route handler for a URL that matches a token
Forgive me for being clueless, but can someone tell me how I can have route handler for a URL that matches a token. Such that a user can receive an email that says: Go here to reset your password http://myapp.com/resetJiOk49ld9oekdisJkflSS3ed (where JiOk49ld9oekdisJkflSS3ed is the token ) and then dancer would bring them to the template where they can reset their password. I can't seem to wrap my mind around how such a thing would work. get '/reset/'$token => sub { template 'pass_reset'; } post '/reset/'$token => sub { # let user reset password my $input_hash = { Pswd => param('password1'), PswdConfirm => param('password2'), }; template 'pass_reset'; }; Any help would be greatly appreciated. Thanks
Hi Richard Firstly with the GET request when you click on this http://myapp.com/reset/JiOk49ld9oekdisJkflSS3ed <http://myapp.com/resetJiOk49ld9oekdisJkflSS3ed> your route handler will be something like this (note ':' instead of '$'): get '/reset/:token' => sub { return template 'pass_reset' => { token => params->{token} }; }; This template views/pass_reset.tt will contain something like <form action="/reset/[% token %]" method="post"> <input type="password" name="password1"><br/> <input type="password" name="password2"><br/> <input type="submit" value="Submit"> </form> and back in the controller on clicking submit, it will be handled by post '/reset/:token' => sub { # do something to check params->{password1} eq params->{password2} ... }; (Please imagine the code above is scribbled on a blackboard - I haven't run it:) Andrew On Wed, Sep 16, 2015 at 10:26 PM, Richard Reina <gatorreina@gmail.com> wrote:
Forgive me for being clueless, but can someone tell me how I can have route handler for a URL that matches a token. Such that a user can receive an email that says:
Go here to reset your password http://myapp.com/resetJiOk49ld9oekdisJkflSS3ed (where JiOk49ld9oekdisJkflSS3ed is the token ) and then dancer would bring them to the template where they can reset their password.
I can't seem to wrap my mind around how such a thing would work.
get '/reset/'$token => sub {
template 'pass_reset';
}
post '/reset/'$token => sub { # let user reset password
my $input_hash = {
Pswd => param('password1'), PswdConfirm => param('password2'),
};
template 'pass_reset';
};
Any help would be greatly appreciated.
Thanks
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
-- Andrew Solomon Mentor@Geekuni http://geekuni.com/ http://www.linkedin.com/in/asolomon
2015-09-16 16:46 GMT-05:00 Andrew Solomon <andrew@geekuni.com>:
Hi Richard
Firstly with the GET request when you click on this
http://myapp.com/reset/JiOk49ld9oekdisJkflSS3ed <http://myapp.com/resetJiOk49ld9oekdisJkflSS3ed>
your route handler will be something like this (note ':' instead of '$'):
get '/reset/:token' => sub {
return template 'pass_reset' => { token => params->{token} };
};
This template views/pass_reset.tt will contain something like
<form action="/reset/[% token %]" method="post"> <input type="password" name="password1"><br/> <input type="password" name="password2"><br/> <input type="submit" value="Submit"> </form>
and back in the controller on clicking submit, it will be handled by
post '/reset/:token' => sub {
# do something to check params->{password1} eq params->{password2} ...
};
(Please imagine the code above is scribbled on a blackboard - I haven't run it:)
Andrew
Hi Andrew, Thank you for the reply. For the value of token in the url '/reset/:token' do I first set the value of token with my $token = get_token(); # subroutine that returns generated token session username => $token; so that it matches the urlJiOk49ld9oekdisJkflSS3ed <http://myapp.com/resetJiOk49ld9oekdisJkflSS3ed> link that was sent to the user in the email?
Hi Richard, [Without knowing the full state diagram of the site you're setting up I'm not sure I'm really answering your question, however...] What I can say is that when you send someone an email with a link to click, the corresponding GET route handler should *not* be assuming there's a session for that user since the web server's session cache may have been cleared before they respond to the email. If you want the token attached to the user so that when they click on the link you know who's visiting, you should store the token in your database against the user's account. Does that answer your question? Andrew On Thu, Sep 17, 2015 at 1:16 AM, Richard Reina <gatorreina@gmail.com> wrote:
2015-09-16 16:46 GMT-05:00 Andrew Solomon <andrew@geekuni.com>:
Hi Richard
Firstly with the GET request when you click on this
http://myapp.com/reset/JiOk49ld9oekdisJkflSS3ed <http://myapp.com/resetJiOk49ld9oekdisJkflSS3ed>
your route handler will be something like this (note ':' instead of '$'):
get '/reset/:token' => sub {
return template 'pass_reset' => { token => params->{token} };
};
This template views/pass_reset.tt will contain something like
<form action="/reset/[% token %]" method="post"> <input type="password" name="password1"><br/> <input type="password" name="password2"><br/> <input type="submit" value="Submit"> </form>
and back in the controller on clicking submit, it will be handled by
post '/reset/:token' => sub {
# do something to check params->{password1} eq params->{password2} ...
};
(Please imagine the code above is scribbled on a blackboard - I haven't run it:)
Andrew
Hi Andrew,
Thank you for the reply. For the value of token in the url '/reset/:token' do I first set the value of token with
my $token = get_token(); # subroutine that returns generated token
session username => $token;
so that it matches the urlJiOk49ld9oekdisJkflSS3ed <http://myapp.com/resetJiOk49ld9oekdisJkflSS3ed> link that was sent to the user in the email?
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
-- Andrew Solomon Mentor@Geekuni http://geekuni.com/ http://www.linkedin.com/in/asolomon
2015-09-17 4:44 GMT-05:00 Andrew Solomon <andrew@geekuni.com>:
Hi Richard,
[Without knowing the full state diagram of the site you're setting up I'm not sure I'm really answering your question, however...]
What I can say is that when you send someone an email with a link to click, the corresponding GET route handler should *not* be assuming there's a session for that user since the web server's session cache may have been cleared before they respond to the email.
If you want the token attached to the user so that when they click on the link you know who's visiting, you should store the token in your database against the user's account.
Does that answer your question?
Andrew
Hi Andrew,
So I end up with something like this? get '/reset/:token' => sub { return template 'passreset' => { my $input_hash { token => params->{token} } } # end of return # compare against stored tokens my ($matched_user_id) = User->lookup_tokens($input_hash->{token}); if ($user_id < 1) { # does not match halt("Unauthorized"); } # token matches that of user no 349. session mathced_user_id => $matched_user_id; }; post '/reset/:token' => sub { my $matched_userid; if (! (defined session 'matched_user_id')) { # not supposed to be here redirect "/"; } else { $matched_userid = session 'matched_user_id'; } my $input_hash = { Psw1 => param('password1'), Psw2 => param('password2'), }; # make sure passwords match eachother # update password for user $matched_userid; };
That looks reasonably sane to me apart from: my $input_hash { token => params->{token} } which should be my $input_hash = { token => params->{token} }; Andrew On Thu, Sep 17, 2015 at 2:42 PM, Richard Reina <gatorreina@gmail.com> wrote:
2015-09-17 4:44 GMT-05:00 Andrew Solomon <andrew@geekuni.com>:
Hi Richard,
[Without knowing the full state diagram of the site you're setting up I'm not sure I'm really answering your question, however...]
What I can say is that when you send someone an email with a link to click, the corresponding GET route handler should *not* be assuming there's a session for that user since the web server's session cache may have been cleared before they respond to the email.
If you want the token attached to the user so that when they click on the link you know who's visiting, you should store the token in your database against the user's account.
Does that answer your question?
Andrew
Hi Andrew,
So I end up with something like this?
