CatalystX::Usul::Plugin::Controller::TokenValidation - CSRF form tokens

0.3.$Revision: 576 $

   # In controller base class
   sub end {
      my ($self, $c) = @_;

      if ($c->stash->{token} && $self->can( q(add_token) )) {
         $self->add_token( $c );
      }

      $c->forward( q(render) );
      return;
   }

   # In custom action class
   if ($controller->can( q(validate_token) ) && _should_validate( $c )) {
      unless ($controller->validate_token( $c )) {
         return $self->_invalid_token( @args )
            ? $self->next::method( @rest ) : undef;
      }

      $controller->remove_token( $c );
   }

Generates and validates CSRF form tokens

Adds a CSRF token to the form

Called by the end method in the base controller, this method calls add_token if the current page should contain a token

Removes the validated token from the form so that it is not mistaken for a regular input field

Checks to see if the token stored in the session matches the one posted back in the form

None

None

CatalystX::Usul

There are no known incompatibilities in this module

There are no known bugs in this module. Please report problems to the address below. Patches are welcome

Peter Flanigan, <Support at RoxSoft.co.uk>

Copyright (c) 2008 Peter Flanigan. All rights reserved

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic

This program is distributed in the hope that it will be useful, but WITHOUT WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE