line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
1
|
|
|
1
|
|
349734
|
use strict; |
|
1
|
|
|
|
|
4
|
|
|
1
|
|
|
|
|
33
|
|
2
|
1
|
|
|
1
|
|
5
|
use warnings; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
53
|
|
3
|
|
|
|
|
|
|
|
4
|
|
|
|
|
|
|
package WebPrototypes::ResetPass; |
5
|
|
|
|
|
|
|
BEGIN { |
6
|
1
|
|
|
1
|
|
19
|
$WebPrototypes::ResetPass::VERSION = '0.002'; |
7
|
|
|
|
|
|
|
} |
8
|
1
|
|
|
1
|
|
10
|
use parent qw(Plack::Component); |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
12
|
|
9
|
1
|
|
|
1
|
|
937
|
use Plack::Request; |
|
1
|
|
|
|
|
79177
|
|
|
1
|
|
|
|
|
38
|
|
10
|
1
|
|
|
1
|
|
1281
|
use URL::Encode 'url_encode_utf8'; |
|
1
|
|
|
|
|
5850
|
|
|
1
|
|
|
|
|
62
|
|
11
|
1
|
|
|
1
|
|
934
|
use String::Random 'random_regex'; |
|
1
|
|
|
|
|
3087
|
|
|
1
|
|
|
|
|
64
|
|
12
|
|
|
|
|
|
|
|
13
|
1
|
|
|
1
|
|
811
|
use Email::Sender::Simple qw(sendmail); |
|
1
|
|
|
|
|
217205
|
|
|
1
|
|
|
|
|
8
|
|
14
|
1
|
|
|
1
|
|
278
|
use Email::Simple; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
20
|
|
15
|
1
|
|
|
1
|
|
4
|
use Email::Simple::Creator; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
18
|
|
16
|
|
|
|
|
|
|
|
17
|
1
|
|
|
1
|
|
18
|
use 5.0100; |
|
1
|
|
|
|
|
6
|
|
|
1
|
|
|
|
|
802
|
|
18
|
|
|
|
|
|
|
|
19
|
0
|
|
|
0
|
1
|
0
|
sub find_user { die 'find_user needs to be implemented in subclass' } |
20
|
|
|
|
|
|
|
|
21
|
0
|
|
|
0
|
1
|
0
|
sub update_user{ die 'update_user needs to be implemented in subclass' } |
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
sub wrap_text{ |
24
|
7
|
|
|
7
|
1
|
11
|
my( $self, $text ) = @_; |
25
|
7
|
|
|
|
|
118
|
return "$text"; |
26
|
|
|
|
|
|
|
} |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
sub build_reply{ |
29
|
7
|
|
|
7
|
1
|
14
|
my( $self, $text ) = @_; |
30
|
7
|
|
|
|
|
38
|
return [ 200, [ 'Content-Type' => 'text/html' ], [ $self->wrap_text( $text ) ] ]; |
31
|
|
|
|
|
|
|
} |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
sub call { |
34
|
7
|
|
|
7
|
1
|
724512
|
my($self, $env) = @_; |
35
|
7
|
|
|
|
|
23
|
my $path = $env->{PATH_INFO}; |
36
|
|
|
|
|
|
|
|
37
|
7
|
100
|
|
|
|
30
|
if( $path eq '/reset' ){ |
38
|
3
|
|
|
|
|
21
|
return $self->_reset( $env ); |
39
|
|
|
|
|
|
|
} |
40
|
4
|
|
|
|
|
21
|
return $self->_index( $env ); |
41
|
|
|
|
|
|
|
} |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
sub _index { |
44
|
4
|
|
|
4
|
|
10
|
my ( $self, $env ) = @_; |
45
|
4
|
|
|
|
|
42
|
my $req = Plack::Request->new( $env ); |
46
|
4
|
100
|
|
|
|
167
|
if( $req->method eq 'POST' ){ |
47
|
2
|
|
|
|
|
22
|
my $username = $req->param( 'username' ); |
48
|
2
|
|
|
|
|
1165
|
my( $user, $email ) = $self->find_user( $username ); |
49
|
2
|
100
|
|
|
|
17
|
if( !$user ){ |
50
|
1
|
|
|
|
|
4
|
return $self->build_reply( "User not found" ); |
51
|
|
|
|
|
|
|
} |
52
|
|
|
|
|
|
|
else{ |
53
|
1
|
|
|
|
|
6
|