get '/reset/:token' => sub {
return template 'passreset' => {
my $input_hash {
token => params->{token}
}
} # end of return
# compare against stored tokens my ($matched_user_id) = User->lookup_tokens($input_hash->{token});
if ($user_id < 1) { # does not match
halt("Unauthorized");
}
# token matches that of user no 349.
session mathced_user_id => $matched_user_id;
};
post '/reset/:token' => sub {
my $matched_userid;
if (! (defined session 'matched_user_id')) {
# not supposed to be here redirect "/";
} else {
$matched_userid = session 'matched_user_id'; }
my $input_hash = {
Psw1 => param('password1'), Psw2 => param('password2'),
};
# make sure passwords match eachother
# update password for user $matched_userid;
};
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
-- Andrew Solomon Mentor@Geekuni http://geekuni.com/ http://www.linkedin.com/in/asolomon
2015-09-17 9:06 GMT-05:00 Andrew Solomon <andrew@geekuni.com>:
That looks reasonably sane to me apart from:
my $input_hash {
token => params->{token}
}
which should be
my $input_hash = {
token => params->{token}
};
Hi Andrew,
That piece of code is the part that is giving me trouble. I have switched to using a scalar as since there is only one element that I seek to capture (the usrl/token) and because using a hash wasn't working either. Here is where I am: get '/reset/:token' => sub { my $incoming_token; return template 'passreset' => { $incoming_token = params->{token}, # LINE 554 }; # get stored tokens to match against $incoming_token my ($matched_user_id) = User->lookup_tokens($input_hash->{token}); But the it fails and the input at the console says: [MyApp:25074] core @2015-09-17 10:21:52> Entering hook core.app.before_request in (eval 77) l. 1 Odd number of elements in anonymous hash at /home/richard/Dancer2/MyApp/bin/../lib/MyApp.pm line 554. I am just trying to capture the value of the url so I can test if it matches the stored token. Help would be greeeaaaaaaatly appreciated as this s very frustrating. Thanks
17 Eyl 2015 18:31 tarihinde "Richard Reina" <gatorreina@gmail.com> yazdı:
2015-09-17 9:06 GMT-05:00 Andrew Solomon <andrew@geekuni.com>:
That looks reasonably sane to me apart from: my $input_hash {
token => params->{token}
}
which should be my $input_hash = {
token => params->{token}
};
Hi Andrew,
That piece of code is the part that is giving me trouble.
I have switched to using a scalar as since there is only one element that
I seek to capture (the usrl/token) and because using a hash wasn't working either.
Here is where I am:
get '/reset/:token' => sub {
my $incoming_token;
return template 'passreset' => {
$incoming_token = params->{token}, # LINE 554
};
You dont need define variable here. Also you should use "=>" instead of "=" as follow. incoming_token => params->{token}
# get stored tokens to match against $incoming_token my ($matched_user_id) = User->lookup_tokens($input_hash->{token});
But the it fails and the input at the console says:
[MyApp:25074] core @2015-09-17 10:21:52> Entering hook
core.app.before_request in (eval 77) l. 1
Odd number of elements in anonymous hash at /home/richard/Dancer2/MyApp/bin/../lib/MyApp.pm line 554.
I am just trying to capture the value of the url so I can test if it matches the stored token. Help would be greeeaaaaaaatly appreciated as this s very frustrating.
Thanks
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
Hi Richard Just to expand on what Kadir said. This my $hashref = { $incoming_token = params->{token}, # LINE 554 }; is equivalent to my $incoming_token = params->{token}; my $hashref = { $incoming_token }; which is incorrect since a hash is constructed of a sequence of key-value pairs, and hence the complaint that you have an odd number of elements in the hash. Andrew On Thu, Sep 17, 2015 at 5:22 PM, Kadir Beyazlı <kadirbeyazli@gmail.com> wrote:
17 Eyl 2015 18:31 tarihinde "Richard Reina" <gatorreina@gmail.com> yazdı:
2015-09-17 9:06 GMT-05:00 Andrew Solomon <andrew@geekuni.com>:
That looks reasonably sane to me apart from: my $input_hash {
token => params->{token}
}
which should be my $input_hash = {
token => params->{token}
};
Hi Andrew,
That piece of code is the part that is giving me trouble.
I have switched to using a scalar as since there is only one element
that I seek to capture (the usrl/token) and because using a hash wasn't working either.
