[dancer-users] Writing an Auth plugin for SSL client certificates
perlduck
newsletter at dirk.my1.cc
Mon Nov 13 20:09:53 GMT 2017
Am 13.11.2017 18:41, schrieb John McDermott, CPLP:
> On 11/12/2017 9:09 AM, perlduck wrote:
>> Is Dancer2::Plugin::Auth::Extensible even the right place (base) for
>> such a plugin? I don't see why not. Aside from the potential security
>> issues noted, see
>> https://github.com/PerlDancer/Dancer2-Plugin-Auth-Extensible
> and create a new provider.
>
> --john
Well, as I see it, Dancer2::Plugin::Auth::Extensible requires all its
providers to authenticate with uid/pwd. If a route "requires_login" and
the "logged_in_user" isn't set in the session, then the
Dancer2::Plugin::Auth::Extensible wants to redirect to the /login route.
I already built my own Provider (based on Provider::Database) and
overwrote (using "around") the "authenticate_user" method so it returns
"true" when the uid is set in the environment. But still, DPAE shows the
login page.
When I press SUBMIT, then my "authenticate_user" method is called and
returns true (ignoring the POST parameters).
What I really want is: If a route "requires_login" and "logged_in_user"
is not yet set, then watch out for the SSL environment variables
(instead of redirecting to the login page). The more I explain, the more
I think DPAE is the wrong place for my purpose. Kind of rubber-ducking.
;-)
More information about the dancer-users
mailing list