use strict;
use warnings;
-our $VERSION = '0.000_001';
+our $VERSION = '0.001001';
use parent qw/Plack::Middleware/;
use re '/s';
use Authen::Passphrase;
use Authen::Passphrase::BlowfishCrypt;
-use Bytes::Random::Secure qw/random_bytes/;
+use Bytes::Random::Secure qw//;
use Carp qw/croak/;
use DBI;
use Digest::SHA qw/hmac_sha1_base64 sha256/;
cache_max_age => 5 * 60,
token_max_age => 60 * 60,
username_regex => qr/^\w{2,20}$/as,
+ invalid_username => 'Invalid username',
register_url => '/action/register',
passwd_url => '/action/passwd',
request_reset_url => '/action/request-reset',
my %self = $class->default_opts;
%self = (%self, %$opts);
my $self = bless \%self, $class;
- $self->init;
$self
}
sub make_reset_hmac {
my ($self, $username, @data) = @_;
- $self->{hmackey} //= random_bytes 512; # uncoverable condition false
+ $self->{hmackey} //= Bytes::Random::Secure->new(NonBlocking => 1)->bytes(512); # uncoverable condition false
my $user = $self->get_user($username);
my $message = join ' ', $username, $user->{passphrase}, @data;
hmac_sha1_base64 $message, $self->{hmackey};
return $self->bad_request("Missing parameter $_") unless $parms{$_};
}
- return $self->bad_request('Username must match ' . $self->{username_regex}) unless $parms{username} =~ $self->{username_regex};
+ return $self->bad_request($self->{invalid_username}) unless $parms{username} =~ $self->{username_regex};
return $self->bad_request('Username already in use') if $self->get_user($parms{username});
return $self->bad_request('The two passwords do not match') unless $parms{password} eq $parms{confirm_password};
sub call {
my ($self, $env) = @_;
+
+ unless ($self->{init_done}) {
+ $self->init;
+ $self->{init_done} = 1;
+ }
+
my $auth = $env->{HTTP_AUTHORIZATION};
if ($auth && $auth =~ /^Basic (.*)$/i) {
my ($user, $pass) = split /:/, decode_base64($1), 2;
Regular expression that matches valid usernames. Defaults to
C<qr/^\w{2,20}$/as>.
+=item invalid_username
+
+Error message returned when the username does not match
+username_regex. Defaults to C<'Invalid username'>
+
=item register_url
URL for registering. Defaults to C<'/action/register'>.
=item B<init>
-Called at the end of the constructor. The default implementation
+Called when the first request is received. The default implementation
connects to the database, calls C<post_connect_cb> and prepares the
SQL statements.
=item B<call_register>(I<$req>)
-Handles the C</register> endpoint. I<$req> is a Plack::Request object.
+Handles the C</action/register> endpoint. I<$req> is a Plack::Request object.
=item B<call_passwd>(I<$req>)
-Handles the C</passwd> endpoint. I<$req> is a Plack::Request object.
+Handles the C</action/passwd> endpoint. I<$req> is a Plack::Request object.
=item B<call_request_reset>(I<$req>)
-Handles the C</request-reset> endpoint. I<$req> is a Plack::Request object.
+Handles the C</action/request-reset> endpoint. I<$req> is a Plack::Request object.
=item B<call_reset>(I<$req>)
-Handles the C</reset> endpoint. I<$req> is a Plack::Request object.
+Handles the C</action/reset> endpoint. I<$req> is a Plack::Request object.
=back
=head1 COPYRIGHT AND LICENSE
-Copyright (C) 2015 by Marius Gavrilescu
+Copyright (C) 2015-2017 by Marius Gavrilescu
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.20.1 or,