Here is where I am:
get '/reset/:token' => sub {
my $incoming_token;
return template 'passreset' => {
$incoming_token = params->{token}, # LINE 554
};
You dont need define variable here. Also you should use "=>" instead of "=" as follow.
incoming_token => params->{token}
# get stored tokens to match against $incoming_token my ($matched_user_id) = User->lookup_tokens($input_hash->{token});
But the it fails and the input at the console says:
[MyApp:25074] core @2015-09-17 10:21:52> Entering hook
core.app.before_request in (eval 77) l. 1
Odd number of elements in anonymous hash at /home/richard/Dancer2/MyApp/bin/../lib/MyApp.pm line 554.
I am just trying to capture the value of the url so I can test if it matches the stored token. Help would be greeeaaaaaaatly appreciated as this s very frustrating.
Thanks
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
-- Andrew Solomon Mentor@Geekuni http://geekuni.com/ http://www.linkedin.com/in/asolomon
; You dont need define variable here. Also you should use "=>" instead of "=" as follow.
incoming_token => params->{token}
Ok, but now how can I access the value of incoming_token? Is it now a scalar? How can I use it to do for example if (incoming_token eq 'blahblablah) { #then do something } To me if it doesn't have $ in front of it I don't know how to handle it.
I have get '/list/:start/:end' => sub { return getlist(params->{start}, params->{end}); } in a working project. So params->{incoming_token} is the value you want. --john On 9/17/2015 11:28 AM, Richard Reina wrote:
; You dont need define variable here. Also you should use "=>" instead of "=" as follow.
incoming_token => params->{token}
Ok, but now how can I access the value of incoming_token? Is it now a scalar?
How can I use it to do for example
if (incoming_token eq 'blahblablah) { #then do something }
To me if it doesn't have $ in front of it I don't know how to handle it.
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
-- John J. McDermott, CPLP Learning and Performance Consultant jjm at jkintl.com 575/737-8556 Check out my security blog posts Add an A for the Arts To STEM and get STEAM and a strong engine to move forward.
Hi Richard, 17 Eyl 2015 20:29 tarihinde "Richard Reina" <gatorreina@gmail.com> yazdı:
; You dont need define variable here. Also you should use "=>" instead of
"=" as follow.
incoming_token => params->{token}
Ok, but now how can I access the value of incoming_token? Is it now a scalar?
How can I use it to do for example
if (incoming_token eq 'blahblablah) { #then do something }
To me if it doesn't have $ in front of it I don't know how to handle it.
Will not you use incoming_token at template file? If so, you will use like this [ IF incoming_token = value ] [ END ] You do not need to use $ to apply compare at template file.
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
2015-09-17 13:03 GMT-05:00 Kadir Beyazlı <kadirbeyazli@gmail.com>:
Hi Richard,
17 Eyl 2015 20:29 tarihinde "Richard Reina" <gatorreina@gmail.com> yazdı:
; You dont need define variable here. Also you should use "=>" instead of
"=" as follow.
incoming_token => params->{token}
Ok, but now how can I access the value of incoming_token? Is it now a scalar?
How can I use it to do for example
if (incoming_token eq 'blahblablah) { #then do something }
To me if it doesn't have $ in front of it I don't know how to handle it.
Will not you use incoming_token at template file? If so, you will use like this
[ IF incoming_token = value ]
[ END ]
You do not need to use $ to apply compare at template file.
Thanks for all the replies. Your suggestions were very helpful in getting it to work. Thanks again.
Hi Andrew,
So I end up with something like this?
get '/reset/:token' => sub {
return template 'passreset' => {
my $input_hash {
token => params->{token}
}
} # end of return
# compare against stored tokens my ($matched_user_id) = User->lookup_tokens($input_hash->{token});
if ($user_id < 1) { # does not match
halt("Unauthorized");
}
# token matches that of user no 349.
session mathced_user_id => $matched_user_id;
};
For the sake of Dancer2 posterity I should mention that I believe that my problem was caused by the fact that I was trying to capture the variable after the return. As Andy Beverly was kind enough to explain to me, once you return you return and the rest of the block of code is not executed. Capturing the variable -- in ways that all of your rightly suggested -- before the return solved my problem. I think I should also mention that D2 Auth::Extensible now takes care of all of this password reset business. So anyone wanting to deal with the pain that is a "password reset system" should look into it.
participants (4)
-
Andrew Solomon -
John McDermott, CPLP -
Kadir Beyazlı -
Richard Reina