my $pass_token = random_regex( '\w{40}' ); |
54
|
1
|
|
|
|
|
245
|
$self->update_user( $user, { pass_token => $pass_token }); |
55
|
1
|
|
|
|
|
20
|
$self->_send_pass_token( $env, $user, $username, $email, $pass_token ); |
56
|
1
|
|
|
|
|
2261
|
return $self->build_reply( "Email sent" ); |
57
|
|
|
|
|
|
|
} |
58
|
|
|
|
|
|
|
} |
59
|
2
|
|
|
|
|
35
|
return $self->build_reply( <
|
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
Username or email: |
62
|
|
|
|
|
|
|
|
63
|
|
|
|
|
|
|
|
64
|
|
|
|
|
|
|
END |
65
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
} |
67
|
|
|
|
|
|
|
|
68
|
|
|
|
|
|
|
sub build_email { |
69
|
1
|
|
|
1
|
1
|
53
|
my( $self, $to, $reset_url ) = @_; |
70
|
1
|
|
|
|
|
25
|
return Email::Simple->create( |
71
|
|
|
|
|
|
|
header => [ |
72
|
|
|
|
|
|
|
To => $to, |
73
|
|
|
|
|
|
|
From => 'root@localhost', |
74
|
|
|
|
|
|
|
Subject => "Password reset", |
75
|
|
|
|
|
|
|
], |
76
|
|
|
|
|
|
|
body => $reset_url, |
77
|
|
|
|
|
|
|
); |
78
|
|
|
|
|
|
|
} |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
sub send_mail { |
81
|
0
|
|
|
0
|
1
|
0
|
my( $self, $mail ) = @_; |
82
|
0
|
|
|
|
|
0
|
sendmail( $mail ); |
83
|
|
|
|
|
|
|
} |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
sub _send_pass_token { |
86
|
1
|
|
|
1
|
|
4
|
my( $self, $env, $user, $username, $email, $pass_token ) = @_; |
87
|
1
|
0
|
50
|
|
|
17
|
my $my_server = $env->{HTTP_ORIGIN} // |
|
|
|
0
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
|
33
|
|
|
|
|
88
|
|
|
|
|
|
|
( $env->{'psgi.url_scheme'} // 'http' ) . '://' . |
89
|
|
|
|
|
|
|
( $env->{HTTP_HOST} // |
90
|
|
|
|
|
|
|
$env->{SERVER_NAME} . |
91
|
|
|
|
|
|
|
( $env->{SERVER_PORT} && $env->{SERVER_PORT} != 80 ? ':' . $env->{SERVER_PORT} : '' ) |
92
|
|
|
|
|
|
|
); |
93
|
1
|
|
|
|
|
22
|
my $reset_url = URI->new( $my_server ); |
94
|
1
|
|
|
|
|
130
|
$reset_url->path( $env->{SCRIPT_NAME} . '/reset' ); |
95
|
1
|
|
|
|
|
108
|
$reset_url->query_form( name => $username, token => $pass_token ); |
96
|
1
|
|
|
|
|
68
|
$self->send_mail( $self->build_email( $email, $reset_url ), $pass_token ); |
97
|
|
|
|
|
|
|
} |
98
|
|
|
|
|
|
|
|
99
|
|
|
|
|
|
|
sub _reset { |
100
|
3
|
|
|
3
|
|
8
|
my ( $self, $env, ) = @_; |
101
|
3
|
|
|
|
|
32
|
my $req = Plack::Request->new( $env ); |
102
|
3
|
|
|
|
|
41
|
my $name = $req->param( 'name' ); |
103
|
3
|
|
|
|
|
1040
|
my $token = $req->param( 'token' ); |
104
|
3
|
|
|
|
|
44
|
my( $user, $email, $pass_token ) = $self->find_user( $name ); |
105
|
3
|
100
|
66
|
|
|
41
|
if( !( $user && $pass_token eq $token ) ){ |
106
|
1
|
|
|
|
|
6
|
return $self->build_reply( 'Token invalid' ); |
107
|
|
|
|
|
|
|
} |
108
|
|
|
|
|
|
|
else{ |
109
|
2
|
100
|
|
|
|
9
|
if( $req->method eq 'POST' ){ |
110
|
1
|
|
|
|
|
8
|
$self->update_user( $user, { pass_token => undef, password => $req->param( 'password' ) } ); |
111
|
1
|
|
|
|
|
31
|
return $self->build_reply( 'Password reset' ); |
