use strict;
use warnings;
-our $VERSION = '0.001';
+our $VERSION = '0.001001';
use parent qw/Plack::Middleware/;
use re '/s';
use Authen::Passphrase;
use Authen::Passphrase::BlowfishCrypt;
-use Bytes::Random::Secure qw/random_bytes/;
+use Bytes::Random::Secure qw//;
use Carp qw/croak/;
use DBI;
use Digest::SHA qw/hmac_sha1_base64 sha256/;
cache_max_age => 5 * 60,
token_max_age => 60 * 60,
username_regex => qr/^\w{2,20}$/as,
+ invalid_username => 'Invalid username',
register_url => '/action/register',
passwd_url => '/action/passwd',
request_reset_url => '/action/request-reset',
sub make_reset_hmac {
my ($self, $username, @data) = @_;
- $self->{hmackey} //= random_bytes 512; # uncoverable condition false
+ $self->{hmackey} //= Bytes::Random::Secure->new(NonBlocking => 1)->bytes(512); # uncoverable condition false
my $user = $self->get_user($username);
my $message = join ' ', $username, $user->{passphrase}, @data;
hmac_sha1_base64 $message, $self->{hmackey};
return $self->bad_request("Missing parameter $_") unless $parms{$_};
}
- return $self->bad_request('Username must match ' . $self->{username_regex}) unless $parms{username} =~ $self->{username_regex};
+ return $self->bad_request($self->{invalid_username}) unless $parms{username} =~ $self->{username_regex};
return $self->bad_request('Username already in use') if $self->get_user($parms{username});
return $self->bad_request('The two passwords do not match') unless $parms{password} eq $parms{confirm_password};
Regular expression that matches valid usernames. Defaults to
C<qr/^\w{2,20}$/as>.
+=item invalid_username
+
+Error message returned when the username does not match
+username_regex. Defaults to C<'Invalid username'>
+
=item register_url
URL for registering. Defaults to C<'/action/register'>.
=head1 COPYRIGHT AND LICENSE
-Copyright (C) 2015 by Marius Gavrilescu
+Copyright (C) 2015-2017 by Marius Gavrilescu
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.20.1 or,