Koha::Token - Tokenizer
use Koha::Token;
my $tokenizer = Koha::Token->new;
my $token = $tokenizer->generate({ length => 20 });
# safely generate a CSRF token (nonblocking)
my $csrf_token = $tokenizer->generate({
type => 'CSRF', id => $id, secret => $secret,
});
# generate/check CSRF token with defaults and session id
my $csrf_token = $tokenizer->generate_csrf({ session_id => $x });
my $result = $tokenizer->check_csrf({
session_id => $x, token => $token,
});
Designed for providing general tokens.
Created due to the need for a nonblocking call to Bytes::Random::Secure
when generating a CSRF token.
Create object (via Class::Accessor).
my $token = $tokenizer->generate({ length => 20 });
my $csrf_token = $tokenizer->generate({
type => 'CSRF', id => $id, secret => $secret,
});
Generate several types of tokens. Now includes CSRF.
For non-CSRF tokens an optional pattern parameter overrides length.
Room for future extension.
Pattern parameter could be write down using this subset of regular expressions:
\w Alphanumeric + "_".
\d Digits.
\W Printable characters other than those in \w.
\D Printable characters other than those in \d.
. Printable characters.
[] Character classes.
{} Repetition.
* Same as {0,}.
? Same as {0,1}.
+ Same as {1,}.
Like: generate({ type => 'CSRF', ... })
Note: id defaults to userid from context, secret to database password.
session_id is mandatory; it is combined with id.
my $result = $tokenizer->check({
type => 'CSRF', id => $id, token => $token,
});
Check several types of tokens. Now includes CSRF.
Room for future extension.
Like: check({ type => 'CSRF', ... })
Note: id defaults to userid from context, secret to database password.
session_id is mandatory; it is combined with id.
Marcel de Rooy, Rijksmuseum Amsterdam, The Netherlands