Bug 27849: (follow-up) Add test
Compacting the code a bit too.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ad0aa754ee)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This commit is contained in:
parent
a48cf3c941
commit
558ee09dd5
2 changed files with 25 additions and 12 deletions
|
|
@ -60,6 +60,8 @@ use Koha::Exceptions::Token;
|
|||
use base qw(Class::Accessor);
|
||||
use constant HMAC_SHA1_LENGTH => 20;
|
||||
use constant CSRF_EXPIRY_HOURS => 8; # 8 hours instead of 7 days..
|
||||
use constant DEFA_SESSION_ID => 0;
|
||||
use constant DEFA_SESSION_USERID => 'anonymous';
|
||||
|
||||
=head1 METHODS
|
||||
|
||||
|
|
@ -212,17 +214,11 @@ sub decode_jwt {
|
|||
|
||||
sub _add_default_csrf_params {
|
||||
my ( $params ) = @_;
|
||||
$params->{session_id} //= '';
|
||||
if( !$params->{id} ) {
|
||||
if( defined( C4::Context->userenv ) ) {
|
||||
$params->{id} = Encode::encode( 'UTF-8', C4::Context->userenv->{id} . $params->{session_id} );
|
||||
} else {
|
||||
$params->{id} = Encode::encode( 'UTF-8', $params->{session_id} );
|
||||
}
|
||||
} else {
|
||||
$params->{id} .= $params->{session_id};
|
||||
}
|
||||
$params->{id} //= Encode::encode( 'UTF-8', C4::Context->userenv->{id} );
|
||||
$params->{session_id} //= DEFA_SESSION_ID;
|
||||
my $userenv = C4::Context->userenv // { id => DEFA_SESSION_USERID };
|
||||
$params->{id} //= Encode::encode( 'UTF-8', $userenv->{id} );
|
||||
$params->{id} .= '_' . $params->{session_id};
|
||||
|
||||
my $pw = C4::Context->config('pass');
|
||||
$params->{secret} //= md5_base64( Encode::encode( 'UTF-8', $pw ) ),
|
||||
return $params;
|
||||
|
|
|
|||
19
t/Token.t
19
t/Token.t
|
|
@ -20,9 +20,10 @@
|
|||
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
||||
|
||||
use Modern::Perl;
|
||||
use Test::More tests => 12;
|
||||
use Test::More tests => 13;
|
||||
use Test::Exception;
|
||||
use Time::HiRes qw|usleep|;
|
||||
|
||||
use C4::Context;
|
||||
use Koha::Token;
|
||||
|
||||
|
|
@ -117,3 +118,19 @@ subtest 'JWT' => sub {
|
|||
my $retrieved_id = $tokenizer->decode_jwt({ token => $jwt });
|
||||
is( $retrieved_id, $id, 'id stored in jwt should be correct' );
|
||||
};
|
||||
|
||||
subtest 'testing _add_default_csrf_params with/without userenv (bug 27849)' => sub {
|
||||
plan tests => 5;
|
||||
|
||||
# Current userenv: userid == 42
|
||||
my $result = Koha::Token::_add_default_csrf_params({ session_id => '567' });
|
||||
is( $result->{session_id}, 567, 'Check session id' );
|
||||
is( $result->{id}, '42_567', 'Check userid' );
|
||||
|
||||
# Clear userenv
|
||||
C4::Context::_unset_userenv('DUMMY SESSION');
|
||||
is( C4::Context::userenv, undef, 'No userenv anymore' );
|
||||
$result = Koha::Token::_add_default_csrf_params({}); # pass no session_id
|
||||
is( $result->{session_id}, Koha::Token::DEFA_SESSION_ID, 'Check session id' );
|
||||
is( $result->{id}, Koha::Token::DEFA_SESSION_USERID. '_'. $result->{session_id}, 'Check userid' );
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue