Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Catalyst: Dev

RFC: Secure attribute for actions (patch inside)

 

 

Catalyst dev RSS feed   Index | Next | Previous | View Threaded


ido at cpan

Oct 20, 2006, 10:24 PM

Post #1 of 3 (919 views)
Permalink
RFC: Secure attribute for actions (patch inside)

Hi folks,


Below is a diff for a Secure attribute for actions.
Synopsis:

# forward to 'myaction' if insecure, then don't match foo.
sub foo : ... Secure('myaction') {
... secure only code here ...
}

# just don't match bar if insecure.
sub bar : ... Secure {
... secure only code here ...
}

...whether or not we are "secure" is determined by $c->req->secure.

Seeing as there is already a "secure" accessor for C::Request, I
think this is a logical next step if we want to remain consistent
with the DRY philosophy.

Ido

Index: lib/Catalyst/Base.pm
===================================================================
--- lib/Catalyst/Base.pm (revision 5192)
+++ lib/Catalyst/Base.pm (working copy)
@@ -322,6 +322,13 @@
return ( 'ActionClass', $value );
}

+# Secure attribute: do not let this action match unless $c->req->secure.
+sub _parse_Secure_attr {
+ my ( $self, $c, $name, $value ) = @_;
+ $value ||= '';
+ return ( 'Secure', $value );
+}
+
=head2 $self->_application

=head2 $self->_app
Index: lib/Catalyst/Action.pm
===================================================================
--- lib/Catalyst/Action.pm (revision 5192)
+++ lib/Catalyst/Action.pm (working copy)
@@ -78,6 +78,13 @@

sub match {
my ( $self, $c ) = @_;
+ if ( exists $self->attributes->{Secure} && !$c->req->secure ) {
+ # forward to argument if it is provided.
+ # otherwise don't forward anywhere if insecure, just don't match.
+ if ( length $self->attributes->{Secure} )
+ $c->forward( $self->attributes->{Secure} );
+ return 0; # don't match if Secure action && insecure pipe.
+ }
return 1 unless exists $self->attributes->{Args};
my $args = $self->attributes->{Args}[0];
return 1 unless defined($args) && length($args);


_______________________________________________
Catalyst-dev mailing list
Catalyst-dev [at] lists
http://lists.rawmode.org/mailman/listinfo/catalyst-dev


jon at jrock

Oct 21, 2006, 8:04 AM

Post #2 of 3 (876 views)
Permalink
Re: RFC: Secure attribute for actions (patch inside) [In reply to]

Did you test this?

> + if ( length $self->attributes->{Secure} )
> + $c->forward( $self->attributes->{Secure} );
> + return 0; # don't match if Secure action && insecure pipe.

With regards to the patch in general, I don't think this functionality is so
useful that every Catalyst class in existence (C::Base) needs the code,
though. Put it in a base class so that individual users can select which
classes need the functionality,

If you do that, you don't even need our approval; you can just push it to CPAN
yourself. Not that anyone would have any problems putting /that dist/ in
svn, though.

Also, unit tests are appreciated when submitting a patch.

Regards,
Jonathan Rockway

--
package JAPH;use Catalyst qw/-Debug/;($;=JAPH)->config(name => do {
$,.=reverse qw[Jonathan tsu rehton lre rekca Rockway][$_].[split //,
";$;"]->[$_].q; ;for 1..4;$,=~s;^.;;;$,});$;->setup;


ido at cpan

Oct 21, 2006, 10:38 AM

Post #3 of 3 (874 views)
Permalink
Re: RFC: Secure attribute for actions (patch inside) [In reply to]

Jon,
The functionality is not implemented in C::Base, it's implemented
in C::Action::match. Though that does bring up an interesting
point: _parse_*_attr (Global, Local, Path, etc.) should probably be
moved to C::Action from C::Base, since I don't think anything other
than an Action actually uses them... I just put the
_parse_Secure_attr function there to maintain consistency.

Cheers,
Ido


_______________________________________________
Catalyst-dev mailing list
Catalyst-dev [at] lists
http://lists.rawmode.org/mailman/listinfo/catalyst-dev

Catalyst dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.