File Coverage

blib/lib/Catalyst/Plugin/Session/State/Header.pm
Criterion Covered Total %
statement 20 39 51.2
branch 3 10 30.0
condition 0 6 0.0
subroutine 5 9 55.5
pod 5 5 100.0
total 33 69 47.8


line stmt bran cond sub pod time code
1             package Catalyst::Plugin::Session::State::Header;
2 2     2   23273 use Moose;
  2         954848  
  2         14  
3 2     2   16571 use namespace::autoclean;
  2         17297  
  2         9  
4             extends 'Catalyst::Plugin::Session::State';
5              
6 2     2   132 use MRO::Compat;
  2         5  
  2         42  
7 2     2   1714 use Catalyst::Utils ();
  2         159993  
  2         908  
8              
9             our $VERSION = '0.02';
10              
11             sub extend_session_id {
12 0     0 1 0 my ( $c, $sid, $expires ) = @_;
13              
14 0         0 $c->maybe::next::method( $sid, $expires );
15             }
16              
17             sub set_session_id {
18 0     0 1 0 my ( $c, $sid ) = @_;
19              
20 0         0 return $c->maybe::next::method($sid);
21             }
22              
23             sub get_session_id {
24 0     0 1 0 my $c = shift;
25              
26 0         0 my $path = uni_path($c->request->path());
27              
28 0         0 my $cfg = $c->_session_plugin_config();
29 0 0 0     0 if ($cfg->{allowed_uri} && $path !~ m/$cfg->{allowed_uri}/s) {
30 0         0 $c->log->debug("URI $path is not allowed for header authentication");
31 0         0 return $c->maybe::next::method(@_);
32             }
33              
34 0 0 0     0 if ($cfg->{auth_header} and my $sid = $c->request->header($cfg->{auth_header})) {
35 0         0 $c->log->debug("Header was found: $sid");
36 0 0       0 if (!$c->validate_session_id($sid)) {
37 0         0 $c->log->debug("Session id, that was provided in header, is invalid");
38 0         0 return $c->maybe::next::method(@_);
39             }
40 0         0 return $sid;
41             }
42 0         0 return $c->maybe::next::method(@_);
43             }
44              
45             sub delete_session_id {
46 0     0 1 0 my ( $c, $sid ) = @_;
47              
48 0         0 $c->maybe::next::method($sid);
49             }
50              
51              
52             sub uni_path {
53 7     7 1 3077 my ($path) = @_;
54              
55 7 50       18 return '/' unless $path;
56 7         26 $path =~ s|\/{2,}|/|gs;
57 7         18 $path =~ s|^\/+||s;
58 7         20 $path =~ s|\/+$||s;
59 7 100       22 return '/' unless $path;
60 5         11 $path = '/' . $path . '/';
61 5         19 return $path;
62             }
63              
64             __PACKAGE__
65              
66             __END__
67              
68             =pod
69              
70             =head1 NAME
71              
72             Catalyst::Plugin::Session::State::Header - Manipulate session IDs by auth headers.
73              
74             =head1 SYNOPSIS
75              
76             use Catalyst qw/Session Session::State::Header Session::Store::Foo/;
77             ...;
78             __PACKAGE__->config('Plugin::Session' => {
79             auth_header => 'x-auth',
80             allowed_uri => '^/api/',
81             });
82              
83             =head1 DESCRIPTION
84              
85             In order for L<Catalyst::Plugin::Session> to work the session data needs to be stored on the server. To link session on server with client we need to pass somehow session_id to the server, and server should accept it.
86              
87             This plugin accepts session_id using headers. It is usable for APIs, when we need to path auth information in the headers, for example, in x-auth header.
88              
89             =head1 CONFIGURATION
90              
91             =over 4
92              
93             =item auth_header
94              
95             Header name, in which authentication info should be passed. For example, x-auth.
96              
97             =item allowed_uri
98              
99             Regexp for URI validation. If specified, this plugin will be enabled only for paths matched by regexp that was provided. Otherwise, all URIs will be affected.
100              
101             =back
102              
103             =head1 METHODS
104              
105             =over 4
106              
107             =item extend_session_id
108              
109             =item set_session_id
110              
111             =item get_session_id
112              
113             =item delete_session_id
114              
115             =item uni_path
116              
117             Returns unified catalyst path with heading and ending slashes and withoud slash repetitions.
118             Catalyst path ($c->request->path()) returns controller path as is, so, it path could be:
119             api///login/
120             api/login
121             api/login///
122              
123             But for catalyst these paths are the same, so, this method will return /api/login/ for each of them.
124              
125             =back
126              
127             =head1 SEE ALSO
128              
129             L<Catalyst>
130             L<Catalyst::Plugin::Session>
131             L<Catalyst::Plugin::Session::State::Cookie>
132             L<Catalyst::Plugin::Session::State::URI>
133              
134             =head1 LICENSE
135              
136             This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.
137              
138             =cut
139