Dancer-Session-Cookie-0.30/0000775000175000017500000000000013251260067015002 5ustar yanickyanickDancer-Session-Cookie-0.30/xt/0000775000175000017500000000000013251260067015435 5ustar yanickyanickDancer-Session-Cookie-0.30/xt/release/0000775000175000017500000000000013251260067017055 5ustar yanickyanickDancer-Session-Cookie-0.30/xt/release/unused-vars.t0000644000175000017500000000036213251260067021515 0ustar yanickyanick#!perl use Test::More 0.96 tests => 1; eval { require Test::Vars }; SKIP: { skip 1 => 'Test::Vars required for testing for unused vars' if $@; Test::Vars->import; subtest 'unused vars' => sub { all_vars_ok(); }; }; Dancer-Session-Cookie-0.30/lib/0000775000175000017500000000000013251260067015550 5ustar yanickyanickDancer-Session-Cookie-0.30/lib/Dancer/0000775000175000017500000000000013251260067016744 5ustar yanickyanickDancer-Session-Cookie-0.30/lib/Dancer/Session/0000775000175000017500000000000013251260067020367 5ustar yanickyanickDancer-Session-Cookie-0.30/lib/Dancer/Session/Cookie.pm0000644000175000017500000002014013251260067022131 0ustar yanickyanickpackage Dancer::Session::Cookie; our $AUTHORITY = 'cpan:YANICK'; # ABSTRACT: Encrypted cookie-based session backend for Dancer $Dancer::Session::Cookie::VERSION = '0.30'; use strict; use warnings; use 5.10.0; use parent 'Dancer::Session::Abstract'; use Session::Storage::Secure 0.010; use Crypt::CBC; use String::CRC32; use Crypt::Rijndael; use Time::Duration::Parse; use Dancer 1.3113 ':syntax'; # 1.3113 for on_reset_state and fixed after hook use Dancer::Cookie (); use Dancer::Cookies (); use Storable (); use MIME::Base64 (); use PerlX::Maybe; # crydec my $CIPHER = undef; my $STORE = undef; # cache session here instead of flushing/reading from cookie all the time my $SESSION = undef; sub is_lazy { 1 }; # avoid calling flush needlessly sub init { my ($self) = @_; $self->SUPER::init(); my $key = setting("session_cookie_key") # XXX default to smth with warning or die "The setting session_cookie_key must be defined"; my $duration = $self->_session_expires_as_duration; $CIPHER = Crypt::CBC->new( -key => $key, -cipher => 'Rijndael', ); $STORE = Session::Storage::Secure->new( secret_key => $key, sereal_encoder_options => { snappy => 1, stringify_unknown => 1 }, sereal_decoder_options => { validate_utf8 => 1 }, maybe default_duration => $duration, ); } # return our cached ID if we have it instead of looking in a cookie sub read_session_id { my ($self) = @_; return defined $SESSION ? $SESSION->id : $self->SUPER::read_session_id; } sub retrieve { my ( $class, $id ) = @_; # if we have a cached session, hand that back instead # of decrypting again return $SESSION if $SESSION && $SESSION->id eq $id; my $ses = eval { if ( my $hash = $STORE->decode($id) ) { # we recover a plain hash, so reconstruct into object bless $hash, $class; } else { _old_retrieve($id); } }; return $SESSION = $ses; } # support decoding old cookies sub _old_retrieve { my ($id) = @_; # 1. decrypt and deserialize $id my $plain_text = _old_decrypt($id); # 2. deserialize $plain_text && Storable::thaw($plain_text); } sub create { # cache the newly created session return $SESSION = Dancer::Session::Cookie->new; } # we don't write session ID when told; we do it in the after hook sub write_session_id { } # we don't flush when we're told; we do it in the after hook sub flush { } sub destroy { my $self = shift; # gross hack; replace guts with new session guts %$self = %{ Dancer::Session::Cookie->new }; return 1; } # Copied from Dancer::Session::Abstract::write_session_id and # refactored for testing hook 'after' => sub { my $response = shift; return unless $SESSION; # UGH! Awful hack because Dancer instantiates responses # and headers too many times and locks out new cookies $response->{_built_cookies} = 0; my $c = Dancer::Cookie->new( $SESSION->_cookie_params ); Dancer::Cookies->set_cookie_object( $c->name => $c ); }; # Make sure that the session is initially undefined for every request hook 'on_reset_state' => sub { my $is_forward = shift; undef $SESSION unless $is_forward; }; # modified from Dancer::Session::Abstract::write_session_id to add # support for session_cookie_path sub _cookie_params { my $self = shift; my $name = $self->session_name; my $duration = $self->_session_expires_as_duration; my %cookie = ( name => $name, value => $self->_cookie_value, path => setting('session_cookie_path') || '/', domain => setting('session_domain'), secure => setting('session_secure'), http_only => setting("session_is_http_only") // 1. ); if ( defined $duration ) { $cookie{expires} = time + $duration; } return %cookie; } # refactored for testing sub _cookie_value { my ($self) = @_; # copy self guts so we aren't serializing a blessed object. # we don't set expires, because default_duration will handle it return $STORE->encode( {%$self} ); } # session_expires could be natural language sub _session_expires_as_duration { my ($self) = @_; my $session_expires = setting('session_expires'); return unless defined $session_expires; my $duration = eval { parse_duration($session_expires) }; die "Could not parse session_expires: $session_expires" unless defined $duration; return $duration; } # legacy algorithm sub _old_decrypt { my $cookie = shift; $cookie =~ tr{_*-}{=+/}; $SIG{__WARN__} = sub { }; my ( $crc32, $plain_text ) = unpack "La*", $CIPHER->decrypt( MIME::Base64::decode($cookie) ); return $crc32 == String::CRC32::crc32($plain_text) ? $plain_text : undef; } 1; =pod =encoding UTF-8 =head1 NAME Dancer::Session::Cookie - Encrypted cookie-based session backend for Dancer =head1 VERSION version 0.30 =head1 SYNOPSIS Your F: session: "cookie" session_cookie_key: "this random key IS NOT very random" =head1 DESCRIPTION This module implements a session engine for sessions stored entirely in cookies. Usually only the B is stored in cookies and the session data itself is saved in some external storage, e.g. a database. This module allows you to avoid using external storage at all. Since a server cannot trust any data returned by clients in cookies, this module uses cryptography to ensure integrity and also secrecy. The data your application stores in sessions is completely protected from both tampering and analysis on the client-side. Do be aware that browsers limit the size of individual cookies, so this method is not suitable if you wish to store a large amount of data. Browsers typically limit the size of a cookie to 4KB, but that includes the space taken to store the cookie's name, expiration and other attributes as well as its content. =head1 CONFIGURATION The setting B should be set to C in order to use this session engine in a Dancer application. See L. Another setting is also required: B, which should contain a random string of at least 16 characters (shorter keys are not cryptographically strong using AES in CBC mode). The