[dancer-users] Writing an Auth plugin for SSL client certificates

perlduck newsletter at dirk.my1.cc
Mon Nov 13 20:09:53 GMT 2017

Am 13.11.2017 18:41, schrieb John McDermott, CPLP:
> On 11/12/2017 9:09 AM, perlduck wrote:
>> Is Dancer2::Plugin::Auth::Extensible even the right place (base) for 
>> such a plugin? I don't see why not. Aside from the potential security 
>> issues noted, see 
>> https://github.com/PerlDancer/Dancer2-Plugin-Auth-Extensible
> and create a new provider.
> --john

Well, as I see it, Dancer2::Plugin::Auth::Extensible requires all its 
providers to authenticate with uid/pwd. If a route "requires_login" and 
the "logged_in_user" isn't set in the session, then the 
Dancer2::Plugin::Auth::Extensible wants to redirect to the /login route.

I already built my own Provider (based on Provider::Database) and 
overwrote (using "around") the "authenticate_user" method so it returns 
"true" when the uid is set in the environment. But still, DPAE shows the 
login page.

When I press SUBMIT, then my "authenticate_user" method is called and 
returns true (ignoring the POST parameters).

What I really want is: If a route "requires_login" and "logged_in_user" 
is not yet set, then watch out for the SSL environment variables 
(instead of redirecting to the login page). The more I explain, the more 
I think DPAE is the wrong place for my purpose. Kind of rubber-ducking. 

More information about the dancer-users mailing list