CGI-Application-Plugin-Authentication
view release on metacpan or search on metacpan
Fix failing tests on Win32
0.21 2017-03-15 22:54:23-05:00 America/Chicago
Fix list-context calls to CGI::param().
Fix failing tests with newer CGI versions.
0.20 Fri 29 Apr 2011
Use Test::ConsistentVersion rather than Test::CheckVersion
Fixed spelling errors and added descriptions - Closes #rt63839
Removed now unused login_styles method from core module
Added more tests completing test coverage for the Cookie module.
Changed from using the Digest::SHA1 module to usuing Digest::SHA
instead - Closes #rt67840
0.19 Wed 24 Nov 2010
Incoporated developer changes. Made pod tests only run when TEST_AUTHOR=1.
Automatically generate README.
0.18_2 Mon 20 Jul 2010
Separate out display code and provide Basic and Classic alternatives to
the login form. Added more examples. Implementd typo fix reported by
Other updates
- Fix inconsistency in doc example (reported by POLETTIX)
0.11 Wed Jul 26 11:16:12 EDT 2006
- suppress warning about missing Color::Calc unless the user is actually
trying to use it (reported by Ron Savage)
- explicitly load CGI.pm since some users may be using CGI::Simple
(reported by Ron Savage)
- Fixed bug in Cookie store where the expiry time of the cookie was ignored
(patch by POLETTIX)
0.10 Thu May 18 22:59:56 EDT 2006
- Add support for Authen::Simple (all Authen::Simple modules can
be used directly as Drivers)
- Made the login page much more customizable:
- change any of the text
- customize the colours - provide one base colour and lighter and
darker shades are automatically generated (requires Color::Calc)
0.08 Wed Nov 23 20:20:24 EST 2005
API Changes
- Removed ability to configure the DBI driver with a DSN and
username/password. CGI::Application::Plugin::DBH should be used for
that instead (Mark Stosberg)
- DBI driver defaults to $self->dbh() if DBH not provided (Mark Stosberg)
Bug Fixes
- Made MIME::Base64, Digest::SHA1 and CGI::Cookie mandatory requirements
and load them at compile time instead of runtime in the Cookie store.
(fixes problem reported by Richard Jones)
Other updates
- Added Driver that can authenticate against htpasswd files
- Fixed typo in examples/sample.cgi
- Fixed typo in lc filter example (Mark Stosberg)
- Updated docs for initialize(), and made it return true value
(Mark Stosberg)
- add ability to timeout logins based on last
successful login, or with a custom callback
(as well as the original last access timeout)
- add 'last_access' and 'last_login' methods
- add 'is_login_timeout' to show when a login
request is caused by an idle login session
- added lots more tests
Bug Fixes
- login timeouts were not working properly
- the Cookie Store was not honouring the EXPIRY option
- using :all in protected_runmodes now works
- fix test failure when Test::Warn not installed
(fixed by Shawn Sorichetti)
Experimental
- subroutine attributes: you can specify that a
runmode should be protected with a subroutine
attribute. example: sub my_rm :Authen { ... }
This conflicts with the AutoRunmode plugin right now
cred_1 to __CREDENTIAL_1__
New Drivers
- Dummy Driver - accepts any credentials as valid
New Stuff
- Added little icons to the default login and password
fields (only works in Mozilla based browsers)
- if STORE config is not given, the plugin will detect if
you are already using the Session plugin, and use the
Session Store instead of the Cookie Store.
- Added a lot of new documentation
Bug Fixes
- 'run_modes' method was incorrectly being used in the
test suite (reported by Ron Savage)
0.02 Fri Sep 16 00:19:10 EDT 2005
New Drivers
- DBI Driver
New Stores
- Cookie store (requires no server side storage)
New Stuff
- Added field encoding support for datastores that
keep passwords in an encoded format, like Unix crypt,
or MD5.
- Added encoders for crypt, MD5 and SHA1
- Added some more methods to Driver.pm that can simplify
the building of new Driver modules (find_option, encode,
check_encoded, strip_field_names)
- Added lots more tests to the test suite
lib/CGI/Application/Plugin/Authentication/Driver/Dummy.pm
lib/CGI/Application/Plugin/Authentication/Driver/Filter/crypt.pm
lib/CGI/Application/Plugin/Authentication/Driver/Filter/lc.pm
lib/CGI/Application/Plugin/Authentication/Driver/Filter/md5.pm
lib/CGI/Application/Plugin/Authentication/Driver/Filter/sha1.pm
lib/CGI/Application/Plugin/Authentication/Driver/Filter/strip.pm
lib/CGI/Application/Plugin/Authentication/Driver/Filter/uc.pm
lib/CGI/Application/Plugin/Authentication/Driver/Generic.pm
lib/CGI/Application/Plugin/Authentication/Driver/HTPasswd.pm
lib/CGI/Application/Plugin/Authentication/Store.pm
lib/CGI/Application/Plugin/Authentication/Store/Cookie.pm
lib/CGI/Application/Plugin/Authentication/Store/Session.pm
local/lib/perl5/Module/Build/API.pod
local/lib/perl5/Module/Build/Authoring.pod
local/lib/perl5/Module/Build/Base.pm
local/lib/perl5/Module/Build/Bundling.pod
local/lib/perl5/Module/Build/Compat.pm
local/lib/perl5/Module/Build/Config.pm
local/lib/perl5/Module/Build/ConfigData.pm
local/lib/perl5/Module/Build/Cookbook.pm
local/lib/perl5/Module/Build/Dumper.pm
local/lib/perl5/Module/Build/Notes.pm
local/lib/perl5/Module/Build/PPMMaker.pm
local/lib/perl5/Module/Build/Platform/Default.pm
local/lib/perl5/Module/Build/Platform/MacOS.pm
local/lib/perl5/Module/Build/Platform/Unix.pm
local/lib/perl5/Module/Build/Platform/VMS.pm
local/lib/perl5/Module/Build/Platform/VOS.pm
local/lib/perl5/Module/Build/Platform/Windows.pm
local/lib/perl5/Module/Build/Platform/aix.pm
CGI::Application::Plugin::Authentication::Driver::DBI and,
CGI::Application::Plugin::Authentication::Driver::Dummy docs for more
information on how to use these drivers. And see the Authen::Simple
suite of modules for information on those drivers.
