chiark / gitweb /
javascript hijacking fix, docs are still wip
[cgi-auth-flexible.git] / test.cgi
index 289ac71..92fb7ee 100755 (executable)
--- a/test.cgi
+++ b/test.cgi
@@ -13,7 +13,10 @@ $SIG{__DIE__} = sub { Carp::confess(@_) };
 my $dump = "$ENV{'CAHTEST_HOME'}/dump";
 
 my $verifier = CGI::Auth::Flexible->new_verifier(
-    username_password_ok => sub { my ($c,$r,$u,$p)=@_; return $p eq 'sesame'; },
+    username_password_error => sub {
+        my ($c,$r,$u,$p)=@_;
+        return $p eq 'sesame' ? undef : 'wrong password'
+    },
     encrypted_only => 0,
     promise_check_mutate => 1,
     dir => $dump,
@@ -43,18 +46,22 @@ Set-Cookie: $cookie
 <pre>
 END
 
-my %vars = $q->Vars();
-delete $vars{caf_assochash};
+my $newurl = $authreq->url_with_query_params($authreq->chain_params());
+my $newurl_esc = escapeHTML($newurl);
 
 my $txt = Data::Dumper->Dump([$authreq->get_username(), $authreq->mutate_ok(),
-                              $q->path_info(), \%vars],
-                             [qw(username mutate_ok path params)]);
+                              $q->path_info(),
+                              $authreq->chain_params(),
+                              scalar $q->Vars()],
+                             [qw(username mutate_ok path
+                                 authreq->chain_params() cgi->params())]);
 foreach my $l (split /\n/, $txt) {
     print escapeHTML($l),"\n";
 }
 
 print <<END;
 </pre>
+<a href="$newurl_esc">$newurl_esc</a>
 <form method="POST" action="$url">
 $hiddenhtml
 <input type="submit" name="test_cgi_sponges" value="Make sponges">