NAME

Catalyst::Controller::RequestToken - Handling transaction token across forms

SYNOPSIS

requires Catalyst::Plugin::Session module, in your application class:

    use Catalyst qw/
        Session
        Session::State::Cookie
        Session::Store::FastMmap
        FillForm
     /;

in your controller class:

    use base qw(Catalyst::Controller::RequestToken);
    
    sub form :Local {
        my ($self, $c) = @_;
        $c->stash->{template} = 'form.tt';
        $c->forward($c->view('TT'));
    }
    
    sub confirm :Local :CreateToken {
        my ($self, $c) = @_;
        $c->stash->{template} = 'confirm.tt';
        $c->forward($c->view('TT'));
    }
    
    sub complete :Local :ValidateToken {
        my ($self, $c) = @_;
        if ($self->validate_token) {
            $c->response->body('complete.');
        } eles {
            $c->response->body('invalid operation.');
        }    
    }

form.tt

    <html>
    <body>
    <form action="confirm" method="post">
    <input type="submit" name="submit" value="confirm"/>
    </form>
    </body>
    </html>

confirm.tt

    <html>
    <body>
    <form action="complete" method="post">
    <input type="hidden" name="_token" values="[% c.req.param('_token') %]"/>
    <input type="submit" name="submit" value="complete"/>
    </form>
    </body>
    </html>

DESCRIPTION

This controller enables to enforcing a single transaction across multi forms. Using token, you can prevent duplicate submits, or protect from CSRF atack.

This module REQUIRES Catalyst::Plugin::Session to store server side token.

If you add CreateToken attribute to action, token will be created and stored into request and session. You can return a content with request token which should be posted to server.

If you add ValidateToken attribute, this will validate request token with sever-side session token, and remove token from session.

After ValidateToken, there is any token in session, so validation will be failed, if user request with expired token.

METHODS

validate_token: Return token is valid or not. This will work collectlly only after ValidateToken.

CONFIGRATION

in your application class:

    __PACKAGE__->config('Controller::RequestToken' => {
        session_name => '_token',
        request_name => '_token',
    });

session_name: Default: _token
request_name: Default: _token

INTERNAL METHODS

new
ACCEPT_CONTEXT

AUTHOR

Hideo Kimura <<hide@hide-k.net>>

COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

The full text of the license can be found in the LICENSE file included with this module.

To install Catalyst::Controller::RequestToken, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Catalyst::Controller::RequestToken

CPAN shell

perl -MCPAN -e shell
install Catalyst::Controller::RequestToken

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)