Choosing a Store
The Store modules keep information about the authentication status of
the user persistent across multiple requests. The information that is
stored in the store include the username, and the expiry time of the
login. There are two Store modules included with this distribution. A
Session based store, and a Cookie based store. If your application is
already using Sessions (through the CGI::Application::Plugin::Session
module), then I would recommend that you use the Session store for
authentication. If you are not using the Session plugin, then you can
use the Cookie store. The Cookie store keeps all the authentication in a
cookie, which contains a checksum to ensure that users can not change
the information.
If you do not specify which Store module you wish to use, the plugin
will try to determine the best one for you.
Login page
The Authentication plugin comes with a default login page that can be
used if you do not want to create a custom login page. This login form
will automatically be used if you do not provide either a LOGIN_URL or
],
STORE
Here you can choose how we store the authenticated information after
a user has successfully logged in. We need to store the username so
that on the next request we can tell the user has already logged in,
and we do not have to present them with another login form. If you
do not provide the STORE option, then the plugin will look to see if
you are using the CGI::Application::Plugin::Session module and based
on that info use either the Session module, or fall back on the
Cookie module. If the module requires extra parameters, you can pass
an array reference that contains as the first parameter the name of
the module, and the rest of the array should contain key value pairs
of options for this module. These storage modules generally live
under the CGI::Application::Plugin::Authentication::Store::
name-space, and this part of the package name can be left off when
specifying the STORE parameter.
STORE => 'Session'
- or -
STORE => ['Cookie',
NAME => 'MYAuthCookie',
SECRET => 'FortyTwo',
EXPIRY => '1d',
]
POST_LOGIN_RUNMODE
Here you can specify a runmode that the user will be redirected to
if they successfully login.
POST_LOGIN_RUNMODE => 'welcome'
the only parameter.
Time values are specified in seconds. You can also specify the time
by using a number with the following suffixes (m h d w), which
represent minutes, hours, days and weeks. The default is 0 which
means the login will never timeout.
Note that the login is also dependent on the type of STORE that is
used. If the Session store is used, and the session expires, then
the login will also automatically expire. The same goes for the
Cookie store.
For backwards compatibility, if you set LOGIN_SESSION_TIMEOUT to a
time value instead of a hashref, it will be treated as an IDLE_FOR
time out.
# force re-authentication if idle for more than 15 minutes
LOGIN_SESSION_TIMEOUT => '15m'
# Everyone must re-authentication if idle for more than 30 minutes
# also, everyone must re-authentication at least once a day
example/basic.cgi view on Meta::CPAN
use base qw(CGI::Application);
use CGI::Application::Plugin::Session;
use CGI::Application::Plugin::Authentication;
use CGI::Application::Plugin::AutoRunmode;
use CGI::Carp qw(fatalsToBrowser);
my %config = (
DRIVER => [ 'Generic', { test => '123' } ],
STORE => 'Cookie',
LOGOUT_RUNMODE => 'one',
LOGIN_FORM=>{
DISPLAY_CLASS=>'Basic',
},
);
SampleLogin->authen->config(%config);
SampleLogin->authen->protected_runmodes('two');
sub setup {
my $self = shift;
example/sample.cgi view on Meta::CPAN
use base qw(CGI::Application);
use CGI::Application::Plugin::Session;
use CGI::Application::Plugin::Authentication;
use CGI::Application::Plugin::AutoRunmode;
use CGI::Carp qw(fatalsToBrowser);
my %config = (
DRIVER => [ 'Generic', { test => '123' } ],
STORE => 'Cookie',
LOGOUT_RUNMODE => 'one',
);
SampleLogin->authen->config(%config);
SampleLogin->authen->protected_runmodes('two');
sub setup {
my $self = shift;
$self->start_mode('one');
}
example/template.cgi view on Meta::CPAN
use base ("CGI::Application::Plugin::HTDot", "CGI::Application");
use CGI::Application::Plugin::Session;
use CGI::Application::Plugin::Authentication;
use CGI::Application::Plugin::AutoRunmode;
use CGI::Application::Plugin::Authentication::Display::Basic;
use CGI::Carp qw(fatalsToBrowser);
my %config = (
DRIVER => [ 'Generic', { test => '123' } ],
STORE => 'Cookie',
LOGOUT_RUNMODE => 'one',
LOGIN_RUNMODE => 'login',
);
SampleLogin->authen->config(%config);
SampleLogin->authen->protected_runmodes('two');
sub setup {
my $self = shift;
$self->start_mode('one');
}
lib/CGI/Application/Plugin/Authentication.pm view on Meta::CPAN
L<CGI::Application::Plugin::Authentication::Driver::DBI> and,
L<CGI::Application::Plugin::Authentication::Driver::Dummy> docs for more
information on how to use these drivers. And see the L<Authen::Simple> suite
of modules for information on those drivers.
