Koha::Token - Tokenizer
use Koha::Token; my $tokenizer = Koha::Token->new; my $token = $tokenizer->generate({ length => 20 }); # safely generate a CSRF token (nonblocking) my $csrf_token = $tokenizer->generate({ type => 'CSRF', id => $id, secret => $secret, }); # generate/check CSRF token with defaults and session id my $csrf_token = $tokenizer->generate_csrf({ session_id => $x }); my $result = $tokenizer->check_csrf({ session_id => $x, token => $token, });
Designed for providing general tokens. Created due to the need for a nonblocking call to Bytes::Random::Secure when generating a CSRF token.
Create object (via Class::Accessor).
my $token = $tokenizer->generate({ length => 20 }); my $csrf_token = $tokenizer->generate({ type => 'CSRF', id => $id, secret => $secret, }); Generate several types of tokens. Now includes CSRF. For non-CSRF tokens an optional pattern parameter overrides length. Room for future extension. Pattern parameter could be write down using this subset of regular expressions: \w Alphanumeric + "_". \d Digits. \W Printable characters other than those in \w. \D Printable characters other than those in \d. . Printable characters. [] Character classes. {} Repetition. * Same as {0,}. ? Same as {0,1}. + Same as {1,}.
Like: generate({ type => 'CSRF', ... }) Note: id defaults to userid from context, secret to database password. session_id is mandatory; it is combined with id.
my $result = $tokenizer->check({ type => 'CSRF', id => $id, token => $token, }); Check several types of tokens. Now includes CSRF. Room for future extension.
Like: check({ type => 'CSRF', ... }) Note: id defaults to userid from context, secret to database password. session_id is mandatory; it is combined with id.
Marcel de Rooy, Rijksmuseum Amsterdam, The Netherlands