CGI-Application-Plugin-CAPTCHA-0.04000755000765000024 011511346152 16165 5ustar00cromestaff000000000000CGI-Application-Plugin-CAPTCHA-0.04/Build.PL000444000765000024 166111511346152 17622 0ustar00cromestaff000000000000use strict; use warnings; use Module::Build; my $builder = Module::Build->new( module_name => 'CGI::Application::Plugin::CAPTCHA', license => 'perl', dist_author => 'Jason A. Crome ', dist_version_from => 'lib/CGI/Application/Plugin/CAPTCHA.pm', requires => { 'CGI::Application' => '4.00', 'GD::SecurityImage' => 0, 'Data::Random' => 0, 'Digest::SHA1' => 0, }, build_requires => { 'Test::More' => 0, 'Test::Exception' => 0, 'Test::WWW::Mechanize' => 0, }, meta_merge => { resources => { repository => 'https://github.com/cromedome/cgi-application-plugin-captcha' } }, create_makefile_pl => 'traditional', create_readme => 1, add_to_cleanup => [ 'CGI-Application-Plugin-CAPTCHA-*' ], ); $builder->create_build_script(); CGI-Application-Plugin-CAPTCHA-0.04/Changes000444000765000024 106611511346152 17620 0ustar00cromestaff000000000000Revision history for CGI-Application-Plugin-CAPTCHA 0.04 01/07/2011 Added GitHub repo link Fixed module dependencies. 0.03 01/04/2011 Forgot to add Digest::SHA1 to list of dependencies. 0.02 01/04/2011 Skip some tests if Test::WWW::Mechanize is not available (RT#17146, by ZACKSE) Test tweaks Fixed various issues with Module::Build settings (thanks chorny!) Plugged ugly security hole (thanks, Cees!) 0.01 Sometime in 2005.... First version, released on an unsuspecting world. CGI-Application-Plugin-CAPTCHA-0.04/Makefile.PL000444000765000024 137011511346152 20275 0ustar00cromestaff000000000000# Note: this file was auto-generated by Module::Build::Compat version 0.3603 use ExtUtils::MakeMaker; WriteMakefile ( 'NAME' => 'CGI::Application::Plugin::CAPTCHA', 'VERSION_FROM' => 'lib/CGI/Application/Plugin/CAPTCHA.pm', 'PREREQ_PM' => { 'CGI::Application' => '4.00', 'Data::Random' => 0, 'Digest::SHA1' => 0, 'GD::SecurityImage' => 0, 'Test::Exception' => 0, 'Test::More' => 0, 'Test::WWW::Mechanize' => 0 }, 'INSTALLDIRS' => 'site', 'EXE_FILES' => [], 'PL_FILES' => {} ) ; CGI-Application-Plugin-CAPTCHA-0.04/MANIFEST000444000765000024 36711511346152 17441 0ustar00cromestaff000000000000Build.PL Changes MANIFEST META.yml # Will be created by "make dist" README lib/CGI/Application/Plugin/CAPTCHA.pm t/00-load.t t/01-config.t t/02-create.t t/03-verify.t t/pod-coverage.t t/pod.t t/TestApp.pm t/TestApp2.pm t/CAPCServer.pm Makefile.PL CGI-Application-Plugin-CAPTCHA-0.04/META.yml000444000765000024 144411511346152 17576 0ustar00cromestaff000000000000--- abstract: "Easily create, use, and verify CAPTCHAs in\nCGI::Application-based web applications." author: - 'Jason A. Crome ' build_requires: Test::Exception: 0 Test::More: 0 Test::WWW::Mechanize: 0 configure_requires: Module::Build: 0.36 generated_by: 'Module::Build version 0.3603' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: 1.4 name: CGI-Application-Plugin-CAPTCHA provides: CGI::Application::Plugin::CAPTCHA: file: lib/CGI/Application/Plugin/CAPTCHA.pm version: 0.04 requires: CGI::Application: 4.00 Data::Random: 0 Digest::SHA1: 0 GD::SecurityImage: 0 resources: license: http://dev.perl.org/licenses/ repository: https://github.com/cromedome/cgi-application-plugin-captcha version: 0.04 CGI-Application-Plugin-CAPTCHA-0.04/README000444000765000024 1602311511346152 17224 0ustar00cromestaff000000000000NAME CGI::Application::Plugin::CAPTCHA - Easily create, use, and verify CAPTCHAs in CGI::Application-based web applications. VERSION Version 0.04 SYNOPSIS # In your CGI::Application-based web application module. . . use CGI::Application::Plugin::CAPTCHA; sub setup { my $self = shift; $self->run_modes([ qw/ create # Your other run modes go here /]); $self->captcha_config( IMAGE_OPTIONS => { width => 150, height => 40, lines => 10, font => "/Library/Fonts/Arial", ptsize => 18, bgcolor => "#FFFF00", }, CREATE_OPTIONS => [ 'ttf', 'rect' ], PARTICLE_OPTIONS => [ 300 ], ); } # Create a run mode that calls the CAPTCHA creation method... sub create { my $self = shift; return $self->captcha_create; } # In a template far, far away. . . (to generate a CAPTCHA image) # Back in your application, to verify the CAPTCHA... sub some_other_runmode { my $self = shift; my $request = $self->query; return unless $self->captcha_verify($request->cookie("hash"), $request->param("verify")); } DESCRIPTION "CGI::Application::Plugin::CAPTCHA" allows programmers to easily add and verify CAPTCHAs in their CGI::Application-derived web applications. A CAPTCHA (or Completely Automated Public Turing Test to Tell Computers and Humans Apart) is an image with a random string of characters. A user must successfully enter the random string in order to submit a form. This is a simple (yet annoying) procedure for humans to complete, but one that is significantly more difficult for a form-stuffing script to complete without having to integrate some sort of OCR. CAPTCHAs are not a perfect solution. Any skilled, diligent cracker will eventually be able to bypass a CAPTCHA, but it should be able to shut down your average script-kiddie. "CGI::Application::Plugin::CAPTCHA" is a wrapper for GD::SecurityImage. It makes it more convenient to access GD::SecurityImage functionality, and gives a more CGI::Application-like way of doing it. When a CAPTCHA is created with this module, raw image data is transmitted from your web application to the client browser. A cookie containing a checksum is also transmitted with the image. When the client submits their form for processing (along with their verification of the random string), "captcha_verify()" generates a checksum of the verification string the user entered. If the newly generated checksum matches the checksum found in the cookie, we trust that the CAPTCHA has been successfully entered, and we allow the user to continue processing their form. The checksum is generated by taking the string in question, and joining it with a SECRET. We then generate an SHA1 hex digest of the resulting string. The end user will not be able to generate their own checksums to bypass the CAPTCHA check, because they do not know the value of our SECRET. This means it is important to choose a good value for your SECRET. An easy way to generate a relatively good secret is to run the following perl snippet: perl -MDigest::SHA1=sha1_base64 -le 'print sha1_base64($$,time(),rand(9999))' The author recognizes that the transmission of a cookie with the CAPTCHA image may not be a popular decision, and welcomes any patches from those who can provide an equally easy-to-implement solution. FUNCTIONS captcha_config() This method is used to customize how new CAPTCHA images will be created. Values specified here are passed along to the appropriate functions in GD::SecurityImage when a new CAPTCHA is created. It is recommended that you call "captcha_config()" in the "cgiapp_init()" method of your CGI::Application base class, and in the "setup()" method of any derived applications. The following parameters are currently accepted: IMAGE_OPTIONS This specifies what options will be passed to the constructor of GD::SecurityImage. Please see the documentation for GD::SecurityImage for more information. CREATE_OPTIONS This specifies what options will be passed to the "create()" method of GD::SecurityImage. Please see the documentation for GD::SecurityImage for more information. PARTICLE_OPTIONS This specifies what options will be passed to the "particle()" method of GD::SecurityImage. Please see the documentation for GD::SecurityImage for more information. SECRET This specifies the secret that will be used when generating the checksum hash. captcha_create() Creates the CAPTCHA image, and return a cookie with the encrypted hash of the random string. Takes no arguments. The cookie created in this method is named "hash", and contains only the encrypted hash. Future versions of this module will allow you to specify cookie options in greater detail. captcha_verify() Verifies that the value entered by the user matches what was in the CAPTCHA image. Argument 1 is the encrypted hash from the cookie sent by "captcha_create()", and argument 2 is the value the user entered to verify the CAPTCHA image. Returns true if the CAPTCHA was successfully verified, else returns false. AUTHOR Jason A. Crome, "" TODO * Allow "captcha_config()" to take cookie configuration arguments. * Allow the plugin to actually create a run mode in your CGI::Application-based webapp without the developer having to manually create one. BUGS Please report any bugs or feature requests to "bug-cgi-application-plugin-captcha@rt.cpan.org", or through the web interface at . I will be notified, and then you'll automatically be notified of progress on your bug as I make changes. CONTRIBUTING Patches, questions, and feedback are welcome. ACKNOWLEDGEMENTS A big thanks to Cees Hek for providing a great module for me to borrow code from (CGI::Application::Plugin::Session), to Michael Peters and Tony Fraser for all of their valuable input, and to the rest who contributed ideas and criticisms on the CGI::Application mailing list. Additional thanks to chorny and Cees for the various bug fixes and patches they have submitted. SEE ALSO CGI::Application GD::SecurityImage Wikipedia entry for CAPTCHA - COPYRIGHT & LICENSE Copyright 2005-2011 Jason A. Crome, all rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. CGI-Application-Plugin-CAPTCHA-0.04/lib000755000765000024 011511346152 16733 5ustar00cromestaff000000000000CGI-Application-Plugin-CAPTCHA-0.04/lib/CGI000755000765000024 011511346152 17335 5ustar00cromestaff000000000000CGI-Application-Plugin-CAPTCHA-0.04/lib/CGI/Application000755000765000024 011511346152 21600 5ustar00cromestaff000000000000CGI-Application-Plugin-CAPTCHA-0.04/lib/CGI/Application/Plugin000755000765000024 011511346152 23036 5ustar00cromestaff000000000000CGI-Application-Plugin-CAPTCHA-0.04/lib/CGI/Application/Plugin/CAPTCHA.pm000444000765000024 2557711511346152 24634 0ustar00cromestaff000000000000package CGI::Application::Plugin::CAPTCHA; use strict; use GD::SecurityImage; use Digest::SHA1; use vars qw($VERSION @EXPORT); require Exporter; @EXPORT = qw( captcha_config captcha_create captcha_verify ); sub import { goto &Exporter::import } =head1 NAME CGI::Application::Plugin::CAPTCHA - Easily create, use, and verify CAPTCHAs in CGI::Application-based web applications. =head1 VERSION Version 0.04 =cut $VERSION = '0.04'; =head1 SYNOPSIS # In your CGI::Application-based web application module. . . use CGI::Application::Plugin::CAPTCHA; sub setup { my $self = shift; $self->run_modes([ qw/ create # Your other run modes go here /]); $self->captcha_config( IMAGE_OPTIONS => { width => 150, height => 40, lines => 10, font => "/Library/Fonts/Arial", ptsize => 18, bgcolor => "#FFFF00", }, CREATE_OPTIONS => [ 'ttf', 'rect' ], PARTICLE_OPTIONS => [ 300 ], ); } # Create a run mode that calls the CAPTCHA creation method... sub create { my $self = shift; return $self->captcha_create; } # In a template far, far away. . . (to generate a CAPTCHA image) # Back in your application, to verify the CAPTCHA... sub some_other_runmode { my $self = shift; my $request = $self->query; return unless $self->captcha_verify($request->cookie("hash"), $request->param("verify")); } =head1 DESCRIPTION C allows programmers to easily add and verify CAPTCHAs in their CGI::Application-derived web applications. A CAPTCHA (or Completely Automated Public Turing Test to Tell Computers and Humans Apart) is an image with a random string of characters. A user must successfully enter the random string in order to submit a form. This is a simple (yet annoying) procedure for humans to complete, but one that is significantly more difficult for a form-stuffing script to complete without having to integrate some sort of OCR. CAPTCHAs are not a perfect solution. Any skilled, diligent cracker will eventually be able to bypass a CAPTCHA, but it should be able to shut down your average script-kiddie. C is a wrapper for L. It makes it more convenient to access L functionality, and gives a more L-like way of doing it. When a CAPTCHA is created with this module, raw image data is transmitted from your web application to the client browser. A cookie containing a checksum is also transmitted with the image. When the client submits their form for processing (along with their verification of the random string), C generates a checksum of the verification string the user entered. If the newly generated checksum matches the checksum found in the cookie, we trust that the CAPTCHA has been successfully entered, and we allow the user to continue processing their form. The checksum is generated by taking the string in question, and joining it with a SECRET. We then generate an SHA1 hex digest of the resulting string. The end user will not be able to generate their own checksums to bypass the CAPTCHA check, because they do not know the value of our SECRET. This means it is important to choose a good value for your SECRET. An easy way to generate a relatively good secret is to run the following perl snippet: perl -MDigest::SHA1=sha1_base64 -le 'print sha1_base64($$,time(),rand(9999))' The author recognizes that the transmission of a cookie with the CAPTCHA image may not be a popular decision, and welcomes any patches from those who can provide an equally easy-to-implement solution. =head1 FUNCTIONS =head2 captcha_config() This method is used to customize how new CAPTCHA images will be created. Values specified here are passed along to the appropriate functions in L when a new CAPTCHA is created. It is recommended that you call C in the C method of your CGI::Application base class, and in the C method of any derived applications. The following parameters are currently accepted: =head3 IMAGE_OPTIONS This specifies what options will be passed to the constructor of L. Please see the documentation for L for more information. =head3 CREATE_OPTIONS This specifies what options will be passed to the C method of L. Please see the documentation for L for more information. =head3 PARTICLE_OPTIONS This specifies what options will be passed to the C method of L. Please see the documentation for L for more information. =head3 SECRET This specifies the secret that will be used when generating the checksum hash. =cut sub captcha_config { my $self = shift; if (@_) { my $props; if (ref($_[0]) eq 'HASH') { my $rthash = %{$_[0]}; $props = $self->_cap_hash($_[0]); } else { $props = $self->_cap_hash({ @_ }); } # Check for IMAGE_OPTIONS if ($props->{IMAGE_OPTIONS}) { die "captcha_config() error: parameter IMAGE_OPTIONS is not a hash reference" if ref $props->{IMAGE_OPTIONS} ne 'HASH'; $self->{__CAP__CAPTCHA_CONFIG}->{IMAGE_OPTIONS} = delete $props->{IMAGE_OPTIONS}; } # Check for CREATE_OPTIONS if ($props->{CREATE_OPTIONS}) { die "captcha_config() error: parameter CREATE_OPTIONS is not an array reference" if ref $props->{CREATE_OPTIONS} ne 