[dancer-users] Dancer::Plugin::Passphrase utf-8 mysql

David Precious davidp at preshweb.co.uk
Mon Dec 31 08:49:28 GMT 2012 

On Sun, 30 Dec 2012 21:29:24 -0800
Wade Burgett <wadeburgett at gmail.com> wrote:

> I noticed in when I ran this code
> 
> any '/makehash' => sub{
>     my $hash = passphrase( param('1234') )->generate_hash;
>      my $user = schema->resultset('SantEmployee')->find(15);
>     $user->pin($hash);
>      $user->update;
> 
> };
> when I try to update the users pin, it crashes dbix internals-
> 
> Operation "eq": no method found,
>     left argument has no overloaded magic,
>     right argument in overloaded package Dancer::Plugin::Passphrase at
> /usr/local/share/perl/5.14.2/DBIx/Class/Row.pm line 901, <DATA> line
> 16. in /usr/local/share/perl/5.14.2/Dancer/Handler.pm l. 98

the passphrase()->generate_hash call will return an object which
overloads stringification to return the hash as text.

I think you want:

  my $hash = passphrase( param('1234') )->generate_hash->rfc2307;

That will return the hashed password as an RFC2307-style string.

 
> I can quote the value of hash going into dbix like so
> 
> $user->pin($hash);
> 
> but I don't remember doing that in my pre utf-8 days of coding so I am
> thinking I have mysql taking the data from perl incorrecty.

I guess you meant $user->pin("$hash") there?

If so, that would work too, as it'd force it to stringify.

 
> Also when I try to match the passphrase against the pin, it doesn’t
> match and I really think it should.
> 
>    my $user = schema->resultset('SantEmployee')->find(15);
>     my $pin = $user->pin;
>     my $result = passphrase('1234')->matches($pin);
>     if ($result){print $result}else{print "nomatches $pin"};
> 
> <p>nomatches
> {CRYPT}$2a$04$..XDNZXxKq9/zhpeu4VsbOgXSSonxsoPHX75/kN9H6nvM/oIhhYIWHTTP/1.0
> 200 OK

That is odd; I would expect that to work, if the crypted passphrase is
being stored in the DB correctly.

Can you add a bit of debugging code to find out what the generated hash
was before it was stored in the DB, and make sure it comes out the
same?  A common error I've seen causing this kind of thing is making
the DB column too short to contain the hash, and using MySQL with it's
default config of "fuck it, munge the data to fit" (which is
*horrible*, but that's another topic).


-- 
David Precious ("bigpresh") <davidp at preshweb.co.uk>
http://www.preshweb.co.uk/     www.preshweb.co.uk/twitter
www.preshweb.co.uk/linkedin    www.preshweb.co.uk/facebook
www.preshweb.co.uk/cpan        www.preshweb.co.uk/github

More information about the dancer-users mailing list