[dancer-users] route handler for a URL that matches a token

Andrew Solomon andrew at geekuni.com
Thu Sep 17 15:06:40 BST 2015 

That looks reasonably sane to me apart from:

  my $input_hash {

    token => params->{token}

    }

which should be

  my $input_hash =  {

    token => params->{token}

    };

Andrew

On Thu, Sep 17, 2015 at 2:42 PM, Richard Reina <gatorreina at gmail.com> wrote:

>
>
> 2015-09-17 4:44 GMT-05:00 Andrew Solomon <andrew at geekuni.com>:
>
>> Hi Richard,
>>
>> [Without knowing the full state diagram of the site you're setting up I'm
>> not sure I'm really answering your question, however...]
>>
>> What I can say is that when you send someone an email with a link to
>> click, the corresponding GET route handler should *not* be assuming there's
>> a session for that user since the web server's session cache may have been
>> cleared before they respond to the email.
>>
>> If you want the token attached to the user so that when they click on the
>> link you know who's visiting, you should store the token in your database
>> against the user's account.
>>
>> Does that answer your question?
>>
>> Andrew
>>
>>>
>>>
> Hi Andrew,
>
> So I end up with something like this?
>
> get '/reset/:token' => sub {
>
>     return template 'passreset' => {
>
>     my $input_hash {
>
>     token => params->{token}
>
>     }
>
>     } # end of return
>
>     # compare against stored tokens
>     my ($matched_user_id) = User->lookup_tokens($input_hash->{token});
>
>     if ($user_id < 1) { # does not match
>
>          halt("Unauthorized");
>
>     }
>
>      # token matches that of user no 349.
>
>     session mathced_user_id => $matched_user_id;
>
> };
>
>
> post '/reset/:token' => sub {
>
>     my $matched_userid;
>
>     if (! (defined session 'matched_user_id')) {
>
>      # not supposed to be here
>       redirect "/";
>
>     } else {
>
>         $matched_userid =  session 'matched_user_id';
> }
>
>    my $input_hash = {
>
>        Psw1 => param('password1'),
>        Psw2 => param('password2'),
>
>    };
>
>    # make sure passwords match eachother
>
>    # update password for user $matched_userid;
>
>
> };
>
>
>
> _______________________________________________
> dancer-users mailing list
> dancer-users at dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
>


-- 
Andrew Solomon

Mentor at Geekuni http://geekuni.com/
http://www.linkedin.com/in/asolomon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.preshweb.co.uk/pipermail/dancer-users/attachments/20150917/a413d35b/attachment.html>

More information about the dancer-users mailing list