { RaiseError => 1, pg_enable_utf8 => 1 },
	helper => 'db',
	};

	my $auth_table = 'auth_user';

	plugin 'authentication' => {
	load_user => sub {
	my ( $self, $uid ) = @_;
	my $sth = $self->db->prepare( "SELECT * FROM $auth_table WHERE id = ?" );
	$sth->execute( $uid );
	if ( my $res = $sth->fetchrow_hashref ) {
	return $res;
	}
	else {
	return;
	}
	},
	validate_user => sub {
	my ( $self, $username, $password ) = @_;
	# Prepare SQL query where will be checked permissions and selected username and password
	my $sth = $self->db->prepare( "SELECT a.id AS id , a.username AS username,a.password AS password
	FROM auth_user a, auth_user_user_permissions p
	WHERE username = ?
	AND a.id = p.user_id AND (permission_id = 58 OR permission_id = 59)
	AND is_staff = true AND is_active = true LIMIT 1" );
	$sth->execute( $username );
	# return undef if query result is empty
	return unless $sth;
	if (my $res = $sth->fetchrow_hashref) {
	# Generate salted password like in Django 1.2
	(my $salt = $res->{password}) =~ s/sha1\$(.)\$./$1/;
	my $enpassword = "sha1\$$salt\$".sha1_hex($salt.$password);
	# Compare selected password and submited salted password
	if ($enpassword eq $res->{password}) {
	$self->session( user => $username );
	$self->flash( message => 'Welcome!', type => 'success' );
	return $res->{id};
	}
	else {
	return;
	}
	}
	else {
	return;
	}
	}
	};

	post '/login' => sub {
	my $self = shift;
	my $name = $self->param('name') \|\| q{};
	my $pass = $self->param('pass') \|\| q{};
	unless ($name =~ /^([A-Z_a-z0-9]{1,40})\z/) {
	$self->flash( message => 'Wrong credentials', type => 'danger', username => $name );
	$self->redirect_to($self->req->headers->referrer);
	}
	if ( $self->authenticate( $name, $pass ) ) {
	$self->redirect_to($self->req->headers->referrer);
	}
	else {
	$self->flash( message => 'Wrong credentials', type => 'danger', username => $name );
	$self->redirect_to($self->req->headers->referrer);
	}
	};

	get '/logout' => sub {
	my $self = shift;
	$self->session( expires => 1 );
	$self->logout();
	$self->redirect_to( '/' );
	};

	under '/' => sub {
	my $self = shift;
	$self->render('login') and return 0 unless $self->is_user_authenticated;
	return 1;
	};

	get '/' => sub {
	my $self = shift;
	$self->render(template => 'index', title => 'Welcome back');
	};

	app->start;

	__DATA__

	@@index.html.ep
	% layout 'default', title => $title;
	% if ( my $message = flash 'message' and my $type = flash 'type' ) {
	<div class="alert-<%= $type %>"><%= $message %></div>
	% }
	<h4 class='text-center'><%= $title %></h4>

	@@login.html.ep
	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="utf-8">
	<title>Login</title>
	</head>
	<body>
	% if ( my $message = flash 'message' and my $type = flash 'type' ) {
	<div class="alert-<%= $type %> form-login"><%= $message %></div>
	% }
	%= form_for '/login' => ( method => 'post' ) => begin
	<% my $value = flash 'username'; %>
	%= text_field 'name' => $value, placeholder => 'Username'
	%= password_field 'pass', placeholder => 'Password'
	%= submit_button 'Submit'
	% end
	</body>
	</html>


	@@layouts/default.html.ep
	... some html ...