optional B setting can also be passed, which will provide the duration time of the cookie. If it's not present, the cookie won't have an expiration value. Here is an example configuration to use in your F: session: "cookie" session_cookie_key: "kjsdf07234hjf0sdkflj12*&(@*jk" session_expires: 1 hour Compromising B will disclose session data to clients and proxies or eavesdroppers and will also allow tampering, for example session theft. So, your F should be kept at least as secure as your database passwords or even more. Also, changing B will have an effect of immediate invalidation of all sessions issued with the old value of key. B can be used to control the path of the session cookie. The default is C. The global B setting is honored and a secure (https only) cookie will be used if set. =head1 DEPENDENCY This module depends on L. Legacy support is provided using L, L, L, L and L. =head1 SEE ALSO See L for details about session usage in route handlers. See L, L, L for alternative implementation of this mechanism. =head1 AUTHORS =over 4 =item * Alex Kapranoff =item * Alex Sukria =item * David Golden =item * Yanick Champoux =back =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2018, 2015, 2014, 2011 by Alex Kapranoff. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut __END__ # vim: ts=4 sts=4 sw=4 et: Dancer-Session-Cookie-0.30/Makefile.PL0000644000175000017500000000524313251260067016756 0ustar yanickyanick# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.011. use strict; use warnings; use 5.010000; use ExtUtils::MakeMaker; my %WriteMakefileArgs = ( "ABSTRACT" => "Encrypted cookie-based session backend for Dancer", "AUTHOR" => "Alex Kapranoff , Alex Sukria , David Golden , Yanick Champoux ", "CONFIGURE_REQUIRES" => { "ExtUtils::MakeMaker" => 0 }, "DISTNAME" => "Dancer-Session-Cookie", "LICENSE" => "perl", "MIN_PERL_VERSION" => "5.010000", "NAME" => "Dancer::Session::Cookie", "PREREQ_PM" => { "Crypt::CBC" => 0, "Crypt::Rijndael" => 0, "Dancer" => "1.3113", "Dancer::Cookie" => 0, "Dancer::Cookies" => 0, "Dancer::Session::Abstract" => 0, "MIME::Base64" => 0, "PerlX::Maybe" => 0, "Session::Storage::Secure" => "0.010", "Storable" => 0, "String::CRC32" => 0, "Time::Duration::Parse" => 0, "parent" => 0, "strict" => 0, "warnings" => 0 }, "TEST_REQUIRES" => { "Dancer::ModuleLoader" => 0, "Dancer::Test" => 0, "ExtUtils::MakeMaker" => 0, "File::Spec" => 0, "File::Temp" => 0, "FindBin" => 0, "HTTP::Cookies" => 0, "HTTP::Date" => 0, "HTTP::Request::Common" => 0, "IO::Handle" => 0, "IPC::Open3" => 0, "Plack" => "1.0029", "Plack::Test" => 0, "Test::Exception" => 0, "Test::More" => "0.96", "Test::NoWarnings" => 0, "Test::Requires" => 0 }, "VERSION" => "0.30", "test" => { "TESTS" => "t/*.t" } ); my %FallbackPrereqs = ( "Crypt::CBC" => 0, "Crypt::Rijndael" => 0, "Dancer" => "1.3113", "Dancer::Cookie" => 0, "Dancer::Cookies" => 0, "Dancer::ModuleLoader" => 0, "Dancer::Session::Abstract" => 0, "Dancer::Test" => 0, "ExtUtils::MakeMaker" => 0, "File::Spec" => 0, "File::Temp" => 0, "FindBin" => 0, "HTTP::Cookies" => 0, "HTTP::Date" => 0, "HTTP::Request::Common" => 0, "IO::Handle" => 0, "IPC::Open3" => 0, "MIME::Base64" => 0, "PerlX::Maybe" => 0, "Plack" => "1.0029", "Plack::Test" => 0, "Session::Storage::Secure" => "0.010", "Storable" => 0, "String::CRC32" => 0, "Test::Exception" => 0, "Test::More" => "0.96", "Test::NoWarnings" => 0, "Test::Requires" => 0, "Time::Duration::Parse" => 0, "parent" => 0, "strict" => 0, "warnings" => 0 ); unless ( eval { ExtUtils::MakeMaker->VERSION(6.63_03) } ) { delete $WriteMakefileArgs{TEST_REQUIRES}; delete $WriteMakefileArgs{BUILD_REQUIRES}; $WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs; } delete $WriteMakefileArgs{CONFIGURE_REQUIRES} unless eval { ExtUtils::MakeMaker->VERSION(6.52) }; WriteMakefile(%WriteMakefileArgs); Dancer-Session-Cookie-0.30/MANIFEST0000644000175000017500000000072513251260067016135 0ustar yanickyanickCONTRIBUTING.md CONTRIBUTORS Changes INSTALL LICENSE MANIFEST MANIFEST.SKIP META.json META.yml Makefile.PL README.mkdn SIGNATURE cpanfile dist.ini doap.xml lib/Dancer/Session/Cookie.pm t/00-compile.t t/00-report-prereqs.dd t/00-report-prereqs.t t/01-session.t t/02-configfile.t t/03-path.t t/04-session_name.t t/05-session_secure.t t/06-redirect.t t/data/config.yml t/redirect-session-dancer.t t/server.t t/session-stealing.t t/store-objects.t xt/release/unused-vars.t Dancer-Session-Cookie-0.30/Changes0000644000175000017500000000770413251260067016303 0ustar yanickyanickRevision history for Dancer-Session-Cookie 0.30 2018-03-11 [ ENHANCEMENTS ] - add a CONTRIBUTING file [GH#18, Paul Cochrane] - minor refactoring, bump minor Perl version to 5.10.0. [ STATISTICS ] - code churn: 5 files changed, 127 insertions(+), 26 deletions(-) 0.29 2018-02-19 [ MISC ] - Added appveyor integration for Windows CI. [GH#11, Paul Cochrane] - Set minimal Perl version to be 5.8. [GH#10, Paul Cochrane] - Misc code cleanup. [GH#14, GH#15, GH#16, GH#17, Paul Cochrane] - Added appveyor and travis badges to README. [GH#13, Paul Cochrane] [ STATISTICS ] - code churn: 12 files changed, 69 insertions(+), 21 deletions(-) 0.28 2018-02-10 [ BUG FIXES ] - Tests require Plack::Test v1.0029+. [GH#8, Mohammad S Anwar] [ DOCUMENTATION ] - Improve English flow of the POD. [GH#9, Paul Cochrane] [ STATISTICS ] - code churn: 10 files changed, 105 insertions(+), 48 deletions(-) 0.27 2015-09-23 - Remode 'README.pod' from distribution. [GH#6] [ STATISTICS ] - code churn: 4 files changed, 62 insertions(+), 126 deletions(-) 0.26 2015-09-10 - Switch Test::WWW::Mechanize::PSGI for raw HTTP::Request/Response. (GH#5, xsawyerx) [ DOCUMENTATION ] - Document the 'session_expires' setting. - Warn about maximal cookie size. (GH#2 David Precious) [ STATISTICS ] - code churn: 10 files changed, 304 insertions(+), 192 deletions(-) 0.25 2014-08-04 [ MISC ] - Move tests from Test::TCP to Test::WWW::Mechanize::PSGI. [ STATISTICS ] - code churn: 5 files changed, 138 insertions(+), 174 deletions(-) 0.24 2014-07-29 [ MISC ] - Release again, this time with real co-maint permissions. [ STATISTICS ] - code churn: 1 file changed, 57 insertions(+), 53 deletions(-) 0.23 2014-07-17 [ CHANGED ] - Requires Session::Storage::Secure 0.010 to allow storing objects, which is specially relevant for JSON::bool data. [ STATISTICS ] - code churn: 8 files changed, 67 insertions(+), 119 deletions(-) 0.22 2013-05-31T23:38:07Z America/New_York [ CHANGED ] - Requires Session::Storage::Secure 0.007 for improved resistance to timing attacks 0.21 2013-05-08T22:33:10Z America/New_York - Require Dancer 1.3113 and use its new features to fix more bugs that caused sessions to not be set or reset correctly 0.20 2013-04-25T11:41:22Z America/New_York - Fix bug where session wasn't cleared correctly if route handler died while processing a request 0.19 