search

mojolicious / mojo-pg

Mojolicious :heart: PostgreSQL
https://metacpan.org/release/Mojo-Pg
Artistic License 2.0
99 stars 46 forks source link

Mojo::Pg in Non-blocking sequential #29

Closed jeydurai closed 8 years ago

jeydurai commented 8 years ago 
$app->helper(auth3 => sub {
        my ($self) = @_;
        my $pg = $self->pg;
        my $db = $self->pg->db;
        my $param_username = $self->param('username');
        my $param_pass = $self->param('password');
        my $sql = "SELECT * FROM mojo_users WHERE username='$param_username'";
        print "$sql\n";
        $self->delay(
            sub {
                my $delay = shift;
                print "I am in first Sub\n";
                $db->query($sql, $delay->begin);
            },
            sub {
                my ($delay, $err, $results) = @_;
                print "I am in second Sub\n";
                print "$err\n";
                my $result = $results->hash;
                my $username_db = $result->{username};
                my $pass_db = $result->{password};
                if ($param_username eq $username_db and 
                    $self->bcrypt_validate($param_pass, $pass_db)) {
                    $self->stash(username => $param_username);
                    $self->session(
                        username => $param_username,
                        menu1 => 'Home',
                        menu2 => 'Jeyaraj Durairaj',
                        menu3 => 'Admin',
                        menu4 => 'Settings',
                        menu5 => 'Signout',
                        b_menu1 => 'About',
                        b_menu2 => 'Raptor',
                        b_menu3 => 'NormaliTor',
                        b_menu4 => 'UploadImus',
                        b_menu5 => 'MapTor',
                        b_menu6 => 'ReporNychus',
                        b_menu7 => 'ModelOvi'
                    );
                    return $self->redirect_to('/home');
                } else {
                    $self->flash(err => $err || 'Username/Password Incorrect!');
                    return $self->redirect_to('/');
                }

        });
});

Expected behavior

It should help me to fetch user credentials from PostgreSQL, validate and render my page

Actual behavior

I get [error] Can't dup: Bad file descriptor at C:/Strawberry/perl/site/lib/Mojo/Pg/Database.pm line 130, line 2231.

kraih commented 8 years ago

Can you reduce the problem to a minimal self-contained test case?

jeydurai commented 8 years ago

I have given below the reduced to the minimal self-contained case.

use Mojolicious::Lite;
use Mojo::Pg;
plugin 'Bcrypt';

post '/signin' => sub {
    my $self = shift;
    my $pg = Mojo::Pg->new('postgresql://postgres@/mysourcedata');
    my $db = $pg->db;
    my $param_username = $self->param('username');
    my $param_pass = $self->param('password');
    my $sql = "SELECT * FROM mojo_users WHERE username='$param_username'";
    $self->delay(
        sub {
            my $delay = shift;
            $db->query($sql, $delay->begin);
        },
        sub {
            my ($delay, $err, $results) = @_;
            my $result = $results->hash;
            my $username_db = $result->{username};
            my $pass_db = $result->{password};
            if ($param_username eq $username_db and 
                $self->bcrypt_validate($param_pass, $pass_db)) {

                $self->session(username => $param_username);
                return $self->redirect_to('/home');
            } else {
                $self->flash(err => $err || 'Username/Password Incorrect!');
                return $self->redirect_to('/');
            }

    });
    $c->render_later;
};
kraih commented 8 years ago

Is Mojolicious::Plugin::Bcrypt really necessary to replicate the problem?

kraih commented 8 years ago 
my $sql = "SELECT * FROM mojo_users WHERE username='$param_username'";

Side note, you should never interpolate user generated data into SQL strings, that's an SQL injection vulnerability. Always use placeholders!

jeydurai commented 8 years ago

Mojolicious::Plugin::Bcrypt is not necessary to replicate the problem as you pointed out. Placeholders did not work at all. I tried for almost a half day. Hence as a resort to emergency, I used the interpolation. I will either correct it myself or comeback if I face the same problem again.

However, for me, now, the non blocking query is the major issue. Because, my application is going to be utilising this. Please help me.

kraih commented 8 years ago

Afraid i can't replicate the problem, could be Strawberry Perl specific.