Add x_csrf_and_mfa_protection helper

charsbar · charsbar · commit d53a7e4d8cb3 · 2024-04-28T15:55:01.000+09:00
diff --git a/lib/pause_2017/PAUSE/Web.pm b/lib/pause_2017/PAUSE/Web.pm
@@ -81,8 +81,9 @@ sub startup {
       my $action = $app->pause->config->action($name);
       for my $method (qw/get post/) {
         my $route = $private->$method("/$name");
-        $route->with_csrf_protection if $method eq "post" and $action->{x_csrf_protection};
-        $route->with_mfa_protection  if $method eq "post" and $action->{x_mfa_protection};
+        $route->with_csrf_protection         if $method eq "post" and $action->{x_csrf_protection};
+        $route->with_mfa_protection          if $method eq "post" and $action->{x_mfa_protection};
+        $route->with_csrf_and_mfa_protection if $method eq "post" and $action->{x_csrf_and_mfa_protection};
         $route->to($action->{x_mojo_to});
       }
     }
diff --git a/lib/pause_2017/PAUSE/Web/Config.pm b/lib/pause_2017/PAUSE/Web/Config.pm
@@ -428,8 +428,7 @@ our %Actions = (
     cat => "User/06Account/02",
     desc => "Change your password any time you want.",
     method => 'POST',
-    x_csrf_protection => 1,
-    x_mfa_protection => 1,
+    x_csrf_and_mfa_protection => 1,
     x_form => {
       HIDDENNAME => {form_type => "hidden_field"},
       ABRA => {form_type => "hidden_field"},
@@ -445,8 +444,7 @@ our %Actions = (
     cat => "User/06Account/01",
     desc => "Edit your user name, your email addresses (both public and secret one), change the URL of your homepage.",
     method => 'POST',
-    x_csrf_protection => 1,
-    x_mfa_protection => 1,
+    x_csrf_and_mfa_protection => 1,
     x_form => {
       HIDDENNAME => {form_type => "hidden_field"},
       pause99_edit_cred_fullname => {form_type => "text_field"},
diff --git a/lib/pause_2017/PAUSE/Web/Plugin/WithMFAProtection.pm b/lib/pause_2017/PAUSE/Web/Plugin/WithMFAProtection.pm
@@ -80,6 +80,13 @@ sub register {
         }
     );
 
+    $routes->add_shortcut(
+        with_csrf_and_mfa_protection => sub {
+            my ($route) = @_;
+            return $route->requires( with_csrf_protection => 1, with_mfa_protection => 1 );
+        }
+    );
+
     return;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -81,8 +81,9 @@ sub startup {`
`81`	`81`	`my $action = $app->pause->config->action($name);`
`82`	`82`	`for my $method (qw/get post/) {`
`83`	`83`	`my $route = $private->$method("/$name");`
`84`		`- $route->with_csrf_protection if $method eq "post" and $action->{x_csrf_protection};`
`85`		`- $route->with_mfa_protection if $method eq "post" and $action->{x_mfa_protection};`
	`84`	`+ $route->with_csrf_protection if $method eq "post" and $action->{x_csrf_protection};`
	`85`	`+ $route->with_mfa_protection if $method eq "post" and $action->{x_mfa_protection};`
	`86`	`+ $route->with_csrf_and_mfa_protection if $method eq "post" and $action->{x_csrf_and_mfa_protection};`
`86`	`87`	`$route->to($action->{x_mojo_to});`
`87`	`88`	`}`
`88`	`89`	`}`
Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,13 @@ sub register {`
`80`	`80`	`}`
`81`	`81`	`);`
`82`	`82`
	`83`	`+ $routes->add_shortcut(`
	`84`	`+ with_csrf_and_mfa_protection => sub {`
	`85`	`+ my ($route) = @_;`
	`86`	`+ return $route->requires( with_csrf_protection => 1, with_mfa_protection => 1 );`
	`87`	`+ }`
	`88`	`+ );`
	`89`	`+`
`83`	`90`	`return;`
`84`	`91`	`}`
`85`	`92`