diff options
| author | Marius Halden <marius.h@lden.org> | 2021-10-07 13:32:40 +0200 |
|---|---|---|
| committer | Marius Halden <marius.h@lden.org> | 2021-10-07 13:32:40 +0200 |
| commit | 09dacfc6b8bf62addeee16c20b1d90c2a256da96 (patch) | |
| tree | 7caa2bf9e92227ab74448f9b746dd28bbcb81b2a /perllib/Catalyst/Authentication/Credential/AccessToken.pm | |
| parent | 585e57484f9c6332668bf1ac0a6a3b39dbe32223 (diff) | |
| parent | cea89fb87a96943708a1db0f646492fbfaaf000f (diff) | |
Merge tag 'v3.1' into fiksgatami-devfiksgatami-dev
Diffstat (limited to 'perllib/Catalyst/Authentication/Credential/AccessToken.pm')
| -rw-r--r-- | perllib/Catalyst/Authentication/Credential/AccessToken.pm | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/perllib/Catalyst/Authentication/Credential/AccessToken.pm b/perllib/Catalyst/Authentication/Credential/AccessToken.pm index 7827c936d..39364ad99 100644 --- a/perllib/Catalyst/Authentication/Credential/AccessToken.pm +++ b/perllib/Catalyst/Authentication/Credential/AccessToken.pm @@ -4,7 +4,7 @@ use strict; use warnings; use base 'Class::Accessor::Fast'; -__PACKAGE__->mk_accessors(qw(token_field token_lookup)); +__PACKAGE__->mk_accessors(qw(token_field)); our $VERSION = "0.01"; @@ -15,29 +15,37 @@ sub new { return $self; } -sub authenticate { - my ( $self, $c, $realm, $authinfo_ignored ) = @_; - +sub get_token { + my ($self, $c) = @_; my $auth_header = $c->req->header('Authorization') || ''; my ($token) = $auth_header =~ /^Bearer (.*)/i; $token ||= $c->get_param('access_token'); + return $token; +} + +sub authenticate { + my ( $self, $c, $realm, $authinfo_ignored ) = @_; + + my $token = $self->get_token($c); return unless $token; - my $field = $self->token_field || 'access_token'; + my $id; + ($id, $token) = split /-/, $token, 2; + return unless $id =~ /^[1-9]\d*$/; - my $value = $token; - if (my $lookup = $self->token_lookup) { - $value = {}; - foreach (keys %$lookup) { - my $v = $lookup->{$_}; - $v =~ s/TOKEN/$token/; - $value->{$_} = $v; - } - } - my $user_obj = $realm->find_user({ $field => $value }, $c); - if (ref $user_obj) { + my $user_obj = $realm->find_user({ id => $id }, $c); + if (ref($user_obj) && $self->check_token($user_obj, $token)) { return $user_obj; } + return; +} + +sub check_token { + my ($self, $user, $token) = @_; + + my $field = $self->token_field || 'access_token'; + my $value = $user->$field; + return $user->_column_encoders->{password}->($token, $value) eq $value; } __PACKAGE__; @@ -102,12 +110,6 @@ depending on the storage class used, but is most likely something like 'access_token'. In fact, this is so common that if this is left out of the config, it defaults to 'access_token'. -=item token_lookup - -If the token isn't a field on its own, but contained within another field, you -can provide a custom lookup here, where the string TOKEN in a value will be -replaced by the access token. - =back =head1 USAGE |