2013-02-24T22:49:14Z America/New_York - Fix bug with session_expires always expiring a cookie early 0.18 2013-02-16T00:16:32Z America/New_York - Hack around Dancer bug that renders the request object headers repeatedly and locks out setting cookies after the first time 0.17 2013-02-07T15:36:58Z America/New_York - Fix localhost address used in tests 0.16 2013-02-01T14:39:14Z America/New_York - Now uses Session::Storage::Secure for encrypting and decrypting data; Legacy decryption is preserved in case old cookies need to be read. - Fix session destruction bug to ensure session is overwritten in the browser, not just no longer sent (David Golden) 0.15 2011-05-21 - skip test 02-configfile.t if YAML is not present FIX smoker test failure. (Alexis Sukrieh) 0.14 2011-03-12 [ Michael G. Schwern ] - Fix for Dancer > v1.3012 - Add support for session_secure to serve https only cookies. - Add missing MYMETA.yml - Make Dancer::Session::Cookie honor the session_name setting added to Dancer::Session::Abstract - Add session_cookie_path to control the path of the cookie. 0.13 2010-11-28T17:19:58Z - Some documentation fixes. No functional change. 0.12 2010-09-16T13:29:09Z - Fix a warning when testing against newer Dancer. No functional - change. 0.11 2010-02-17T16:12:21Z - Chase the ever-changing Dancer core :) No functional change. - More tests. 0.1 2010-02-02T17:20:11Z - First version separated from the Dancer core. No functional - change. Dancer-Session-Cookie-0.30/LICENSE0000644000175000017500000004375113251260067016017 0ustar yanickyanickThis software is copyright (c) 2018, 2015, 2014, 2011 by Alex Kapranoff. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2018, 2015, 2014, 2011 by Alex Kapranoff. This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2018, 2015, 2014, 2011 by Alex Kapranoff. This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End Dancer-Session-Cookie-0.30/README.mkdn0000644000175000017500000001006513251260067016612 0ustar yanickyanick[![Build Status](https://travis-ci.org/perldancer/Dancer-Session-Cookie.svg?branch=master)](https://travis-ci.org/perldancer/Dancer-Session-Cookie) [![AppVeyor Status](https://ci.appveyor.com/api/projects/status/github/perldancer/Dancer-Session-Cookie?branch=master&svg=true)](https://ci.appveyor.com/project/perldancer/Dancer-Session-Cookie) # NAME Dancer::Session::Cookie - Encrypted cookie-based session backend for Dancer # VERSION version 0.30 # SYNOPSIS Your `config.yml`: ``` session: "cookie" session_cookie_key: "this random key IS NOT very random" ``` # DESCRIPTION This module implements a session engine for sessions stored entirely in cookies. Usually only the **session id** is stored in cookies and the session data itself is saved in some external storage, e.g. a database. This module allows you to avoid using external storage at all. Since a server cannot trust any data returned by clients in cookies, this module uses cryptography to ensure integrity and also secrecy. The data your application stores in sessions is completely protected from both tampering and analysis on the client-side. Do be aware that browsers limit the size of individual cookies, so this method is not suitable if you wish to store a large amount of data. Browsers typically limit the size of a cookie to 4KB, but that includes the space taken to store the cookie's name, expiration and other attributes as well as its content. # CONFIGURATION The setting **session** should be set to `cookie` in order to use this session engine in a Dancer application. See [Dancer::Config](https://metacpan.org/pod/Dancer::Config). Another setting is also required: **session\_cookie\_key**, which should contain a random string of at least 16 characters (shorter keys are not cryptographically strong using AES in CBC mode). The optional **session\_expires** setting can also be passed, which will provide the duration time of the cookie. If it's not present, the cookie won't have an expiration value. Here is an example configuration to use in your `config.yml`: ``` session: "cookie" session_cookie_key: "kjsdf07234hjf0sdkflj12*&(@*jk" session_expires: 1 hour ``` Compromising **session\_cookie\_key** will disclose session data to clients and proxies or eavesdroppers and will also allow tampering, for example session theft. So, your `config.yml` should be kept at least as secure as your database passwords or even more. Also, changing **session\_cookie\_key** will have an effect of immediate invalidation of all sessions issued with the old value of key. **session\_cookie\_path** can be used to control the path of the session cookie. The default is `/`. The global **session\_secure** setting is honored and a secure (https only) cookie will be used if set. # DEPENDENCY This module depends on [Session::Storage::Secure](https://metacpan.org/pod/Session::Storage::Secure). Legacy support is provided using [Crypt::CBC](https://metacpan.org/pod/Crypt::CBC), [Crypt::Rijndael](https://metacpan.org/pod/Crypt::Rijndael), [String::CRC32](https://metacpan.org/pod/String::CRC32), [Storable](https://metacpan.org/pod/Storable) and [MIME::Base64](https://metacpan.org/pod/MIME::Base64). # SEE ALSO See [Dancer::Session](https://metacpan.org/pod/Dancer::Session) for details about session usage in route handlers. See [Plack::Middleware::Session::Cookie](https://metacpan.org/pod/Plack::Middleware::Session::Cookie), [Catalyst::Plugin::CookiedSession](https://metacpan.org/pod/Catalyst::Plugin::CookiedSession), ["session" in Mojolicious::Controller](https://metacpan.org/pod/Mojolicious::Controller#session) for alternative implementation of this mechanism. # AUTHORS - Alex Kapranoff - Alex Sukria - David Golden - Yanick Champoux [![endorse](http://api.coderwall.com/yanick/endorsecount.png)](http://coderwall.com/yanick) # COPYRIGHT AND LICENSE This software is copyright (c) 2018, 2015, 2014, 2011 by Alex Kapranoff. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Dancer-Session-Cookie-0.30/SIGNATURE0000644000175000017500000000475013251260067016272 0ustar yanickyanickThis file contains message digests of all files listed in MANIFEST, signed via the Module::Signature module, version 0.79. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: % cpansign -v It will check each file's integrity, as well as the signature's validity. If "==> Signature verified OK! <==" is not displayed, the distribution may already have been compromised, and you should not run its Makefile.PL or Build.PL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SHA1 7337942391c1847dd7715cf3c92e939f4506005e CONTRIBUTING.md SHA1 f778be0c8ec91a7fd8e9cb3b1c3c53acc644efdc CONTRIBUTORS SHA1 fbcf6cbbddbd7d78bfae0012ad7d1e53b6c46e39 Changes SHA1 a321e908c030834ed6272acb824d9d8daca6bb21 INSTALL SHA1 89a13f9a03bc6cbe43214137f0193d254cce70a1 LICENSE SHA1 a6ec7d8c76452df4758622f15a06ccd8a43d26dd MANIFEST SHA1 c5772bbbfecb397596dd40178064698e7dbfd09d MANIFEST.SKIP SHA1 1ae69704c8782bc007db1f565c81659ca200c44d META.json SHA1 bc1d635344468e9cc81d898726e59c7dc65c9c32 META.yml SHA1 d289d95df2fadb416201e5fe442f608dbb75fc86 Makefile.PL SHA1 b052331556c05f6174a5607e3f5d9fbe22974da2 README.mkdn SHA1 f51171a6038b87ea583eb5e79b7c789e9f8beee8 cpanfile SHA1 3bcf926f84c78823f189daca9f8314453e19bd68 dist.ini SHA1 927a550991cea1aa24413b4bc11a795e949d9cdb doap.xml SHA1 9ce4915d3b56bc6677eb46a1cd261bef9cd925b2 lib/Dancer/Session/Cookie.pm SHA1 c8544e1f6e736fc2afb174b1fb4805d7c2d4ce6e t/00-compile.t SHA1 4a112f11d67df14b82efea34305b2067e417370e t/00-report-prereqs.dd SHA1 504a672015f8761f5bad3863d844954c9e803c3f t/00-report-prereqs.t SHA1 d21e5ad49cc1904c7c9a2b594e78fa1d6c2f3aea t/01-session.t SHA1 76176634dfbd908f5e0ab6d5c3b4054283558a2b t/02-configfile.t SHA1 61007e42c5da7bcecf221c217b6e03d9732f1776 t/03-path.t SHA1 d814e225ff0c388c40ea713bdeaa5d27167439e6 t/04-session_name.t SHA1 a00dfdeb42af8f5f51cedd10af6292191ded2458 t/05-session_secure.t SHA1 cb5ef2a0c30d04dd1c8f46288cc6939b0c879b6d t/06-redirect.t SHA1 f6c45320f8fe14723a8f2e2510021c6b81d0ef0c t/data/config.yml SHA1 ef3efe74eaa6adc18decb91f91e9128ad7f44321 t/redirect-session-dancer.t SHA1 42f2d91a4fa0528a63bf5ec6fb133b4705e34035 t/server.t SHA1 009f3e10118b2ebcc40c4ef2758bf206646de523 t/session-stealing.t SHA1 4812e50ab48ffafa83d7711d4aa6d051bb7eb558 t/store-objects.t SHA1 d1fe7d94b3edc7847eb187d4ee41f66e19cf8907 xt/release/unused-vars.t -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlqlYDcACgkQ34Hwf+GwC4xwCACgkARBbRVcYmXcLalq+1e1/20t QBgAnRU0H68xnxZJxQYfVB7XPxCfMBPV =1+gP -----END PGP SIGNATURE----- Dancer-Session-Cookie-0.30/INSTALL0000644000175000017500000000177413251260067016042 0ustar yanickyanickThis is the Perl distribution Dancer-Session-Cookie. Installing Dancer-Session-Cookie is straightforward. ## Installation with cpanm If you have cpanm, you only need one line: % cpanm Dancer::Session::Cookie If you are installing into a system-wide directory, you may need to pass the "-S" flag to cpanm, which uses sudo to install the module: % cpanm -S Dancer::Session::Cookie ## Installing with the CPAN shell Alternatively, if your CPAN shell is set up, you should just be able to do: % cpan Dancer::Session::Cookie ## Manual installation As a last resort, you can manually install it. Download the tarball, untar it, then build it: % perl Makefile.PL % make && make test Then install it: % make install If you are installing into a system-wide directory, you may need to run: % sudo make install ## Documentation Dancer-Session-Cookie documentation is available as POD. You can run perldoc from a shell to read the documentation: % perldoc Dancer::Session::Cookie Dancer-Session-Cookie-0.30/CONTRIBUTORS0000644000175000017500000000066213251260067016664 0ustar yanickyanick # DANCER-SESSION-COOKIE CONTRIBUTORS # This is the (likely incomplete) list of people who have helped make this distribution what it is, either via code contributions, patches, bug reports, help with troubleshooting, etc. A huge 'thank you' to all of them. * Breno G. de Oliveira * David Precious * Michael G. Schwern * Mohammad S Anwar * Neil Kirsopp * Nick S. Knutov * Paul Cochrane * Sawyer X Dancer-Session-Cookie-0.30/META.json0000644000175000017500000000630413251260067016424 0ustar yanickyanick{ "abstract" : "Encrypted cookie-based session backend for Dancer", "author" : [ "Alex Kapranoff ", "Alex Sukria ", "David Golden ", "Yanick Champoux " ], "dynamic_config" : 0, "generated_by" : "Dist::Zilla version 6.011, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : "2" }, "name" : "Dancer-Session-Cookie", "prereqs" : { "configure" : { "requires" : { "ExtUtils::MakeMaker" : "0" } }, "develop" : { "requires" : { "Test::More" : "0.96", "Test::Vars" : "0" } }, "runtime" : { "requires" : { "Crypt::CBC" : "0", "Crypt::Rijndael" : "0", "Dancer" : "1.3113", "Dancer::Cookie" : "0", "Dancer::Cookies" : "0", "Dancer::Session::Abstract" : "0", "MIME::Base64" : "0", "PerlX::Maybe" : "0", "Session::Storage::Secure" : "0.010", "Storable" : "0", "String::CRC32" : "0", "Time::Duration::Parse" : "0", "parent" : "0", "perl" : "v5.10.0", "strict" : "0", "warnings" : "0" } }, "test" : { "recommends" : { "CPAN::Meta" : "2.120900" }, "requires" : { "Dancer::ModuleLoader" : "0", "Dancer::Test" : "0", "ExtUtils::MakeMaker" : "0", "File::Spec" : "0", "File::Temp" : "0", "FindBin" : "0", "HTTP::Cookies" : "0", "HTTP::Date" : "0", "HTTP::Request::Common" : "0", "IO::Handle" : "0", "IPC::Open3" : "0", "Plack" : "1.0029", "Plack::Test" : "0", "Test::Exception" : "0", "Test::More" : "0.96", "Test::NoWarnings" : "0", "Test::Requires" : "0" } } }, "provides" : { "Dancer::Session::Cookie" : { "file" : "lib/Dancer/Session/Cookie.pm", "version" : "0.30" } }, "release_status" : "stable", "resources" : { "bugtracker" : { "web" : "https://github.com/perldancer/Dancer-Session-Cookie/issues" }, "homepage" : "https://github.com/perldancer/Dancer-Session-Cookie", "repository" : { "type" : "git", "url" : "https://github.com/perldancer/Dancer-Session-Cookie.git", "web" : "https://github.com/perldancer/Dancer-Session-Cookie" } }, "version" : "0.30", "x_authority" : "cpan:YANICK", "x_contributors" : [ "Breno G. de Oliveira ", "David Precious ", "Michael G. Schwern ", "Mohammad S Anwar ", "Neil Kirsopp ", "Nick S. Knutov ", "Paul Cochrane ", "Sawyer X " ], "x_serialization_backend" : "JSON::XS version 3.01" } Dancer-Session-Cookie-0.30/META.yml0000644000175000017500000000370213251260067016253 0ustar yanickyanick--- abstract: 'Encrypted cookie-based session backend for Dancer' author: - 'Alex Kapranoff ' - 'Alex Sukria ' - 'David Golden ' - 'Yanick Champoux ' build_requires: Dancer::ModuleLoader: '0' Dancer::Test: '0' ExtUtils::MakeMaker: '0' File::Spec: '0' File::Temp: '0' FindBin: '0' HTTP::Cookies: '0' HTTP::Date: '0' HTTP::Request::Common: '0' IO::Handle: '0' IPC::Open3: '0' Plack: '1.0029' Plack::Test: '0' Test::Exception: '0' Test::More: '0.96' Test::NoWarnings: '0' Test::Requires: '0' configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 0 generated_by: 'Dist::Zilla version 6.011, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Dancer-Session-Cookie provides: Dancer::Session::Cookie: file: lib/Dancer/Session/Cookie.pm version: '0.30' requires: Crypt::CBC: '0' Crypt::Rijndael: '0' Dancer: '1.3113' Dancer::Cookie: '0' Dancer::Cookies: '0' Dancer::Session::Abstract: '0' MIME::Base64: '0' PerlX::Maybe: '0' Session::Storage::Secure: '0.010' Storable: '0' String::CRC32: '0' Time::Duration::Parse: '0' parent: '0' perl: v5.10.0 strict: '0' warnings: '0' resources: bugtracker: https://github.com/perldancer/Dancer-Session-Cookie/issues homepage: https://github.com/perldancer/Dancer-Session-Cookie repository: https://github.com/perldancer/Dancer-Session-Cookie.git version: '0.30' x_authority: cpan:YANICK x_contributors: - 'Breno G. de Oliveira ' - 'David Precious ' - 'Michael G. Schwern ' - 'Mohammad S Anwar ' - 'Neil Kirsopp ' - 'Nick S. Knutov ' - 'Paul Cochrane ' - 'Sawyer X ' x_serialization_backend: 'YAML::Tiny version 1.67' Dancer-Session-Cookie-0.30/cpanfile0000644000175000017500000000254213251260067016507 0ustar yanickyanickrequires "Crypt::CBC" => "0"; requires "Crypt::Rijndael" => "0"; requires "Dancer" => "1.3113"; requires "Dancer::Cookie" => "0"; requires "Dancer::Cookies" => "0"; requires "Dancer::Session::Abstract" => "0"; requires "MIME::Base64" => "0"; requires "PerlX::Maybe" => "0"; requires "Session::Storage::Secure" => "0.010"; requires "Storable" => "0"; requires "String::CRC32" => "0"; requires "Time::Duration::Parse" => "0"; requires "parent" => "0"; requires "perl" => "v5.10.0"; requires "strict" => "0"; requires "warnings" => "0"; on 'test' => sub { requires "Dancer::ModuleLoader" => "0"; requires "Dancer::Test" => "0"; requires "ExtUtils::MakeMaker" => "0"; requires "File::Spec" => "0"; requires "File::Temp" => "0"; requires "FindBin" => "0"; requires "HTTP::Cookies" => "0"; requires "HTTP::Date" => "0"; requires "HTTP::Request::Common" => "0"; requires "IO::Handle" => "0"; requires "IPC::Open3" => "0"; requires "Plack" => "1.0029"; requires "Plack::Test" => "0"; requires "Test::Exception" => "0"; requires "Test::More" => "0.96"; requires "Test::NoWarnings" => "0"; requires "Test::Requires" => "0"; }; on 'test' => sub { recommends "CPAN::Meta" => "2.120900"; }; on 'configure' => sub { requires "ExtUtils::MakeMaker" => "0"; }; on 'develop' => sub { requires "Test::More" => "0.96"; requires "Test::Vars" => "0"; }; Dancer-Session-Cookie-0.30/t/0000775000175000017500000000000013251260067015245 5ustar yanickyanickDancer-Session-Cookie-0.30/t/session-stealing.t0000644000175000017500000000361013251260067020717 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Test::More 0.96 import => ["!pass"]; use File::Temp; use HTTP::Date qw/str2time/; use Plack::Test; use HTTP::Cookies; use HTTP::Request::Common; my $tempdir = File::Temp->newdir; my $app = Plack::Test->create( build_app() ); # Two different browsers my @jars = map HTTP::Cookies->new, 1 .. 2; sub mk_request { my ( $app, $jar, $url, $check_ok ) = @_; defined $check_ok or $check_ok = 1; my $req = HTTP::Request::Common::GET("http://localhost$url"); $jar->add_cookie_header($req); my $res = $app->request($req); $jar->extract_cookies($res); $check_ok and ok( $res->is_success, "GET $url" ); return $res; } # Set foo to one and two respectively { mk_request( $app, $jars[0], '/?foo=one' ); mk_request( $app, $jars[1], '/?foo=two' ); } # Retrieve both stored { my $res = mk_request( $app, $jars[0], '/' ); is( $res->content, 'one', 'Correct content' ); } { my $res = mk_request( $app, $jars[1], '/' ); is( $res->content, 'two', 'Correct content' ); } { my $res = mk_request( $app, $jars[0], '/die', 0 ); is( $res->code, 500, 'we died' ); } { my $res = mk_request( $app, $jars[1], '/' ); is( $res->content, 'two', 'Two received after first died' ); } sub build_app { package MyApp; use Dancer ':tests', ':syntax'; set apphandler => 'PSGI'; set appdir => $tempdir; set access_log => 0; # quiet startup banner set session_cookie_key => "John has a long mustache"; set session => "cookie"; set show_traces => 1; set warnings => 1; set show_errors => 1; get '/die' => sub { die 'Bad route'; }; get '/' => sub { if (my $foo = param('foo')) { session(foo => $foo); } return session('foo'); }; dance; } done_testing; Dancer-Session-Cookie-0.30/t/data/0000775000175000017500000000000013251260067016156 5ustar yanickyanickDancer-Session-Cookie-0.30/t/data/config.yml0000644000175000017500000000003513251260067020142 0ustar yanickyanicksession_cookie_key: "secret" Dancer-Session-Cookie-0.30/t/04-session_name.t0000644000175000017500000000122113251260067020330 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Test::More import => ['!pass']; use Dancer; my $CLASS = 'Dancer::Session::Cookie'; use_ok $CLASS; note "test setup"; { set session_cookie_key => "The dolphins are in the jacuzzi"; } note "default session_name"; { my $session = $CLASS->create; is $session->session_name, "dancer.session"; } note "honors session_name setting"; { my $session = $CLASS->create; my $session_name = "stuff.session"; set session_name => $session_name; is $session->session_name, $session_name; my %cookie = $session->_cookie_params; is $cookie{name}, $session_name; } done_testing; Dancer-Session-Cookie-0.30/t/01-session.t0000644000175000017500000000215113251260067017330 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Test::More import => ['!pass']; use Test::Exception; use Test::NoWarnings; use strict; use warnings; use Dancer; use Dancer::ModuleLoader; BEGIN { plan tests => 11; use_ok 'Dancer::Session::Cookie' } my $session; throws_ok { $session = Dancer::Session::Cookie->create } qr/session_cookie_key must be defined/, 'requires session_cookie_key'; set session_cookie_key => 'test/secret*@?)'; lives_and { $session = Dancer::Session::Cookie->create } 'works'; is $@, '', 'Cookie session created'; isa_ok $session, 'Dancer::Session::Cookie'; can_ok $session, qw(init create retrieve destroy flush); my $value1 = $session->_cookie_value; ok defined($value1), 'cookie value is defined'; $session->{bar} = 'baz'; my $value2 = $session->_cookie_value; isnt $value2, $value1, "cookie value changed after storing data"; ok length($value2) > 20, 'length is a long string'; my $s = Dancer::Session::Cookie->retrieve($session->id); is_deeply $s, $session, 'session is retrieved'; $s = Dancer::Session::Cookie->retrieve('XXX'); is $s, undef, 'unknown session is not found'; Dancer-Session-Cookie-0.30/t/06-redirect.t0000644000175000017500000000322413251260067017455 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Test::More import => ["!pass"]; use Test::Requires { 'Plack' => '1.0029', }; use Plack::Test; use HTTP::Cookies; use HTTP::Request::Common; { package MyApp; use Dancer ':tests', ':syntax'; set apphandler => 'PSGI'; set appdir => ''; # quiet warnings not having an appdir set access_log => 0; # quiet startup banner set session_cookie_key => "John has a long mustache"; set session => "cookie"; hook before => sub { if ( !session('uid') && request->path_info !