=head2 Choosing a Store
The Store modules keep information about the authentication status of the user persistent
across multiple requests. The information that is stored in the store include the username,
and the expiry time of the login. There are two Store modules included with this distribution.
A Session based store, and a Cookie based store. If your application is already using
Sessions (through the L<CGI::Application::Plugin::Session> module), then I would recommend
that you use the Session store for authentication. If you are not using the Session
plugin, then you can use the Cookie store. The Cookie store keeps all the authentication
in a cookie, which contains a checksum to ensure that users can not change the information.
If you do not specify which Store module you wish to use, the plugin will try to determine
the best one for you.
=head2 Login page
The Authentication plugin comes with a default login page that can be used if you do not
want to create a custom login page. This login form will automatically be used if you
do not provide either a LOGIN_URL or LOGIN_RUNMODE parameter in the configuration.
lib/CGI/Application/Plugin/Authentication.pm view on Meta::CPAN
],
=item STORE
Here you can choose how we store the authenticated information after a user has successfully
logged in. We need to store the username so that on the next request we can tell the user
has already logged in, and we do not have to present them with another login form. If you
do not provide the STORE option, then the plugin will look to see if you are using the
L<CGI::Application::Plugin::Session> module and based on that info use either the Session
module, or fall back on the Cookie module. If the module requires extra parameters, you
can pass an array reference that contains as the first parameter the name of the module,
and the rest of the array should contain key value pairs of options for this module.
These storage modules generally live under the CGI::Application::Plugin::Authentication::Store::
name-space, and this part of the package name can be left off when specifying the STORE
parameter.
STORE => 'Session'
- or -
STORE => ['Cookie',
NAME => 'MYAuthCookie',
SECRET => 'FortyTwo',
EXPIRY => '1d',
]
=item POST_LOGIN_RUNMODE
Here you can specify a runmode that the user will be redirected to if they successfully login.
POST_LOGIN_RUNMODE => 'welcome'
lib/CGI/Application/Plugin/Authentication.pm view on Meta::CPAN
and false if it is still active. This can allow you to be very selective about how the timeout system
works. The authen object will be passed in as the only parameter.
=back
Time values are specified in seconds. You can also specify the time by using a number with the
following suffixes (m h d w), which represent minutes, hours, days and weeks. The default
is 0 which means the login will never timeout.
Note that the login is also dependent on the type of STORE that is used. If the Session store is used,
and the session expires, then the login will also automatically expire. The same goes for the Cookie
store.
For backwards compatibility, if you set LOGIN_SESSION_TIMEOUT to a time value instead of a hashref,
it will be treated as an IDLE_FOR time out.
# force re-authentication if idle for more than 15 minutes
LOGIN_SESSION_TIMEOUT => '15m'
# Everyone must re-authentication if idle for more than 30 minutes
# also, everyone must re-authentication at least once a day
lib/CGI/Application/Plugin/Authentication.pm view on Meta::CPAN
# Fetch the configuration parameters for the store
my ($store_module, @store_config);
($store_module, @store_config) = @{ $config->{STORE} } if $config->{STORE} && ref $config->{STORE} eq 'ARRAY';
if (!$store_module) {
# No STORE configuration was provided
if ($self->_cgiapp->can('session') && UNIVERSAL::isa($self->_cgiapp->session, 'CGI::Session')) {
# The user is already using the Session plugin
($store_module, @store_config) = ( 'Session' );
} else {
# Fall back to the Cookie Store
($store_module, @store_config) = ( 'Cookie' );
}
}
# Load the the class for this store
my $store_class = _find_deligate_class(
'CGI::Application::Plugin::Authentication::Store::' . $store_module,
$store_module
) || die "Store $store_module can not be found";
# Create the store object
lib/CGI/Application/Plugin/Authentication/Store/Cookie.pm view on Meta::CPAN
package CGI::Application::Plugin::Authentication::Store::Cookie;
$CGI::Application::Plugin::Authentication::Store::Cookie::VERSION = '0.25';
use strict;
use warnings;
use base qw(CGI::Application::Plugin::Authentication::Store);
use MIME::Base64 ();
use Digest::SHA ();
use CGI::Cookie ();
# CONFIGURABLE OPTIONS
#
# - SECRET
#
# If this value is defined, it will be used to protect
# the Cookie values from tampering. To generate a good
# secret, run the following perl script and cut and paste
# the value it generates into this variable.
#
# perl -MDigest::MD5=md5_base64 -l -e 'print md5_base64($$,time(),rand(9999))'
#
our $SECRET = '';
=head1 NAME
CGI::Application::Plugin::Authentication::Store::Cookie - Cookie based Store
=head1 SYNOPSIS
use base qw(CGI::Application);
use CGI::Application::Plugin::Session;
use CGI::Application::Plugin::Authentication;
__PACKAGE__->authen->config(
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CAPAUTH_DATA', EXPIRY => '+1y'],
);
=head1 DESCRIPTION
This module uses a cookie to store authentication information across multiple requests.
