Peter Flanigan > CatalystX-Usul > CatalystX::Usul::TraitFor::Controller::TokenValidation

Download:
catalystx-usul/CatalystX-Usul-0.17.1.tar.gz

Dependencies

Annotate this POD

Website

CPAN RT

Open  0
View/Report Bugs
Module Version: v0.17.1   Source  

Name ^

CatalystX::Usul::Plugin::Controller::TokenValidation - CSRF form tokens

Version ^

Describes v0.17.$Rev: 1 $

Synopsis ^

   # In custom action class
   if ($controller->can( q(validate_token) ) && _should_validate( $c )) {
      unless ($controller->validate_token( $c )) {
         return $self->_invalid_token( @args )
            ? $self->next::method( @rest ) : undef;
      }

      $controller->remove_token( $c );
   }

Description ^

Generates and validates CSRF form tokens

Configuration and Environment ^

Requires; end and redirect_to_path methods

Controller methods with the NoToken code attribute do not have a token added

Subroutines/Methods ^

_add_validation_token

Around the controller end method, adds a CSRF token to the form

remove_token

Removes the validated token from the form so that it is not mistaken for a regular input field

validate_token

Checks to see if the token stored in the session matches the one posted back in the form

Diagnostics ^

None

Dependencies ^

Class::Usul::Time
Moose::Role

Incompatibilities ^

There are no known incompatibilities in this module

Bugs and Limitations ^

There are no known bugs in this module. Please report problems to the address below. Patches are welcome

Author ^

Peter Flanigan, <Support at RoxSoft.co.uk>

License and Copyright ^

Copyright (c) 2014 Peter Flanigan. All rights reserved

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic

This program is distributed in the hope that it will be useful, but WITHOUT WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE

syntax highlighting: