Catalyst::Plugin::Authentication::Credential::CHAP - Authenticate a user using a CHAP login system.
This credential checker inherits from Catalyst::Plugin::Authentication::Credential::Password. It generates a challenge string that the user agent must concatenate to the password before encoding it with a hash algorithm. When logging in, this plugin will compare the sent password to the one stored, encoded with the same challenge string saved in the session data. It is meant to allow you to securely send passwords over a clear HTTP connection.
If the user has a clear text password it will be compared directly. You just have to concatenate the challenge string to the password and encode it with any of the hash methods supported by the Digest module.
If the stored password is hashed, you will have to encode it in your client BEFORE concatenating the challenge string to it, and then encode the whole string again before sending it to the server.
UNIX crypt hashed password are not supported. You must store your passwords either in clear or hashed.
You must use Sessions.
The length of the challenge string. Default is 40.
Inherited from Catalyst::Plugin::Authentication::Credential::Password.
Try to log a user in.
$username can be a string (e.g. retrieved from a form) or an object. If the object is a Catalyst::Plugin::Authentication::User it will be used as is. Otherwise
$c->get_user is used to retrieve it.
$password is a hash of the password and the challenge string, encoded client side.
$password are not provided, the query parameters
pass will be tried instead.
Generates a challenge string for the current session. You can put it in your root's begin/end actions if needed, the challenge string won't change until the session ends or you call this method with
$force set to 1.
Returns the current challenge string.
After the user is logged in, the user object for the current logged in user can be retrieved from the context using the
The current user can be logged out again by calling the