3 # tests for Koha::Token
5 # Copyright 2016 Rijksmuseum
7 # This file is part of Koha.
9 # Koha is free software; you can redistribute it and/or modify it under the
10 # terms of the GNU General Public License as published by the Free Software
11 # Foundation; either version 3 of the License, or (at your option) any later
14 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
15 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
16 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License along
19 # with Koha; if not, write to the Free Software Foundation, Inc.,
20 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 use Test::More tests => 11;
25 use Time::HiRes qw|usleep|;
29 C4::Context->_new_userenv('DUMMY SESSION');
30 C4::Context->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, ', ');
32 my $tokenizer = Koha::Token->new;
33 is( length( $tokenizer->generate ), 1, "Generate without parameters" );
34 my $token = $tokenizer->generate({ length => 20 });
35 is( length($token), 20, "Token $token has 20 chars" );
37 my $id = $tokenizer->generate({ length => 8 });
38 my $csrftoken = $tokenizer->generate_csrf({ session_id => $id });
39 isnt( length($csrftoken), 0, "Token $csrftoken should not be empty" );
41 is( $tokenizer->check, undef, "Check without any parameters" );
42 my $result = $tokenizer->check_csrf({
43 session_id => $id, token => $csrftoken,
45 is( $result, 1, "CSRF token verified" );
47 $result = $tokenizer->check({
48 type => 'CSRF', id => $id, token => $token,
50 isnt( $result, 1, "This token is no CSRF token" );
52 # Test MaxAge parameter
53 my $age = 1; # 1 second
54 $result = $tokenizer->check_csrf({
55 session_id => $id, token => $csrftoken, MaxAge => $age,
57 is( $result, 1, "CSRF token still valid within one second" );
58 usleep $age * 1000000 * 2; # micro (millionth) seconds + 100%
59 $result = $tokenizer->check_csrf({
60 session_id => $id, token => $csrftoken, MaxAge => $age,
62 isnt( $result, 1, "CSRF token expired after one second" );
64 subtest 'Same id (cookie CGISESSID) with an other logged in user' => sub {
66 $csrftoken = $tokenizer->generate_csrf({ session_id => $id });
67 $result = $tokenizer->check_csrf({
68 session_id => $id, token => $csrftoken,
70 is( $result, 1, "CSRF token verified" );
71 C4::Context->set_userenv(0,43,0,'firstname','surname', 'CPL', 'Library 1', 0, ', ');
72 $result = $tokenizer->check_csrf({
73 session_id => $id, token => $csrftoken,
75 is( $result, '', "CSRF token is not verified if another logged in user is using the same id" );
78 subtest 'Same logged in user with another session (cookie CGISESSID)' => sub {
80 C4::Context->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, ', ');
81 $csrftoken = $tokenizer->generate_csrf({ session_id => $id });
82 $result = $tokenizer->check_csrf({
83 session_id => $id, token => $csrftoken,
85 is( $result, 1, "CSRF token verified" );
86 # Get another session id
87 $id = $tokenizer->generate({ length => 8 });
88 $result = $tokenizer->check_csrf({
89 session_id => $id, token => $csrftoken,
91 is( $result, '', "CSRF token is not verified if another session is used" );
94 subtest 'Pattern parameter' => sub {
96 my $id = $tokenizer->generate({ pattern => '\d\d', length => 8 });
97 is( length($id), 2, 'Pattern overrides length' );
98 ok( $id =~ /\d{2}/, 'Two digits found' );
99 $id = $tokenizer->generate({ pattern => '[A-Z]{10}' });
100 is( length($id), 10, 'Check length again' );
101 ok( $id !~ /[^A-Z]/, 'Only uppercase letters' );
102 throws_ok( sub { $tokenizer->generate({ pattern => 'abc{d,e}', }) }, 'Koha::Exceptions::Token::BadPattern', 'Exception should be thrown when wrong pattern is used');
projects / koha.git / blob