It works by creating a cookie that contains the information we would like to store (like
the name of the user that is currently authenticated), and then base64 encoding
the data. In order to ensure that the information is not manipulated by the end-user, we include
a CRC checksum that is generated along with our secret. Since the user does not know the value
of the secret, they will not be able to recreate the checksum if they change some of the values, so we
lib/CGI/Application/Plugin/Authentication/Store/Cookie.pm view on Meta::CPAN
Just use the resulting string as your secret.
=head2 Configuring the secret
There are three ways that you can provide a secret to the module:
=over 4
=item Hardcode the secret
You can hardcode a secret right in the CGI::Application::Plugin::Authentication::Store::Cookie module,
so that you don't have to remember to provide one every time you use the module. Just open the
source in a text editor and look at the top of the file where it defines 'our $SECRET' and follow
the instruction listed there.
=item Provide the SECRET option when using the module
You can also just provide the secret as an option when using the module using the SECRET
parameter.
__PACKAGE__->authen->config(
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone"],
);
=item Let the module choose a secret for you
And lastly, if you forget to do either of these, the module will use the name of your application
as the secret, but that is not a very good value to use, so a warning will be spit out everytime
it uses this. This is the least desirable choice, and is only included as a last resort.
=back
=head1 DEPENDENCIES
This module requires the following modules to be available.
=over 4
=item MIME::Base64
=item Digest::SHA
=item CGI::Cookie
=back
=head1 METHODS
=head2 fetch
This method accepts a list of parameters and fetches them from the cookie data.
=cut
lib/CGI/Application/Plugin/Authentication/Store/Cookie.pm view on Meta::CPAN
=head2 initialize
This method will check for an existing cookie, and decode the contents for later retrieval.
=cut
sub initialize {
my $self = shift;
my @options = $self->options;
die "Invalid Store Configuration for the Cookie store - options section must contain a hash of values" if @options % 2;
my %options = @options;
$self->{cookie}->{options} = \%options;
my %cookies = CGI::Cookie->fetch;
if ($cookies{$self->cookie_name}) {
my $rawdata = $cookies{$self->cookie_name}->value;
$self->{cookie}->{data} = $self->_decode($rawdata);
}
# $self->_register_postrun_callback;
return;
}
=head2 cookie_name
lib/CGI/Application/Plugin/Authentication/Store/Cookie.pm view on Meta::CPAN
my $self = shift;
my $store = $self->authen->store;
my $rawdata = $store->_encode($store->{cookie}->{data});
my %cookie_params = (
-name => $store->cookie_name,
-value => $rawdata,
);
$cookie_params{'-expires'} = $store->{cookie}->{options}->{EXPIRY} if $store->{cookie}->{options}->{EXPIRY};
my $cookie = new CGI::Cookie(%cookie_params);
$self->header_add(-cookie => [$cookie]);
return;
}
# _decode
#
# Take a raw cookie value, and decode and verify the data
sub _decode {
my $self = shift;
my $rawdata = MIME::Base64::decode(shift);
lib/CGI/Application/Plugin/Authentication/Store/Cookie.pm view on Meta::CPAN
my %hash = %$hash;
my $checksum = Digest::SHA::sha1_base64(join("\0", $self->_secret, sort values %hash));
$hash{c} = $checksum;
my $rawdata = join("\0", map { join('=', $_, $hash{$_}) } keys %hash);
return MIME::Base64::encode($rawdata, "");
}
# _secret
#
# A unique value for this application that is used to secure the Cookies
sub _secret {
my $self = shift;
my $secret = $self->{cookie}->{options}->{SECRET} || $SECRET;
unless ($secret) {
$secret = Digest::SHA::sha1_base64( ref $self->authen->_cgiapp );
warn "using default SECRET! Please provide a proper SECRET when using the Cookie store (See CGI::Application::Plugin::Authentication::Store::Cookie for details)";
}
return $secret;
}
=head1 SEE ALSO
L<CGI::Application::Plugin::Authentication::Store>, L<CGI::Application::Plugin::Authentication>, perl(1)
=head1 AUTHOR
local/lib/perl5/Module/Build/API.pod view on Meta::CPAN
[version 0.26]
Adds a new type of entry to the build process. Accepts a single
string specifying its type-name. There must also be a method defined
to process things of that type, e.g. if you add a build element called
C<'foo'>, then you must also define a method called
C<process_foo_files()>.
See also
L<Module::Build::Cookbook/"Adding new file types to the build process">.