'ARRAY'; $self->{__CAP__CAPTCHA_CONFIG}->{CREATE_OPTIONS} = delete $props->{CREATE_OPTIONS}; } # Check for PARTICLE_OPTIONS if ($props->{PARTICLE_OPTIONS}) { die "captcha_config() error: parameter PARTICLE_OPTIONS is not an array reference" if ref $props->{PARTICLE_OPTIONS} ne 'ARRAY'; $self->{__CAP__CAPTCHA_CONFIG}->{PARTICLE_OPTIONS} = delete $props->{PARTICLE_OPTIONS}; } # Check for SECRET if ($props->{SECRET}) { die "captcha_config() error: parameter SECRET is not a string" if ref $props->{SECRET}; $self->{__CAP__CAPTCHA_CONFIG}->{SECRET} = delete $props->{SECRET}; } # Check for DEBUG if ($props->{DEBUG}) { $self->{__CAP__CAPTCHA_CONFIG}->{DEBUG} = delete $props->{DEBUG}; } # If there are still entries left in $props then they are invalid die "Invalid option(s) (".join(', ', keys %$props).") passed to captcha_config" if %$props; } $self->{__CAP__CAPTCHA_CONFIG}; } =head2 captcha_create() Creates the CAPTCHA image, and return a cookie with the encrypted hash of the random string. Takes no arguments. The cookie created in this method is named C, and contains only the encrypted hash. Future versions of this module will allow you to specify cookie options in greater detail. =cut sub captcha_create { my $self = shift; my %image_options = %{ $self->{__CAP__CAPTCHA_CONFIG}->{ IMAGE_OPTIONS } }; my @create_options = @{ $self->{__CAP__CAPTCHA_CONFIG}->{ CREATE_OPTIONS } }; my @particle_options = @{ $self->{__CAP__CAPTCHA_CONFIG}->{ PARTICLE_OPTIONS } }; my $secret = $self->{__CAP__CAPTCHA_CONFIG}->{ SECRET } ; my $debug = $self->{__CAP__CAPTCHA_CONFIG}->{ DEBUG } ; # Create the CAPTCHA image my $image = GD::SecurityImage->new( %image_options ); $debug == 1 ? $image->random("ABC123") : $image->random; $image->create ( @create_options ); $image->particle( @particle_options ); my ( $image_data, $mime_type, $random_string ) = $image->out; # check the secret if (!$secret) { $secret = Digest::SHA1::sha1_base64( ref $self ); warn "using default SECRET! Please provide a proper SECRET when using the CGI::Application::Plugin::CAPTCHA plugin"; } # Create the verification hash my $hash = Digest::SHA1::sha1_base64(join("\0", $secret, $random_string)); # Stuff the verification hash in a cookie and push it out to the # client. my $cookie = $self->query->cookie("hash" => $hash); $self->header_type ( 'header' ); $self->header_props( -type => $mime_type, -cookie => [ $cookie ], -expires => '-1d', '-cache-control' => 'no-cache', -pragma => 'no-cache' ); return $image_data; } =head2 captcha_verify() Verifies that the value entered by the user matches what was in the CAPTCHA image. Argument 1 is the encrypted hash from the cookie sent by C, and argument 2 is the value the user entered to verify the CAPTCHA image. Returns true if the CAPTCHA was successfully verified, else returns false. =cut sub captcha_verify { my ($self, $hash, $verify) = @_; my $secret = $self->{__CAP__CAPTCHA_CONFIG}->{ SECRET } ; # check the secret if (!$secret) { $secret = Digest::SHA1::sha1_base64( ref $self ); warn "using default SECRET! Please provide a proper SECRET when using the CGI::Application::Plugin::CAPTCHA plugin"; } return 1 if Digest::SHA1::sha1_base64(join("\0", $secret, $verify)) eq $hash; return 0; } =head1 AUTHOR Jason A. Crome, C<< >> =head1 TODO =over 4 =item * Allow C to take cookie configuration arguments. =item * Allow the plugin to actually create a run mode in your CGI::Application-based webapp without the developer having to manually create one. =back =head1 BUGS Please report any bugs or feature requests to C, or through the web interface at L. