Koha::Token - Tokenizer
use Koha::Token;
my $tokenizer = Koha::Token->new;
my $token = $tokenizer->generate({ length => 20 });
# safely generate a CSRF token (nonblocking)
my $csrf_token = $tokenizer->generate({
type => 'CSRF', id => $id, secret => $secret,
});
# generate/check CSRF token with defaults and session id
my $csrf_token = $tokenizer->generate_csrf({ session_id => $x });
my $result = $tokenizer->check_csrf({
session_id => $x, token => $token,
});
Designed for providing general tokens.
Created due to the need for a nonblocking call to Bytes::Random::Secure
when generating a CSRF token.
Create object (via Class::Accessor).
my $token = $tokenizer->generate({ length => 20 });
my $csrf_token = $tokenizer->generate({
type => 'CSRF', id => $id, secret => $secret,
});
Generate several types of tokens. Now includes CSRF.
Room for future extension.
Like: generate({ type => 'CSRF', ... })
Note: id defaults to userid from context, secret to database password.
session_id is mandatory; it is combined with id.
my $result = $tokenizer->check({
type => 'CSRF', id => $id, token => $token,
});
Check several types of tokens. Now includes CSRF.
Room for future extension.
Like: check({ type => 'CSRF', ... })
Note: id defaults to userid from context, secret to database password.
session_id is mandatory; it is combined with id.
Marcel de Rooy, Rijksmuseum Amsterdam, The Netherlands