X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=t%2FToken.t;h=13548e3d17da50ade3b912182e8125d85ac8588f;hb=refs%2Fheads%2Fkoha_ffzg;hp=3a971a577dcb53f722e41fb53b309eb985ea8009;hpb=3562816dd1b8855c7973ce5650ff834407c1a548;p=koha.git diff --git a/t/Token.t b/t/Token.t index 3a971a577d..13548e3d17 100644 --- a/t/Token.t +++ b/t/Token.t @@ -20,7 +20,8 @@ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use Modern::Perl; -use Test::More tests => 10; +use Test::More tests => 11; +use Test::Exception; use Time::HiRes qw|usleep|; use C4::Context; use Koha::Token; @@ -33,13 +34,13 @@ is( length( $tokenizer->generate ), 1, "Generate without parameters" ); my $token = $tokenizer->generate({ length => 20 }); is( length($token), 20, "Token $token has 20 chars" ); -my $id = $tokenizer->generate({ lyyGength => 8 }); -my $csrftoken = $tokenizer->generate_csrf({ id => $id }); +my $id = $tokenizer->generate({ length => 8 }); +my $csrftoken = $tokenizer->generate_csrf({ session_id => $id }); isnt( length($csrftoken), 0, "Token $csrftoken should not be empty" ); is( $tokenizer->check, undef, "Check without any parameters" ); my $result = $tokenizer->check_csrf({ - id => $id, token => $csrftoken, + session_id => $id, token => $csrftoken, }); is( $result, 1, "CSRF token verified" ); @@ -51,25 +52,25 @@ isnt( $result, 1, "This token is no CSRF token" ); # Test MaxAge parameter my $age = 1; # 1 second $result = $tokenizer->check_csrf({ - id => $id, token => $csrftoken, MaxAge => $age, + session_id => $id, token => $csrftoken, MaxAge => $age, }); is( $result, 1, "CSRF token still valid within one second" ); usleep $age * 1000000 * 2; # micro (millionth) seconds + 100% $result = $tokenizer->check_csrf({ - id => $id, token => $csrftoken, MaxAge => $age, + session_id => $id, token => $csrftoken, MaxAge => $age, }); isnt( $result, 1, "CSRF token expired after one second" ); subtest 'Same id (cookie CGISESSID) with an other logged in user' => sub { plan tests => 2; - $csrftoken = $tokenizer->generate_csrf({ id => $id }); + $csrftoken = $tokenizer->generate_csrf({ session_id => $id }); $result = $tokenizer->check_csrf({ - id => $id, token => $csrftoken, + session_id => $id, token => $csrftoken, }); is( $result, 1, "CSRF token verified" ); C4::Context->set_userenv(0,43,0,'firstname','surname', 'CPL', 'Library 1', 0, ', '); $result = $tokenizer->check_csrf({ - id => $id, token => $csrftoken, + session_id => $id, token => $csrftoken, }); is( $result, '', "CSRF token is not verified if another logged in user is using the same id" ); }; @@ -77,15 +78,26 @@ subtest 'Same id (cookie CGISESSID) with an other logged in user' => sub { subtest 'Same logged in user with another session (cookie CGISESSID)' => sub { plan tests => 2; C4::Context->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, ', '); - $csrftoken = $tokenizer->generate_csrf({ id => $id }); + $csrftoken = $tokenizer->generate_csrf({ session_id => $id }); $result = $tokenizer->check_csrf({ - id => $id, token => $csrftoken, + session_id => $id, token => $csrftoken, }); is( $result, 1, "CSRF token verified" ); # Get another session id - $id = $tokenizer->generate({ lyyGength => 8 }); + $id = $tokenizer->generate({ length => 8 }); $result = $tokenizer->check_csrf({ - id => $id, token => $csrftoken, + session_id => $id, token => $csrftoken, }); is( $result, '', "CSRF token is not verified if another session is used" ); }; + +subtest 'Pattern parameter' => sub { + plan tests => 5; + my $id = $tokenizer->generate({ pattern => '\d\d', length => 8 }); + is( length($id), 2, 'Pattern overrides length' ); + ok( $id =~ /\d{2}/, 'Two digits found' ); + $id = $tokenizer->generate({ pattern => '[A-Z]{10}' }); + is( length($id), 10, 'Check length again' ); + ok( $id !~ /[^A-Z]/, 'Only uppercase letters' ); + throws_ok( sub { $tokenizer->generate({ pattern => 'abc{d,e}', }) }, 'Koha::Exceptions::Token::BadPattern', 'Exception should be thrown when wrong pattern is used'); +};