3 # tests for Koha::Token
5 # Copyright 2016 Rijksmuseum
7 # This file is part of Koha.
9 # Koha is free software; you can redistribute it and/or modify it under the
10 # terms of the GNU General Public License as published by the Free Software
11 # Foundation; either version 3 of the License, or (at your option) any later
14 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
15 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
16 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License along
19 # with Koha; if not, write to the Free Software Foundation, Inc.,
20 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 use Test::More tests => 8;
24 use Time::HiRes qw|usleep|;
27 my $tokenizer = Koha::Token->new;
28 is( length( $tokenizer->generate ), 1, "Generate without parameters" );
29 my $token = $tokenizer->generate({ length => 20 });
30 is( length($token), 20, "Token $token has 20 chars" );
32 my $id = $tokenizer->generate({ length => 8 });
33 my $secr = $tokenizer->generate({ length => 32 });
34 my $csrftoken = $tokenizer->generate_csrf({ id => $id, secret => $secr });
35 isnt( length($csrftoken), 0, "Token $csrftoken should not be empty" );
37 is( $tokenizer->check, undef, "Check without any parameters" );
38 my $result = $tokenizer->check_csrf({
39 id => $id, secret => $secr, token => $csrftoken,
41 is( $result, 1, "CSRF token verified" );
43 $result = $tokenizer->check({
44 type => 'CSRF', id => $id, secret => $secr, token => $token,
46 isnt( $result, 1, "This token is no CSRF token" );
48 # Test MaxAge parameter
49 my $age = 1; # 1 second
50 $result = $tokenizer->check_csrf({
51 id => $id, secret => $secr, token => $csrftoken, MaxAge => $age,
53 is( $result, 1, "CSRF token still valid within one second" );
54 usleep $age * 1000000 * 2; # micro (millionth) seconds + 100%
55 $result = $tokenizer->check_csrf({
56 id => $id, secret => $secr, token => $csrftoken, MaxAge => $age,
58 isnt( $result, 1, "CSRF token expired after one second" );