-
-
Save anonymous/9c62f970ec4d54081ec0 to your computer and use it in GitHub Desktop.
Simple example for authenticate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
use Mojolicious::Lite; | |
use Digest::SHA 'sha1_hex'; | |
use DBI; | |
plugin 'database' => { | |
dsn => 'dbdsn', | |
username => 'dbuser', | |
password => 'dbpassword', | |
options => { RaiseError => 1, pg_enable_utf8 => 1 }, | |
helper => 'db', | |
}; | |
my $auth_table = 'auth_user'; | |
plugin 'authentication' => { | |
load_user => sub { | |
my ( $self, $uid ) = @_; | |
my $sth = $self->db->prepare( "SELECT * FROM $auth_table WHERE id = ?" ); | |
$sth->execute( $uid ); | |
if ( my $res = $sth->fetchrow_hashref ) { | |
return $res; | |
} | |
else { | |
return; | |
} | |
}, | |
validate_user => sub { | |
my ( $self, $username, $password ) = @_; | |
# Prepare SQL query where will be checked permissions and selected username and password | |
my $sth = $self->db->prepare( "SELECT a.id AS id , a.username AS username,a.password AS password | |
FROM auth_user a, auth_user_user_permissions p | |
WHERE username = ? | |
AND a.id = p.user_id AND (permission_id = 58 OR permission_id = 59) | |
AND is_staff = true AND is_active = true LIMIT 1" ); | |
$sth->execute( $username ); | |
# return undef if query result is empty | |
return unless $sth; | |
if (my $res = $sth->fetchrow_hashref) { | |
# Generate salted password like in Django 1.2 | |
(my $salt = $res->{password}) =~ s/sha1\$(.*)\$.*/$1/; | |
my $enpassword = "sha1\$$salt\$".sha1_hex($salt.$password); | |
# Compare selected password and submited salted password | |
if ($enpassword eq $res->{password}) { | |
$self->session( user => $username ); | |
$self->flash( message => 'Welcome!', type => 'success' ); | |
return $res->{id}; | |
} | |
else { | |
return; | |
} | |
} | |
else { | |
return; | |
} | |
} | |
}; | |
post '/login' => sub { | |
my $self = shift; | |
my $name = $self->param('name') || q{}; | |
my $pass = $self->param('pass') || q{}; | |
unless ($name =~ /^([A-Z_a-z0-9]{1,40})\z/) { | |
$self->flash( message => 'Wrong credentials', type => 'danger', username => $name ); | |
$self->redirect_to($self->req->headers->referrer); | |
} | |
if ( $self->authenticate( $name, $pass ) ) { | |
$self->redirect_to($self->req->headers->referrer); | |
} | |
else { | |
$self->flash( message => 'Wrong credentials', type => 'danger', username => $name ); | |
$self->redirect_to($self->req->headers->referrer); | |
} | |
}; | |
get '/logout' => sub { | |
my $self = shift; | |
$self->session( expires => 1 ); | |
$self->logout(); | |
$self->redirect_to( '/' ); | |
}; | |
under '/' => sub { | |
my $self = shift; | |
$self->render('login') and return 0 unless $self->is_user_authenticated; | |
return 1; | |
}; | |
get '/' => sub { | |
my $self = shift; | |
$self->render(template => 'index', title => 'Welcome back'); | |
}; | |
app->start; | |
__DATA__ | |
@@index.html.ep | |
% layout 'default', title => $title; | |
% if ( my $message = flash 'message' and my $type = flash 'type' ) { | |
<div class="alert-<%= $type %>"><%= $message %></div> | |
% } | |
<h4 class='text-center'><%= $title %></h4> | |
@@login.html.ep | |
<!DOCTYPE html> | |
<html lang="en"> | |
<head> | |
<meta charset="utf-8"> | |
<title>Login</title> | |
</head> | |
<body> | |
% if ( my $message = flash 'message' and my $type = flash 'type' ) { | |
<div class="alert-<%= $type %> form-login"><%= $message %></div> | |
% } | |
%= form_for '/login' => ( method => 'post' ) => begin | |
<% my $value = flash 'username'; %> | |
%= text_field 'name' => $value, placeholder => 'Username' | |
%= password_field 'pass', placeholder => 'Password' | |
%= submit_button 'Submit' | |
% end | |
</body> | |
</html> | |
@@layouts/default.html.ep | |
... some html ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment