File Coverage

blib/lib/Dancer2/Plugin/Passphrase.pm
Criterion Covered Total %
statement 18 18 100.0
branch n/a
condition n/a
subroutine 6 6 100.0
pod 1 1 100.0
total 25 25 100.0


line stmt bran cond sub pod time code
1             package Dancer2::Plugin::Passphrase;
2              
3 11     11   7552548 use strict;
  11         95  
  11         340  
4 11     11   59 use warnings;
  11         32  
  11         320  
5 11     11   5034 use Dancer2::Plugin::Passphrase::Core;
  11         53  
  11         422  
6 11     11   5524 use Dancer2::Plugin::Passphrase::Hashed;
  11         33  
  11         391  
7 11     11   6715 use Dancer2::Plugin;
  11         587532  
  11         108  
8              
9             our $VERSION = '3.3.4';
10              
11             plugin_keywords 'passphrase';
12              
13             # ABSTRACT: Passphrases and Passwords as objects for Dancer2
14              
15             =head1 NAME
16              
17             Dancer2::Plugin::Passphrase - Passphrases and Passwords as objects for Dancer2
18              
19             =head1 SYNOPSIS
20              
21             This plugin manages the hashing of passwords for Dancer2 apps, allowing
22             developers to follow cryptography best practices without having to
23             become a cryptography expert.
24              
25             It uses the bcrypt algorithm as the default, while also supporting any
26             hashing function provided by L.
27              
28             =head1 USAGE
29              
30             package MyWebService;
31             use Dancer2;
32             use Dancer2::Plugin::Passphrase;
33              
34             post '/login' => sub {
35             my $phrase = passphrase( param('my password') )->generate;
36              
37             # $phrase is now an object that contains RFC 2307 representation
38             # of the hashed passphrase, along with the salt, and other metadata
39            
40             # You should store $phrase->rfc2307() for use later
41             };
42              
43             get '/protected' => sub {
44             # Retrieve $stored_rfc_2307_string, like we created above.
45             # IT MUST be a valid RFC 2307 string
46              
47             if ( passphrase( param('my password') )->matches( $stored_rfc_2307 ) ) {
48             # Passphrase matches!
49             }
50             };
51              
52             get '/generate_new_password' => sub {
53             return passphrase->generate_random;
54             };
55              
56             =head1 NOTE
57              
58             This package does no checking about how secure the password is,
59             minimum length or anything, including a length of 0 being valid.
60             You can add extra checks in your "MyWebService".
61              
62             =head1 AUTO STRINGIFICATION IS REMOVED
63              
64             You must use $phrase->rfc2307() to get a text string.
65              
66             =head1 KEYWORDS
67              
68             =head2 passphrase
69              
70             Given a plaintext password, it returns a Dancer2::Plugin::Passphrase::Core
71             object that you can generate a new hash from, or match against a stored hash.
72              
73             =cut
74              
75             has algorithm => (
76             is => 'ro',
77             from_config => sub { 'Bcrypt' },
78             );
79              
80             sub passphrase {
81 98     98 1 18227 my ($plugin, $plaintext) = @_;
82              
83             return Dancer2::Plugin::Passphrase::Core->new(
84 98         176 %{$plugin->config},
  98         2526  
85             algorithm => $plugin->algorithm,
86             plaintext => $plaintext,
87             );
88             }
89              
90             1;
91              
92             __END__