verify results from the CPAN

verify

Apache2-Controller

view release on metacpan or search on metacpan

lib/Apache2/Controller/Auth/OpenID.pm view on Meta::CPAN

        # save the openid url in the session
        $sess->{a2c}{openid}{openid_url} = $openid_url;
    }
    else {
        DEBUG "no openid url detected, redirecting to login page";
        return $self->redirect_to($conf{login});
    }

    $openid_url = $self->{openid_url} = $self->openid_url_normalize($openid_url);

    # first verify that we know about this openid url, and redirect to
    # the registration page if we don't

    DEBUG "looking for uname from openid table using openid_url '$openid_url'";

    my $uname = $self->get_uname($openid_url);

    if (!$uname) {
        DEBUG("no uname! ... ".(defined $uname ? "'$uname'" : '[undef]'));
        return $self->redirect_to($conf{register});
    }

lib/Apache2/Controller/Directives.pm view on Meta::CPAN

=head1 Apache2::Controller::Render::Template

See L<Apache2::Controller::Render::Template>.

=head2 A2C_Render_Template_Path

This is the base path for templates used by 
Apache2::Controller::Render::Template.  The directive takes only
one parameter and verifies that the directory exists and is readable.

(At startup time Apache2 is root... this should verify readability by 
www user?  Hrmm how is it going to figure out what user that is?
It will have to access the server config via $parms. Except that
this does not appear to work?  It returns an empty hash.)

=cut

sub A2C_Render_Template_Path {
    my ($self, $parms, @directories_untainted) = @_;

    my @directories = map {

lib/Apache2/Controller/Directives.pm view on Meta::CPAN

}

=head2 A2C_Session_Secret

 # generate a random 30-character string:
 A2C_Session_Secret

 # specify your own string:
 A2C_Session_Secret jsd9e9j#*@JMf39kc3

This server-wide constant string will used to verify the session id.
See L<Apache2::Controller::Session>.

If you don't specify the value, it will generate a default 30-character
random string, but this will regenerate on server restarts, and would not
work for a cluster of servers serving the same application.

=cut

sub A2C_Session_Secret {
    my ($self, $parms, $val) = @_;

t/openid.t view on Meta::CPAN

# ok, now try accessing the login page with openid_url param - 
# should redirect externally to the openid server

my $try_login_url = "$login_url?openid_url=$esc_openid_url";
diag("trying login for real, should redirect to openid server for login: $try_login_url");
my $try_login = GET_STR($try_login_url);
#diag("try_login\n$try_login");
my ($location_from_login) = $try_login =~ m{ ^ Location: \s+ (.*?) \n }mxs;
diag("location from login:\n$location_from_login");

my $redirect_verify_pat = qr{ \A \Q$openid_url_base\E /server \?  }mxs;

ok t_cmp(
    $location_from_login, 
    $redirect_verify_pat, 
    'redirect from login matches pattern' 
);



# accessing the protected user area with the openid_url param
# should result in the same external redirection to the openid server

my $try_protected = GET_STR("$user_area?openid_url=$esc_openid_url");
#diag("try_protected\n$try_protected");
my ($location_from_user_area) = $try_protected =~ m{ ^ Location: \s (.*?) \n }mxs;
#diag("location from user area:\n$location_from_user_area");

ok t_cmp(
    $location_from_user_area, 
    $redirect_verify_pat, 
    'redirect from user area matches pattern',
);

(my $test_location_from_login = $location_from_login)
    =~ s{ oic\.time\%3D [^\&]+ }{oic.time%3D[oic.time placeholder]}mxs;
(my $test_location_from_user_area = $location_from_user_area)
    =~ s{ oic\.time\%3D [^\&]+ }{oic.time%3D[oic.time placeholder]}mxs;

ok t_cmp(
    $test_location_from_login,

t/openid.t view on Meta::CPAN


# force the session to timeout
my $force_timeout = GET_BODY('/openid/unprotected/setup/force_timeout');
ok t_cmp($force_timeout, 'Forced session timeout.', 'forced session timeout ok');

# try to access user area again, should redirect to auth server
my $user_area_after_timeout = GET_STR($user_area);
my ($location_relogin) = $user_area_after_timeout =~ m{ ^ Location: \s (.*?) \n }mxs;
ok t_cmp(
    $location_relogin,
    $redirect_verify_pat, 
    'Seamless re-login after timeout - redirected to server.',
);

# it should also have the return_to param set to the user area
ok t_cmp(
    $location_relogin,
    qr{ return_to= .*? \Q$user_area\E }mxs,
    'relogin location got return to for user area',
);

t/openid.t view on Meta::CPAN


    DEBUG "GETTING LOGIN URL WITH OPENID PARAM";
    my $try_login = GET_STR("$login_url?".qs( 
        openid_url  => $openid_url,
        test_try    => $try
    ));
    #diag("try_login\n$try_login");
    my ($location_from_login) = $try_login =~ m{ ^ Location: \s+ (.*?) \n }mxs;
    #diag("location from login:\n$location_from_login");
    
    my $redirect_verify_pat = qr{ \A \Q$openid_url_base\E /server \?  }mxs;
    
    ok t_cmp(
        $location_from_login, 
        $redirect_verify_pat, 
        'redirect from login matches pattern' 
    );

    # get that location and expect a positive return response from openid server
    DEBUG "GETTING LOCATION REDIRECT (OPENIDSERVER PAGE) FROM LOGIN '$location_from_login'";
    my $try_openid = GET_STR("$location_from_login");
    my ($location_return) = $try_openid =~ m{ ^ Location: \s+ (.*?) \n }mxs;
    
    ok t_cmp(
        $location_return,

( run in 0.877 second using v1.01-cache-2.11-cpan-5467b0d2c73 )