Re: CGI::Application::Authentication and Static Pages

Sounds a little vague.. Can you describe your problem a little more? What are you protecting? Sensitive information? Subsctiption content? Why are you so worried about calls to runmodes? Your cgiapp should be expecting to get bogus data. In fact you should code a cgiapp as if 99.99% is going to be bogus and malicious data. Use CGI::Application::Plugin::Session, if youdon't already. You can use that to check a level of authentication you have put on someone, perhaps. With my cgiapps that are interfaces to sensitive material, i check and recheck every single tiny little call to the server. I assume at ALL states of my application, in ALL runmodes, that I am getting bad data, bogus data, malicious data, etc. You can have things like..

# uses CGI::Application::Plugin::Forward and Authen.. etc
# you must know these by now..

sub break_a_leg : Runmode {
  my $self = shift;
  $self->__check or return $self->forward('error');
  # ... do whatever... 

}

sub __check {
  my $self = shift;
  $self->authen or die('no way.');
  $self->_my_sub_check_user_input() or return 0;
  return 1;
}
[download]

And you can call check in every runmode. Furthermore, you are aware that with CGI::Application::Plugin::Authentication, you can block ALL runmodes NOT matching whatever.. such as..

#more incomplete code..
sub _authen_config {
   my $self = shift;

   # authenticate
   $self->authen->config(
      DRIVER => [
      'Generic',
         sub {
            return $self->_verify_credentials(@_);
         },
      ],
      LOGIN_SESSION_TIMEOUT => '45m', 
         # TODO  change to 35m for release
      CREDENTIALS =>  
    ['authen_username','authen_password','authen_captcha'],
      STORE => 'Session',
      LOGIN_RUNMODE => 'login',
   );
   $self->authen->protected_runmodes(qr/^(?!login)/);

   return 1;
}
[download]

Comment on Re: CGI::Application::Authentication and Static Pages Select or Download Code

Replies are listed 'Best First'.
Re^2: CGI::Application::Authentication and Static Pages by techcode (Hermit) on Jan 20, 2008 at 01:43 UTC
I hate to write (ok it's a macro - but still) even the my $self = shift; part in each runmode - and you have the check in each one? I've came up with this before Authen plugin was written ... == this is the "base module shared by all - I use base it instead of + CGI::App directly. package YPTP::App; use strict; use base 'CGI::Application'; use base 'YPTP::DataBase'; use base 'YPTP::Email'; use CGI::Application::Plugin::TT; # TemplateToolkit use CGI::Application::Plugin::Session; # CGI::Session use CGI::Application::Plugin::AutoRunmode; sub cgiapp_init { my $self = shift; .... ussual setup stuff ... } # In case most of pages are public - if not I set it to return 0 sub authorize { my $self = shift; return 1; } sub cgiapp_prerun { my ($self, $run_mode) = @_; # CGI::APP doesn't alow you to change runmode at init stage - say +if there is an error with # DB connection ... So I set it there and catch it here. if( $self->param('error') ){ $self->prerun_mode('ERROR'); } # Maybe only some runmodes need to be protected - so we send the r +unmode name to decide unless( $self->authorize($run_mode) ){ # Error $self->prerun_mode('NOT_AUTHORIZED'); } } === some module containing runmodes connected logically package YPTP::Runmodes::Admin; use strict; use base 'YPTP::App'; sub authorize { my $self = shift; my $runmode = shift; my $type = $self->session->param('type'); return 1 if($type eq 'admin'); # admin can do anything return 0; # everyone else can't do a thing } [download] I'm obviously using CGI::Application::Dispatch to decide which file/module to call. So for each file containing runmodes you can override the default authorize method and even check auth based on runmode to be called. `sub authorize { my $self = shift; my $runmode = shift; my $tip = $self->session->param('tip'); return 1 if($tip eq 'admin'); # Admin moze sve ! :) my $auth = { 'index' => 1, # everyone profil_forma => $tip eq 'poslodavac', profil_obrada => $tip eq 'poslodavac', '_default' => $tip eq 'poslodavac' }; if(defined $auth->{$runmode}) { return $auth->{$runmode}; } else { return $auth->{_default}; } }` [download] Have you tried freelancing? Check out Scriptlance - I work there. For more info about Scriptlance and freelancing in general check out my home node.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^2: CGI::Application::Authentication and Static Pages
by techcode (Hermit) on Jan 20, 2008 at 01:43 UTC

I've came up with this before Authen plugin was written ...

== this is the "base module shared by all - I use base *it* instead of
+ CGI::App directly.
package YPTP::App;
use strict;

use base 'CGI::Application';
use base 'YPTP::DataBase';
use base 'YPTP::Email';

use CGI::Application::Plugin::TT;           # TemplateToolkit
use CGI::Application::Plugin::Session;      # CGI::Session
use CGI::Application::Plugin::AutoRunmode;

sub cgiapp_init {
    my $self = shift;
    .... ussual setup stuff ...
}

# In case most of pages are public - if not I set it to return 0
sub authorize {
    my $self = shift;
    
    return 1;
}

sub cgiapp_prerun {
    my ($self, $run_mode) = @_;
    
    # CGI::APP doesn't alow you to change runmode at init stage - say 
+if there is an error with
    # DB connection ... So I set it there and catch it here. 
    if( $self->param('error') ){
        $self->prerun_mode('ERROR');
    }
    
    # Maybe only some runmodes need to be protected - so we send the r
+unmode name to decide
    unless( $self->authorize($run_mode) ){
        # Error
        $self->prerun_mode('NOT_AUTHORIZED');
    }  
}


=== some module containing runmodes connected logically
package YPTP::Runmodes::Admin;
use strict;

use base 'YPTP::App';

sub authorize {
    my $self     = shift;
    my $runmode    = shift;
    my $type    = $self->session->param('type');
    
    return 1 if($type eq 'admin');  # admin can do anything
    return 0;                # everyone else can't do a thing
}
[download]

sub authorize {
    my $self     = shift;
    my $runmode    = shift;
    my $tip     = $self->session->param('tip');
    
    return 1 if($tip eq 'admin'); # Admin moze sve ! :)
    
    my $auth = {
        'index'        => 1, # everyone
        profil_forma    => $tip eq 'poslodavac',
        profil_obrada    => $tip eq 'poslodavac',
        
        '_default'        => $tip eq 'poslodavac'
    };

    if(defined $auth->{$runmode}) {
        return $auth->{$runmode}; 
    } else {
        return $auth->{_default};
    } 
}
[download]

Have you tried freelancing? Check out Scriptlance - I work there. For more info about Scriptlance and freelancing in general check out my home node.

[reply]
[d/l]
[select]