File Coverage

blib/lib/Catalyst/ActionRole/RequireSSL.pm
Criterion Covered Total %
statement 1 3 33.3
branch n/a
condition n/a
subroutine 1 1 100.0
pod n/a
total 2 4 50.0


line stmt bran cond sub pod time code
1             package Catalyst::ActionRole::RequireSSL;
2             {
3             $Catalyst::ActionRole::RequireSSL::VERSION = '0.07';
4             }
5              
6 1     1   1617 use Moose::Role;
  0            
  0            
7             with 'Catalyst::ActionRole::RequireSSL::Role';
8             use namespace::autoclean;
9              
10             =head1 NAME
11              
12             Catalyst::ActionRole::RequireSSL - Force an action to be secure only.
13              
14             =head1 VERSION
15              
16             version 0.07
17              
18             =head1 SYNOPSIS
19              
20             package MyApp::Controller::Foo;
21              
22             use parent qw/Catalyst::Controller::ActionRole/;
23              
24             sub bar : Local Does('RequireSSL') { ... }
25             sub bar : Local Does('NoSSL') { ... }
26            
27             =head2 HIERARCHY
28              
29             You can chain the SSL Roles to allow for enforced combinations such as all
30             secure apart from a certain action and vice versa. See the tests to see this
31             in action.
32            
33             =cut
34              
35             around execute => sub {
36             my $orig = shift;
37             my $self = shift;
38             my ($controller, $c) = @_;
39            
40             unless(defined $c->config->{require_ssl}->{disabled}) {
41             $c->config->{require_ssl}->{disabled} =
42             $c->engine->isa("Catalyst::Engine::HTTP") ? 1 : 0;
43             }
44             #use Data::Dumper;warn Dumper($c->action);
45             if (!$c->req->secure && $c->req->method eq "POST"
46             && !$c->config->{require_ssl}->{ignore_on_post})
47             {
48             $c->error("Cannot secure request on POST")
49             }
50              
51             unless(
52             $c->config->{require_ssl}->{disabled} ||
53             $c->req->secure ||
54             $c->req->method eq "POST" ||
55             !$self->check_chain($c)
56             ) {
57             my $uri = $c->req->uri->clone;
58             $uri->scheme('https');
59             $c->res->redirect( $uri );
60             $c->detach();
61             } else {
62             $c->log->warn("Would've redirected to SSL")
63             if $c->config->{require_ssl}->{disabled} && $c->debug;
64             $self->$orig( @_ );
65             }
66             };
67              
68             1;
69              
70             =head1 AUTHOR
71              
72             Simon Elliott <cpan@papercreatures.com>
73              
74             =head1 THANKS
75              
76             Andy Grundman, <andy@hybridized.org> for the original RequireSSL Plugin
77              
78             t0m (Tomas Doran), zamolxes (Bogdan Lucaciu), wreis (Wallace Reis)
79              
80             =head1 COPYRIGHT & LICENSE
81              
82             Copyright 2009 by Simon Elliott
83              
84             This program is free software; you can redistribute it and/or modify it under
85             the same terms as Perl itself.