From 0d245c936cdb596e51950a988d7efded491eb4bf Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Fri, 23 Jun 2023 11:52:28 +0100 Subject: [PATCH] Bug 30524: Unit tests Test plan: Run t/Output.t Run t/db_dependent/Auth.t Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 2918f6ceda533719ac0da53d8245ea4826f43681) Signed-off-by: Fridolin Somers (cherry picked from commit 9436074a26fe903134f71e66b0f9fcb7f6724438) Signed-off-by: Matt Blenkinsop --- t/Output.t | 41 +++++++++++++++++++++++++++++++++++++++-- t/db_dependent/Auth.t | 1 + 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/t/Output.t b/t/Output.t index 02218deadd..55ca2dc436 100755 --- a/t/Output.t +++ b/t/Output.t @@ -17,16 +17,23 @@ use Modern::Perl; -use Test::More tests => 7; +use Test::More tests => 8; use Test::Warn; +use Test::MockModule; + +use File::Temp qw/tempfile/; use CGI qw ( -utf8 ); +use C4::Auth qw( get_template_and_user ); + use t::lib::Mocks; BEGIN { - use_ok('C4::Output', qw( output_html_with_http_headers parametrized_url )); + use_ok('C4::Output', qw( output_html_with_http_headers output_and_exit_if_error parametrized_url )); } +our $output_module = Test::MockModule->new('C4::Output'); + my $query = CGI->new(); my $cookie; my $output = 'foobarbaz'; @@ -93,3 +100,33 @@ subtest 'output_with_http_headers() tests' => sub { like($stdout, qr/Access-control-allow-origin: https:\/\/koha-community\.org/, 'Header set to https://koha-community.org'); close STDOUT; }; + +subtest 'output_and_exit_if_error() tests' => sub { + plan tests => 1; + + $output_module->mock( + 'output_and_exit', + sub { + my ( $query, $cookie, $template, $error ) = @_; + is( $error, 'wrong_csrf_token', 'Got right error message' ); + } + ); + + t::lib::Mocks::mock_config( 'pluginsdir', [ C4::Context::temporary_directory ] ); + my ( $fh, $fn ) = tempfile( SUFFIX => '.tt', UNLINK => 1, DIR => C4::Context::temporary_directory ); + print $fh qq|[% blocking_error %]|; + close $fh; + + my $query = CGI->new(); + $query->param('csrf_token',''); + my ( $template, $loggedinuser, $cookies ) = get_template_and_user( + { + template_name => $fn, + query => $query, + type => "intranet", + authnotrequired => 1, + } + ); + # Next call triggers test in the mocked sub + output_and_exit_if_error($query, $cookie, $template, { check => 'csrf_token' }); +}; diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t index b63dc3e9ca..b27bd071c4 100755 --- a/t/db_dependent/Auth.t +++ b/t/db_dependent/Auth.t @@ -563,6 +563,7 @@ subtest 'get_template_and_user' => sub { # Tests for the language URL paramete ); is($template->{VARS}->{'opac_name'}, "multibranch-19", "Opac name was set correctly"); is($template->{VARS}->{'opac_search_limit'}, "branch:multibranch-19", "Search limit was set correctly"); + ok(defined($template->{VARS}->{'csrf_token'}), "CSRF token returned"); delete $ENV{"HTTP_COOKIE"}; }; -- 2.39.5