~ m{^/login} ) { return redirect '/login/'; } }; get '/logout/?' => sub { session 'uid' => undef; session->destroy; return redirect '/'; }; any '/login/?' => sub { return redirect '/' if session('uid'); return 'ok' if session('login'); session 'login' => undef; return 'login page'; }; } my $app = Plack::Test->create( MyApp->dance ); my $jar = HTTP::Cookies->new(); my $url = 'http://localhost'; my $redir_url; { my $res = $app->request( HTTP::Request::Common::GET("$url/") ); ok( $res->is_redirect, 'GET / redirects' ); is( $redir_url = $res->header('Location'), 'http://localhost/login/', 'Redirects to /login/', ); $jar->extract_cookies($res); } { my $req = HTTP::Request::Common::GET($redir_url); $jar->add_cookie_header($req); my $res = $app->request($req); ok( $res->is_success, 'GET / successful' ); is( $res->content, 'login page', 'Correct login page content' ); } done_testing; Dancer-Session-Cookie-0.30/t/00-report-prereqs.t0000644000175000017500000001273113251260067020643 0ustar yanickyanick#!perl use strict; use warnings; # This test was generated by Dist::Zilla::Plugin::Test::ReportPrereqs 0.021 use Test::More tests => 1; use ExtUtils::MakeMaker; use File::Spec; # from $version::LAX my $lax_version_re = qr/(?: undef | (?: (?:[0-9]+) (?: \. | (?:\.[0-9]+) (?:_[0-9]+)? )? | (?:\.[0-9]+) (?:_[0-9]+)? ) | (?: v (?:[0-9]+) (?: (?:\.[0-9]+)+ (?:_[0-9]+)? )? | (?:[0-9]+)? (?:\.[0-9]+){2,} (?:_[0-9]+)? ) )/x; # hide optional CPAN::Meta modules from prereq scanner # and check if they are available my $cpan_meta = "CPAN::Meta"; my $cpan_meta_pre = "CPAN::Meta::Prereqs"; my $HAS_CPAN_META = eval "require $cpan_meta; $cpan_meta->VERSION('2.120900')" && eval "require $cpan_meta_pre"; ## no critic # Verify requirements? my $DO_VERIFY_PREREQS = 1; sub _max { my $max = shift; $max = ( $_ > $max ) ? $_ : $max for @_; return $max; } sub _merge_prereqs { my ($collector, $prereqs) = @_; # CPAN::Meta::Prereqs object if (ref $collector eq $cpan_meta_pre) { return $collector->with_merged_prereqs( CPAN::Meta::Prereqs->new( $prereqs ) ); } # Raw hashrefs for my $phase ( keys %$prereqs ) { for my $type ( keys %{ $prereqs->{$phase} } ) { for my $module ( keys %{ $prereqs->{$phase}{$type} } ) { $collector->{$phase}{$type}{$module} = $prereqs->{$phase}{$type}{$module}; } } } return $collector; } my @include = qw( ); my @exclude = qw( ); # Add static prereqs to the included modules list my $static_prereqs = do 't/00-report-prereqs.dd'; # Merge all prereqs (either with ::Prereqs or a hashref) my $full_prereqs = _merge_prereqs( ( $HAS_CPAN_META ? $cpan_meta_pre->new : {} ), $static_prereqs ); # Add dynamic prereqs to the included modules list (if we can) my ($source) = grep { -f } 'MYMETA.json', 'MYMETA.yml'; if ( $source && $HAS_CPAN_META ) { if ( my $meta = eval { CPAN::Meta->load_file($source) } ) { $full_prereqs = _merge_prereqs($full_prereqs, $meta->prereqs); } } else { $source = 'static metadata'; } my @full_reports; my @dep_errors; my $req_hash = $HAS_CPAN_META ? $full_prereqs->as_string_hash : $full_prereqs; # Add static includes into a fake section for my $mod (@include) { $req_hash->{other}{modules}{$mod} = 0; } for my $phase ( qw(configure build test runtime develop other) ) { next unless $req_hash->{$phase}; next if ($phase eq 'develop' and not $ENV{AUTHOR_TESTING}); for my $type ( qw(requires recommends suggests conflicts modules) ) { next unless $req_hash->{$phase}{$type}; my $title = ucfirst($phase).' '.ucfirst($type); my @reports = [qw/Module Want Have/]; for my $mod ( sort keys %{ $req_hash->{$phase}{$type} } ) { next if $mod eq 'perl'; next if grep { $_ eq $mod } @exclude; my $file = $mod; $file =~ s{::}{/}g; $file .= ".pm"; my ($prefix) = grep { -e File::Spec->catfile($_, $file) } @INC; my $want = $req_hash->{$phase}{$type}{$mod}; $want = "undef" unless defined $want; $want = "any" if !$want && $want == 0; my $req_string = $want eq 'any' ? 'any version required' : "version '$want' required"; if ($prefix) { my $have = MM->parse_version( File::Spec->catfile($prefix, $file) ); $have = "undef" unless defined $have; push @reports, [$mod, $want, $have]; if ( $DO_VERIFY_PREREQS && $HAS_CPAN_META && $type eq 'requires' ) { if ( $have !~ /\A$lax_version_re\z/ ) { push @dep_errors, "$mod version '$have' cannot be parsed ($req_string)"; } elsif ( ! $full_prereqs->requirements_for( $phase, $type )->accepts_module( $mod => $have ) ) { push @dep_errors, "$mod version '$have' is not in required range '$want'"; } } } else { push @reports, [$mod, $want, "missing"]; if ( $DO_VERIFY_PREREQS && $type eq 'requires' ) { push @dep_errors, "$mod is not installed ($req_string)"; } } } if ( @reports ) { push @full_reports, "=== $title ===\n\n"; my $ml = _max( map { length $_->[0] } @reports ); my $wl = _max( map { length $_->[1] } @reports ); my $hl = _max( map { length $_->[2] } @reports ); if ($type eq 'modules') { splice @reports, 1, 0, ["-" x $ml, "", "-" x $hl]; push @full_reports, map { sprintf(" %*s %*s\n", -$ml, $_->[0], $hl, $_->[2]) } @reports; } else { splice @reports, 1, 0, ["-" x $ml, "-" x $wl, "-" x $hl]; push @full_reports, map { sprintf(" %*s %*s %*s\n", -$ml, $_->[0], $wl, $_->[1], $hl, $_->[2]) } @reports; } push @full_reports, "\n"; } } } if ( @full_reports ) { diag "\nVersions for all modules listed in $source (including optional ones):\n\n", @full_reports; } if ( @dep_errors ) { diag join("\n", "\n*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ***\n", "The following REQUIRED prerequisites were not satisfied:\n", @dep_errors, "\n" ); } pass; # vim: ts=4 sts=4 sw=4 et: Dancer-Session-Cookie-0.30/t/00-report-prereqs.dd0000644000175000017500000000542513251260067020771 0ustar yanickyanickdo { my $x = { 'configure' => { 'requires' => { 'ExtUtils::MakeMaker' => '0' } }, 'develop' => { 'requires' => { 'Test::More' => '0.96', 'Test::Vars' => '0' } }, 'runtime' => { 'requires' => { 'Crypt::CBC' => '0', 'Crypt::Rijndael' => '0', 'Dancer' => '1.3113', 'Dancer::Cookie' => '0', 'Dancer::Cookies' => '0', 'Dancer::Session::Abstract' => '0', 'MIME::Base64' => '0', 'PerlX::Maybe' => '0', 'Session::Storage::Secure' => '0.010', 'Storable' => '0', 'String::CRC32' => '0', 'Time::Duration::Parse' => '0', 'parent' => '0', 'perl' => 'v5.10.0', 'strict' => '0', 'warnings' => '0' } }, 'test' => { 'recommends' => { 'CPAN::Meta' => '2.120900' }, 'requires' => { 'Dancer::ModuleLoader' => '0', 'Dancer::Test' => '0', 'ExtUtils::MakeMaker' => '0', 'File::Spec' => '0', 'File::Temp' => '0', 'FindBin' => '0', 'HTTP::Cookies' => '0', 'HTTP::Date' => '0', 'HTTP::Request::Common' => '0', 'IO::Handle' => '0', 'IPC::Open3' => '0', 'Plack' => '1.0029', 'Plack::Test' => '0', 'Test::Exception' => '0', 'Test::More' => '0.96', 'Test::NoWarnings' => '0', 'Test::Requires' => '0' } } }; $x; }Dancer-Session-Cookie-0.30/t/server.t0000644000175000017500000001341313251260067016740 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Test::More 0.96 import => ["!pass"]; use File::Temp; use HTTP::Date qw/str2time/; use Plack::Test; use HTTP::Cookies; use HTTP::Request::Common; my $tempdir = File::Temp->newdir; sub find_cookie { my ($res, $name) = @_; $name ||= 'dancer.session'; my @cookies = $res->header('set-cookie'); for my $c (@cookies) { next unless $c =~ /\Q$name\E/; return $c; } return; } sub extract_cookie { my ($res, $name) = @_; my $c = find_cookie($res, $name) or return; my @parts = split /;\s+/, $c; my %hash = map { my ( $k, $v ) = split /\s*=\s*/; $v ||= 1; ( lc($k), $v ) } @parts; $hash{expires} = str2time( $hash{expires} ) if $hash{expires}; return \%hash; } my @configs = ( { label => 'default config', settings => {}, }, { label => 'alternate name', settings => { session_name => "my_app_session", }, }, { label => 'expires 300', settings => { session_expires => 300, session_name => undef, }, }, { label => 'expires +1h', settings => { session_expires => "1 hour", }, }, ); my $url = 'http://localhost'; MAIN: for my $config ( @configs ) { my $app = Plack::Test->create( create_app( $config ) ); subtest $config->{label} => sub { # Simulate two different browsers with two different jars my @jars = map HTTP::Cookies->new, 1 .. 