NAME

Catalyst::Controller::RequestToken - Handling transaction token across forms

SYNOPSIS

requires Catalyst::Plugin::Session module, in your application class:

use Catalyst qw/
    Session
    Session::State::Cookie
    Session::Store::FastMmap
    FillForm
 /;

in your controller class:

use base qw(Catalyst::Controller::RequestToken);

sub form :Local {
    my ($self, $c) = @_;
    $c->stash->{template} = 'form.tt';
    $c->forward($c->view('TT'));
}

sub confirm :Local :CreateToken {
    my ($self, $c) = @_;
    $c->stash->{template} = 'confirm.tt';
    $c->forward($c->view('TT'));
}

sub complete :Local :ValidateToken {
    my ($self, $c) = @_;
    if ($self->validate_token) {
        $c->response->body('complete.');
    } eles {
        $c->response->body('invalid operation.');
    }    
}

form.tt

<html>
<body>
<form action="confirm" method="post">
<input type="submit" name="submit" value="confirm"/>
</form>
</body>
</html>

confirm.tt

<html>
<body>
<form action="complete" method="post">
<input type="hidden" name="_token" values="[% c.req.param('_token') %]"/>
<input type="submit" name="submit" value="complete"/>
</form>
</body>
</html>

DESCRIPTION

This controller enables to enforcing a single transaction across multi forms. Using token, you can prevent duplicate submits, or protect from CSRF atack.

This module REQUIRES Catalyst::Plugin::Session to store server side token.

If you add CreateToken attribute to action, token will be created and stored into request and session. You can return a content with request token which should be posted to server.

If you add ValidateToken attribute, this will validate request token with sever-side session token, and remove token from session.

After ValidateToken, there is any token in session, so validation will be failed, if user request with expired token.

METHODS

validate_token: Return token is valid or not. This will work collectlly only after ValidateToken.

CONFIGRATION

in your application class:

__PACKAGE__->config('Controller::RequestToken' => {
    session_name => '_token',
    request_name => '_token',
});

session_name: Default: _token
request_name: Default: _token

INTERNAL METHODS

new
ACCEPT_CONTEXT

AUTHOR

Hideo Kimura <<hide@hide-k.net>>

COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

The full text of the license can be found in the LICENSE file included with this module.

To install Catalyst::Controller::RequestToken, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Catalyst::Controller::RequestToken

CPAN shell

perl -MCPAN -e shell
install Catalyst::Controller::RequestToken

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)