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes. =head1 CONTRIBUTING Patches, questions, and feedback are welcome. =head1 ACKNOWLEDGEMENTS A big thanks to Cees Hek for providing a great module for me to borrow code from (L), to Michael Peters and Tony Fraser for all of their valuable input, and to the rest who contributed ideas and criticisms on the CGI::Application mailing list. Additional thanks to chorny and Cees for the various bug fixes and patches they have submitted. =head1 SEE ALSO L L Wikipedia entry for CAPTCHA - L =head1 COPYRIGHT & LICENSE Copyright 2005-2011 Jason A. Crome, all rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =cut 1; # End of CGI::Application::Plugin::CAPTCHA CGI-Application-Plugin-CAPTCHA-0.04/t000755000765000024 011511346152 16430 5ustar00cromestaff000000000000CGI-Application-Plugin-CAPTCHA-0.04/t/00-load.t000444000765000024 33611511346152 20070 0ustar00cromestaff000000000000#!/usr/bin/env perl -T use Test::More tests => 1; BEGIN { use_ok( 'CGI::Application::Plugin::CAPTCHA' ); } diag( "Testing CGI::Application::Plugin::CAPTCHA $CGI::Application::Plugin::CAPTCHA::VERSION, Perl $], $^X" ); CGI-Application-Plugin-CAPTCHA-0.04/t/01-config.t000444000765000024 247211511346152 20442 0ustar00cromestaff000000000000#!/usr/bin/env perl -T use strict; use warnings; use Test::More tests => 7; use Test::Exception; # Bring in testing hierarchy use lib './t'; # Set up testing webapp use TestApp; $ENV{CGI_APP_RETURN_ONLY} = 1; CONFIG_TESTING: { my $app = TestApp->new(); $app->captcha_config( IMAGE_OPTIONS => { width => 150, height => 40, lines => 10, gd_font => "giant", bgcolor => "#FFFF00", }, CREATE_OPTIONS => [ 'normal', 'rect' ], PARTICLE_OPTIONS => [ 300 ], SECRET => 'vbCrfzMCi45TD7Uz4C6fjWvX6us', ); ok($app->{__CAP__CAPTCHA_CONFIG}->{IMAGE_OPTIONS}, "IMAGE_OPTIONS defined" ); ok($app->{__CAP__CAPTCHA_CONFIG}->{CREATE_OPTIONS} , "CREATE_OPTIONS defined" ); ok($app->{__CAP__CAPTCHA_CONFIG}->{PARTICLE_OPTIONS}, "PARTICLE_OPTIONS defined"); dies_ok { $app->captcha_config( IMAGE_OPTIONS => "invalid") } "IMAGE_OPTIONS should be a hashref"; dies_ok { $app->captcha_config( CREATE_OPTIONS => "invalid") } "CREATE_OPTIONS should be an arrayref"; dies_ok { $app->captcha_config( PARTICLE_OPTIONS => "invalid") } "PARTICLE_OPTIONS should be an arrayref"; dies_ok { $app->captcha_config( INVALID_OPTIONS => "invalid") } "CAP::CAPTCHA died when given invalid options"; } CGI-Application-Plugin-CAPTCHA-0.04/t/02-create.t000444000765000024 255711511346152 20445 0ustar00cromestaff000000000000#!/usr/bin/env perl -T use strict; use warnings; use Test::More; BEGIN { eval { use Test::WWW::Mechanize }; plan skip_all => "Test::WWW::Mechanize required for tests" if $@; } plan tests => 4; # Bring in testing hierarchy use lib './t'; # Set up testing webapp use TestApp; $ENV{CGI_APP_RETURN_ONLY} = 1; # Set up testing web server use CAPCServer; use constant PORT => 13432; my $server = CAPCServer->new(PORT); my $pid = $server->background; ok($pid, 'HTTP Server started') or die "Can't start the server"; sub cleanup { kill(9, $pid) }; $SIG{__DIE__} = \&cleanup; CREATE_TESTING: { # Create our mech object my $mech = Test::WWW::Mechanize->new( cookie_jar => {} ); # Force the base app to render some output (something it should NOT normally do!). # Capture the result. $mech->get_ok('http://localhost:' . PORT . '/', "Got CAPTCHA successfully"); # Get the cookie we should have been fed my $jar = $mech->cookie_jar; isa_ok($jar, "HTTP::Cookies"); # Make sure we got a cryptographic hash in a cookie my $cookie = $jar->as_string; my ($hash) = $cookie =~ /hash=(.*?);/; isnt($hash, "", "Received cryptographic hash in cookie"); # Make sure our header is type 'image/png' #like($hash, qr/^image\/png$/i, "Valid image/png header type for content"); # Make sure we have content } CLEANUP: { cleanup(); } CGI-Application-Plugin-CAPTCHA-0.04/t/03-verify.t000444000765000024 357611511346152 20511 0ustar00cromestaff000000000000#!