=item add_to_cleanup(@files)
[version 0.03]
You may call C<< $self->add_to_cleanup(@patterns) >> to tell
C<Module::Build> that certain files should be removed when the user
performs the C<Build clean> action. The arguments to the method are
patterns suitable for passing to Perl's C<glob()> function, specified
in either Unix format or the current machine's native format. It's
local/lib/perl5/Module/Build/API.pod view on Meta::CPAN
Copyright (c) 2001-2006 Ken Williams. All rights reserved.
This library is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
=head1 SEE ALSO
perl(1), L<Module::Build>(3), L<Module::Build::Authoring>(3),
L<Module::Build::Cookbook>(3), L<ExtUtils::MakeMaker>(3)
F<META.yml> Specification:
L<CPAN::Meta::Spec>
=cut
local/lib/perl5/Module/Build/Authoring.pod view on Meta::CPAN
Bug reports are also welcome at
<http://rt.cpan.org/NoAuth/Bugs.html?Dist=Module-Build>.
The latest development version is available from the Git
repository at <https://github.com/Perl-Toolchain-Gang/Module-Build>
=head1 SEE ALSO
perl(1), L<Module::Build>(3), L<Module::Build::API>(3),
L<Module::Build::Cookbook>(3), L<ExtUtils::MakeMaker>(3), L<YAML>(3)
F<META.yml> Specification:
L<CPAN::Meta::Spec>
L<http://www.dsmit.com/cons/>
L<http://search.cpan.org/dist/PerlBuildSystem/>
=cut
local/lib/perl5/Module/Build/Bundling.pod view on Meta::CPAN
Development questions, bug reports, and patches should be sent to the
Module-Build mailing list at <module-build@perl.org>.
Bug reports are also welcome at
<http://rt.cpan.org/NoAuth/Bugs.html?Dist=Module-Build>.
=head1 SEE ALSO
perl(1), L<inc::latest>, L<Module::Build>(3), L<Module::Build::API>(3),
L<Module::Build::Cookbook>(3),
=cut
# vim: tw=75
local/lib/perl5/Module/Build/Cookbook.pm view on Meta::CPAN
package Module::Build::Cookbook;
use strict;
use warnings;
our $VERSION = '0.4234';
=head1 NAME
Module::Build::Cookbook - Examples of Module::Build Usage
=head1 DESCRIPTION
C<Module::Build> isn't conceptually very complicated, but examples are
always helpful. The following recipes should help developers and/or
installers put together the pieces from the other parts of the
documentation.
=head1 BASIC RECIPES
t/03_destination.t view on Meta::CPAN
use strict;
use warnings;
taint_checking_ok('taint checking is on');
use CGI ();
my $cap_options =
{
DRIVER => [ 'Generic', { user1 => '123' } ],
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CAPAUTH_DATA', EXPIRY => '+1y'],
POST_LOGIN_CALLBACK => \&TestAppAuthenticate::post_login,
};
{
package TestAppAuthenticate;
use base qw(CGI::Application);
use CGI::Application::Plugin::Authentication;
t/03_destination.t view on Meta::CPAN
local $cap_options->{LOGIN_FORM}->{DISPLAY_CLASS} = 'Basic';
my $query = CGI->new( { rm => 'two'} );
my $cgiapp = TestAppAuthenticate->new( QUERY => $query );
ok_regression(sub {make_output_timeless($cgiapp->run)}, "t/out/redirection_failure_basic", "redirection_failure [Basic]");
};
sub make_output_timeless {
my $output = shift;
$output =~ s/^(Set-Cookie: CAPAUTH_DATA=\w+\%3D(?:\%3D)?\; path=\/\; expires=\w{3},\s\d{2}(?:\-|\s)\w{3}(?:\-|\s)\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Set-Cookie: CAPAUTH_DATA=; path=\/; expires=;$2/m;
$output =~ s/^(Expires:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Expires$2/m;
$output =~ s/^(Date:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Date$2/m;
#$output =~ s/\r//g;
return $output;
}
t/03_login_box.t view on Meta::CPAN
use strict;
use warnings;
use CGI ();
taint_checking_ok('taint checking is on');
$ENV{CGI_APP_RETURN_ONLY} = 1;
my $cap_options =
{
DRIVER => [ 'Generic', { user1 => '123' } ],
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CAPAUTH_DATA', EXPIRY => '+1y'],
POST_LOGIN_CALLBACK => \&TestAppAuthenticate::post_login,
};
{
package TestAppAuthenticate;
use base qw(CGI::Application);
use CGI::Application::Plugin::Authentication;
t/03_login_box_basic.t view on Meta::CPAN
use strict;
use warnings;
use CGI ();
taint_checking_ok('taint checking is on');
$ENV{CGI_APP_RETURN_ONLY} = 1;
my $cap_options =
{
DRIVER => [ 'Generic', { user1 => '123' } ],
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CAPAUTH_DATA', EXPIRY => '+1y'],
POST_LOGIN_CALLBACK => \&TestAppAuthenticate::post_login,
LOGIN_FORM=>{
DISPLAY_CLASS=>'Basic',
