Home · Authors · Recent · News · Mirrors · FAQ · Feedback

in  
Hideo Kimura > Catalyst-Controller-RequestToken-0.06 > Catalyst::Controller::RequestToken

Download:
Catalyst-Controller-RequestToken-0.06.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
Report a bug
Module Version: 0.06   Source  

NAME ^

Catalyst::Controller::RequestToken - Handling transaction token across forms

SYNOPSIS ^

requires Catalyst::Plugin::Session module, in your application class:

    use Catalyst qw/
        Session
        Session::State::Cookie
        Session::Store::FastMmap
        FillInForm
     /;

in your controller class:

    use base qw(Catalyst::Controller::RequestToken);
    
    sub form :Local {
        my ($self, $c) = @_;
        $c->stash->{template} = 'form.tt';
        $c->forward($c->view('TT'));
    }
    
    sub confirm :Local :CreateToken {
        my ($self, $c) = @_;
        $c->stash->{template} = 'confirm.tt';
        $c->forward($c->view('TT'));
    }
    
    sub complete :Local :ValidateToken {
        my ($self, $c) = @_;
        if ($self->validate_token) {
            $c->response->body('complete.');
        } eles {
            $c->response->body('invalid operation.');
        }    
    }

form.tt

    <html>
    <body>
    <form action="confirm" method="post">
    <input type="submit" name="submit" value="confirm"/>
    </form>
    </body>
    </html>

confirm.tt

    <html>
    <body>
    <form action="complete" method="post">
    <input type="hidden" name="_token" values="[% c.req.param('_token') %]"/>
    <input type="submit" name="submit" value="complete"/>
    </form>
    </body>
    </html>

DESCRIPTION ^

This controller enables to enforcing a single transaction across multi forms. Using token, you can prevent duplicate submits, or protect from CSRF atack.

This module REQUIRES Catalyst::Plugin::Session to store server side token.

ATTRIBUTES ^

CreateToken

Creates new token and put it into request and session. You can return a content with request token which should be posted to server.

ValidateToken

After CreateToken, clients will post token request, so you need validate it correct or not.

ValidateToken attribute validates request token with session token which is created by CreateToken attribute.

If token is valid, server-side token will be expired.

RemoveToken

Removes token from session, then request token will be invalid any more.

METHODS ^

token
create_token
remove_token
validate_token

Return token is valid or not. This will work collectlly only after ValidateToken.

is_valid_token

CONFIGRATION ^

in your application class:

    __PACKAGE__->config('Controller::TokenBasedMyController' => {
        session_name => '_token',
        request_name => '_token',
    });
session_name

Default: _token

request_name

Default: _token

validate_stash_name

Default: _token

INTERNAL METHODS ^

new
ACCEPT_CONTEXT

SEE ALSO ^

Catalyst::Controller::RequestToken::Action::CreateToken Catalyst::Controller::RequestToken::Action::ValidateToken Catalyst Catalyst::Controller Catalyst::Plugin::Session Catalyst::Plugin::FormValidator::Simple

AUTHOR ^

Hideo Kimura <<hide<at>hide-k.net>>

COPYRIGHT ^

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

The full text of the license can be found in the LICENSE file included with this module.

59530 Uploads, 19100 Distributions 76077 Modules, 7829 Uploaders
hosted by weblocal.ca
Find. Rate. Share.