view release on metacpan or  search on metacpan

lib/Dancer2/Plugin/Auth/Extensible.pm  view on Meta::CPAN

# implementation of post login route
sub _post_login_route {
    my $app = shift;
    my $plugin = $app->with_plugin('Auth::Extensible');
    my $params = $app->request->body_parameters->as_hashref;

    # First check for password reset request, if applicable
    if (   $plugin->reset_password_handler && $params->{submit_reset} ) {
        my $username = $params->{username_reset};
        croak "Attempt to pass reference to reset blocked" if ref $username;
        $plugin->password_reset_send( username => $username );
        return $app->forward(
            $plugin->login_page,
            { reset_sent => 1 },
            { method     => 'GET' }
        );
    }

    # Then for a password reset itself (confirmed by POST request)
    my ($code) =

lib/Dancer2/Plugin/Auth/Extensible.pm  view on Meta::CPAN

    # with paremeterisation) - but if params->{password} was something
    # different, e.g. { 'like' => '%' }, we might end up with some SQL like
    # WHERE password LIKE '%' instead - which would not be a Good Thing.
    my $username = $params->{username} || $params->{__auth_extensible_username};
    my $password = $params->{password} || $params->{__auth_extensible_password};

    for ( $username, $password ) {
        if ( ref $_ ) {

            # TODO: handle more cleanly
            croak "Attempt to pass a reference as username/password blocked";
        }
    }

    if ( $plugin->logged_in_user ) {
        # uncoverable condition false
        $app->redirect( _return_url($app) || $plugin->user_home_page );
    }

    my $auth_realm = $params->{realm} || $params->{__auth_extensible_realm};
    my ( $success, $realm ) =