Add auth counter to perl library
int auth_logout(const char *username, const char *token)
int auth_check_token(const char *username, const char *given_token)
+
+void auth_get_counter(const char *username)
+ INIT:
+ uint32_t counter = 0;
+ PPCODE:
+ if (auth_get_counter(username, &counter)) {
+ XPUSHs(sv_2mortal(newSVuv(counter)));
+ } else {
+ XSRETURN_UNDEF;
+ }
Returns 1 if the session is valid, 0 otherwise. Also resets the expiration
time of the session.
+=item auth_get_counter(username)
+
+Gets an opaque "counter" value for the auth information of the given username.
+This counter is changed every time the authentication information is changed,
+making it useful for protecting password changes against replay attacks.
+Returns a 32-bit integer on success, or undef on failure.
+
=back
=head1 CONSTRUCTOR
use strict;
use warnings;
-use Test::More tests => 17;
+use Test::More tests => 21;
BEGIN { use_ok('Blerg::Database') };
### Setup
isnt( Blerg::Database::auth_logout($test_user, 'badtoken'), 1 );
isnt( Blerg::Database::auth_logout('fakeuser', 'badtoken'), 1 );
+my $counter1 = Blerg::Database::auth_get_counter('fakeuser');
+ok( !defined $counter1 );
+
+$counter1 = Blerg::Database::auth_get_counter($test_user);
+ok( defined $counter1 );
+isnt( $counter1, 0);
+
Blerg::Database::auth_set_password($test_user, $password . 'X');
ok( Blerg::Database::auth_check_password($test_user, $password . 'X') );
+my $counter2 = Blerg::Database::auth_get_counter($test_user);
+ok( $counter1 != $counter2 );
+
END {
chdir;
remove_tree "/tmp/blerg_test_$$";