X-Git-Url: http://git.ieval.ro/?a=blobdiff_plain;f=lib%2FPlack%2FMiddleware%2FAuth%2FComplex.pm;h=b8e3565bc0d8158efcacb04c4f0751df957358fe;hb=de80d316f181be3675343e37a3773fff63eb3e1a;hp=ac70da693554a5aec710f194b3e386ba93fcf874;hpb=d332726d5726e639bc597493c3db9e79fe5a0174;p=plack-middleware-auth-complex.git

diff --git a/lib/Plack/Middleware/Auth/Complex.pm b/lib/Plack/Middleware/Auth/Complex.pm
index ac70da6..b8e3565 100644
--- a/lib/Plack/Middleware/Auth/Complex.pm
+++ b/lib/Plack/Middleware/Auth/Complex.pm
@@ -4,14 +4,14 @@ use 5.014000;
 use strict;
 use warnings;
 
-our $VERSION = '0.001';
+our $VERSION = '0.002';
 
 use parent qw/Plack::Middleware/;
 use re '/s';
 
 use Authen::Passphrase;
 use Authen::Passphrase::BlowfishCrypt;
-use Bytes::Random::Secure qw/random_bytes/;
+use Bytes::Random::Secure qw//;
 use Carp qw/croak/;
 use DBI;
 use Digest::SHA qw/hmac_sha1_base64 sha256/;
@@ -32,6 +32,7 @@ sub default_opts {(
 	cache_max_age     => 5 * 60,
 	token_max_age     => 60 * 60,
 	username_regex    => qr/^\w{2,20}$/as,
+	invalid_username  => 'Invalid username',
 	register_url      => '/action/register',
 	passwd_url        => '/action/passwd',
 	request_reset_url => '/action/request-reset',
@@ -99,7 +100,7 @@ sub set_passphrase {
 
 sub make_reset_hmac {
 	my ($self, $username, @data) = @_;
-	$self->{hmackey} //= random_bytes 512; # uncoverable condition false
+	$self->{hmackey} //= Bytes::Random::Secure->new(NonBlocking => 1)->bytes(512); # uncoverable condition false
 	my $user = $self->get_user($username);
 	my $message = join ' ', $username, $user->{passphrase}, @data;
 	hmac_sha1_base64 $message, $self->{hmackey};
@@ -176,7 +177,7 @@ sub call_register {
 		return $self->bad_request("Missing parameter $_") unless $parms{$_};
 	}
 
-	return $self->bad_request('Username must match ' . $self->{username_regex}) unless $parms{username} =~ $self->{username_regex};
+	return $self->bad_request($self->{invalid_username}) unless $parms{username} =~ $self->{username_regex};
 	return $self->bad_request('Username already in use') if $self->get_user($parms{username});
 	return $self->bad_request('The two passwords do not match') unless $parms{password} eq $parms{confirm_password};
 
@@ -391,6 +392,11 @@ Password reset token validity, in seconds. Defaults to 1 hour.
 Regular expression that matches valid usernames. Defaults to
 C<qr/^\w{2,20}$/as>.
 
+=item invalid_username
+
+Error message returned when the username does not match
+username_regex. Defaults to C<'Invalid username'>
+
 =item register_url
 
 URL for registering. Defaults to C<'/action/register'>.
@@ -513,7 +519,7 @@ Marius Gavrilescu, E<lt>marius@ieval.roE<gt>
 
 =head1 COPYRIGHT AND LICENSE
 
-Copyright (C) 2015 by Marius Gavrilescu
+Copyright (C) 2015-2017 by Marius Gavrilescu
 
 This library is free software; you can redistribute it and/or modify
 it under the same terms as Perl itself, either Perl version 5.20.1 or,