[dancer-users] route handler for a URL that matches a token
Richard Reina
gatorreina at gmail.com
Thu Sep 17 14:42:45 BST 2015
2015-09-17 4:44 GMT-05:00 Andrew Solomon <andrew at geekuni.com>:
> Hi Richard,
>
> [Without knowing the full state diagram of the site you're setting up I'm
> not sure I'm really answering your question, however...]
>
> What I can say is that when you send someone an email with a link to
> click, the corresponding GET route handler should *not* be assuming there's
> a session for that user since the web server's session cache may have been
> cleared before they respond to the email.
>
> If you want the token attached to the user so that when they click on the
> link you know who's visiting, you should store the token in your database
> against the user's account.
>
> Does that answer your question?
>
> Andrew
>
>>
>>
Hi Andrew,
So I end up with something like this?
get '/reset/:token' => sub {
return template 'passreset' => {
my $input_hash {
token => params->{token}
}
} # end of return
# compare against stored tokens
my ($matched_user_id) = User->lookup_tokens($input_hash->{token});
if ($user_id < 1) { # does not match
halt("Unauthorized");
}
# token matches that of user no 349.
session mathced_user_id => $matched_user_id;
};
post '/reset/:token' => sub {
my $matched_userid;
if (! (defined session 'matched_user_id')) {
# not supposed to be here
redirect "/";
} else {
$matched_userid = session 'matched_user_id';
}
my $input_hash = {
Psw1 => param('password1'),
Psw2 => param('password2'),
};
# make sure passwords match eachother
# update password for user $matched_userid;
};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.preshweb.co.uk/pipermail/dancer-users/attachments/20150917/454a4632/attachment.html>
More information about the dancer-users
mailing list