112
|
|
|
|
|
|
|
} |
113
|
|
|
|
|
|
|
else{ |
114
|
1
|
|
|
|
|
15
|
my $encoded_name = url_encode_utf8( $name ); |
115
|
1
|
|
|
|
|
86
|
my $encoded_token = url_encode_utf8( $pass_token ); |
116
|
1
|
|
|
|
|
19
|
return $self->build_reply( <
|
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
New password: |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
|
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
|
123
|
|
|
|
|
|
|
END |
124
|
|
|
|
|
|
|
} |
125
|
|
|
|
|
|
|
} |
126
|
|
|
|
|
|
|
} |
127
|
|
|
|
|
|
|
|
128
|
|
|
|
|
|
|
|
129
|
|
|
|
|
|
|
1; |
130
|
|
|
|
|
|
|
|
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
=pod |
134
|
|
|
|
|
|
|
|
135
|
|
|
|
|
|
|
=head1 NAME |
136
|
|
|
|
|
|
|
|
137
|
|
|
|
|
|
|
WebPrototypes::ResetPass - (Experimental) Plack application for sending a 'Reset password link' via email |
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
=head1 VERSION |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
version 0.002 |
142
|
|
|
|
|
|
|
|
143
|
|
|
|
|
|
|
=head1 SYNOPSIS |
144
|
|
|
|
|
|
|
|
145
|
|
|
|
|
|
|
# connecting with DBIx::Class |
146
|
|
|
|
|
|
|
{ |
147
|
|
|
|
|
|
|
package My::ResetPass; |
148
|
|
|
|
|
|
|
use parent 'WebPrototypes::ResetPass'; |
149
|
|
|
|
|
|
|
use Plack::Util::Accessor qw( schema ); |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
sub find_user { |
152
|
|
|
|
|
|
|
my( $self, $name ) = @_; |
153
|
|
|
|
|
|
|
my $user = $schema->resultset( 'User' )->search({ username => $name })->next; |
154
|
|
|
|
|
|
|
return $user, $user->email, $user->pass_token if $user; |
155
|
|
|
|
|
|
|
return; |
156
|
|
|
|
|
|
|
} |
157
|
|
|
|
|
|
|
|
158
|
|
|
|
|
|
|
sub update_user { |
159
|
|
|
|
|
|
|
my( $self, $user, $attrs ) = @_; |
160
|
|
|
|
|
|
|
$user->update( $attrs ); |
161
|
|
|
|
|
|
|
} |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
} |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
use Plack::Builder; |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
my $app = My::ResetPass->new( schema => $schema ); |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
builder { |
170
|
|
|
|
|
|
|
mount "/forgotten_pass" => builder { |
171
|
|
|
|
|
|
|
$app->to_app; |
172
|
|
|
|
|
|
|
}; |
173
|
|
|
|
|
|
|
}; |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
=head1 DESCRIPTION |
176
|
|
|
|
|
|
|
|
177
|
|
|
|
|
|
|
This application implements the common reset forgotten password mechanism |
178
|
|
|
|
|
|
|
in a storage independent way. The examples here are with DBIx::Class |
179
|
|
|
|
|
|
|
but they can be easily ported to other storage layers. |
180
|
|
|
|
|
|
|
|
181
|
|
|
|
|
|
|
It has two pages. First page where the user enters his login details and |
182
|
|
|
|
|
|
|
if they are correct an email with a link (with a random verification token) |
183
|
|
|
|
|
|
|
to the password reset page is sent. |
184
|
|
|
|
|
|
|