},
};
{
package TestAppAuthenticate;
t/03_login_box_other.t view on Meta::CPAN
}
use strict;
use warnings;
use CGI ();
my $cap_options =
{
DRIVER => [ 'Generic', { user1 => '123' } ],
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CAPAUTH_DATA', EXPIRY => '+1y'],
POST_LOGIN_CALLBACK => \&TestAppAuthenticate::post_login,
};
{
package TestAppAuthenticate;
use base qw(CGI::Application);
use CGI::Application::Plugin::Authentication;
t/03_login_box_other.t view on Meta::CPAN
my $query = CGI->new( { rm => 'two'} );
my $cgiapp = TestAppAuthenticate->new( QUERY => $query );
ok_regression(sub {make_output_timeless($cgiapp->run)}, "t/out/grey2", "grey");
};
sub make_output_timeless {
my $output = shift;
$output =~ s/^(Set-Cookie: CAPAUTH_DATA=\w+\%3D\%3D\; path=\/\; expires=\w{3},\s\d{2}(?:\-|\s)\w{3}(?:\-|\s)\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Set-Cookie: CAPAUTH_DATA=; path=\/; expires=;$2/m;
$output =~ s/^(Expires:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Expires$2/m;
$output =~ s/^(Date:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Date$2/m;
#$output =~ s/\r//g;
return $output;
}
t/03_missing_color.t view on Meta::CPAN
use strict;
use warnings;
taint_checking_ok('taint checking is on');
use CGI ();
my $cap_options =
{
DRIVER => [ 'Generic', { user1 => '123' } ],
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CAPAUTH_DATA', EXPIRY => '+1y'],
POST_LOGIN_CALLBACK => \&TestAppAuthenticate::post_login,
};
{
package TestAppAuthenticate;
use base qw(CGI::Application);
use CGI::Application::Plugin::Authentication;
t/03_missing_color.t view on Meta::CPAN
plan tests => 1;
my $query = CGI->new( { rm => 'two'} );
my $cgiapp = TestAppAuthenticate->new( QUERY => $query );
ok_regression(sub {make_output_timeless($cgiapp->run)}, "t/out/missing_color", "Missing color");
};
sub make_output_timeless {
my $output = shift;
$output =~ s/^(Set-Cookie: CAPAUTH_DATA=\w+\%3D\%3D\; path=\/\; expires=\w{3},\s\d{2}(?:\-|\s)\w{3}(?:\-|\s)\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Set-Cookie: CAPAUTH_DATA=; path=\/; expires=;$2/m;
$output =~ s/^(Expires:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Expires$2/m;
$output =~ s/^(Date:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Date$2/m;
#$output =~ s/\r//g;
return $output;
}
# Test::NoWarn doesn't play nice with the windows skip_all
require Test::NoWarnings;
Test::NoWarnings::had_no_warnings();
t/50_driver_missing_modules.t view on Meta::CPAN
srand(0);
use strict;
use warnings;
taint_checking_ok('taint checking is on');
use CGI ();
my $cap_options = {
STORE => [
'Cookie',
SECRET => "Shhh, don't tell anyone",
NAME => 'CAPAUTH_DATA',
EXPIRY => '+1y'
],
};
{
package TestAppAuthenticate;
t/50_driver_undefined.t view on Meta::CPAN
srand(0);
use strict;
use warnings;
taint_checking_ok('taint checking is on');
use CGI ();
my $cap_options = {
STORE => [
'Cookie',
SECRET => "Shhh, don't tell anyone",
NAME => 'CAPAUTH_DATA',
EXPIRY => '+1y'
],
};
{
package TestAppAuthenticate;
t/55_driver_missing_authensimple.t view on Meta::CPAN
plan tests => 4;
srand(0);
use strict;
use warnings;
use CGI ();
my $cap_options = {
STORE => [
'Cookie',
SECRET => "Shhh, don't tell anyone",
NAME => 'CAPAUTH_DATA',
EXPIRY => '+1y'
],
};
{
package TestAppAuthenticate;
t/60_parsimony.t view on Meta::CPAN
'<html><head/><body>This is public.</body></html>',
'TestAppParsimony, unprotected'
);
}
{
my $app = TestAppParsimony->new();
$app->query(CGI->new({'rm' => 'protected',auth_username=>'test', auth_password=>'123'}));
response_like(
$app,
qr{^Set-Cookie: CGISESSID=\w{1,100}; path=/|Date: \w{3}, \d{1,2} \w{3} \d{4} \d{2}:\d{2}:\d{2} \d{3}|Content-Type: text/html; charset=ISO-8859-1$},
'<html><head/><body>This is private.</body></html>',
'TestAppParsimony, protected'
);
}
{
my $app = TestAppParsimony->new();
$app->query(CGI->new({'rm' => 'unprotected'}));
response_like(
$app,
t/60_store_cookie.t view on Meta::CPAN
use lib qw(t);
use CGI::Util;
use Test::More;
plan tests => 17;
{
package TestAppStoreCookie;
use base qw(TestAppStore);
__PACKAGE__->authen->config(
DRIVER => [ 'Generic', { 'test' => '123' } ],
STORE => [ 'Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CUSTOM_NAME', EXPIRY => '+1y' ],
CREDENTIALS => [qw(auth_username auth_password)],
