File Coverage

blib/lib/Rubric/WebApp/Session.pm

Criterion	Covered	Total	%
statement	56	59	94.9
branch	9	12	75.0
condition	4	6	66.6
subroutine	17	18	94.4
pod	4	4	100.0
total	90	99	90.9

line	stmt	bran	cond	sub	pod	time	code
1	3			3		15	use strict;
	3					5
	3					63
2	3			3		11	use warnings;
	3					5
	3					111
3							# ABSTRACT: the Rubric session plugin
4
5							use CGI::Cookie;
6	3			3		118099	use Crypt::CBC;
	3					16129
	3					72
7	3			3		1861	use JSON 2 ();
	3					18264
	3					91
8	3			3		1604	use MIME::Base64;
	3					22902
	3					63
9	3			3		1007	use Sub::Exporter -setup => {
	3					1221
	3					186
10	3					39	-as => '_import',
11							exports => [
12							qw(session session_cipherer get_cookie_payload set_cookie_payload)
13							],
14							groups => [ default => [ -all ] ],
15							};
16	3			3		20
	3					5
17							my ($self) = @_;
18							my $caller = caller;
19	3			3		8
20	3					7	Carp::croak "no session_cipher_key key set"
21							unless Rubric::Config->session_cipher_key;
22	3	50				17
23							$caller->add_callback(init => 'get_cookie_payload');
24							$caller->add_callback(postrun => 'set_cookie_payload');
25	3					36	$self->_import({ into => $caller });
26	3					55	}
27	3					40
28							#pod =head1 METHODS
29							#pod
30							#pod These methods are imported into the using class and should be called on an
31							#pod object of that type -- here, a Rubric::WebApp.
32							#pod
33							#pod =head2 session
34							#pod
35							#pod This returns the session, a hashref.
36							#pod
37							#pod =cut
38
39							my ($self) = @_;
40							return $self->{__PACKAGE__}{session} \|\|= $self->get_cookie_payload;
41							}
42	338			338	1	1661
43	338		66			1520	my $COOKIE_NAME = 'RubricSession';
44
45
46							#pod =head2 session_cipherer
47							#pod
48	2			2		176	#pod This returns a Crypt::CBC object for handling ciphering.
49							#pod
50							#pod =cut
51
52							my ($self) = @_;
53
54							$self->{__PACKAGE__}{cipherer} \|\|= Crypt::CBC->new(
55							-key => Rubric::Config->session_cipher_key,
56							-cipher => 'Rijndael',
57	142			142	1	384	-padding => 'standard',
58							);
59	142		66			1199	}
60
61							#pod =head2 get_cookie_payload
62							#pod
63							#pod This gets the cookie and returns the payload as a R::WA::Session::Object.
64							#pod
65							#pod =cut
66
67							my ($self) = @_;
68
69							return __empty unless my $cookie_value = $self->query->cookie($COOKIE_NAME);
70
71							my $cipherer = $self->session_cipherer;
72
73	96			96	1	966118	my $data = eval {
74							JSON->new->utf8->decode(
75	96	100				450	$cipherer->decrypt(decode_base64($cookie_value))
76							);
77	94					39975	};
78
79	94					12981	my $session = $data ? Rubric::WebApp::Session::Object->new($data) : __empty;
80	94					1265	}
81
82							#pod =head2 set_cookie_payload
83							#pod
84							#pod This method writes the session data back out to a cookie entry.
85	94	50				37772	#pod
86							#pod =cut
87
88							my ($self) = @_;
89
90							my $cookie_value = eval {
91							my $json = JSON->new->utf8->encode($self->session->as_hash);
92
93							encode_base64($self->session_cipherer->encrypt($json));
94							};
95	48			48	1	5271
96							my $cookie = CGI::Cookie->new(
97	48					91	-name => $COOKIE_NAME,
98	48					714	-expires => '+30d',
99							-value => $cookie_value,
100	48					320	-secure => Rubric::Config->cookie_secure,
101							-httponly => Rubric::Config->cookie_httponly,
102							);
103	48					60467
104							$self->header_add(-cookie => [ $cookie ]);
105							}
106
107							#pod =head1 SESSION OBJECT METHODS
108							#pod
109							#pod =cut
110
111	48					12662
112							#pod =head2 new
113							#pod
114							#pod This makes a new session object. You don't need this.
