<div dir="ltr">That looks reasonably sane to me apart from:<div><br></div><div><span style="font-size:12.8000001907349px"> my $input_hash {</span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px"> </span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px"> token => params->{token}</span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px"> </span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px"> }</span><br></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">which should be</span></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px"> my $input_hash = {</span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px"> </span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px"> token => params->{token}</span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px"> </span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px"> };</span><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">Andrew</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 17, 2015 at 2:42 PM, Richard Reina <span dir="ltr"><<a href="mailto:gatorreina@gmail.com" target="_blank">gatorreina@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><span class=""><br><div class="gmail_extra"><br><div class="gmail_quote">2015-09-17 4:44 GMT-05:00 Andrew Solomon <span dir="ltr"><<a href="mailto:andrew@geekuni.com" target="_blank">andrew@geekuni.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="gmail_extra">Hi Richard,<div><br></div><div>[Without knowing the full state diagram of the site you're setting up I'm not sure I'm really answering your question, however...]</div><div><br></div><div>What I can say is that when you send someone an email with a link to click, the corresponding GET route handler should *not* be assuming there's a session for that user since the web server's session cache may have been cleared before they respond to the email.</div><div><br></div><div>If you want the token attached to the user so that when they click on the link you know who's visiting, you should store the token in your database against the user's account.</div><div><br></div><div>Does that answer your question?</div><span><font color="#888888"><div><br></div><div>Andrew</div></font></span><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br></div></blockquote></div></div></blockquote></div><br></div></span><div class="gmail_extra">Hi Andrew, <br><br>So I end up with something like this?<br></div><span class=""><br>get '/reset/:token' => sub {<br><br></span> return template 'passreset' => {<br> <br> my $input_hash {<br> <br> token => params->{token}<br> <br> }<br><br> } # end of return<br><br> # compare against stored tokens<br> my ($matched_user_id) = User->lookup_tokens($input_hash->{token});<br><br> if ($user_id < 1) { # does not match<br><br> halt("Unauthorized");<br> <br> }<br> <br> # token matches that of user no 349.<br> <br> session mathced_user_id => $matched_user_id; <br> <br>};<span class=""><br><br><br>post '/reset/:token' => sub {<br><br></span> my $matched_userid;<br><br> if (! (defined session 'matched_user_id')) {<br><br></div> # not supposed to be here<br></div> redirect "/";<br><div><div> <br></div><div> } else {<br><br> $matched_userid = session 'matched_user_id';<br>}<br></div><div> <br> my $input_hash = { <br> <br> Psw1 => param('password1'),<br> Psw2 => param('password2'),<br> <br> }; <br> <br> # make sure passwords match eachother<br><br> # update password for user $matched_userid; <br> <br> <br>};<br><br><br></div></div></div>
<br>_______________________________________________<br>
dancer-users mailing list<br>
<a href="mailto:dancer-users@dancer.pm">dancer-users@dancer.pm</a><br>
<a href="http://lists.preshweb.co.uk/mailman/listinfo/dancer-users" rel="noreferrer" target="_blank">http://lists.preshweb.co.uk/mailman/listinfo/dancer-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Andrew Solomon<div><br></div><div>Mentor@Geekuni <a href="http://geekuni.com/" target="_blank">http://geekuni.com/</a></div><div><a href="http://www.linkedin.com/in/asolomon" target="_blank">http://www.linkedin.com/in/asolomon</a><br></div></div></div>
</div>