2; for my $jar (@jars) { subtest 'one browser' => sub { { my $req = HTTP::Request::Common::GET("$url/foo"); my $res = $app->request($req); $jar->extract_cookies($res); ok( $res->is_success, 'GET /foo' ); is( $res->content, 'hits: 0, last_hit: ', 'Got content', ); } ok( $jar->as_string, 'session cookie set' ); { my $req = HTTP::Request::Common::GET("$url/bar"); $jar->add_cookie_header($req); my $res = $app->request($req); ok( $res->is_success, 'GET /bar' ); $jar->extract_cookies($res); is( $res->content, "hits: 1, last_hit: foo", 'Got content', ); } { my $req = HTTP::Request::Common::GET("$url/forward"); $jar->add_cookie_header($req); my $res = $app->request($req); $jar->extract_cookies($res); ok( $res->is_success, 'GET /forward' ); is( $res->content, "hits: 2, last_hit: bar", "session not overwritten", ); } { my $req = HTTP::Request::Common::GET("$url/baz"); $jar->add_cookie_header($req); my $res = $app->request($req); $jar->extract_cookies($res); ok( $res->is_success, 'GET /baz' ); is( $res->content, "hits: 3, last_hit: whatever", 'Got content', ); } }; }; { my $req = HTTP::Request::Common::GET("$url/wibble"); $jars[0]->add_cookie_header($req); my $res = $app->request($req); $jars[0]->extract_cookies($res); ok( $res->is_success, 'GET /wibble' ); is( $res->content, "hits: 4, last_hit: baz", "session not overwritten", ); } my $redir_url; { my $req = HTTP::Request::Common::GET("$url/clear"); $jars[0]->add_cookie_header($req); my $res = $app->request($req); $jars[0]->extract_cookies($res); ok( $res->is_redirect, 'GET /clear' ); is( $redir_url = $res->header('Location'), 'http://localhost/postclear', 'Redirects to /postclear', ); } { my $req = HTTP::Request::Common::GET($redir_url); $jars[0]->add_cookie_header($req); my $res = $app->request($req); $jars[0]->extract_cookies($res); ok( $res->is_success, "GET $redir_url" ); is( $res->content, "hits: 0, last_hit: ", "session destroyed", ); } }; } sub create_app { my $config = shift; use Dancer ':tests', ':syntax'; set apphandler => 'PSGI'; set appdir => $tempdir; set access_log => 0; # quiet startup banner set session_cookie_key => "John has a long mustache"; set session => "cookie"; set show_traces => 1; set warnings => 1; set show_errors => 1; set %{$config->{settings}} if %{$config->{settings}}; get "/clear" => sub { session "useless" => 1; # force write/flush session->destroy; redirect '/postclear'; }; get "/forward" => sub { session ignore_me => 1; forward '/whatever'; }; get "/*" => sub { my $hits = session("hit_counter") || 0; my $last = session("last_hit") || ''; session hit_counter => $hits + 1; session last_hit => (splat)[0]; return "hits: $hits, last_hit: $last"; }; dance; } done_testing; Dancer-Session-Cookie-0.30/t/00-compile.t0000644000175000017500000000213113251260067017272 0ustar yanickyanickuse 5.006; use strict; use warnings; # this test was generated with Dist::Zilla::Plugin::Test::Compile 2.052 use Test::More; plan tests => 1 + ($ENV{AUTHOR_TESTING} ? 1 : 0); my @module_files = ( 'Dancer/Session/Cookie.pm' ); # no fake home requested my $inc_switch = -d 'blib' ? '-Mblib' : '-Ilib'; use File::Spec; use IPC::Open3; use IO::Handle; open my $stdin, '<', File::Spec->devnull or die "can't open devnull: $!"; my @warnings; for my $lib (@module_files) { # see L my $stderr = IO::Handle->new; my $pid = open3($stdin, '>&STDERR', $stderr, $^X, $inc_switch, '-e', "require q[$lib]"); binmode $stderr, ':crlf' if $^O eq 'MSWin32'; my @_warnings = <$stderr>; waitpid($pid, 0); is($?, 0, "$lib loaded ok"); if (@_warnings) { warn @_warnings; push @warnings, @_warnings; } } is(scalar(@warnings), 0, 'no warnings found') or diag 'got warnings: ', ( Test::More->can('explain') ? Test::More::explain(\@warnings) : join("\n", '', @warnings) ) if $ENV{AUTHOR_TESTING}; Dancer-Session-Cookie-0.30/t/03-path.t0000644000175000017500000000114113251260067016601 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Test::More import => ['!pass']; use Dancer; my $CLASS = 'Dancer::Session::Cookie'; use_ok $CLASS; note "test setup"; { set session_cookie_key => "The dolphins are in the jacuzzi"; } note "default path"; { my $session = Dancer::Session::Cookie->create; my %cookie = $session->_cookie_params; is $cookie{path}, "/"; } note "set the path"; { set session_cookie_path => "/some/thing"; my $session = Dancer::Session::Cookie->create; my %cookie = $session->_cookie_params; is $cookie{path}, "/some/thing"; } done_testing; Dancer-Session-Cookie-0.30/t/store-objects.t0000644000175000017500000000056413251260067020220 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Test::More tests => 1; { use Dancer ':tests'; set session_cookie_key => 'chocolate chips'; set session => 'Cookie'; get '/' => sub { session 'foo' => bless {}, 'SomeClass'; return 'ok'; } } use Dancer::Test; response_status_is '/' => 200, "session handles objects"; Dancer-Session-Cookie-0.30/t/02-configfile.t0000644000175000017500000000126613251260067017761 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Test::More import => ['!pass']; use Test::Exception; use Dancer; use Dancer::ModuleLoader; use Dancer::Session::Cookie; use FindBin; use File::Spec; use Test::Requires 'YAML'; plan tests => 3; my $session; throws_ok { $session = Dancer::Session::Cookie->create } qr/session_cookie_key must be defined/, 'still requires session_cookie_key'; set confdir => "$FindBin::Bin/data"; ok(-r File::Spec->catfile(setting('confdir'), 'config.yml'), 'config.yml is available'); Dancer::Config::load(); lives_and { $session = Dancer::Session::Cookie->create } 'session key loaded from config.yml'; is $@, '', "Cookie session created"; Dancer-Session-Cookie-0.30/t/redirect-session-dancer.t0000644000175000017500000000314613251260067022150 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Test::More import => ["!pass"]; use Test::Requires { 'Plack::Test' => 0, 'HTTP::Cookies' => 0, # available from Plack::Test 'HTTP::Request::Common' => 0, }; sub mk_request { my ( $app, $jar, $url, $check_ok ) = @_; defined $check_ok or $check_ok = 1; my $req = HTTP::Request::Common::GET("http://localhost$url"); $jar->add_cookie_header($req); my $res = $app->request($req); $jar->extract_cookies($res); $check_ok and ok( $res->is_success, "GET $url" ); return $res; } my $app = Plack::Test->create( create_app() ); my $jar = HTTP::Cookies->new; my $redir_url; { my $res = mk_request( $app, $jar, '/xxx', 0 ); ok( $res->is_redirect, 'GET /xxx redirects' ); is( $res->header('Location'), 'http://localhost/b', 'Redirects to /b', ); } { my $res = mk_request( $app, $jar, '/b' ); is( $res->content, '/xxx', 'Correct content' ); } sub create_app { package MyApp; use Dancer ':tests', ':syntax'; set apphandler => 'PSGI'; set appdir => ''; # quiet warnings not having an appdir set access_log => 0; # quiet startup banner set session_cookie_key => "John has a long mustache"; set session => "cookie"; get '/b' => sub { return session('abc'); }; hook 'before' => sub { my $a = request->path_info; if ( not request->path_info =~ m{^/(a|b|c)} ){ session abc => $a ; return redirect '/b'; } }; dance; } done_testing; Dancer-Session-Cookie-0.30/t/05-session_secure.t0000644000175000017500000000146113251260067020705 0ustar yanickyanick#!/usr/bin/env perl use strict; use warnings; use Dancer ':syntax'; use Dancer::Session::Cookie; use Test::More import => ["!pass"]; plan skip_all => "Dancer::Cookie->secure not supported in this version of Dancer" unless Dancer::Cookie->can("secure"); plan tests => 2; my $Session_Name = Dancer::Session::Cookie->session_name; note "session_secure off"; { set session_cookie_key => "secret squirrel"; set session => "cookie"; session foo => "bar"; my %cookie = session->_cookie_params; ok !$cookie{secure}, "secure off"; } note "session_secure on"; { delete Dancer::Cookies->cookies->{ $Session_Name }; set session_secure => 1; set session => "cookie"; session up => "down"; my %cookie = session->_cookie_params; ok $cookie{secure}, "secure on"; } Dancer-Session-Cookie-0.30/dist.ini0000644000175000017500000000103313251260067016441 0ustar yanickyanickname = Dancer-Session-Cookie author = Alex Kapranoff author = Alex Sukria author = David Golden author = Yanick Champoux license = Perl_5 copyright_holder = Alex Kapranoff [@ConfigSlicer] -bundle=@YANICK -remove=Covenant -remove=ReadmeFromPod NextVersion::Semantic.format=%d.%02d [GitHubREADME::Badge] phase = filemunge badges = travis badges = appveyor [Prereqs / TestRequires] Plack = 1.0029 HTTP::Cookies = 0 HTTP::Request::Common = 0 Dancer-Session-Cookie-0.30/MANIFEST.SKIP0000644000175000017500000000003113251260067016670 0ustar yanickyanick^Dancer-Session-Cookie.* Dancer-Session-Cookie-0.30/CONTRIBUTING.md0000644000175000017500000000655013251260067017237 0ustar yanickyanick# CONTRIBUTING Thank you for considering contributing to this distribution. This file contains instructions that will help you work with the source code. Please note that if you have any questions or difficulties, you can reach the maintainer through the [issue tracker](https://github.com/PerlDancer/Dancer-Session-Cookie/issues) (preferred), or by emailing the releaser directly. You are not strictly required to follow any of the steps in this document to submit a patch or bug report; these are recommendations, intended to help you (and help us help you faster). Please also note that this plugin is for use with Dancer 1 which has been superseded by Dancer 2, so it's possible that not all contributions can be accepted. ## Getting the code ## Branching Releases are prepared on the `release` branch, which is also the default Git branch. However, development takes place on the `master` branch, hence patches should be based upon it. Thus, after cloning the repository, one should check out the `master` branch: $ git checkout master Note that when you submit your pull request, you will need to ensure that GitHub isn't comparing your branch to the `release` branch (which will do so by default), however is comparing with the `master` branch, upon which you will have based your patch. ## Installing the base dependencies To install the dependencies, use [cpanm](https://metacpan.org/pod/App::cpanminus): $ cpanm --installdeps . Note that an upstream *development* dependency requires at least Perl 5.22, hence you need to be using at least this version. If you haven't done so already, consider using [perlbrew](https://perlbrew.pl/). ## Running the basic test suite Assuming that installing the dependencies went well, running the test suite should then be as simple as $ prove -lr t ## Installing all development dependencies The distribution is managed with [Dist::Zilla](https://metacpan.org/release/Dist-Zilla), hence you will need to install it before you can install the development dependencies: $ cpanm Dist::Zilla Afterwards, you can install the author-specific dependencies like so: $ dzil authordeps --missing | cpanm There are also additional dependencies necessary for testing and other development. Install these with $ dzil listdeps --author --missing | cpanm ## Running the full test suite Now that all required dependencies have been installed, running the full test suite should be as simple as: $ dzil test --author --release ## Travis All pull requests for this distribution will be automatically tested by [Travis](https://travis-ci.org/) and the build status will be reported on the pull request page. If your build fails, please take a look at the output. ## Contributor Names If you send a patch or pull request, your name and email address will be included in the documentation as a contributor (using the attribution on the commit or patch), unless you specifically request for it not to be. If you wish to be listed under a different name or address, you should submit a pull request to the .mailmap file to contain the correct mapping. [Check here](https://github.com/git/git/blob/master/Documentation/mailmap.txt) for more information on git's .mailmap files. This document is based upon [maxmind's distribution CONTRIBUTING documentation](https://github.com/maxmind/Dist-Zilla-PluginBundle-MAXMIND/blob/master/CONTRIBUTING.md). Dancer-Session-Cookie-0.30/doap.xml0000644000175000017500000001712013251260067016446 0ustar yanickyanick Dancer-Session-Cookie Encrypted cookie-based session backend for Dancer Alex Kapranoff Alex Sukria David Golden Yanick Champoux Breno G. de Oliveira David Precious Michael G. Schwern Mohammad S Anwar Neil Kirsopp Nick S. Knutov Paul Cochrane Sawyer X 0.1 2010-02-02T17:20:11Z 0.11 2010-02-17T16:12:21Z 0.12 2010-09-16T13:29:09Z 0.13 2010-11-28T17:19:58Z 0.14 2011-03-12 0.15 2011-05-21 0.16 2013-02-01T14:39:14Z 0.17 2013-02-07T15:36:58Z 0.18 2013-02-16T00:16:32Z 0.19 2013-02-24T22:49:14Z 0.20 2013-04-25T11:41:22Z 0.21 2013-05-08T22:33:10Z 0.22 2013-05-31T23:38:07Z 0.23 2014-07-17 0.24 2014-07-29 0.25 2014-08-04 0.26 2015-09-10 0.27 2015-09-23 0.28 2018-02-10 0.29 2018-02-19 Perl