Name

CatalystX::Usul::Plugin::Controller::TokenValidation - CSRF form tokens

Version

Describes v0.16.$Rev: 1 $

Synopsis

# In custom action class
if ($controller->can( q(validate_token) ) && _should_validate( $c )) {
   unless ($controller->validate_token( $c )) {
      return $self->_invalid_token( @args )
         ? $self->next::method( @rest ) : undef;
   }

   $controller->remove_token( $c );
}

Description

Generates and validates CSRF form tokens

Configuration and Environment

Requires; end and redirect_to_path methods

Controller methods with the NoToken code attribute do not have a token added

Subroutines/Methods

_add_validation_token

Around the controller end method, adds a CSRF token to the form

remove_token

Removes the validated token from the form so that it is not mistaken for a regular input field

validate_token

Checks to see if the token stored in the session matches the one posted back in the form

Diagnostics

None

Dependencies

Class::Usul::Time

Moose::Role

Incompatibilities

There are no known incompatibilities in this module

Bugs and Limitations

There are no known bugs in this module. Please report problems to the address below. Patches are welcome

Author

Peter Flanigan, <Support at RoxSoft.co.uk>

License and Copyright

Copyright (c) 2014 Peter Flanigan. All rights reserved

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic

This program is distributed in the hope that it will be useful, but WITHOUT WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE

cpanm CatalystX::Usul

perl -MCPAN -e shell
install CatalystX::Usul