Security Advisories (4)

CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

https://metacpan.org/dist/Jifty/changes

NAME

Jifty::LetMe - A way to expose single-link URLs to your applications

new

Create a new "LetMe" authentication object; it takes no parameters. It calls "_init" to do any initialization.

_init @_

Called with whatever "new" was called with. By default, does nothing.

user

Contains an app-specific "user" object.

validated_current_user

If the user has presented a valid token, returns an (app-specific subclass of the) Jifty::CurrentUser object for the user who has the email address in $self->email. If no user has that email address, returns undef.

_user_from_email ADDRESS

Returns an (app-specific subclass of the) Jifty::CurrentUser object for the user who has the email address ADDRESS.

generate_checksum

Returns an auth checksum for the current combination of

user
token
until

from_token PATH

Parse a string of the form

mylongusername@example.com/update_task/23/until/20050101/bekidrikufryvagygefuba

into

     email => mylongusername@example.com,
     token => 'update_task/23'
     until => 20050101,
     checksum_provided => bekidrikufryvagygefuba

as_token

Returns the "letme" token for this set of credentials. This should round trip cleanly with from_token

as_encoded_token

A variant of as_token that encodes the user's email address suitably for passing in a URL

as_url

Returns the fully qualified URL for this LetMe. It's composed of Jifty->web->url, "base_path" and "as_encoded_token"

base_path

By default, all "LetMe" actions live at URLs under '/let' inside your application. Override this subroutine to change that.

By default, it returns '/let'

validate

Returns true if the credentials the user presented validate ok. Returns false otherwise.

_correct_checksum_provided

Returns true if the checksum the user provided is correct. Doesn't actually do much input checking. You want to call "validate"

To install Jifty, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Jifty

CPAN shell

perl -MCPAN -e shell
install Jifty

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)