[cgiapp] CGI::Application::Plugin::Authentication

[NP Bamber]

I like CGI::Application::Plugin::Authentication but I have hit a number 
of issues with it. So I contacted Cees and he kindly agreed to make me a 
co-maintainer so I can progress the module faster.

My plans as they stand at the moment are:

1.) Please if you use this module in a way that is not covered by the 
current test suite please let me know and I will add it. This was a 
particular concern of Cees.

2.) There are two changes that have been submitted to github. I hope to 
get releases out that include these soon.

3.) Clean up the bugs listed in RT. I have prioritized those and started 
working through these. The test failures and security issues come high 
on my list.

4.) One particular issue for me is that I have had issues running the 
module under perl taint mode. I have traced this to the use of 
CGI::self_url in the login_box function. I have also noticed HTML 
validation issues with the login_box function. Now to me it seems that 
trying to fix login_box as a function that generates HTML is a bit of a 
loser's game. It breaks a backwards compatibility and every user who has 
an additional requirement adds to the complexity of the function. Of 
course the module provides several ways of setting the login form, but 
one of the nice things about the module is that it works out of the box. 
So what I would like to add is a smoother migration path away from out 
of the box behaviour. My preferred approach is to integrate this 
function more with the CGI::Application's "load_tmpl" function. That way 
the application can have a mini-template for the login box. I would be 
inclined to do the same for a "logout_button" function.

5.) I may introduce some Perl::Critic into the test suite. I usually 
find myself excluding most of the issues it brings up, but at least it 
makes one think about the code.





	<http://www.linkedin.com/e/sig/47231258/>