);
sub get_store_entries {
my $class = shift;
my $cgiapp = shift;
my $results = shift;
my ($capauth_data, $therest) = $results =~ qr/^Set\-Cookie:\s+CUSTOM_NAME=([\d\w%]+);(.*)$/m;
return undef unless $capauth_data;
main::like($therest, qr/expires=/, 'Expiry on the cookie is set');
my $data = CGI::Util::unescape($capauth_data);
return $data ? $cgiapp->authen->store->_decode($data) : undef;
}
sub maintain_state {
my $class = shift;
my $old_cgiapp = shift;
my $old_results = shift;
my $new_query = shift;
delete $ENV{'COOKIE'};
$old_results =~ qr/Set\-Cookie:\s+(CUSTOM_NAME=[\d\w%]+);/;
$ENV{'COOKIE'} = $1 if $1;
}
sub clear_state {
my $class = shift;
delete $ENV{'COOKIE'};
$class->SUPER::clear_state(@_);
}
}
TestAppStoreCookie->run_store_tests;
t/61_cookie_badargs.t view on Meta::CPAN
use CGI::Util;
use Test::More;
use Test::NoWarnings;
plan tests => 2;
{
package TestAppStoreCookie;
use Test::More;
use Test::Exception;
use base qw(TestAppStore);
__PACKAGE__->authen->config(
DRIVER => [ 'Generic', { 'test' => '123' } ],
STORE => [ 'Cookie', EXPIRY=>'+1y', 'YAH_BOO_SUCKS'],
CREDENTIALS => [qw(auth_username auth_password)],
);
sub run_store_tests {
my $class = shift;
my ( $cgiapp, $results, $store_entries );
# Regular call to unprotected page shouldn't create a store entry
throws_ok {
($cgiapp, $results, $store_entries) = $class->run_app( { rm => 'unprotected' } );
} qr/Error executing run mode 'unprotected': Invalid Store Configuration for the Cookie store - options section must contain a hash of values/, 'invalid args';
}
}
TestAppStoreCookie->run_store_tests;
t/61_store_cookie_noexpiry.t view on Meta::CPAN
#!/usr/bin/perl
use strict;
use warnings;
use lib qw(t);
use Readonly;
Readonly my $SECRET_WARN => qr/using default SECRET\! Please provide a proper SECRET when using the Cookie store/;
use Test::NoWarnings;
use CGI::Util;
use Test::More;
plan tests => 21;
{
package TestAppStoreCookie;
use Test::More;
use Test::Warn;
use base qw(TestAppStore);
__PACKAGE__->authen->config(
DRIVER => [ 'Generic', { 'test' => '123' } ],
STORE => [ 'Cookie'],
CREDENTIALS => [qw(auth_username auth_password)],
);
sub get_store_entries {
my $class = shift;
my $cgiapp = shift;
my $results = shift;
my ($capauth_data, $therest) = $results =~ qr/^Set\-Cookie:\s+CAPAUTH_DATA=([\d\w%]+);(.*)$/m;
return undef unless $capauth_data;
main::unlike($therest, qr/expires=/, 'Expiry on the cookie is not set');
my $data = CGI::Util::unescape($capauth_data);
return $data ? $cgiapp->authen->store->_decode($data) : undef;
}
sub maintain_state {
my $class = shift;
my $old_cgiapp = shift;
my $old_results = shift;
my $new_query = shift;
delete $ENV{'COOKIE'};
$old_results =~ qr/Set\-Cookie:\s+(CAPAUTH_DATA=[\d\w%]+);/;
$ENV{'COOKIE'} = $1 if $1;
}
sub clear_state {
my $class = shift;
delete $ENV{'COOKIE'};
$class->SUPER::clear_state(@_);
}
sub run_store_tests {
t/61_store_cookie_noexpiry.t view on Meta::CPAN
ok($cgiapp->authen->is_authenticated,'successful login');
ok($store_entries, "Store entry created when calling protected page with valid login" );
is($store_entries->{username}, 'test', "Store entry contained the right username" );
ok(!$store_entries->{login_attempts}, "Store entry cleared login_attempts" );
}
}
TestAppStoreCookie->run_store_tests;
t/61_store_cookie_other.t view on Meta::CPAN
#!/usr/bin/perl
use strict;
use warnings;
use lib qw(t);
use Readonly;
Readonly my $SECRET_WARN => qr/using default SECRET\! Please provide a proper SECRET when using the Cookie store/;
use Test::NoWarnings;
use CGI::Util;
use Test::More;
plan tests => 25;
{
package TestAppStoreCookie;
use Test::More;
use Test::Warn;
use base qw(TestAppStore);
__PACKAGE__->authen->config(
DRIVER => [ 'Generic', { 'test' => '123' } ],
STORE => [ 'Cookie', EXPIRY=>'+1y'],
CREDENTIALS => [qw(auth_username auth_password)],
);
sub get_store_entries {
my $class = shift;
my $cgiapp = shift;
my $results = shift;
my ($capauth_data, $therest) = $results =~ qr/^Set\-Cookie:\s+CAPAUTH_DATA=([\d\w%]+);(.*)$/m;
return undef unless $capauth_data;
main::like($therest, qr/expires=/, 'Expiry on the cookie is set');
my $data = CGI::Util::unescape($capauth_data);
return $data ? $cgiapp->authen->store->_decode($data) : undef;
}
sub maintain_state {
my $class = shift;
my $old_cgiapp = shift;
