use strict;
use warnings;
-use CGI;
-use CGI::Auth::Hybrid;
+use CGI qw/escapeHTML/;;
+use CGI::Auth::Flexible;
+use URI;
+use Data::Dumper;
+
+#use Carp::Always;
+$SIG{__DIE__} = sub { Carp::confess(@_) };
my $dump = "$ENV{'CAHTEST_HOME'}/dump";
-my $verifier = CGI::Auth::Hybrid->new_verifier(
- assocdb_path => "$dump/assoc.db",
- username_password_ok => sub { my ($c,$r,$u,$p)=@_; return $p eq 'sesame'; },
+my $verifier = CGI::Auth::Flexible->new_verifier(
+ username_password_error => sub {
+ my ($c,$r,$u,$p)=@_;
+ return $p eq 'sesame' ? undef : 'wrong password'
+ },
+ encrypted_only => 0,
+ promise_check_mutate => 1,
+ dir => $dump,
);
END { $verifier->disconnect() if $verifier; }
my $authreq = $verifier->new_request($q);
-$authreq->check_ok() or return;
+$authreq->check_ok() or exit;
my $cookie = $authreq->secret_cookie();
-my $url = url();
+my $url = $q->url();
my $hiddenhtml = $authreq->secret_hidden_html();
print <<END;
<body><h1>H1</h1>
<h1>again</h1>
+<h1>info<h1>
+<pre>
+END
+
+my $newurl = $authreq->url_with_query_params($authreq->chain_params());
+my $newurl_esc = escapeHTML($newurl);
+
+my $txt = Data::Dumper->Dump([$authreq->get_username(), $authreq->mutate_ok(),
+ $q->path_info(),
+ $authreq->chain_params(),
+ scalar $q->Vars()],
+ [qw(username mutate_ok path
+ authreq->chain_params() cgi->params())]);
+foreach my $l (split /\n/, $txt) {
+ print escapeHTML($l),"\n";
+}
+
+print <<END;
+</pre>
+<a href="$newurl_esc">$newurl_esc</a>
<form method="POST" action="$url">
$hiddenhtml
+<input type="submit" name="test_cgi_sponges" value="Make sponges">
+<input type="submit" name="test_cgi_worms" value="Make worms">
+<input type="submit" name="caf_logout" value="Logout">
+</form>
+<form method="POST" action="$url/extra">
+$hiddenhtml
+<input type="submit" name="test_cgi_append" value="Append">
+</form>
END