/usr/bin/env perl -T use strict; use warnings; use Test::More; BEGIN { eval { use Test::WWW::Mechanize }; plan skip_all => "Test::WWW::Mechanize required for tests" if $@; } plan tests => 7; # Bring in testing hierarchy use lib './t'; # Set up testing webapp use TestApp; $ENV{CGI_APP_RETURN_ONLY} = 1; # Set up testing web server use CAPCServer; use constant PORT => 13432; my $server = CAPCServer->new(PORT); my $pid = $server->background; ok($pid, 'HTTP Server started') or die "Can't start the server"; sub cleanup { kill(9, $pid) }; $SIG{__DIE__} = \&cleanup; CREATE_TESTING: { # Create our mech object my $mech = Test::WWW::Mechanize->new( cookie_jar => {} ); # Force the base app to render some output (something it should NOT normally do!). # Capture the result. $mech->get_ok('http://localhost:' . PORT . '/', "Got CAPTCHA successfully"); # Get the cookie we should have been fed my $jar = $mech->cookie_jar; isa_ok($jar, "HTTP::Cookies"); # Make sure we got a cryptographic hash in a cookie my $cookie = $jar->as_string; my ($hash) = $cookie =~ /hash=(.*?);/; isnt($hash, "", "Received cryptographic hash in cookie"); # Make sure our cookie contains the CAPTCHA value ABC123 my $secret = 'vbCrfzMCi45TD7Uz4C6fjWvX6us'; my $check = Digest::SHA1::sha1_base64(join("\0", $secret, 'ABC123')); #my $salt = substr($hash, 0, 2); #ok(crypt("ABC123", $salt) eq $hash, "Hash contains CAPTCHA value ABC123"); ok( $check eq $hash, "Hash contains CAPTCHA value ABC123"); # Make sure captcha_verify() actually verifies! my $app = TestApp2->new(); ok($app->captcha_verify($hash, "ABC123"), "CAPTCHA successfully verified"); # Make sure captcha_verify() rejects an invalid verification string cmp_ok($app->captcha_verify($hash, "invalid"), "==", 0, "CAPTCHA not verified"); } CLEANUP: { cleanup(); } CGI-Application-Plugin-CAPTCHA-0.04/t/CAPCServer.pm000444000765000024 41011511346152 20773 0ustar00cromestaff000000000000package CAPCServer; use strict; use warnings; use base 'HTTP::Server::Simple::CGI'; use lib './t'; use TestApp2; sub handle_request { my ($self, $cgi) = @_; print "HTTP/1.0 200 OK\r\n"; my $webapp = TestApp2->new(); return $webapp->run; } 1; CGI-Application-Plugin-CAPTCHA-0.04/t/pod-coverage.t000444000765000024 27111511346152 21305 0ustar00cromestaff000000000000#!/usr/bin/env perl -T use Test::More; eval "use Test::Pod::Coverage 1.04"; plan skip_all => "Test::Pod::Coverage 1.04 required for testing POD coverage" if $@; all_pod_coverage_ok(); CGI-Application-Plugin-CAPTCHA-0.04/t/pod.t000444000765000024 23111511346152 17510 0ustar00cromestaff000000000000#!/usr/bin/env perl -T use Test::More; eval "use Test::Pod 1.14"; plan skip_all => "Test::Pod 1.14 required for testing POD" if $@; all_pod_files_ok(); CGI-Application-Plugin-CAPTCHA-0.04/t/TestApp.pm000444000765000024 43511511346152 20465 0ustar00cromestaff000000000000package TestApp; use strict; use base "CGI::Application"; use CGI::Application::Plugin::CAPTCHA; sub setup { my $self = shift; $self->start_mode('create'); $self->run_modes([ qw/create/ ]); } sub create { my $self = shift; return $self->captcha_create; } 1; CGI-Application-Plugin-CAPTCHA-0.04/t/TestApp2.pm000444000765000024 125611511346152 20571 0ustar00cromestaff000000000000package TestApp2; use strict; use base "CGI::Application"; use CGI::Application::Plugin::CAPTCHA; sub setup { my $self = shift; $self->start_mode('create'); $self->run_modes([ qw/create/ ]); $self->captcha_config( IMAGE_OPTIONS => { width => 150, height => 40, lines => 10, gd_font => "giant", bgcolor => "#FFFF00", }, CREATE_OPTIONS => [ 'normal', 'rect' ], PARTICLE_OPTIONS => [ 300 ], SECRET => 'vbCrfzMCi45TD7Uz4C6fjWvX6us', DEBUG => 1, ); } sub create { my $self = shift; return $self->captcha_create; } 1;