Bug #43482 for Catalyst-Authentication-AuthTkt: Small patch for Catalyst::Authentication::AuthTkt

Hello there! Thank you for having written and having shared this module. It works exactly as it says it will, and makes working in a single sign on environment much easier. I did discover that my application needs to be able to offer functionality besides redirecting someone to a portal's main page when they are not logged in. Currently, Catalyst::Authentication::AuthTkt almost handles this as you would expect. If you call $c->logout, the cookie's value is cleared. If you try and use $c->authenticate after that, it fails when it calls validate_ticket on the blank string. I have a simple patch for this. diff -r Catalyst-Authentication-AuthTkt-0.08-orig/lib/Catalyst/Authentication/Store/AuthTkt.pm Catalyst-Authentication-AuthTkt-0.08/lib/Catalyst/Authentication/Store/AuthTkt.pm 127a128,133 Show quoted text
That's the whole patch. If the ticket from the cookie is blank, it returns a failure from find_user. With this patch in place, you can call $c->logout and expect the rest of the AuthTkt module to keep working. I have not written a test case for this, as it would involve a significant change to the test app, or a completely separate copy of it. I can do this if you would like. Would it be possible to see this added to the standard distribution? It would make things simpler for me, and possibly others. I am aware of only one other issue that has to be addressed while using AuthTkt while logged out. The user stored in the session can be different than the user in the cookie if the cookie is modified by another application. The root controller's auto has to do a little sanity checking there to make sure the session stays updated. Again, thank you for sharing your useful module, and I hope you will consider including this in the next release. -- Louis Erickson - lerickson@rdwarf.net - http://www.rdwarf.com/~wwonko/ If you explain so clearly that nobody can misunderstand, somebody will.