Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Catalyst::Controller::UsereContributed PeCatalyst::Controller::RequestToken(3)

NAME
       Catalyst::Controller::RequestToken - Handling transaction tokens	across
       forms

SYNOPSIS
       requires	Catalyst::Plugin::Session module, in your application class:

	   use Catalyst	qw/
	       Session
	       Session::State::Cookie
	       Session::Store::FastMmap
	       FillInForm
	    /;

       in your controller class:

	   use base qw(Catalyst::Controller::RequestToken);

	   sub form :Local {
	       my ($self, $c) =	@_;
	       $c->stash( template => 'form.tt'	);
	   }

	   sub confirm :Local :CreateToken {
	       my ($self, $c) =	@_;
	       $c->stash( template => 'confirm.tt' );
	   }

	   sub complete	:Local :ValidateToken {
	       my ($self, $c) =	@_;

	       if ($self->valid_token($c)) {
		   $c->response->body('complete.');
	       }
	       eles {
		   $c->response->body('invalid operation.');
	       }
	   }

       form.tt

	   <html>
	   <body>
	   <form action="confirm" method="post">
	   <input type="submit"	name="submit" value="confirm"/>
	   </form>
	   </body>
	   </html>

       confirm.tt

	   <html>
	   <body>
	   <form action="complete" method="post">
	   <input type="hidden"	name="_token" values="[% c.req.param('_token') %]"/>
	   <input type="submit"	name="submit" value="complete"/>
	   </form>
	   </body>
	   </html>

DESCRIPTION
       This controller enables to enforce a single transaction across multiple
       forms.  Using a token, you can prevent duplicate	submits	and protect
       your app	from CSRF atacks.

       This module REQUIRES Catalyst::Plugin::Session to store server side
       token.

ATTRIBUTES
       CreateToken
	   Creates a new token and puts	it into	request	and session.  You can
	   return content with request token which should be posted to server.

       ValidateToken
	   After CreateToken, clients will post	token request, so you need to
	   validate whether it is correct or not.

	   The ValidateToken attribute wil make	your action validate the
	   request token by comparing it to the	session	token which is created
	   by the CreateToken attribute.

	   If the token	is valid, the server-side token	will be	expired. Use
	   is_valid_token() to check wheter the	token in this request was
	   valid or not.

       RemoveToken
	   Removes the token from the session. The request token will no
	   longer be valid.

METHODS
       All methods must	be passed the request context as their first
       parameter.

       token
       create_token
       remove_token
       validate_token
	   Return whether token	is valid or not.  This will work correctly
	   only	after ValidateToken.

       is_valid_token

CONFIGRATION
       in your application class:

	   __PACKAGE__->config('Controller::TokenBasedMyController' => {
	       session_name => '_token',
	       request_name => '_token',
	   });

       session_name
	   Default: _token

       request_name
	   Default: _token

       validate_stash_name
	   Default: _token

SEE ALSO
       Catalyst::Controller::RequestToken::Action::CreateToken
       Catalyst::Controller::RequestToken::Action::ValidateToken
       Catalyst
       Catalyst::Controller
       Catalyst::Plugin::Session
       Catalyst::Plugin::FormValidator::Simple

AUTHOR
       Hideo Kimura "<<hide<at>hide-k.net>>"

COPYRIGHT
       This program is free software; you can redistribute it and/or modify it
       under the same terms as Perl itself.

       The full	text of	the license can	be found in the	LICENSE	file included
       with this module.

perl v5.32.0			  2012-08Catalyst::Controller::RequestToken(3)

NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | METHODS | CONFIGRATION | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Catalyst::Controller::RequestToken&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help