NAME

Catalyst::Plugin::RequestToken - Handling transaction token for Catalyst

SYNOPSIS

in your application class:

use Catalyst qw/
    Session
    Session::State::Cookie
    Session::Store::FastMmap
    RequestToken 
    FillForm
/;

in your contoller class:

sub input : Local {
    my ( $self, $c ) = @_;

    $c->stash->{template} = 'input.tt';
    $c->forward($c->view('TT'));
}

sub confirm : Local {
    my ( $self, $c ) = @_;

    $c->create_token;
    $c->stash->{template} = 'confirm.tt';
    $c->forward($c->view('TT'));
    $c->fillform;
}

sub complete : Local {
    my ( $self, $c ) = @_;

    if ($c->validate_token) {
        $c->res->output('Complete');
    } else {
        $c->res->output('Invalid Token');
    }
    $c->remove_token;
}

root/input.tt TT template:

<html>
<body>
<form action="confirm" method="post">
<input type="submit" name="submit" value="confirm"/>
</form>
</body>
</html>

root/confirm.tt TT template:

<html>
<body>
<form action="complete" method="post">
<input type="hidden" name="token"/>
<input type="submit" name="submit" value="complete"/>
</form>
</body>
</html>

or you can call prepare_token instead of a bunch of methods. And you don't have to write '<input type="hidden" name="token"... >' for token in your template.

sub input : Local {
    my ( $self, $c ) = @_;

    $c->stash->{template} = 'input.tt';
    $c->prepare_token;
}

if you loaded Catalyst::Plugin::FormValidator::Simple and fail to validate token, C::P::FormValidator::Simple->set_invalid_form will call automatically in validate_token method (constraint name is 'TOKEN').

sub complete : Local {
    my ( $self, $c ) = @_;

    $c->form(
        name => [qw/NOT_BLANK ASCII/]
        ...
    );

    $c->validate_token;
    
    my $result = $c->form;
    
    if ( $result->has_error) {
        $c->res->body('Error');
    } else {
        $c->res->body('Success');
    }
}

DESCRIPTION

This plugin create, remove and validate transaction token, to be used for enforcing a single request for some transaction, for exapmle, you can prevent duplicate submits.

Note: REQUIRES a session plugin like Catalyst::Plugin::Session to store server side token.

METHODS

prepare_token: automatically append token hidden tag to response body.
create_token: Create new token, it uses SHA-1, MD5 or SHA-256, depending on the availibility of these modules.
remove_token: Remove token from server side session.
validate_token: Validate token.

AUTHOR

Hideo Kimura <<hide@hide-k.net>>

LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

The full text of the license can be found in the LICENSE file included with this module.

To install Catalyst::Plugin::RequestToken, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Catalyst::Plugin::RequestToken

CPAN shell

perl -MCPAN -e shell
install Catalyst::Plugin::RequestToken

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)