Second page - the password reset page - checks the token - and lets the user |
185
|
|
|
|
|
|
|
to choose a new password. |
186
|
|
|
|
|
|
|
|
187
|
|
|
|
|
|
|
This application uses the Template Method design pattern. |
188
|
|
|
|
|
|
|
|
189
|
|
|
|
|
|
|
=head2 PURE VIRTUAL METHODS |
190
|
|
|
|
|
|
|
|
191
|
|
|
|
|
|
|
These methods need to be overriden in subclass. |
192
|
|
|
|
|
|
|
|
193
|
|
|
|
|
|
|
=over 4 |
194
|
|
|
|
|
|
|
|
195
|
|
|
|
|
|
|
=item find_user ( name ) |
196
|
|
|
|
|
|
|
|
197
|
|
|
|
|
|
|
Should return a following tuple |
198
|
|
|
|
|
|
|
$user, $user_email, $verification_token |
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
The C<$user> is user object or user id - passed to the C method |
201
|
|
|
|
|
|
|
|
202
|
|
|
|
|
|
|
=item update_user ( user, params ) |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
Should update the user object with params. |
205
|
|
|
|
|
|
|
It is used for saving the new password and verification token. |
206
|
|
|
|
|
|
|
|
207
|
|
|
|
|
|
|
=back |
208
|
|
|
|
|
|
|
|
209
|
|
|
|
|
|
|
=head2 VIRTUAL METHODS |
210
|
|
|
|
|
|
|
|
211
|
|
|
|
|
|
|
These methods have defaults - but should probably be overriden anyway. |
212
|
|
|
|
|
|
|
|
213
|
|
|
|
|
|
|
=over 4 |
214
|
|
|
|
|
|
|
|
215
|
|
|
|
|
|
|
=item wrap_text ( text ) |
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
Should return the html page containing the passed text fragment. By default it just adds |
218
|
|
|
|
|
|
|
the html and body tags. |
219
|
|
|
|
|
|
|
|
220
|
|
|
|
|
|
|
=item build_reply ( page_body ) |
221
|
|
|
|
|
|
|
|
222
|
|
|
|
|
|
|
Should return the PSGI response data structure. |
223
|
|
|
|
|
|
|
|
224
|
|
|
|
|
|
|
=item build_email ( to_address, link_to_the_reset_page ) |
225
|
|
|
|
|
|
|
|
226
|
|
|
|
|
|
|
Should create the email containing the link. |
227
|
|
|
|
|
|
|
|
228
|
|
|
|
|
|
|
=item send_mail ( mail ) |
229
|
|
|
|
|
|
|
|
230
|
|
|
|
|
|
|
Should send the mail (created by build_mail). |
231
|
|
|
|
|
|
|
|
232
|
|
|
|
|
|
|
=back |
233
|
|
|
|
|
|
|
|
234
|
|
|
|
|
|
|
=head2 OTHER METHODS |
235
|
|
|
|
|
|
|
|
236
|
|
|
|
|
|
|
=over 4 |
237
|
|
|
|
|
|
|
|
238
|
|
|
|
|
|
|
=item call ( env ) |
239
|
|
|
|
|
|
|
|
240
|
|
|
|
|
|
|
=back |
241
|
|
|
|
|
|
|
|
242
|
|
|
|
|
|
|
=head1 SEE ALSO |
243
|
|
|
|
|
|
|
|
244
|
|
|
|
|
|
|
L |
245
|
|
|
|
|
|
|
L |
246
|
|
|
|
|
|
|
|
247
|
|
|
|
|
|
|
=head1 AUTHOR |
248
|
|
|
|
|
|
|
|
249
|
|
|
|
|
|
|
Zbigniew Lukasiak |
250
|
|
|
|
|
|
|
|
251
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE |
252
|
|
|
|
|
|
|
|
253
|
|
|
|
|
|
|
This software is Copyright (c) 2011 by Zbigniew Lukasiak . |
254
|
|
|
|
|
|
|
|
255
|
|
|
|
|
|
|
This is free software, licensed under: |
256
|
|
|
|
|
|
|
|
257
|
|
|
|
|
|
|
The Artistic License 2.0 (GPL Compatible) |
258
|
|
|
|
|
|
|
|
259
|
|
|
|
|
|
|
=cut |
260
|
|
|
|
|
|
|
|
261
|
|
|
|
|
|
|
|
262
|
|
|
|
|
|
|
__END__ |