my $old_results = shift;
my $new_query = shift;
delete $ENV{'COOKIE'};
$old_results =~ qr/Set\-Cookie:\s+(CAPAUTH_DATA=[\d\w%]+);/;
$ENV{'COOKIE'} = $1 if $1;
}
sub clear_state {
my $class = shift;
delete $ENV{'COOKIE'};
$class->SUPER::clear_state(@_);
}
sub run_store_tests {
t/61_store_cookie_other.t view on Meta::CPAN
use MIME::Base64;
my %hash = (c=>'I am not a checksum',f=>'Bubble');
my $rawdata = join("\0", map {join ('=', $_, $hash{$_}) } keys %hash);
my $nonsense;
warning_like {
$nonsense = $cgiapp->authen->store->_decode(MIME::Base64::encode($rawdata));
} $SECRET_WARN, 'decode warning';
is($nonsense, undef, 'decode nonsense');
{
use CGI::Application::Plugin::Authentication::Store::Cookie;
$CGI::Application::Plugin::Authentication::Store::Cookie::SECRET = 'you would never guess';
}
$nonsense = $cgiapp->authen->store->_decode(MIME::Base64::encode($rawdata));
is($nonsense, undef, 'decode nonsense with secret');
}
}
TestAppStoreCookie->run_store_tests;
t/70_action_dispatch.t view on Meta::CPAN
use strict;
use warnings;
use CGI ();
taint_checking_ok('taint checking is on');
my $cap_options =
{
DRIVER => [ 'Generic', { user1 => '123' } ],
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CAPAUTH_DATA', EXPIRY => '+1y'],
POST_LOGIN_CALLBACK => \&TestAppAuthenticate::post_login,
};
{
package TestAppAuthenticate;
use base qw(CGI::Application);
use CGI::Application::Plugin::ActionDispatch;
use CGI::Application::Plugin::Authentication;
t/70_action_dispatch.t view on Meta::CPAN
ok_regression(sub {make_output_timeless($cgiapp->run)}, "t/out/success", "success");
ok($cgiapp->authen->is_authenticated,'login success');
is( $cgiapp->authen->username, 'user1', "login success - username set" );
is( $cgiapp->authen->login_attempts, 0, "successful login - failed login count" );
is( $cgiapp->param('post_login'),1,'successful login - POST_LOGIN_CALLBACK executed' );
};
sub make_output_timeless {
my $output = shift;
$output =~ s/^(Set-Cookie: CAPAUTH_DATA=\w+\%3D\%3D\; path=\/\; expires=\w{3},\s\d{2}(?:\-|\s)\w{3}(?:\-|\s)\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Set-Cookie: CAPAUTH_DATA=; path=\/; expires=;$2/m;
$output =~ s/^(Expires:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Expires$2/m;
$output =~ s/^(Date:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Date$2/m;
#$output =~ s/\r//g;
return $output;
}
t/80_devpopup.t view on Meta::CPAN
use strict;
use warnings;
use CGI ();
taint_checking_ok('taint checking is on');
my $cap_options =
{
DRIVER => [ 'Generic', { user1 => '123' } ],
STORE => ['Cookie', SECRET => "Shhh, don't tell anyone", NAME => 'CAPAUTH_DATA', EXPIRY => '+1y'],
POST_LOGIN_RUNMODE=>'protected',
};
{
package TestAppAuthenticate;
use base qw(CGI::Application);
use CGI::Application::Plugin::DevPopup;
use CGI::Application::Plugin::Authentication;
t/80_devpopup.t view on Meta::CPAN
my $cgiapp = TestAppAuthenticate->new( QUERY => $query );
ok_regression(sub {make_output_timeless($cgiapp->run)}, "t/out/success-dev", "success");
ok($cgiapp->authen->is_authenticated,'login success');
is( $cgiapp->authen->username, 'user1', "login success - username set" );
is( $cgiapp->authen->login_attempts, 0, "successful login - failed login count" );
};
sub make_output_timeless {
my $output = shift;
$output =~ s/^(Set-Cookie: CAPAUTH_DATA=\w+\%3D\%3D\; path=\/\; expires=\w{3},\s\d{2}(?:\-|\s)\w{3}(?:\-|\s)\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Set-Cookie: CAPAUTH_DATA=; path=\/; expires=;$2/m;
$output =~ s/^(Expires:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Expires$2/m;
$output =~ s/^(Date:\s\w{3},\s\d{2}\s\w{3}\s\d{4}\s\d{2}:\d{2}:\d{2}\s\w{3})([\r\n\s]*)$/Date$2/m;
#$output =~ s/\r//g;
return $output;
}
Set-Cookie: CAPAUTH_DATA=; path=/; expires=;
Date
Content-Type: text/html; charset=ISO-8859-1
<html><body>TWO</body></html>
t/out/generic_login view on Meta::CPAN
Set-Cookie: CAPAUTH_DATA=; path=/; expires=;
Date
Content-Type: text/html; charset=ISO-8859-1
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Sign In</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
t/out/loginurl view on Meta::CPAN
Status: 302 Found
Set-Cookie: CAPAUTH_DATA=; path=/; expires=;
Date
Location: http://www.perl.org
( run in 0.506 second using v1.01-cache-2.11-cpan-e9199f4ba4c )