From 9674c827a91071e21547db99360e402e47a263e3 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Mon, 1 Aug 2022 07:25:10 +0000 Subject: [PATCH] Bug 27849: (follow-up) Add test Compacting the code a bit too. Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit ad0aa754ee2a3e8e438594a54b2375b994753951) Signed-off-by: Lucas Gass (cherry picked from commit 558ee09dd5bb1dbffe5a70acfca5607c00f14cf8) Signed-off-by: Arthur Suzuki --- Koha/Token.pm | 18 +++++++----------- t/Token.t | 19 ++++++++++++++++++- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/Koha/Token.pm b/Koha/Token.pm index 866bfc3ae4..62b5a6c739 100644 --- a/Koha/Token.pm +++ b/Koha/Token.pm @@ -60,6 +60,8 @@ use Koha::Exceptions::Token; use base qw(Class::Accessor); use constant HMAC_SHA1_LENGTH => 20; use constant CSRF_EXPIRY_HOURS => 8; # 8 hours instead of 7 days.. +use constant DEFA_SESSION_ID => 0; +use constant DEFA_SESSION_USERID => 'anonymous'; =head1 METHODS @@ -212,17 +214,11 @@ sub decode_jwt { sub _add_default_csrf_params { my ( $params ) = @_; - $params->{session_id} //= ''; - if( !$params->{id} ) { - if( defined( C4::Context->userenv ) ) { - $params->{id} = Encode::encode( 'UTF-8', C4::Context->userenv->{id} . $params->{session_id} ); - } else { - $params->{id} = Encode::encode( 'UTF-8', $params->{session_id} ); - } - } else { - $params->{id} .= $params->{session_id}; - } - $params->{id} //= Encode::encode( 'UTF-8', C4::Context->userenv->{id} ); + $params->{session_id} //= DEFA_SESSION_ID; + my $userenv = C4::Context->userenv // { id => DEFA_SESSION_USERID }; + $params->{id} //= Encode::encode( 'UTF-8', $userenv->{id} ); + $params->{id} .= '_' . $params->{session_id}; + my $pw = C4::Context->config('pass'); $params->{secret} //= md5_base64( Encode::encode( 'UTF-8', $pw ) ), return $params; diff --git a/t/Token.t b/t/Token.t index d7de3113cf..2e38451c19 100755 --- a/t/Token.t +++ b/t/Token.t @@ -20,9 +20,10 @@ # along with Koha; if not, see . use Modern::Perl; -use Test::More tests => 12; +use Test::More tests => 13; use Test::Exception; use Time::HiRes qw|usleep|; + use C4::Context; use Koha::Token; @@ -117,3 +118,19 @@ subtest 'JWT' => sub { my $retrieved_id = $tokenizer->decode_jwt({ token => $jwt }); is( $retrieved_id, $id, 'id stored in jwt should be correct' ); }; + +subtest 'testing _add_default_csrf_params with/without userenv (bug 27849)' => sub { + plan tests => 5; + + # Current userenv: userid == 42 + my $result = Koha::Token::_add_default_csrf_params({ session_id => '567' }); + is( $result->{session_id}, 567, 'Check session id' ); + is( $result->{id}, '42_567', 'Check userid' ); + + # Clear userenv + C4::Context::_unset_userenv('DUMMY SESSION'); + is( C4::Context::userenv, undef, 'No userenv anymore' ); + $result = Koha::Token::_add_default_csrf_params({}); # pass no session_id + is( $result->{session_id}, Koha::Token::DEFA_SESSION_ID, 'Check session id' ); + is( $result->{id}, Koha::Token::DEFA_SESSION_USERID. '_'. $result->{session_id}, 'Check userid' ); +}; -- 2.39.5