115							#pod
116							#pod =cut
117
118							my ($class, $data) = @_;
119							bless $data => $class;
120							}
121
122							#pod =head2 param
123							#pod
124							#pod $obj->param('foo'); # get
125							#pod $obj->param('foo', 'val'); # set
126							#pod
127	96			96		293	#pod =cut
128	96					556
129							my $self = shift;
130
131							if (@_ == 1) {
132							return $self->{$_[0]} if exists $self->{$_[0]};
133							return;
134							}
135
136							if (@_ == 2) {
137							return $self->{$_[0]} = $_[1];
138							}
139	289			289		2045
140							die "invalid number of args to session->param";
141	289	100				554	}
142	224	100				1219
143	36					236	#pod =head2 clear
144							#pod
145							#pod $obj->clear('name');
146	65	50				213	#pod
147	65					191	#pod Clear the entry (delete it entirely) from the session.
148							#pod
149							#pod =cut
150	0					0
151							my ($self, $param) = @_;
152							delete $self->{$param};
153							}
154
155							#pod =head2 delete
156							#pod
157							#pod $session->delete;
158							#pod
159							#pod Removes all data from the session.
160							#pod
161							#pod =cut
162	1			1		34
163	1					5	my ($self) = @_;
164							%$self = ();
165							}
166
167							#pod =head2 as_hash
168							#pod
169							#pod This returns a hashref containing the session data.
170							#pod
171							#pod =cut
172
173							return { %{ $_[0] } };
174							}
175	0			0		0
176	0					0	1;
177
178
179							=pod
180
181							=encoding UTF-8
182
183							=head1 NAME
184
185							Rubric::WebApp::Session - the Rubric session plugin
186	48			48		89
	48					484
187							=head1 VERSION
188
189							version 0.157
190
191							=head1 PERL VERSION
192
193							This code is effectively abandonware. Although releases will sometimes be made
194							to update contact info or to fix packaging flaws, bug reports will mostly be
195							ignored. Feature requests are even more likely to be ignored. (If someone
196							takes up maintenance of this code, they will presumably remove this notice.)
197							This means that whatever version of perl is currently required is unlikely to
198							change -- but also that it might change at any new maintainer's whim.
199
200							=head1 METHODS
201
202							These methods are imported into the using class and should be called on an
203							object of that type -- here, a Rubric::WebApp.
204
205							=head2 session
206
207							This returns the session, a hashref.
208
209							=head2 session_cipherer
210
211							This returns a Crypt::CBC object for handling ciphering.
212
213							=head2 get_cookie_payload
214
215							This gets the cookie and returns the payload as a R::WA::Session::Object.
216
217							=head2 set_cookie_payload
218
219							This method writes the session data back out to a cookie entry.
220
221							=head1 SESSION OBJECT METHODS
222
223							=head2 new
224
225							This makes a new session object. You don't need this.
226
227							=head2 param
228
229							$obj->param('foo'); # get
230							$obj->param('foo', 'val'); # set
231
232							=head2 clear
233
234							$obj->clear('name');
235
236							Clear the entry (delete it entirely) from the session.
237
238							=head2 delete
239
240							$session->delete;
241
242							Removes all data from the session.
243
244							=head2 as_hash
245
246							This returns a hashref containing the session data.
247
248							=head1 AUTHOR
249
250							Ricardo SIGNES <rjbs@semiotic.systems>
251
252							=head1 COPYRIGHT AND LICENSE
253
254							This software is copyright (c) 2004 by Ricardo SIGNES.
255
256							This is free software; you can redistribute it and/or modify it under
257							the same terms as the Perl 5 programming language system itself.
258
259							=cut