On Sun, 30 Dec 2012 21:29:24 -0800 Wade Burgett <wadeburgett@gmail.com> wrote:
I noticed in when I ran this code
any '/makehash' => sub{ my $hash = passphrase( param('1234') )->generate_hash; my $user = schema->resultset('SantEmployee')->find(15); $user->pin($hash); $user->update;
}; when I try to update the users pin, it crashes dbix internals-
Operation "eq": no method found, left argument has no overloaded magic, right argument in overloaded package Dancer::Plugin::Passphrase at /usr/local/share/perl/5.14.2/DBIx/Class/Row.pm line 901, <DATA> line 16. in /usr/local/share/perl/5.14.2/Dancer/Handler.pm l. 98
the passphrase()->generate_hash call will return an object which overloads stringification to return the hash as text. I think you want: my $hash = passphrase( param('1234') )->generate_hash->rfc2307; That will return the hashed password as an RFC2307-style string.
I can quote the value of hash going into dbix like so
$user->pin($hash);
but I don't remember doing that in my pre utf-8 days of coding so I am thinking I have mysql taking the data from perl incorrecty.
I guess you meant $user->pin("$hash") there? If so, that would work too, as it'd force it to stringify.
Also when I try to match the passphrase against the pin, it doesn’t match and I really think it should.
my $user = schema->resultset('SantEmployee')->find(15); my $pin = $user->pin; my $result = passphrase('1234')->matches($pin); if ($result){print $result}else{print "nomatches $pin"};
<p>nomatches {CRYPT}$2a$04$..XDNZXxKq9/zhpeu4VsbOgXSSonxsoPHX75/kN9H6nvM/oIhhYIWHTTP/1.0 200 OK
That is odd; I would expect that to work, if the crypted passphrase is being stored in the DB correctly. Can you add a bit of debugging code to find out what the generated hash was before it was stored in the DB, and make sure it comes out the same? A common error I've seen causing this kind of thing is making the DB column too short to contain the hash, and using MySQL with it's default config of "fuck it, munge the data to fit" (which is *horrible*, but that's another topic). -- David Precious ("bigpresh") <davidp@preshweb.co.uk> http://www.preshweb.co.uk/ www.preshweb.co.uk/twitter www.preshweb.co.uk/linkedin www.preshweb.co.uk/facebook www.preshweb.co.uk/cpan www.preshweb.co.uk/github