File Coverage

blib/lib/Catalyst/Plugin/Session/State/Header.pm
Criterion Covered Total %
statement 19 38 50.0
branch 1 8 12.5
condition 0 6 0.0
subroutine 5 9 55.5
pod 5 5 100.0
total 30 66 45.4


line stmt bran cond sub pod time code
1             package Catalyst::Plugin::Session::State::Header;
2 2     2   22554 use Moose;
  2         968206  
  2         14  
3 2     2   15837 use namespace::autoclean;
  2         19016  
  2         11  
4             extends 'Catalyst::Plugin::Session::State';
5              
6 2     2   168 use MRO::Compat;
  2         4  
  2         46  
7 2     2   1705 use Catalyst::Utils ();
  2         377991  
  2         869  
8              
9             our $VERSION = '0.01';
10              
11             sub extend_session_id {
12 0     0 1 0 my ( $c, $sid, $expires ) = @_;
13              
14 0         0 $c->maybe::next::method( $sid, $expires );
15             }
16              
17             sub set_session_id {
18 0     0 1 0 my ( $c, $sid ) = @_;
19              
20 0         0 return $c->maybe::next::method($sid);
21             }
22              
23             sub get_session_id {
24 0     0 1 0 my $c = shift;
25              
26 0         0 my $path = uni_path($c->request->path());
27              
28 0         0 my $cfg = $c->_session_plugin_config();
29 0 0 0     0 if ($cfg->{allowed_uri} && $path !~ m/$cfg->{allowed_uri}/s) {
30 0         0 $c->log->debug("URI $path is not allowed for header authentication");
31 0         0 return $c->maybe::next::method(@_);
32             }
33              
34 0 0 0     0 if ($cfg->{auth_header} and my $sid = $c->request->header($cfg->{auth_header})) {
35 0         0 $c->log->debug("Header was found: $sid");
36 0 0       0 if (!$c->validate_session_id($sid)) {
37 0         0 $c->log->debug("Session id, that was provided in header, is invalid");
38 0         0 return $c->maybe::next::method(@_);
39             }
40 0         0 return $sid;
41             }
42 0         0 return $c->maybe::next::method(@_);
43             }
44              
45             sub delete_session_id {
46 0     0 1 0 my ( $c, $sid ) = @_;
47              
48 0         0 $c->maybe::next::method($sid);
49             }
50              
51              
52             sub uni_path {
53 5     5 1 1942 my ($path) = @_;
54              
55 5 50       13 return '' unless $path;
56 5         19 $path =~ s|\/{2,}|/|gs;
57 5         12 $path =~ s|^\/+||s;
58 5         16 $path =~ s|\/+$||s;
59 5         12 $path = '/' . $path . '/';
60 5         17 return $path;
61             }
62              
63             __PACKAGE__
64              
65             __END__
66              
67             =pod
68              
69             =head1 NAME
70              
71             Catalyst::Plugin::Session::State::Header - Manipulate session IDs by auth headers.
72              
73             =head1 SYNOPSIS
74              
75             use Catalyst qw/Session Session::State::Header Session::Store::Foo/;
76             ...;
77             __PACKAGE__->config('Plugin::Session' => {
78             auth_header => 'x-auth',
79             allowed_uri => '^/api/',
80             });
81              
82             =head1 DESCRIPTION
83              
84             In order for L<Catalyst::Plugin::Session> to work the session data needs to be stored on the server. To link session on server with client we need to pass somehow session_id to the server, and server should accept it.
85              
86             This plugin accepts session_id using headers. It is usable for APIs, when we need to path auth information in the headers, for example, in x-auth header.
87              
88             =head1 CONFIGURATION
89              
90             =over 4
91              
92             =item auth_header
93              
94             Header name, in which authentication info should be passed. For example, x-auth.
95              
96             =item allowed_uri
97              
98             Regexp for URI validation. If specified, this plugin will be enabled only for paths matched by regexp that was provided. Otherwise, all URIs will be affected.
99              
100             =back
101              
102             =head1 METHODS
103              
104             =over 4
105              
106             =item extend_session_id
107              
108             =item set_session_id
109              
110             =item get_session_id
111              
112             =item delete_session_id
113              
114             =item uni_path
115              
116             Returns unified catalyst path with heading and ending slashes and withoud slash repetitions.
117             Catalyst path ($c->request->path()) returns controller path as is, so, it path could be:
118             api///login/
119             api/login
120             api/login///
121              
122             But for catalyst these paths are the same, so, this method will return /api/login/ for each of them.
123              
124             =back
125              
126             =head1 SEE ALSO
127              
128             L<Catalyst>
129             L<Catalyst::Plugin::Session>
130             L<Catalyst::Plugin::Session::State::Cookie>
131             L<Catalyst::Plugin::Session::State::URI>
132              
133             =head1 LICENSE
134              
135             This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.
136              
137             =cut
138